SlideShare a Scribd company logo

Blockchain Credit Introduction

Download as PPTX, PDF
D
Dev

A technical Introduction to Blockchain.

Technology
1 of 205
Introduction to Blockchain Credit – Countless sources on Internet - Devdatta Ajgaonkar
The problem • Internet is great but too easy to lie. • The old solution : Identify the authority. Allow authority to impose the ‘truth’. Blindly trust the authority. • Single point of control/failure/bottleneck. • Authority may be (or become) incompetent/compromised/biased or corrupt/unavailable or some other unknown issue. • No transparency. Can not verify much. Trust in institutions is waning. • How can we do better? Avoid relying on authority. Use consensus of peers. Liars can lie but ultimately, they will be ignored by all. • Solution : chronicling : time series of archivable data that anyone can verify. • Decentralized (storage, authority), transparent and permission-less, immutable.
What is a blockchain? Block N Prev Hash Data Block N+1 Prev Hash Data Block N+2 Prev Hash Data Latest new block • Digital messages bundled into blocks linked using cryptography • Immutable Decentralized ledger • Each block contains cryptographic hash of previous block, timestamp and transaction data (arranged as a Merkle tree) => chronicling ! • Invented by Satoshi Nakamoto in 2008 as a public ledger of bitcoin timestamp timestamp timestamp Old block
The Times 03/Jan/2009 Chancellor on brink of second bailout for banks • Bitcoin’s first block. • This was probably intended as proof that the block was created on or after January 3, 2009, as well as a comment on the instability caused by fractional- reserve banking. • This detail, "second bailout for banks" could also suggest that the fact a supposedly liberal and capitalist system, rescuing banks like that, was a problem for Satoshi . . . the chosen topic could have a meaning about bitcoin’s purpose . . . • First draft published in Cypherpunk mailing list. • Could be a social, ecomomic and political movement (similar to “occupy movement”, Metoo, LGBTQ, black lives matter etc). • https://activism.net/cypherpunk/manif esto.html
What is a Distributed Ledger Technology (DLT)? • Database of records that isn’t stored or confirmed by any central body. A distributed ledger is merely a type of database spread across multiple sites, regions, or participants. • In DLT, the implementer has greater control over how it is in fact implemented. They could, in principle, dictate the structure, purpose, and functioning of the network that underpins its service. • Cryptographic signing and linking groups of records in the ledger, to form a chain is what sets blockchain apart from DLT. • Blockchain is a type of DLT. DAG (Directed Acyclic Graph) based Tangle (used by IOTA) and Hashgraph, are examples of DLT without any blocks/chain.
The Benefits Of Blockchain And Distributed Ledger Technology DLT gives control of all its information and transactions to the users and promotes transparency. Decentralization. They can minimize transaction time to minutes and are processed 24/7 (saving businesses lot of money). The technology also facilitates increased back-office efficiency and automation (saving businesses lot of money). DLTs cut down on operational inefficiencies. Cuts the middle party. Greater security is also provided due to their decentralized nature, as well as the fact that the ledgers are immutable.
Blockchain Applications Crypto currencies & Smart contracts Defi (traditional financial instruments in a decentralized way, lending/credit etc) Banking the unbanked (Humaniq, bloom, moneyamigo) Unbanking the banked (OmiseGo) Payments, Cross border money transfer (Stellar, ripple) Asset management Wallets, crypto exchanges, DEX DAO (Decentralized autonomous organization) Games : lottery based games (eg Fomo3D), non-fungible tokens (eg cryptokitties) Prediction market : Augur Notary : blocknotary.com, stampd.io: immutable copyrights, timestamp, interview Infra – resource tokens – compute/storage etc Distributed cloud storage : ipfs, storj.io : encrypt, split, distribute Supply chain and proof of provenance Digital identity, Authentication and authorization IOT
Types of blockchains Public blockchain (e.g. bitcoin, Ethereum, Litecoin etc) • Public - permissionless, trustless, immutable. • Fully decentralized Private blockchain aka permissioned blockchain (e.g. JP Morgan Quorum, BankChain) • Fully private with write permissions kept within a single organization • Businesses have sensitive information that can not be shared publicly. • Privacy of participants (ring signatures, stealth addresses etc) • Privacy of data/transactions/balances (Zero Knowledge proofs, Pedersen commitments) • Transactions are private, known only to participants with permissions. • Controlled by single organization. Centralized. • Participants are known and trusted and need consent to join Consortium blockchain aka shared permissioned blockchain (e.g. Hyperledger, Ripple, R3) • Partly private, permissioned, multi-org, semi-decentralized - Hybrid between public and private
Big names in “Enterprise Blockchain”: Hyperledger (https://www.hyperledger.org/) Led by Linux Foundation, IBM (Hyperledger Fabric) Focus: finance, healthcare, supply chain Consortium of 20+ corporate members, 120+ start-up & ecosystem participants, 20+ institutions to advance blockchain technologies through open-source, collaborative development Produces enterprise-focused software solutions & tools for implementing blockchain applications, PoCs, solutions, etc. Hyperledger Fabric - Private permissioned blockchain, modular plug-and-play solutions
Hyperledger (https://www.hyperledger.org/) Burrow : modular blockchain client with a permissioned smart contract interpreter built in part to the specification of the Ethereum Virtual Machine (EVM). Fabric : An enterprise-grade permissioned DLT framework that offers modularity, privacy options to satisfy a broad set of industry use cases ranging from finance, to healthcare, to supply-chain and more. Grid : Hyperledger Grid is a WebAssembly-based project for building supply chain solutions. It includes a set of libraries, data models, and SDK to accelerate development for supply chain smart contracts and client interfaces. Indy : It provides tools, libraries, and reusable components for creating and using independent digital identities rooted on blockchains or other distributed ledgers for interoperability. Iroha : This is a modular distributed blockchain platform with its own unique consensus and ordering service algorithms, rich role-based permission model and multi- signature support. Sawtooth : It includes a novel consensus algorithm, Proof of Elapsed Time (PoET), which targets large distributed validator populations with minimal resource consumption. And many more ...
(https://consensys.net/) Incubator for Ethereum- focused applications, startups, and developer tools. Founded in 2015 by Joe Lubin (co-founder of Ethereum). “Hub-and-spoke” model with shared, central resources and “spoke” ventures. Enterprise Ethereum. Supports adoption, ecosystem expansion, network effects for Ethereum. Multiple divisions & efforts : e.g. Gitcoin, MetaMask, truffle, Infura, https://kaleido.io/ Blockchain as a Service.
R3 (https://www.r3.com/) Enterprise blockchain company. It leads an ecosystem of More than 300 firms working together to build dApps on top of Corda for usage across industries such as financial services, insurance, healthcare, trade finance, and digital assets. Corda is R3’s distributed ledger technology platform, open sourced in November 2016, specifically designed for financial sector. Data privacy, regulator focused, smart contracts, enterprise grade. Point to point, no mining, no broadcast, data sharing on need- to-know basis. https://www.corda.net/
Intersection of many different fields Cryptography & mathematics Distributed computing, consensus algorithms Computer Security Fintech/DeFi, Banking Art, music, gaming, sports Politics & government Law and regulation Game theory & crypto economics Experts from all these fields trying to sort this out Wild wild west right now
Do you really need a blockchain?
Fun facts about Bitcoin • Total #bitcoins fixed (deflationary) = 21 million, 85% mined so far. • Inventor is unknown. Pseudo name - Satoshi Nakamoto. • Published paper on 10/31/2008 : Bitcoin: A Peer-to-Peer Electronic Cash System. • May 22 bitcoin pizza day. First real world transaction in 2010, paid 10000 BTC for 2 Papa John’s pizzas. • Genesis block “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks” https://en.bitcoin.it/wiki/Genesis_block • HODL - originated in 2013 with a post to the bitcointalk forum. HODL as Strategy and Philosophy. Move over HODL, it's time to BUIDL. • Room 77 – Accepting Bitcoin since 2011. • https://www.blockchain.com/explorer • Not account based. Based on UTXO model (unspent transaction output). • Implementations : Bitcoind (C++), btcd (go), bcoin (node.js). • Bitcoin Improvement Proposals (BIPs) ~ RFC
Fiat (traditional) versus Crypto currency FIAT (TRADITIONAL) CURRENCY CRYPTO CURRENCY Decentralized No (central bank) Yes (mathematical) Type Real Virtual Intermediates Yes No (peer to peer) Portability & speed Moderate (slow) Yes Durable Moderate Highly durable Acceptance National Global Secure Moderate High (but comes with Risks of hacks/exploits etc) Sovereign (government issued) Yes No Smart No yes
• Source https://coinmarketcap.com/ • Aug 2, 2019.
Criticism Poor Scalability Hacks, attacks, vulnerability exploits PoW – wastage of energy, scale, privacy, confirmation time etc Regulatory issues Frauds & Scams Volatility UX and usability – work in progress Market manipulation Dark web, silk road, extortion etc Tax evasion No killer app?
Fundamentals: Cryptographic Hash Function Properties • Pre-image resistance : Assume x is the message. Given H(x), it’s computationally difficult to find x. aka trapdoor or one-way Fingerprint analogy – whose fingerprint is this? • Collision Resistance : Hard to find any two x and y s.t. H(x) == H(y) Fingerprint analogy – can you find two random people with the same fingerprint? • Second pre-image resistance : Given x, it’s computationally difficult to find some value x’ s.t. H(x) == H(x’). Fingerprint analogy – can you find someone else with the same fingerprint as you? • Noncorrelation or Avalanche effect : A tiny change (even 1bit) in the input produces extensive change in output (significantly different) s.t. it can not be correlated to the hash of original message. • Verifiability : Computing the hash of a message is efficient (linear complexity). • Deterministic : A given input message always produces the same hash output. • Bitcoin uses double hash, SHA-256(SHA-256(x)).
Crypto Basics – 1 Collision resistant hash functions (CRHF) • Collision resistant hash functions (CRHF) Hash(Message) ---> T | Input Message space | >> | target space | (256b) • Hard to find collision although, using pigeonhole principle, many collisions exist. • Use Merkle trees for shorter proofs. • Merkle tree is a tree in which every leaf node is labelled with the hash of a data block, and every non-leaf node is labelled with the hash of its child nodes.
Crypto Basics – 2 Proof of Work • Proof of Work - Goal : to build a puzzle such that to solve it, it takes at least a constant time controlled by difficulty level O(D), to verify though it takes O(1) time. • Puzzle : Input x, solution y : H(x, y) < 2^n / D … n=256, D varies. - Verify(x, y) : accept if H(x,y) if hash has at least D zeroes in the left of hash. • CRHF does not mean it’s PoW secure
Crypto Basics - 3 Digital signatures • Digital signatures - Authentication, non-repudiation, immutable (message integrity). • Set of 3 algorithms. (G, S, V) - Generator(): o/p (pk, sk), no i/p - Sign(sk, m) : o/p sig - Verify(pk, m, sig) : o/p yes/no • Bitcoin, Ethereum uses ECDSA (suffers from malleability attack) • Future : Schnorr signatures, BLS signatures, Ring signatures etc
Security perspective • Do not roll your own crypto, must be peer reviewed and battle tested. Even great mathematicians and cryptographers make mistakes. • Algorithms will be broken (advances in maths, computers, tech etc). • The time from acceptance to deprecation is shrinking. • Keep up to date with deprecated functions (RC2/RC4, (X)DES, SHA-1, MD2/MD4/MD5, RSA < 1024b, ECDSA 160b, SSL). Be ready to swap in different encryption methods. • Humans are the weakest link, how one uses cryptography can undo security.
Merkle tree A Merkle tree is a tamper-resistant data structure that allows a large amount of data to be compressed into a single number and can be queried for the presence of specific elements in the data with a proof constructed in logarithmic space.
Bloom filter • A bloom filter is a probabilistic data structure that can answer the question of whether a value is absent from a set while maintaining a constant space requirement and a constant lookup time • If the bloom filter responds that an item does exist in a set, it may be a false positive. • A bloom filter consists of an array of bits and a set of hashing functions that each return a number that corresponds to the index of a bit in the bit field. • To encode a value, we pass the value as an input to each hashing function. We set the bit at each returned index to 1. If the bit at a given index is already 1, no change occurs. • To ask the whether a value already exists in the bloom filter, we run the value through each hashing function. If any function returns an index in the bit field that is still 0, we can say for certain that the value has not yet been encoded. • In Bitcoin, bloom filters allow lightweight wallets to request the transactions they care about without revealing the user's identity. For example, the wallet may encode its addresses into a bloom filter and send the bit field in a request to the network. The answering node returns a list of transactions that involve addresses for which the bloom filter returns a positive result. The list of transactions returned may contain many false positives. • The false positives help hide which addresses actually belong to the requester.
