Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Blockchain

16,541 views

Published on

http://bitcoin-class.org
Introduction to Cryptocurrency
University of Virginia
cs4501 Fall 2015

Published in: Economy & Finance
  • Dating for everyone is here: ♥♥♥ http://bit.ly/2Q98JRS ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ❤❤❤ http://bit.ly/2Q98JRS ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

The Blockchain

  1. 1. Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia Class 7: The Blockchain
  2. 2. 1
  3. 3. Plan for Today Trust Distributed Consensus Proof-of-Work Blockchain 2 Next Wednesday: Checkup 2 Classes through next Monday Checkup 1, PS1 Readings: Satoshi paper Antonopoulos book: Ch 6 and 7 Princeton book: Ch 2 and 5
  4. 4. Where does trust come from? 3
  5. 5. 4 http://www.jdsurvey.net/jds/jdsurveyMaps.jsp
  6. 6. 5 Image credit: https://howveryromanian.wordpress.com/2013/09/15/ba Queuing for cooking oil (Bucharest, 1986) Scott Edelman
  7. 7. 6Image: Queerbubbles CC BY-SA
  8. 8. 7
  9. 9. Sources of Trust Yourself (super trustworthy!) Mathematics and Science Trustworthy because of logic, verified experiments Organizations and People Trustworthy because of what they have to lose (reputation) Trustworthy because of trusted oversight (law, police) Trustworthy because incentives are aligned Trustworthy because of processes they follow 8
  10. 10. 9 Bitcoin’s solution: a public ledger Trust in resources
  11. 11. Public Ledger 10 Node A Node B Node C M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob
  12. 12. Public Ledger: Distributed Trust (?) 11 Node A Node B Node C M = transfer X to Bob Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb SignKRA [H(M)]
  13. 13. 12 Node A Node B Node C M = transfer X to Bob Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb ok! ok! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob) SignKRA [H(M)]
  14. 14. 13 Node A Node B Node C Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb ok! ok! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob)
  15. 15. 14 Node A Node B Node C M = transfer X to Cathy tc tc tc tc BAD! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob) Transactions 1 tc (X->Cathy) SignKRA [H(M)]
  16. 16. Scaling the Network 15 Node A Node B Node C ta tb tb Node D Node E Node F Node G
  17. 17. Blockchain 16 Public ledger without fixed set of nodes – decentralized, distributed trust Requires coalition with majority of computing power to collude to cheat
  18. 18. Blockchain 17 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions
  19. 19. Inconsistent Blockchains 18 Node A Node B Node C Node D Node E Node F Node G How do we know which blockchain is “correct”?
  20. 20. 19 CRYPTO 1992 Cynthia Dwork (now at MSR) Moni Naor (Weizmann Institute)
  21. 21. 20
  22. 22. Idea: Proof-of-Work Pricing Function: (f) - moderately easy to compute - cannot be amortized computing f(m1),…, f(ml) costs l times as much as computing f(mi). - easily verified: given x, y easy to check y = f(x) 21
  23. 23. Proposed Pricing Function 22 Extracting Square Roots index: p find x, y such that y2 = x mod p Dwork and Naor proposed two other pricing functions, designed to have “shortcuts” (backdoors) to allow administrators to compute them efficiently.
  24. 24. Hashcash Adam Back 1997 23
  25. 25. Interactive Hashcash 24 mail sender mail recipient’s server Hello Challenge: r r  random nonce Everyone agrees on one-way function f
  26. 26. Interactive Hashcash 25 mail sender mail recipient’s server Hello Challenge: r r  random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail)
  27. 27. Interactive Hashcash 26 mail sender mail recipient’s server Hello Challenge: r r  random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r
  28. 28. Interactive Hashcash 27 mail sender mail recipient’s server Hello Challenge: r r  random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r Can we make this non-interactive?
  29. 29. Non-Interactive Hashcash 28 mail sender mail recipient’s server Everyone agrees on one-way function f Verify
  30. 30. Non-Interactive Hashcash 29 mail sender mail recipient’s server, s Everyone agrees on one-way function f How well would this work if f is SHA-256? msg || x Verify f(msg || x) = s
  31. 31. Pre-image Attack on SHA-256 30 search for x such that f(msg || x) = s
  32. 32. 31 Estimated hash rate of entire bitcoin network: 441,695,290 GH/s
  33. 33. 32
  34. 34. Variable-Difficulty f 33 Challenge: r, Difficulty: d Find an x such that: SHA-256(msg || x) < T/d T is some set “target”. If the difficulty doubles, how much more work is expected?
  35. 35. Bitcoin’s Proof-of-Work 34 Find an x such that: SHA-256(SHA-256(r + x)) < T/d Why use double SHA-256?
  36. 36. 35 http://crypto.stackexchange.com/questions/779/hashing-or-encrypting-twice-to-increase-security
  37. 37. 36 https://bitcointalk.org/index.php?topic=45456.0;all
  38. 38. 37https://bitcoinwisdom.com/bitcoin/difficulty Difficulty adjusts (every 2016 blocks) to keep block-finding time around 10 minutes
  39. 39. 38https://bitcoinwisdom.com/bitcoin/difficulty
  40. 40. Finding the Next Block 39 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r + x)) < T/d
  41. 41. Finding the Next Block 40 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r + x)) < T/d r = header + transactions (including mining fee) header = H(previous block)
  42. 42. Actual Bitcoin Block 41 https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers
  43. 43. Inconsistent Blockchains 42 Node A Node B Node C Node D Node E Node F Node G The longest blockchain is the “right” one.
  44. 44. 43
  45. 45. 44
  46. 46. What happened to proof-of-work for sending email? 45
  47. 47. 46 Instead of making computers do inane, repetitive work to prevent mass automation, we make humans do inane, soul- killing work!
  48. 48. Charge Readings: Satoshi paper Antonopoulos book: Chapters 6 and 7 Princeton book: Chapters 2 and 5 Wednesday: Checkup 2 47

×