When we think about security and privacy, we try and tend to establish a consistent model to design and evaluate technologies. Such a model helps understandings of problems, development of theory and technologies over the same common ground. Thus, we believe that creating a concrete model and goal for a kind of technologies are required to achieve enough security and privacy. Recent progress of application protocol raises a question to such a style of security research. Bitcoin, a protocol proposed in an anonymous paper without a consistent model and peer review, realizes unexpected economic impacts than other cryptographic protocols. The protocol is a beautiful combination of many different kinds of theoretical backgrounds; hence, the reverse-engineering to produce a consistent model is hard, and there are no successful attempts to obtain it. Beyond Bitcoin, blockchain is expected to be used for broad applications than payment in Bitcoin. For those wide ranges of applications, we need to deal with additional many uncertain factors to evaluate security and privacy of blockchain based systems, over the bitcoin which still lacks a consistent model. System model, trust model and decentralization, security assumptions, and performance requirements are in a trade-off relationship. Designers of each blockchain based system deal with elusive and non-static security and privacy model. In this keynote, I will show how bitcoin and blockchain give a new perspective to analyze the nature of these protocols, and what is needed for security researchers to deal with practical but elusive technologies.