Simple Payment Verification (SPV) • SPV nodes don’t have all transactions and do not download full blocks, just block headers. In order to verify that a transaction is included in a block, without having to download all the transactions in the block, they use an authentication path, or merkle path. • The SPV node will establish a bloom filter on its connections to peers to limit the transactions received to only those containing addresses of interest. • When a peer sees a transaction that matches the bloom filter, it will send that block using a merkleblock message. The merkleblock message contains the block header as well as a merkle path that links the transaction of interest to the merkle root in the block. • The SPV node can use this merkle path to connect the transaction to the block and verify that the transaction is included in the block. The SPV node also uses the block header to link the block to the rest of the blockchain. • The combination of these two links, between the transaction and block, and between the block and blockchain, proves that the transaction is recorded in the blockchain. • All in all, the SPV node will have received less than a kilobyte of data for the block header and merkle path, an amount of data that is more than a thousand times less than a full block (about 1 megabyte currently). • Application -> Thin wallets, say, on a Mobile.
Private Key & Public Key & Bitcoin address • Bitcoin uses ECDSA to create sk and pk. • secp256k1 : Y^2= ( X^3+ 7 ) over ( Fp) • Private key (k)– simply a 256 bit number picked randomly. Toss a coin 256 times. Must be kept secret. • Public key (K) – scalar point multiplication of G by k on secp256k1 curve. Public. (x, y) • Bitcoin address = Base58CheckEncode ( RIPEMD160(SHA256(K)) ) is 160 bit hash of Public key. • Base-58 alphabet: - 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 58 characters (omits 0, O, I, l) => Note : Case sensitive !!! • Practically impossible for anyone to overlap. For reference - Grains of sand on earth: 2^63 - With 2^63 earths, each with 2^63 grains of sand : 2^126 total grains of sand. - 2^126 is only 0.000 000 00 58 % of 2^160. - Population of earth : 7.5 billion (2017). Every person could have 2^127 addresses all to themselves. Private Key (k) 256 bit Bitcoin Address (160 bit) ECM RIPEMD160(SHA256(K)) Public Key (K) K = (x, y)
Public Key • Public Key (K) derived from private key (k) using elliptic curve multiplication. - K = k * G where G is a fixed generator point. - ECC is a trapdoor function. easy to compute in one direction, yet difficult to compute in the opposite direction without knowing the trapdoor. • The reverse operation, calculating k, for a Public K is as difficult as trying all possible values of k i.e. Brute Force search. This is aka “finding the discrete logarithm problem”. • Bitcoin uses a specific elliptic curve as defined in an NIST standard, called secp256k1 curve.
Base58 Bitcoin Address Type Version Base58 result prefix Bitcoin Address 0x00 1 Pay-to-Script-Hash Address 0x05 3 Bitcoin Testnet Address 0x6F m or n Private Key WIF 0x80 5, K or L BIP-38 Encrypted Private Key 0x0142 6P BIP-32 Extended Public Key 0x0488B21E xpub Note that Base-58 encoded Bitcoin address is case sensitive. The new style addresses aka bech32 addresses are not case sensitive.
Blockchain layers • Layer2 : Decentralized computing model. (BTC scripts, EVM etc) • Layer3 : dApps (wallets, games, prediction markets etc) • Layer1 : Consensus protocols (PoW, PoS, PoSpace etc)
Layer 1 Consensus Basics : Distributed systems properties, BFT • Concurrency • Message passing – Synchronous (message delivered in fixed time) or Asynchronous (network may delay/duplicate/deliver out of order) • Lack of global clock – time and order of events • Independent failures, failure modes : • Crash fail (stops without warning) • Omission (messages dropped, delay/duplicate/out of order) • Byzantine (may choose to be malicious, lie / collude), hardest • Byzantine fault tolerance - Nodes can be both, honest or dishonest depending on incentives. Nodes may be B (byzantine) or A (altruistic) or R (rational) meaning follow protocol only when it suits them.
FLP impossibility, CAP theorem and Blockchain Trilemma • FLP impossibility (Fischer Lynch Patterson 1982) : In case of async, pick any 2 out of the following 3 to get a consensus Safety/Liveness/Fault tolerance. • CAP theorem (1998 Brewer’s theorem @ UCB): It is impossible for a distributed data store to simultaneously provide more than two out of the following three guarantees:[ • Consistency: Every read receives the most recent write or an error • Availability: Every request receives a (non-error) response – without the guarantee that it contains the most recent write • Partition tolerance: The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes • Distributed systems must have Partition Tolerance. That leaves A or C. A is a must. So C goes out. It becomes eventual consistency. • Blockchain Trilemma (Vitalik Buterin) : Can not have all three properties – decentralization, security and scalability.
Consensus (timeline) • Byzantine generals problem : If f >= N/3 => consensus impossible. (f: faulty/traitors N: total nodes). 2/3 nodes must be loyal. • Fischer Lynch Patterson, FLP impossibility result (1982) : In case of async, pick any 2 out of the following 3 to get a consensus Safety/Liveness/Fault tolerance. • Ben Or (1983), Rabin (1983), Partial Synchrony (1984), Viewstamped replication (1988), Paxos (1990) • Sybil attack – voting based systems, based on identity. Attacker can make up identities. Solution : Make identities cost something. • Practical Byzantine Fault tolerance PBFT (1999) : based on state machine replication. f must be < N/3. Uses voting (leader, backup). Exponential communication. Issue - Does not scale, Sybil Attacks possible. Used in Hyperledger. • RAFT (2014) Stanford, is not a BFT. Quorum uses a Raft implementation in `etcd` • Nakamoto (2008) – lottery. Used in Bitcoin. • Federated Byzantine Agreement – each node can decide whom to trust and be part of their decision-making group, called as a quorum slice. Used in Stellar and Ripple. Every Byzantine general, responsible for their own chain, sorts messages as they come in to establish truth. In Ripple the generals (validators) are pre-selected by the Ripple foundation. In Stellar, anyone can be a validator so you choose which validators to trust.
Layer 1 : Consensus • Agreement – no two correct processes decide differently • Validity – If a process decides value v, then v was proposed by some valid process • Safety = agreement + validity • Termination – every correct process eventually decides correct value = liveness
Nakamoto Consensus in Bitcoin No voting, no particular timing to hold a consensus. No need for precise membership. Permissionless. No identity required! Solve a cryptographic puzzle instead of voting. Not aiming for fully correct consensus. Eventual consistency. Proof of work • make it harder for dishonest miners to propose a block • miners solve computationally hard problems when a block is created Incentives for miners to be honest and to be on the longest chain.
Nakamoto Consensus What do we agree on? – We agree on a block which has a set of valid transactions. Who can propose/author a block? – anyone who has solved the puzzle. PoW in Bitcoin. How do we agree? - Set of rules for consensus. Longest chain wins (most PoW) => finality in 6 confirmations. In Nakamoto : • Agreement – NO, successful PoW does not guarantee finality. • Validity – yes, o/p is one of the i/ps • Termination – statistically yes, mathematical proof. • Fault tolerance – yes, works even if one or more nodes fail. • Finality - a block can get reversed. Practically, finality of 6 confirmations. Cons - High latency, low throughput, does not scale, wastes energy. Anyone can author a block - PoW Finality : longest chain wins
In Bitcoin • Agreement – NO. Different miners may work on different set of transactions and thus may output different blocks if they are able to solve the puzzle and this may cause a split or orphan blocks. This can happen due to network latency or some mining policy or also with a double spend attack. So a successful PoW never guarantees finality. • Validity – YES. Due to incentives, everyone wants to be on longest and valid chain. • Termination – YES. Solving the puzzle is probabilistic. It's a Bernoulli trial since it has only 2 outcomes. Nodes try many nonces (or reorder the transactions of Merkle tree) that this can be approximated by Poisson process. It is an exponential distribution. Some blocks may be found sooner than 10 minutes and some later. There is no guarantee that a solution is always found. But mathematically the probability of not finding a solution is very little. Also every 2016 blocks, the difficulty is auto adjusted (increased or decreased). So the output will be found almost always.
Mining • A “full node” must do the following : - Download entire blockchain and verify the transaction history - Nodes broadcast transactions, verify incoming transactions - Miners create a block of valid transactions - Find a nonce, timestamp, merkle root to solve the puzzle - Reorder transactions in a block to change merkle hash if it runs out of nonce/timestamp - Broadcast your block - Hope that your block is accepted by other nodes => Profit ! - Unsuccessful miners abandon their current candidate blocks and start work on new ones, remove done tx from mempool • Transaction fees depend on size of transaction • Miner may also get an MEV (Miner extractable Value) - more on this later. • Profit = Mining revenue (Block reward + transaction fees) - Mining cost (fixed costs + variable costs) • Fixed costs = hardware • Variable costs = electricity , cooling, (pools : warehouse, personnel etc) • Rewards/Incentive for honesty => more secure network. • PoW ensures that miners willing to spend/invest for hw to earn BTC.
Mining • Different miners may work on different set of transaction in a block. • Mempool in RAM holds validated unconfirmed transactions until they are picked. • Miners see transactions before they are confirmed and could maliciously change them before transactions are validated (e.g. Malleability of ECDSA attack). • Every block contains mining reward aka Coinbase transaction which is the first transaction of a block, wherein, miner sends a reward to its own address, for generating a new block through mining by solving the puzzle. • The reward for mining the first block was 50 BTC. The reward is halved every 210,000 blocks. Current block reward 6.25 BTC, mined approximately every 10 minutes. It will take about 132 years to mine all 6,929,999 blocks, and the last block will be mined in 2140. • Miners also collect transaction fees = Σ inputs – Σ outputs. Higher the fee, higher the chance of transaction making into a block.
Mining • CPU -> GPU -> Fpga -> Asic • Asic mining - Pros: Low power, higher hash rate, smaller, high profit - Cons: Costly, coin specific, low resale, short life span, non- upgradable, monopolies using dubious methods (asic boost, selfish mining, eclipse attacks etc • Asic resistant mining algorithms - Reduce barrier to entry, increase decentralization, improve security via increasing community participation • PoW for Bitcoin is SHA256(SHA256(block_header)) • Ethereum uses PoW algorithm called 'ethash', designed to require more memory to make it harder to mine using expensive ASICs. • In 2018, Bitmain released Ethereum asic miner called Antminer E3. Eth has proposed ProgPoW.
Mining Puzzles • Memory-hard : requires lot of memory to solve puzzle. Asic resistant. • Memory-bound : time to access memory dominates time to compute. Note : A puzzle can be just memory‐hard without being memory‐bound, or memory‐bound without being memory‐hard, or both. • SHA-256 – Secure Hash, Bitcoin PoW (and used by many others) • ETHASH - Ethereum’s PoW. Asic resistant via memory hardness. • Scrypt – memory hard. Simpler and quicker than SHA-256. PoW in Dogecoin, Litecoin etc • Equihash – PoW for standard CPUs. Used in Bitcoin Cash, Zcash. • Cryptonight – PoW for CPU mining. Used in Monero. • Cuckoo cycle - ASIC-resistant PoW algorithm which is memory bound. Goal is to find a fixed length L ring in the Cuckoo Cycle bipartite graph randomly generated. CuckARoo (anti-ASIC) and CuckAToo (ASIC-friendly). Grin uses 90% CuckARoo + 10% CuckAToo.
What if two miners solve puzzle at the same time? • Both miners will broadcast their solution on the network • Nodes will accept the first solution they hear and reject others • Nodes always switch to the longest chain they hear • Eventually the network will converge and achieve consensus • Block height = Current block number starting from genesis block • Block depth = #blocks after the given block • To avoid double spend attack, 6 confirmations are recommended by Satoshi. • Finality time => one hour! Similar to credit card transactions which can get reversed!
Bitcoin Block time and total supply How often are new blocks created? Approximately once every 10 minutes. Every 2016 blocks, the target T is recalculated. Let tsum = Number of seconds taken to mine last 2016 blocks Tnew = (tsum/(14 × 24 × 60 × 60) ) × T The block reward was initially 50 BTC per block Halves every 210,000 blocks ≈ 4 years Became 25 BTC in Nov 2012 and 12.5 BTC in July 2016 Total Bitcoin supply is fixed - 21 million bitcoins The last bitcoin will be mined in 2140 Fun fact : In Sep2019, Block #597,273 was mined 119 minutes after its parent. This happened only 10 times in Bitcoin's history, last time in May of 2014.
Mining calculators. When is Bitcoin Mining profitable exactly? • Ant-miner hydra : hash rate 18 TH/sec (tera = 10^12), power consumption 1.7kWH • #hashes per ant-miner in 1 hour = 64,800 * 10^12 • Assume Difficulty = 2^75 • #ant miners to mine 6 blocks in 1 hr = (2^75 * 6)/ 64,800 * 10^12 = 3,498,050 • Total power consumed = 3,498,050 * 1.7kW = 5.9million kWH • Cost of electricity = $0.05 per kwh * 5.9 million kwh = 295K$ • 6 rewards = 6 * 12.5 BTC * 10000$ = 750K USD • Pool fee, cooling, data center Opex costs, transaction fees, attacks etc • Rigs 'Sold By Kilo' https://news.bitcoin.com/miner-goes-bankrupt- manufacturers-stuck-with-inventory-old-rigs-sold-for-scraps/
Mining pools • A user has to wait on average few years to mine a block alone. • Pooling of resources by miners, who share their processing over a network, to share the reward. Expected revenue from pool slightly lower than solo but it significantly reduces variance of income. • Monopoly 84% of mining by mining pools – centralization? • A single pool with hash rate > 50% is a real threat. • 74% of the hash power coming from China! “The Looming Threat of China: An Analysis of Chinese Influence on Bitcoin” – a Princeton research paper. https://blockchain.princeton.edu/papers/2018-10-ben- kaiser.pdf • Geographical Centralization of Mining Risks 51% Attack. • https://miningpoolstats.stream/bitcoin • Multi pool mining – switch between altcoins. Pool hopping attack. • Stratum – pool mining protocol between miners and pool. https://github.com/ctubio/php-proxy-stratum/wiki/Stratum- Mining-Protocol
Why the miners are not in control? Bitcoin : No foundation, unknown founder(s). Ethereum : foundation ✔, founders known. ICO : money raised by single company Exchanges also play a role – what to list, to support a fork or not, how to label forks (BTC vs BCH) etc /o
Game theory • Game theory is the study of mathematical models of strategic interaction between rational decision- makers. It has applications in all fields of social science, as well as in logic and computer science. Originally, it addressed zero-sum games, in which one person’s gains result in losses for the other participants. — Wikipedia B betrays B stays quiet A betrays Both jailed for 2 years. A is free. B is jailed for 3 years. A stays quiet B is free. A is jailed for 3 years. Both jailed for 1 year. Prisoner’s dilemma The only possible outcome for two purely rational prisoners is to betray each other!
Mining pool strategy and attacks Pay per share: flat fee for each header < pool_target, beneficial for miners, pool takes risk from reward variance. no incentive to submit valid block. Proportional: get proportion of work done/block reward only when a block is found. Lower risk for pool operators, one issue : pool hopping. Finney attack (double spend), 51% attack, feather forking attack, asic boost, Selfish mining, eclipse attack, goldfinger attack, fee sniping etc Selfish mining – block withholding. Dishonest minority can attack! Solution - Uncle blocks, choose randomly if more than one block appear approximately at the same time (instead of choosing first) and Publish or perish Verifier’s dilemma – verification of blocks takes time. May be cheaper not to verify?
Miner’s dilemma A pool member can sabotage an open pool by seemingly joining it but never sharing its proofs of work. The pool shares its revenue with the attacker, and so each of its participants earns less. Any open pool can increase its own profits by attacking another open pool. However, if both attack each other, both earn less than if none attacks. With any number of pools, no-pool-attacks is not a Nash equilibrium. With two pools, or any number of identical pools, there exists an equilibrium that constitutes a tragedy of the commons where the pools attack one another and all earn less than they would have if none had attacked. For two pools, the decision whether or not to attack is the miner's dilemma, an instance of the iterative prisoner's dilemma. The game is played daily by the active Bitcoin pools, which apparently choose not to attack. If this balance breaks, the revenue of open pools might diminish, making them unattractive to participants.
Cryptoeconomics • The creation of Bitcoin as a Byzantine Fault Tolerance (BFT) system is the result of a harmonious blend of cryptography and game theory. • The use of game theory within the cryptocurrency context is what gave birth to the concept of Cryptoeconomics, which is basically the study of the economics of blockchain protocols and the potential consequences that the design of these protocols may present - as a result of its participant behaviors. It also considers the behavior of “external agents” that are not really part of the ecosystem, but could eventually join the network only to try and disrupt it from within. • One of the most important features of the Bitcoin network that protects it from malicious activity is the Proof of Work consensus algorithm. • It applies cryptographic techniques that cause the mining process to be very costly and demanding, creating a highly competitive mining environment. • Therefore, the architecture of PoW-based cryptocurrencies incentivizes the mining nodes to act honestly (so they do not risk losing the resources invested). • In contrast, any malicious activity is discouraged and quickly punished. The mining nodes that present dishonest behavior will probably lose a lot of money and will get kicked out from the network. • Consequently, the most probable and rational decision to be made by a miner is to act honestly and keep the blockchain secure.
Double spending attack Alice sends btc to Bob for goods, Bob does not wait for confirmation. Alice can spend the same btc to pay address controlled by herself before Bob’s transaction is confirmed. This is known as Double spending attack. Sometimes done using ‘Replace by Fee’ (pay higher transaction fee). Even if it’s confirmed, Alice can mine herself and create longer chain => 51% Attack! What if Alice controls > 50% of the total network hash power? If not, Alice can always collude with miners or bribe a miner operator.
Double spending attack Cryptocurrencies prevent double spending by reaching consensus on an ordered log of transactions. Reaching consensus is difficult because of the open setting. Since anyone can participate, an adversary can create an arbitrary number of pseudonyms (Sybils) making it infeasible to rely on traditional consensus protocols that require a fraction of honest users. Bitcoin solves this problem by using Proof of work, where users must repeatedly compute hashes to solve puzzles and longest chain wins. PoW ensures that an adversary does not gain any advantage by creating sybils. However, PoW allows possibility of forks when two blocks are mined at same time. Mitigating forks requires unfortunately high block time and longer confirmation time. This is where PoS comes in picture.
Bitcoin PoW issues • Wastage of energy - https://digiconomist.net/bitcoin-energy-consumption • Centralization in the hands of bunch of mining pools • Scalability : bitcoin 7tps, eth 15 tps, ripple 1500 tps, visa 24000 tps! • Forks : ambiguity not good in finance • Long latency for confirmation (6 confirmations = 1 hour)! • Not economical for micro-payments (use payment channels, e.g. lightening)
Proof of stake and other consensus algorithms PoW issues – wastage of energy, concentration(mining pools), scalability, forks (ambiguity not good in finance), long latency. Incentivizes to be good, but does not punish cheaters. PoS : reward good + punish bad. node’s stake = the amount of currency a user holds in the system. The more stake a user controls, the more authority they have over validation. Slashing – coins locked up to avoid nothing-at-stake attack. Validators lock up coins as stake. Stake slashed if found malicious. delegated PoS : Active delegates are voted into their roles by token holders. Used in EOS, stemmit, ARK etc BFT • Practical (PBFT) - good for enterprise consortium Used in Hyperledger, Zilliqa. • Delegated (dBFT) – use stake to elect validators/ council to run PBFT. Used in NEO. • Federated BFT – verified by a group. Used in Stellar (permissionless validators) and Ripple (permissioned validators) PAXOS and RAFT – RAFT from Stanford, much easier to understand than Paxos. RAFT is crash fault tolerant (CFT) followers blindly replicate leader, does not deal with Byzantine failures, so of not much use in Bitcoin world. Algorand – uses PoS, voting to agree on a block. Sharding - instead of delegates, work is split among all participating nodes. Example: Ethereum shard chains and Near protocol
Consensus Algorithms : PBFT (Practical Byzantine Fault Tolerance) • Used in enterprise consortiums where members are partially trusted. • #multicast messages needed in each phase of the three phase protocol multiplied by each replica in set. Replica set |R| with the maximum number of replicas that can be faulty is |R|= 3f + 1 • Issue 1: exponentially increasing message count as nodes (rather replicas) are added to the set. Does not scale with #nodes. • Solution: Rather than node == server, each organization would represent a node on the network node == organization. • Used in Hyperledger. • Issue 2 : Closed (permissioned) membership list, otherwise susceptible to Sybil attack.
Delegated BFT (dBFT) • To solve scaling issues of PBFT, here the stake holders (who own the native crypto currency) vote to select delegates. • Delegates is a validator responsible for voting on block proposal. • “Speakers” are randomly chosen from delegates. • The speaker creates and broadcasts (proposes) the new block. Two thirds of delegates must validate and approve the block, otherwise it’s discarded. Based on PBFT. • Delegates or speaker could be dishonest. • Used in Neo. Delegates in Neo network currently held by NEO council, thus impossible to launch 51% attack, but this is centralized.
Federated BFT Open to nodes joining in a permission-less way => decentralized. Used in Stellar and Ripple. In Ripple, validators are preselected by Ripple foundation, whereas in Stellar, anyone can be a validator and you choose which validators to trust. A quorum is defined as a set of nodes needed to reach an agreement in a distributed system. Quorum slices are the subsets of a quorum that are capable of convincing particular nodes of an agreement. The FBA model relies on individual nodes to choose their own sets of quorum slices. A node can depend on numerous slices for information, and this trust can be based on information from outside of the system and can be dynamic. Traditional BA requires that all nodes accept the same slices. Quorums intersect if they share a node (good). When quorums do not intersect, they are known as disjoint quorums (bad).
Ethereum proposed move to PoS using casper • Casper FFG (Friendly Finality Gadget), a hybrid version of PoS and PoW, where validators create checkpoints after every 50 blocks, which creates a new genesis block. Now discarded. • Casper TFG (The Friendly Ghost), which requires validators to put a certain amount of ETH as a deposit to be able to create blocks. Any malicious attempt by the validator may invoke a smart contract to destroy the deposited amount. Uses slashing. This proposal is based on the assumption that fear of penalty will keep the validators in check to stay honest, thereby resolving the nothing-at-stake problem. • Casper v2 – PoS pure + sharding. Latest.
Verifiable Random Function (VRF) - Micali, Rabin, Vadhan @ MIT • VRF is a pseudo-random function that provides publicly verifiable proofs of its output’s correctness. • Given an input value x, the owner of the secret key SK computes value y = FSK(x) and the proof pSK(x). • Using the proof and the public key PK=g^{SK}, anyone can check that the value y = FSK (x) was indeed computed correctly, yet this information cannot be used to find the secret key. • VRFs provide deterministic pre-commitments which can be revealed at a later time using proofs which can only be generated by a private key. • Unlike traditional digital signature algorithms, VRF outputs can be published publicly without being subject to a preimage attack, even if the verifier knows the public key (but not the proof). • Example : Non-interactive lottery. Organizer has secret function FSK. Each user chooses some x. Organizer computes y = FSK(x). Y somehow decides who is the winner. Issue is, users should not bias the lottery ie. FSK(x) should look random and organizer should not be able to lie about true y = FSK(x). => VRF.s
Algorand (Silvio Micali@ MIT) • Based on VRF & Byzantine Agreement (BA), called BA⋆. Communication using Gossip protocol. “Pure Proof of Stake”. • To prevent Sybil attack, Algorand assigns weight to each user based on money in the account. As long as money owned by honest users is > 2/3, it can avoid double spend. Phase 1 A single token is randomly selected, its owner can propose the next block. • Scalability is achieved using consensus by committee. A small set of representatives randomly selected based on weights. Committee changes every round. Phase 2 committee may approve the block proposed. • Cryptographic Sortition - To avoid targeted attacks on committee members, BA⋆ selects committee members in a private and non-interactive way. . This means that every user in the system can independently determine if they are chosen to be on the committee, by computing a function (a VRF) of their private key and public information from the blockchain. Secret self selection lottery. If the function indicates that the user is chosen, it returns a short string that proves this user’s committee membership to other users, which the user can include in his network messages. Since membership selection is non-interactive, an adversary does not know which user to target until that user starts participating in BA⋆. • Participant replacement. An adversary may target a committee member once that member sends a message in BA⋆. BA⋆ mitigates this attack by requiring committee members to speak just once. Thus, once a committee member sends his message (exposing his identity to an adversary), the committee member becomes irrelevant to BA⋆ • Fast agreement, on-the-fly, mostly in first round itself. No forks ever (extremely rare). Trivial computation. Finality (no need for ”eventual consistency”, true decentralization (no miners, no incentives). • Able to scale to millions of users and sustain a high transaction rate, without incurring significant cost to participating users. Consensus on a block is reached in parallel while the block is being propagated to the network, which typically happens in a few seconds. • Algorand Claims : True decentralization, Security and Scale. Decentralized : anyone can participate, no miners. Secure : random committee not known until after the fact. Messages are signed. Scalability : minimal messages, fast lottery, small committee.
Privacy & Anonymity & Ambiguity • Privacy is the ability to keep some things to yourself, regardless of their impact to society. ... So privacy is a concept describing activities that you keep entirely to yourself, or to a limited group of people. Failed in an exam? • In contrast, anonymity is when you are okay for people to see what you do, just not that it's you doing it. Eg wikileaks donations • Weak anonymity: pseudonym (eg reddit/Slashdot) pro: reputation, con: side channel leakage • Strong anonymity: un-linkable posts (eg 4chan) con: no reputation • Ambiguity – Ring signatures. “How to leak a secret” from MIT. Used in Monero. • Bitcoin is pseudonymous. Not anonymous. Sender and receiver addresses are known but their identity is not known. • In Bitcoin, sender, receiver address and value is in clear (not encrypted).
Bitcoin de-anonymization • Bitcoin de-anonymization - At network layer. If enough nodes collude, use User’s IP address. - Linking by “Idioms of use”. Heuristic 1 : Two or more address i/p to same transaction => they are controlled by same entity Heuristic 2 : change address is controlled by same entity as i/p address - Once one address is de-anonymized in a cluster, entire cluster can be de- anonymized. - Use mixer to be more anonymous, but has limitations - Little better to use coin join. Also has issues. - https://www.chainalysis.com/ and https://www.elliptic.co/
Bitcoin internals Magic number 0xD9B4BEF9 Blocksize (4B) Blockheader (80B) Transaction counter (1-9B) VarInt Transactions (variable size) nVersion (4B) hashPrevBlock (32B) = SHA256(SHA256( prev BlockHeader)) hashMerkleRoot (32B) nTime (4B) Timestamp nBits (4B) Target Difficulty nNonce (4B) Block header Version (4B) nVersion Input counter (1-9B, varInt) Inputs (variable) vector<CTxIn> vin Output counter (1-9B, varInt) Outputs (variable) vector<CTxOut> vout Lock time (4B) nLockTime Transaction structure Transaction ID (32B) hashPrevTx Output index (4B) nOut ScriptSig size (1-9B) scriptSigIn ScriptSig (variable) Sequence# (4B) nSequenceIn Value (8B) nValue ScriptPK size(1-9B, varInt) ScriptPubKey (variable) Input Output
A bitcoin transaction • Forth like stack based language. Example Alice wants to pay Bob • Funding transaction • Spending transaction • UTXO model Output locktime 2฿ Script PK1 5฿ Script PK (Alice) Transaction ID 1 Script Sig Alice Output0 Output1 To Bob To Alice (change) o/p index 1 Alice proves with SigAlice that this is Alice’s money to spend
Bitcoin Units of Measurement Unit BTC Cent-bitcoin (cBTC or bitCent) 0.01 Milli-bitcoin (mBTC or millibit) 0.001 Micro-Bitcoin (μBTC or bit) 0.000001 finney 0.0000001 satoshi 0.00000001 • Smallest unit is satoshi. • There are 100,000,000 Satoshis in every Bitcoin (10^8).
Layer 2 : Bitcoin script (programmable currency) • Bitcoin Script is simple, stack-based, and processed from left to right (reverse polish). It is intentionally not Turing-complete, with no loops. • ScriptPublicKey is the locking script in output of funding transaction. - [OP_DUP, OP_HASH160, PUSHDATA(20)[…20B..], EQUALVERIFY, CHECKSIG] where DATA is bitcoin address which is H(PK). • ScriptSig is the unlocking script in the input of spending transaction. - [<sig>, <PK>] signature to prove that this money was yours to spend. • {ScriptSig | ScriptPK } this runs as one program. A transaction is valid if nothing in the combined script triggers failure & the top stack item is non-zero when the script exits. • {Txid | o/p index} identifies utxo. UTXO = unspent transaction O/P • Must be present in miners’ mempool ‘UTXO set’ before it’s allowed to spend. • After spending, utxo is removed from miner’s mempool and now lives in blockchain. • https://en.bitcoin.it/wiki/Script • Recommended to have 6 blocks for confirmation.
P2PK (Pay to Public Key) scriptPubKey <PK> OP_CHECKSIG • Simplest. • Remember, for any transaction to be valid, { ScriptSig | ScriptPK } must return (top of stack) non-zero. • When the script runs, the CHECKSIG opcode compares the signature against the public key, and pushes a 1 on to the stack if it is valid. • Not used any more. scriptSig <Signature>
P2PKH (Pay to Public Key Hash) scriptPubKey OP_DUP OP_HASH160 <Hashed PK> OP_EQUALVERIFY OP_CHECKSIG • Shortest, safer, default. • The original public key is DUPlicated and then HASH160'ed. This hashed value is compared with the hashed public key in the scriptPubKey to make sure it is EQUALVERIFY. If it matches, the script continues and the CHECKSIG checks the signature against the public key (just like a P2PK script). • Why Hash the public key? Elliptic Curve Discrete Logarithm Problem (ECDLP). Currently hard but no future guarantees. Hashing the public key gives extra protection. scriptSig <Signature> <PK>
P2SH (Pay to Script Hash) scriptPubKey OP_HASH160 <scriptHash> OP_EQUAL • It makes it easier to share complex locking scripts with other people. It allows you to lock bitcoins to the hash of a script, and you then provide that original script when you come unlock those bitcoins. With P2SH, instead of giving someone an entire locking script, you can essentially just give them a hash of your script instead. As a result, the sender is no longer burdened with the size (or the details) of your locking script. • Scripts smaller now => cheaper transaction cost for sender. • P2SH scripts give more privacy. • A smaller UTXO set. UTXO are in memory and contain ScriptPubKey. So by using smaller P2SH scripts instead of larger P2MS scripts, you save on the amount of RAM needed to hold the UTXO set. scriptSig OP_0 <Signature> <Script>
P2MS (Pay to Multi Sig ) scriptSig OP_0 <Sig1> … <SigM> <redeemScript> • Co-signatory : 2-of-2 address. Both signatures required. Dangerous. - 2 on-chain transactions : open and close. Unlimited in off-chain. • Escrow : 2-of-3. • Many more applications of multi-sig. • Caution – do not get fancy with scripting, most miners accept well known scripts only. scriptPubKey OP_DUP OP_HASH160 <redeemScriptHash> OP_EQUAL redeemScript OP_M <PK1> … <PK_M> OP_N OP_CHECKMULTISIG M-of-N PK M signatures
The Bitcoin Network Node types Reference Client (Bitcoin Core): Contains a wallet, a full blockchain database, a miner and the network routing capabilities. Full Blockchain Node: Contains full blockchain database, and network routing capabilities Solo Miner: Contains the mining function, the full copy of the blockchain database and the network routing capabilities. Lightweight (SPV) Wallet: Contains a wallet and the network routing capabilities. Pool Protocol Servers: These are gateway routers connecting the P2P network nodes running other protocols such as pool mining nodes or Stratum. Mining Nodes: Contains the mining function without the full copy of the blockchain, instead they have the Stratum protocol or other pool mining protocols. Lightweight (SPV) Stratum Wallet: Contains the wallet and the network capabilities on the Stratum protocol without the blockchain. The Bitcoin Relay Network is a high-speed block-relay system primarily for miners. It relays blocks around the globe in low global latency. New : “FIBRE” based relay.
From “Mastering Bitcoin” by Andreas M. Antonopoulos The Bitcoin Network Node types
The bitcoin P2P network • P2P architecture. Randomly wired gossip protocol network. All nodes equal. • Peer discovery • Option 1 : query DNS using some DNS seeds hard coded in bitcoin core (option – dnsseed). These seeds are maintained by bitcoin community. Some of the DNS seeds are custom implementations of BIND that return a random subset from a list of bitcoin node addresses collected by a crawler or a long-running bitcoin node. • Option 2 : The cli argument -seednode can be used to connect to one node just for introductions using it as a seed. After the initial seed node is used to form introductions, the client will disconnect from it and use the newly discovered peers (bitcoin-cli getpeerinfo) • To connect to a peer, nodes establish a TCP connection, usually to port 8333 or an alternative port if one is provided. Typical nodes create 8 outgoing connections, and if publicly reachable, accept up to a few 100 incoming connections. Connections are used to exchange transaction or blocks (using hash). • Paths are not reliable, nodes come and go, and so the node must continue to discover new nodes as it loses old connections as well as assist other nodes when they bootstrap. • SPV nodes weaker privacy than full nodes since it receives a subset of transactions. Bloom filters are a way to reduce the loss of privacy. • Original implementation of bitcoin communicates entirely in the clear. While this is not a major privacy concern for full nodes, it is a big problem for SPV nodes. • Two solutions : Tor Transport and P2P Authentication and Encryption with BIP-150/151.
Tor • Tor is a distributed 'onion' network, that makes it more difficult for an adversary to track any one peer on the network. • Tor sends TCP packets over 3 (normal) or 7 (hidden services) Tor relays. This is why it is so slow: your packet might have to go through 100s of computers (counting Internet routers) before it reaches its destination. Tor uses multiple layers of encryption that are pulled away for each node. Hence the name The Onion Router • Tor also is very useful to access the 'uncensored' internet in countries. • Bitcoin's security model assumes that your node is well connected to the rest of the network, so even in less-censored countries using bitcoin over both Tor and clearnet can avoid being partitioned from the network by the internet service provider. • Preserving privacy means not only hiding the content of messages, but also hiding who is talking to whom (traffic analysis). • Tor provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. • Bitcoin can run easily on the Tor network. • https://en.bitcoin.it/wiki/Tor
Censorship • 3 ways governments censor technology • Regulations (claim it is illegal using out of date regulations) • Internet shutdown (& it’s common!) • Fake news! • Great firewall of China defeating ToR • Deep packet inspection : Look inside payload, blocking based on static signatures, or dynamically using ML. • You can only be anonymous in a crowd • Add multiple hops (ToR has only 3) • Dummy traffic (create crowd) • Timing obfuscation (random delay added) • Packet size obfuscation (random size added) • Nym Mixnets and Loopix Anonymous system
Bitcoin core • git clone https://github.com/bitcoin/bitcoin.git • ./autogen.sh ; ./configure ; make ; make install; bitcoind -prune=550 • bitcoin-cli -help • bitcoin-cli getblockhash <height> • bitcoin-cli getblock <block-hash> […] • Types of messages : VERSION, VERACK, ADDR, INV, GETDATA, MERKLEBLOCK, GETBLOCKS, GETHEADERS, TX, HEADERS, BLOCK, GETADDR, MEMPOOL, PING, PONG, NOTFOUND, FILTERLOAD, FILTERADD, FILTERCLEAR, REJECT, SENDHEADERS, FEEFILTER, SENDCMPCT, CMPCTBLOCK, GETBLOCKTXN, BLOCKTXN. • https://github.com/bitcoin/bitcoin/blob/master/src/protocol.h
Bitcoind Protocol Messages src/protocol.h • version - Information about program version and block count. Exchanged when first connecting. • verack - Sent in response to a version message to acknowledge that we are willing to connect. • addr - List of one or more IP addresses and ports. • inv - "I have these blocks/transactions: ..." Normally sent only when a new block or transaction is being relayed. This is only a list, not the actual data. • getdata - Request a single block or transaction by hash. • getblocks - Request an inv of all blocks in a range (block header hashes) • getheaders - Request a headers message containing all block headers in a range. • tx - Sends a single transaction. This is sent only in response to a getdata request. • block - Send a block. This is sent only in response to a getdata request. • headers - Send up to 2,000 block headers. Non-generators can download the headers of blocks instead of entire blocks. • getaddr - Request an addr message containing a bunch of known-active peers (for bootstrapping). • submitorder, checkorder, and reply - Used when performing an IP transaction. • alert - Send a network alert. • ping - Does nothing. Used to check that the connection is still online. A TCP error will occur if the connection has died.
Layer 3 : Wallets • Track/store private key. Store, receive, transmit and list transactions. • HD wallets – Hierarchically Deterministic, seed based. Back up only seed. • Hot wallets - Smartphone Apps : Trust wallet, MyCelium - Online Web wallets : coinbase, binance - Desktop wallets : exodus.io, Electrum • Cold storage - Brain wallet : uses mnemonic phrase. brainwallet.io, bad idea. - Hardware wallet : Ledger nano S, Trezor Model T, manufacturing attacks. - Paper wallet : safest. Can you trust https://www.bitaddress.org ? • Multi-sig wallets – bitgo (mostly cold, small percentage hot)
Custodial wallets • Private keys are stored by a third party. Thus, you do not have full control over your funds, which makes ​these​ wallets a dubious choice. • Advantages - manage funds quickly, @ any time with internet. - No chance to lose private key and lose access to money • Disadvantages - Custodian has control of your private keys and money - Your crypto-coins can be seized by a court decision - If your wallet gets hacked, your coins may go missing • Similar in principle to bank. • Custodial exchanges providing you wallets - Bitfinex, Kraken, Bithumb, Coinbase, Mt Gox, BTC-e, Poloniex • Custodial wallets - Freewallet, blockchain.info, BTC.com
Wallets Comparison Security Ease of use Frequency of use Web wallet Low High High Hardware wallet High Low Low Desktop wallet Medium Medium Medium
Layer 3 - dApps : High level flow • dApps have backend code running on a decentralized peer-to-peer network and decentralized storage. • Front-end : Build and deploy a normal HTML/CSS/JS front end. Front end checks for a wallet and sends it the transaction. • Wallet : Add the code to connect front end with wallet which holds private keys and can sign a transaction. Metamask is a Ethereum wallet in a browser as an extension. It injects web3.js code into the browser to talk with Ethereum network. Front end can now talk with Web3. • Library : Web3.js is the Ethereum compatible JavaScript API library which implements the Generic JSON RPC spec. Web3js communicates via RPC with the local node or test node. To interact with a deployed smart contract, the contract’s address and the Application Binary Interface (ABI) is required. The ABI is a description of the contract’s public interface in the form of a JSON object. • Smart contract : Write the smart contract to implement app’s core functions. This smart contract runs on each node. • Example : Etherisc dApp allows users to either buy or sell insurance for flight delays and cancellations. Using the Ethereum blockchain, each and every insurance agreement is available to view on a public database.
dApps of Web 3.0 • The front end is still the same (HTML/CSS/Js etc), served from static hosting or cloud or P2P (IPFS). • Front end talks to Smart Contracts using APIs. • Smart contracts run code and store data on blockchain network. Web 2.0 Web 3.0 (dApps) Scalable computation AWS EC2 Ethereum, Truebit File storage Amazon S3 IPFS, Storj External Data 3rd party APIs Oracles Monetization Selling Ads, goods Token model Payments Credit cards, paypal Ethereum, bitcoin, state channels, 0x etc
Issues with dApps • Scale – decentralization and speed are always a trade-off for a public Blockchain. Solution is off chain payment channels or sidenchains. • Cost – computation runs on every node. By definition, at least as costly as number of nodes. • Time – Since multiple nodes have to first run the computation (fast) and then come to a consensus about its result (slow), it’s much slower than central servers. • Governance model – It’s getting better, but harder to make fast decisions to reach a consensus. Results in forks sometimes. • Independence – CryptoKitties dApp should not stop fundamental transaction of A paying B. • Privacy – right to be forgotten. Use ZKP and such technologies
Tokens and coins Coins – have their own native blockchain. Tokens – Don’t need their own blockchain. Created on top of other blockchains. Give certain rights to holders such as voting or ability to use a platform/service/product etc
Legal aspects & regulation – country specific Black Letter law – basic principles free from doubt or dispute. Plain language, Supreme court. Areas of law Securities (SEC) The Securities and Exchange Commission (SEC), as its name implies, oversees securities issuance and exchange. According to the SEC, Bitcoin is not a security. Taxes (IRS) According to the Internal Revenue Service (IRS) Bitcoin is property, taxed as property, like stocks or bonds, any gain or loss from the sale or exchange is taxed as a capital gain or loss Commodities (CFTC) The Commodities Futures Trading Commision (CFTC) ensures the integrity of futures and swaps markets. . According the the CFTC, Bitcoin is a commodity. Any swaps and futures involving bitcoin are part of the CFTC mandate. AML/KYC (FinCEN/states) The Financial Crimes Enforcement Network (FinCEN) oversees financial crime as part of the Bank Secrecy Act or BSA Not Black letter law : Cryptocurrency law, analogies, guidance, speeches, settlements Hinman’s speech: When Howey meets Gary
Howey test, 1946 SEC v/s W.J.Howey Co. • The said transaction will be called an investment contract if it fulfills the following criteria: 1. It is an investment of money 2. The investment is in a common enterprise 3. There is an expectation of profit from the work of the promoters or the third party. • If the token/coin meets all the three aforementioned criteria, then it is regarded as security. • SEC chair said Bitcoin is NOT a security. • There is simply no promoter or third-party upon which the value of the “investment” in cryptocurrency depends. There is no “effort” or “work” in the background which affects the value of Bitcoin. Instead, its value depends on government regulation, political and economic upheaval, and media and trader enthusiasm.
Jurisdiction, Regulation & Enforcement • Jurisdiction is challenging to define in a fully digital world. Historically jurisdiction have been defined by physical boundaries. However, these are difficult to draw in a world that is already fully digital and concerned with privacy. • Regulation is dependent on jurisdiction. If you don’t have a jurisdiction, how do you identify relevant regulation? Without harmonized global regulation, people will use jurisdiction as a tool to change the rules. • Lastly, enforcement is what scares people into following regulation. Enforcement requires penalties, which is what makes people fear the consequences of not following the rules. Hence, enforcement will continue to be aggressive. • Regulation is clear (mostly). It’s a Public ledger. • Silk road case. DoJ seized bitcoins. • Please pay your crypto taxes.
3 types of tokens Cryptocurrencies (SEC)/Payment tokens(FINMA) • means of payment/exchange. Not issued by a central authority. Utility token (SEC) / Utility token (FINMA) • holding a utility token gives right to access to a function/service provided directly by the businesses who issued it or right to vote. • Eg. filecoin – provides access to unused hard drive space. • Does not pass Howey test. Relatively unregulated. • The most popular example of utility token is the ERC20 Ethereum standard. Security token (SEC) / Asset token (FINMA) • passes Howey test. Tokens that equate to an ownership stake in a company or DAO
ICO (Initial Coin Offering) • Cryptocurrency is sold in the form of tokens or coins to raise funding for the startup. Allows startups to avoid regulatory compliance and intermediaries such as venture capitalists, banks and stock exchanges. • First one Mastercoin (July2013). Also Ethereum in 2014. • Crowdfunding or Private ICO. Most give access to native platform or to the dApps. Purpose is usage and not investment. • Pros : Open to general public, total decentralization as compared to IPO. Equal opportunity and ease of access without “knowing the guy” to invest at an early stage. Low entry threshold. No country barriers. No commission, no taxes. • Cons : No regulation, scams, hacker attacks, high volatility. Not backed by any collateral. • “SEC versus Kik” • 43 ICOs in 2016 raising an aggregate $256 million; 343 ICOs in 2017 raising in excess of $6B; in 2018 $7.8B. Drop in 2019.
IEO (Initial Exchange Offering) • The main difference between ICO and IEO is the appearance of a third party. The exchange. The funds aren’t sent to the smart contracts as they are during an ICO. Everything is done through an exchange. • Projects can outsource marketing and KYC/AML compliance to exchanges with significant staff and resources while benefiting from their exchange partner’s professional reputation among traders. • For the exchanges themselves, IEOs can be lucrative because the exchanges charge partners sign-on fees and a cut of each sale. • Exchange and their IEO platforms: Binance Launchpad, Bittrex International IEO, BitMax Launchpad, Huobi Prime, OKEx IEO etc
ICO versus IEO ICO IEO Fundraising At issuer’s site At exchange Smart contract managed by startup conducting token sale exchange Cost of listing Low high Screening None- anyone can launch Vetting by exchange before listing Marketing budget needed significant low (exchange markets the tokens) AML/KYC needed by token issuer Yes, but may vary No. Exchange conducts it. Fraud risk High less Crowdsale security Low - Token issuer’s headache – reinvent the wheel Exchange manages
STO (Security Tokens Offerings) • Security tokens are actual financial securities that are backed by something tangible like assets, equity, profits, or revenue of the company. • So if a startup is giving a Security token, you are either getting actual equity in the company based on your investment dollars, or you are getting a portion of the company’s revenue or profit (dividend) plus certain rights in the company. • Like ICO, Security Token Offerings (STO) is the process to issue security tokens but on a compliant basis after going through KYC, AML, accredited investors checks etc. • Pros : Compliant with laws. Lower risk than an ICO. • Cons : bigger administrative burden, most difficult and complex.
STO v/s IPO
ICO vs IEO vs STO: Which One Is The Best? ICO is for cheap investments with fast cash out options. IEO is good for investors looking for better security and more serious investment opportunities. STO is for investors with large budgets, who prefer familiar real-life structure in the crypto investment industry. Since tokens are protected by KYC/AML processes and other regulatory security, STO keeps small and amateur investors away. Such tokens can only be purchased by accredited investors.
Hard fork Follows Old rules Follows Old rules Follows Old rules Follows Old rules Follows New rules Follows New rules Follows New rules Hard fork : Non upgraded nodes reject new rules, thus diverging the chain. - Planned : Usually upgrade to protocol with consensus from developers and community. E.g. monero introducing ring CT. - Contentious : Disagreement between various stakeholders in the project (developers, users, miners etc). E.g. increasing Bitcoin’s block size from 1MB to 8MB - bitcoin cash hard fork. • A hard fork can be implemented to correct important security risks found in older versions of the software, to add new functionality, or to reverse transactions (as in the case with the hard fork to reverse the exploit in the DAO (decentralized autonomous organization) in the Ethereum blockchain)
Soft fork Follows Old rules Follows Old rules Follows Old rules but violates new rules Follows Old & New rules Follows Old & New rules Follows Old & New rules Soft fork : Blocks violating the new rules are made stale by the new mining majority. • A soft fork is a backward compatible method of upgrading a blockchain. E.g. blocksize 1MB->500kb - Does not need a upgrade to maintain consensus since all blocks with the new soft-forked in rules also follow the old rules, therefore old clients accept them. - miner-activated soft fork (MASF) : a majority of miners upgrade to enforce new rule. - user-activated soft fork (UASF) : full nodes coordinate to enforce new rules, without support from miners. • New transaction types can often be added as soft fork, example P2SH got added to Bitcoin.
Forks in Practice • Hard forks - New Bitcoins (Bitcoin Cash, Bitcoin Gold, Bitcoin Diamond) - Ethereum DAO hard fork - Some cryptocurrencies hard fork frequently (Monero, every 6 months) • Soft forks - Lots! - Examples : P2SH, Segwit, OP_CHECKSEQVERIFY …
Payments • Payment systems inaccessible to 65% of the world. • Study by World Bank - Of the 1.7B unbanked, 1.1B have access to a mobile device (this is about 65%). • When they are accessible - Up to 15-20% fees to send money cross border - Credit card companies engage in rent seeking behavior – collecting high fees, costs which are passed first to the merchant and then eventually back to the consumers as well. • Limitations - Scale of tps (transactions per second) Bitcoin 7, Eth 15, visa few thousand - Token volatility
Scaling Bitcoin • 1MB/block * 1 transaction/250B * 1 block/10 min = 5-7 tx/sec Size of Block * Average Size of transaction * Block rate = TPS • Larger block size needs hard fork. More propagation delay, harder to run full node, only DC can do, increases centralization. • Layer 1 solutions (on-chain) : SegWit, Hard fork (new currency) Dash/litecoin/BitcoinCash, Sharding (eth) • Layer 2 solutions (off-chain) - Payment channels: Lightening for Bitcoin, Raiden for Ethereum. Sets up payment channels, unlimited off-chain transactions, instant, micropayments. Cross block chain, atomic swaps. Layer 2 solution using multi sig and HTLC. - Sidechains : are separate Blockchains (child) that are linked to the main (parent) Blockchain using a two-way peg. A sidechain enables bitcoins and other ledger assets to be transferred between multiple blockchains.
Layer 1 scaling : Segregated Witness (SegWit) • Original Blocksize 1MB. How to increase size without impacting legacy nodes ? => Soft fork • The scriptSig part of Segwit transactions is called the “witness data”. When Segwit transactions are sent to Legacy nodes the witness data is stripped. The key is that these “stripped” transactions are still valid transactions on Legacy nodes, which gives us a savings over non-Segwit transactions. Thus, more transactions can fit into the block sent to Legacy nodes without going over the 1,000,000 byte limit. • p2wpkh and p2wsh are very similar to p2pkh and p2sh respectively but move scriptSig data to the end of the transaction. • Pros - More transactions in a block, making them cheaper, faster. - Transaction malleability fixed. Also adds to scale. Enabling Lightening network. • Cons - Miners don’t like it. Covert asicboost incompatible with SegWit. Also lower fees affect their profits. They don’t appreciate having to support the witness-data sidechain which doesn’t provide any fee revenue at all. Wallets slow to adopt. Still about only 36% transactions use segwit (Jan’19). - Not a long-term solution for scalability problem. - Caused divide in Bitcoin community. Disagreement caused hard forks, bitcoin cash for example (BCH).
Layer 2 scaling using Payment channels - Lightening network (BTC) How does it work? Bidirectional Payment channels Unconfirmed transactions : constructed and signed but not broadcast Multi-sig: both keys required to unlock Revocable HTLC (hashed Timelocks) Enter Lightening => Layer-2 protocol. Instant payments, micropayments, scalable, low cost, cross chain atomic swap! https://lightning.network/ BTC transaction fees high, confirmation time long, paying for coffee on blockchain no longer possible. Can not be used for micro payments.
Some fundamental constructs Construct 1 : Locktime • How can A irreversibly give B coins B can only spend *after* time T? • A pays coins to 2-of-2 multisig address owned by A and B, creating UTXO • A creates + signs transaction sending this UTXO to B, with lock_time T • A gives new transaction to B. B can sign, but can't submit until time T. • Example : B can spend only after say 18th birthday.
Construct 2 : OP_CLTV • How can A give B coins but reclaim them, if not spent *before* time T? B must spend *before* time T, if not spent, A should get it back. • A creates + signs but doesn't submit tx1 paying coins to B • A sends H(tx1) to B, B creates + signs transaction tx2 paying tx1 back to A with lock_time T, B sends tx2 to A, and NOW A submits tx1. • Issue is A requires B's interactive participation. • Solution: New Bitcoin opcode OP_CheckLockTimeVerify (OP_CLTV) • ScriptPK: IF <PK_B> ELSE <T> OP_CLTV DROP <PK_A> ENDIF OP_CHECKSIG • ScriptSig_B: <Sig_B> OP_1 • ScriptSig_A: <Sig_A> OP_0 [with lock_time >= T] • Thus B can spend before time T, A can reclaim after time T.
Construct 3 : Hashlock • A pays B coins, but B must reveal x where y=SHA256(x) to claim • ScriptPK: OP_HASH256 <y> OP_EQUAL <B's Key> OP_CHECKSIG • ScriptSig: <Sig> <x> • This is known as a *hashlock* transaction • Note these examples could use P2PKH as well
Construct 4 : Hashed Time Lock Contract HTLC • A pays B, B must reveal x by time T or else A can reclaim coins. • ScriptPK: IF OP_HASH256 <y> OP_EQUALVERIFY <PK_B> ELSE <T> OP_CLTV DROP <PK_A> ENDIF OP_CHECKSIG • ScriptSig_B: <Sig_B> <x> OP_01 • ScriptSig_A: <Sig_A> OP_0 [with lock_time >= T] • This is a *Hashed Time Lock Contract* (HTLC)
Atomic cross-chain swaps • Based on HTLC • B picks random x, computes y = SHA256(x). • B Submits HTLC sending BTC to A with hash y, timeLock=now+2days • A submits HTLC to say Litecoin, sending LTC to B, hash y, timelock=now+1 day. • Note - For cross chain atomic swaps (without third party), both blockchains should support same hash function.
OP_CheckSequenceVerify (OP_CSV) • New feature: recycle sequence field of input for relative timelock (BIP68). Low 16 bits specify time or block height since corresponding output mined. • Now we can use OP_CSV to let A *revoke* her transaction. • Use this ScriptSig for funding transaction(E): HASH160 <CR- HASH> EQUAL IF <PK_B> ELSE "24h" OP_CSV DROP <PK_A> ENDIF CHECKSIG • B can immediately spend this UTXO if he knows hash preimage CR of CR-HASH A can spend this UTXO 24 hours after it hits the blockchain
Revocable HTLC • Now each commitment transaction has 3 outputs: • Pay to A, pay to B, and pay to A or B depending if R known by time T • Construct a *revocable* HTLC for the third output • In commitment transaction A gives to C, third output has: HASH160 DUP <R-HASH> EQUAL IF "24h" CHECKSEQUENCEVERIFY 2DROP <PKC> ELSE <CRC-Hash> EQUAL NOTIF <T> CHECKLOCKTIMEVERIFY DROP ENDIF <PKA> ENDIF CHECKSIG • So A can spend if C revoked by revealing CRC, or if time T is passed C can spend by revealing R and waiting 24h in case revoked • In commitment transaction from C to A HASH160 DUP <R-HASH> EQUAL SWAP <CRA-Hash> EQUAL ADD IF <PKC> ELSE <T> CHECKLOCKTIMEVERIFY "24h" CHECKSEQUENCEVERIFY 2DROP <PKA> ENDIF CHECKSIG • So C can spend immediately if it knows either R or CRA • A must wait until time T and until 24 hours after submitted
Lightening (on Bitcoin network)/Raiden (on Ethereum) • On chain : only two transactions, open and close payment channel. • Off chain : use revocable HTLC to do as many micropayments as needed. • These channels can be closed unilaterally or bilaterally. This doesn’t mean that you need to create a channel every time you want to transact with someone. You can use existing channels of the people you are connected with (intermediaries). • Low cost, instant payments, scalable, secure, private, cross blockchain atomic swaps. • Types - Poon-Dryja Payment Channels - Decker-Wattenhofer duplex payment channels - Decker-Russell-Osuntokun eltoo Channels • Use case - Frequent transactions between any two parties. - Metering (streaming content, consult lawyer, doctor, or using parking lot) etc - Tipping (https://tippin.me/) • Limitations - Interactive – all parties involved in transaction need to communicate. IOW, no offline capability (unlike bitcoin). Sender, receiver and if you are using someone else’s payment channel, then that party as well, needs to be online. - Limit of max payment size 4,294,967 satoshis (339$ @ 1BTC=8K USD). Of course, this may change in future software. - The channel you are making the transaction through, should have enough funds to support your transaction, that is, twice the amount of the transaction value.
Layer 2 scaling - Sidechains • Sidechains are separate blockchains (child) that are linked to the main (parent) blockchain using a two-way peg. A sidechain enables bitcoins and other ledger assets to be transferred between multiple blockchains. • Gives users access to new and innovative cryptocurrency systems using the assets they already own. • Avoids the liquidity shortages and market fluctuations associated with new currencies. • Developers get the opportunity to test software upgrades as well as beta coin releases before they are released on the main chain. • Sidechains are isolated, in the case of a break in a sidechain, the damage is entirely confined to the sidechain itself. • Goal is to move as much transaction bloat off of the main chain as possible. • Ethereum solution -> Plasma https://www.learnplasma.org/en/learn billions of updates per sec • Matic network (area finance) uses PoS + Plasma MVP • Loom network (area gaming) uses DPoS + Plasma Cash
Sidechains : An example – Matic Network • Ethereum transactions take an average of 14 to 20 seconds, and costs $0.20 or so, in peak time it costs $0.50. Traditional centralized apps do this in less than a second. Users have come to expect that when they stream a video from YouTube, post an article to Twitter, or loot a monster’s corpse in World of Warcraft, this action will occur instantly and at no cost. Yet in blockchain applications, users have been expected to pay for these same types of actions before waiting several seconds or even minutes for them to process. Issue is PoW. Solution use PoS/dPoS + Sidechains. • The Matic Network consists of a root contract on the Ethereum mainnet (validated using PoW)and a Matic side- chain that uses PoS to validate transactions. If a user wants to create a Matic account, he must transfer ETH to the Matic Contract. This transaction is validated the same way that any Ethereum transaction is. Once the account is created, the user receives Matic tokens in his account on the Matic sidechain. • From there on, the user can transfer his Matic tokens to anyone in less than a second. He should also be able to make transfers with no fees or fees that are negligible. If a user decides that he wants to remove his ETH from the contract, he can burn his Matic tokens and get his ETH back in return. To validate Matic token transactions, the Matic Network uses a Proof of Stake system. • All owners of Matic tokens have the right to stake their tokens. Essentially, this means that they hold onto the tokens and don’t spend them. In return, they earn the right to choose who the Proposer will be. After a certain number of blocks have been produced, stakers will choose a Proposer who will propose that these blocks be added to the Ethereum blockchain as a header block. The Proposer must first validate the blocks. The stakers must then validate the blocks themselves to make sure that the Proposers’ blocks are correct. Once ⅔ of the stakers have approved the checkpoint, there is a trial period in which any Ethereum node can challenge the transaction. If no one challenges it, the transaction becomes part of the Ethereum blockchain. The Matic Network does not publish its blocks to the Ethereum blockchain each time a block is produced. Instead, it publishes numerous blocks to the Matic sidechain. Then, at the next checkpoint, it publishes all of these blocks to the mainnet at once. This is how the Matic Network speeds up transactions and lowers costs. Blocks are created by a smaller number of nodes called block producers. Block producers are chosen by stakers during checkpoints.
The Alts • An altcoin is any digital cryptocurrency similar to Bitcoin and is used describe any cryptocurrency that is not a Bitcoin. • Attributes altered such as - Proof of something - Supply : increase, reduce, fixed, random etc - Speed : lower block time - Privacy etc
Ethereum introduction • Bitcoin some of the issues - Not Turing complete (no jumps, no loops, long scripts) - ScriptPK: does not control where the output goes to. Anybody who solves the script. - Does not support state for multi stage contracts. • Meet Ethereum. Open source Smart contract Blockchain platform. • Creator Vitalik Buterin (Proposed in 2013, Launched in July 2015). License GPLv3. • Currency 1 ether = 10¹⁸ weis. Also pays for Smart contracts. • Note that ether supply is unlimited, unlike Bitcoin. • New tools -> • Solidity : Smart Contract programming language. Turing complete. • Whisper : communication protocol for dApps • Swarm : Ethereum decentralized storage protocol • Mist: dApp browser • Implementations : Parity (written in Rust) and Geth (written in Go) • Some acronyms - EIP Ethereum Improvement Proposal - ERC Ethereum Request for Comments - EVM Ethereum Virtual Machine - ENS Ethereum Naming service
Ethereum Accounts
Transaction Parameters nonce: #transactions sent by address of transactions sender. Nonce is incremented for every new transaction and this allows the network to know the order in which the transactions need to be executed. Used for the replay protection. gas : is the unit used to measure the fees for a particular transaction. Init: only exists for contract creating transactions. EVM code fragment used to initialize the new contract account. Data (optional): first 4 bytes of H(function signature from ABI) +arguments. The input data (args) of a message call. gasPrice: is the amount of ether you are willing to spend on every unit of gas. Gas prices are current measured in GWei and range from 0.1->100+Gwei. This is the transaction fee. gasLimit: Maximum gas you are willing to pay for this transaction. This value insures that in case of an issue executing your transaction (like infinite loop), you account is not drained of all the funds. Once the transaction is executed, any remaining gas is sent back to your account. With every transaction, sender sets gasPrice and gasLimit. gasPrice * gasLmit = max amount of wei sender if willing to pay for a transaction. When 2 numbers are added a million times in Ethereum it costs ~$26.55 in fees. Danny Ryan compared that to an AWS system, in 0.04 seconds, which going by the $0.0059 hourly Amazon EC2 rate costs $0.000000066. This means that computation in Ethereum is 400 million times more expensive!
Gas table • Smart contracts are compiled into low-level machine instructions which are executed by EVM (Ethereum Virtual Machine). • Every single instruction costs gas. • Storage is expensive and should be used sparingly. • Writing to storage is the most expensive (20000) and reading is cheaper (200). • Some gas is refunded when storage is deleted or set to 0.
Ether denominations and Unit names • https://github.com/ethereu m/web3.js/blob/0.15.0/lib/u tils/utils.js#L40
Ethereum Virtual Machine (EVM)
Ethereum’s P2P network • A Peer-to-Peer (P2P) network is an overlay network. It can be viewed as a directed graph G = (V,E), where V is the set of peers in the network and E is the set of links between peers. Each peer p has a unique identification number pid. A link (p,q) in E means that p has a direct path to send a message to q; that is, p can send a message to q over the network using q’s pid as the destination. At each peer’s level, the connectivity of the graph is reflected in terms of its adjacencies to other peers. Overlay maintenance mechanisms are used to keep the adjacency information updated, thus maintaining connectedness across all nodes. • Participants in the P2P network make a portion of their resources available to other network participants. Each peer contributes compute cycles (CPU), disk storage, and network bandwidth, without the need for a central coordination instance. Peers are both suppliers and consumers of network resources, in contrast to the traditional client-server model. • The official Ethereum client node software, Geth, implements its peer discovery protocol (the RLPx Node Discovery Protocol) based on an overlay maintenance mechanism called Kademlia DHT (Distributed Hash Tables). While Kademlia is designed for efficiently locating and storing content in a P2P network, Ethereum’s P2P network is only used to discover new peers. • https://github.com/ethereum/devp2p/blob/master/rlpx.md
Orphan blocks & Uncle/Ommer blocks Orphan blocks : Bitcoin concept. Two blocks created at the same time, but due to propagation delay, one becomes part of longest chain. Other one (aka Stale block) is discarded and no block reward is given to the miner. Uncle blocks : Ethereum concept, lower block time causes more Orphan blocks, here also it is a valid block mined at the same time and is rejected, however, it’s linked to the blockchain (with parent that is ancestor, max 6 blocks back) and miner is rewarded smaller block reward (2.625 eth instead of 3 eth). Note : transactions in uncle blocks are not considered valid. This adds to the security of the chain since more computing has gone into the blockchain with uncle blocks and thus is considered ‘heaviest’ and better than ‘longest’. This is EIP100, which changes the difficulty calculation algorithm to include Uncles. *Ommer is sometimes used but is not an English word, so uncle is more commonly used but is not gender-neutral.
Tokens • Tokens live in smart contracts, which themselves live in the Ethereum blockchain. • Tokens can be looked at as a “coin in a coin” • The Ethereum blockchain itself has no salient distinction of ERC20, ERC721 as tokens. • To Ethereum, tokens are just variables defined in smart contracts. It’s just humans writing the contracts who decide to assign some particular meaning to some variables in smart contracts. • Tokens can be fungible or non-fungible. • Fungible : Alice’s 20$ bill is same as Bob’s 20$ bill. • Non-Fungible : Alice’s dog is not same as Bob’s dog although they may be of the same breed/color/age etc. Another example, the Mona Lisa is "non- fungible". • NFT properties : Unique, provably scarce, sometimes indivisible.
ERC20 tokens (Fungible) • A standard API for fungible tokens that provides basic functionality to transfer tokens or allow the tokens to be spent by a third party. • An ERC20 token is itself a smart contract that contains its own ledger of balances. • A standard interface allows other smart contracts to interact with all ERC20 tokens, rather than using special logic for each different token. • https://github.com/ethereum/EIPs/blob/master/EI PS/eip-20.md • E.g. USDT, Dai, LEND, UNI, SNX etc
ERC20 token Interface • function transfer(address _to, uint256 _value) external returns (bool); • function transferFrom(address _from, address _to, uint256 _value) external returns (bool); • function approve(address _spender, uint256 _value) external returns (bool); • function totalSupply() external view returns (uint256); • function balanceOf(address _owner) external view returns (uint256); • function allowance(address _owner, address _spender) external view returns (uint256);
ERC721 tokens (Nonfungible) • Introduced as non-fungible token in 2017 by Cryptokitties. • While an ERC20 token represents a single type of asset, an ERC721 token represents a class of assets. In the case of CryptoKitties, its ERC721 token contract represents ALL the unique kitties in the game, as well as who owns which. • A player fully owns an asset, or not. It’s not possible to own “half a kitty” in Cryptokitties, for example.
NFT • ERC-998 Allows bundles of separate ERC-721 tokens to be bought and sold in one transaction. For example, an avatar having a hat, shirt, sword, etc say 10 separate erc-721 tokens, they all can be sold in one transaction instead of 10 transactions. • ERC-1155 (pioneered by Enjin coin, blockchain based gaming) single contract that supports fungibility agnostic tokens (fungible, non-fungible, semi-fungible) and gas efficient contract. E.g. ERC-20 laser guns, but ERC-721 laser sword. • Currently, digital tickets on ticketmaster, Fortnite skin on Fortnite’s platform. All separate sites. With NFT market, they all can be interoperable on Ethereum due to standardization. • Marketplaces : create, buy/sell/exchange/ trades bid, bundle, decentralized, open economy. Instant tradability. Fast liquidity. E.g. opensea.io, rarible.com • Domain names, digital art, virtual world, collectibles, sports, gaming, music, utility etc. • Can also prove authenticity and scarcity of the digital asset.
Wrapped Tokens (WBTC) • Wrapped tokens give the owners of digital assets freedom to explore other blockchains. • WBTC is an ERC-20 token that’s backed on 1:1 basis with Bitcoin. • When Bitcoin is wrapped, it is held in a reserve by the BitGo Trust (Custodian). • In an aim to be fully transparent, #WBTC in circulation has been made public. • A large chunk of DeFi and DApps run on Ethereum network. • The market cap of bitcoin is much larger than any other coin. • Majority of trading volume is on centralized exchanges. WBTC changes that. • WBTC brings in more liquidity to DeFi and DEX etc. • WBTC brings Bitcoin to the ERC20 format, creating smart contracts for Bitcoin. This makes it easier to write smart contracts that integrate Bitcoin transfers. • Maintaining various nodes and managing transaction types in order to support multiple currencies can be onerous. Now exchanges, wallets, and payment apps only need to handle an Ethereum node. • Send (W)BTC faster between Eth wallets, exchanges etc • Launched 31 Jan 2019. 2300 BTC locked in WBTC tokens currently. • Requesting or returning WBTC involves KYC => NOT private.
DeFi • Conventional financial tools built on a blockchain, mostly Ethereum • Stablecoins (DAI, Tether, USDC by Circle, PAX, Gemini $) • Open Lending and borrowing Protocols (MakerDAO, BlockFi, Dharma, dYdX, Compound Finance, Nuo) • Lending and Margin trading (dYdX, Fulcrum) • Derivatives - futures, options, swaps (Synthetics, Binance, Kraken etc) • DEX (Deversify, Bancor, Kyber, Airswap, Uniswap) • Open Marketplaces (District0x, GitCoin, OpenSea, OpenBazaar) • Decentralized Prediction Markets (Augur, Gnosis) • Issuance Platforms and Investing (Polymath, Harbor) • Payments (Celer network, OmiseGo, Matic) • And more … • Instant transaction settlement and novel secured lending methods • Collateralization of digital assets • Integration with digital asset lending/borrowing • No credit checks, meaning broader access to people that cannot tap into traditional services. • Caution : The old crypto saying “don’t put in more than you can afford to lose” goes double for DeFi. • CeFi – crypto products managed by Centralized orgs that holds custody of assets. e.g. Getting a DeFi loan : • No credit rating check • No ID needed • No paper work • No banker • No income/job necessary • Instant approval • Just need eth as collateral!
Stablecoins Currency - Store of value - Medium of exchange - Unit of account • Synthetic USD trade pair for blockchain settlement needed say for Crypto exchange to Crypto exchange. • Speed of settlement matters. On chain more important. • Liquidity between exchanges in USD equivalent is important • Store of value without off ramp in times of downturn or volatility. Long cash. • Cryptocurrency designed to minimize volatility of the price of stablecoin. • MS, Spotify, Quickbooks use BitPay to accept payment in BTC but quickly convert to USD. Why? Low margin business cannot afford high volatility. Because they are not in the business of speculating on Bitcoin. • Merchants faced with constantly adjusting BTC price for a potential purchase => terrible UX • Developing markets - Inflation : Egypt (32%), Argentina(23%), Nigeria(16%), Venezuela (741%). - Dollarization : Seychelles 20% to 60%, Argentina (‘dolar blue’) - Devaluation – Zimbabwe switched officially to USD in 2009. • Prediction markets (Augur) : reduce risk using stablecoin. • Financial markets: Hedging, Derivatives, Leverage – CDP allows permission-less leveraged trading using stablecoin as a reliable collateral.
Stablecoins types • Backed by (fiat/precious metals/crypto) • Backed by fiat : either fully collateralized or partially. May be pegged. e.g USDT (counterparty & regulatory risk, may have solvency issues, TrueUSD etc). • Backed by commodity : backed by precious metals (gold, silver) e.g Digix Gold Tokens (DGX) • Decentralized and Backed by cryptocurrency : issued with cryptocurrencies as collateral (BTC/ETH etc). May be pegged using interest rate. eg. DAI. Risks : Liquidation cascade, oracle dependency • Seigniorage-style (not backed) : Algorithmic. Value is controlled by supply and demand through algorithms, stabilizing price. Eg. Basis, Carbon https://github.com/jordanlyall/dai- universe
Tether (USD₮, EUR₮) • Three types : Omni Bitcoin Based, Erc20 based & proposed Tron based • Tether Volume (24hrs) $17B, Circulating supply $4B => Velocity = 4 • Biggest 24 hr volume cryptocurrency is Tether and not bitcoin! • Velocity = “the number of times money changes hands” • Note Tether daily volume ($17B) > Bitcoin daily volume ($15B). • Claims 100% backed by ‘reserves’ (may not be cash). • Market cap history – $1M (2015), $7M (2016), $1.3B (2017) - >100x, $2B (2018), $4B(2019) • Market caps of other notable stable-coins : Tether $4B, USDC $400M, Paxos standard $250M, TrueUSD $200M, DAI $80M, Gemini Dollar $50M
MakerDAO Maker is a Decentralized Autonomous Organization (DAO) on the Ethereum blockchain with the objective of minimizing the price volatility of its own stablecoin DAI, pegged at 1$ against the USD and lending platform. It did 200M+ in loans in its 1st year – that took Lending club 5 years. Maker stabilizes the value of Dai through a dynamic system of Collateralized Debt Positions (CDPs), autonomous feedback mechanisms called Target Rate Feedback Mechanism (TRFM breaks peg to stabilize around target price), and appropriately incentivized external actors. Price of Maker (MKR) is not pegged. Maker is a utility token for governance and the price increases with the usage of the Dai. Must lock up 150% Eth in collateral + 0.5% stability fee. Deposit 150% collateral (say Eth) to create a CDP. Borrow DAI with a Collateralized Debt Position. At the end of contract - Repay DAI + stability fee to withdraw collateral and close CDP. Once generated, Dai can be used in the same manner as any other cryptocurrency When collateral to debt ratio (Debt ceiling) falls low, automatically liquidates enough of collateral to buy back as many Dai as issued. The issued Dai is thus taken out of circulation. It also collects principal + interest + 13% penalty. Global settlement : automatic last resort to cryptographic guarantee target price of DAI. Serious emergency e.g market irrationality, crash, hack, security breach, upgrades. External factors : Keepers (independent automated actor incentivized by profit opportunities in Debt Auctions and CDP liquidation), Oracles (real time information about market price of collaterals), Global settlers voted by MKR holders via governance.
MakerDAO example • Investment leverage. • Imagine you own $1,500 in ETH, and believe that ETH will double in value. You do not have liquidity to buy more right now but want to profit from your knowledge. • First you lock up your $1,500 in ETH as collateral in a CDP. Then you issue 1,000 Dai against the collateral and acquire a 1,000 Dai debt. • Next you sell the 1,000 Dai on an exchange for $1,000 in ETH. Through the CDP you now own $2,500 worth of ETH, including the $1,500 that’s locked up as collateral. • Your initial investment is leveraged 1.66X. When ETH doubles, you sell it for Dai that you then use to repay your debt (with interest) and you can walk home with a handsome profit.
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction
Blockchain Credit Introduction

Recommended

Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained101 Blockchains
 
PoW vs. PoS - Key Differences
PoW vs. PoS - Key DifferencesPoW vs. PoS - Key Differences
PoW vs. PoS - Key Differences101 Blockchains
 
What the Duck is DeFi
What the Duck is DeFiWhat the Duck is DeFi
What the Duck is DeFiBailey Reutzel
 
Top 5 DeFi Applications
Top 5 DeFi ApplicationsTop 5 DeFi Applications
Top 5 DeFi Applications101 Blockchains
 
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019Fluidity
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto walletsChristian Kameir
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Truong Nguyen
 
Introduction to Decentralized Finance - DeFi
Introduction to Decentralized Finance - DeFiIntroduction to Decentralized Finance - DeFi
Introduction to Decentralized Finance - DeFiUmair Moon
 

Recommended

Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained101 Blockchains
 
PoW vs. PoS - Key Differences
PoW vs. PoS - Key DifferencesPoW vs. PoS - Key Differences
PoW vs. PoS - Key Differences101 Blockchains
 
What the Duck is DeFi
What the Duck is DeFiWhat the Duck is DeFi
What the Duck is DeFiBailey Reutzel
 
Top 5 DeFi Applications
Top 5 DeFi ApplicationsTop 5 DeFi Applications
Top 5 DeFi Applications101 Blockchains
 
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019
"Decentralized Finance (DeFi)" by Brendan Forster, Dharma | Fluidity 2019Fluidity
 
Crypto wallets
Crypto walletsCrypto wallets
Crypto walletsChristian Kameir
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Truong Nguyen
 
Introduction to Decentralized Finance - DeFi
Introduction to Decentralized Finance - DeFiIntroduction to Decentralized Finance - DeFi
Introduction to Decentralized Finance - DeFiUmair Moon
 
Ethereum A to Z
Ethereum A to ZEthereum A to Z
Ethereum A to ZDongsam Byun
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
DeFi 101
DeFi 101DeFi 101
DeFi 101Manish Jain
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAINNitish sharma
 
Smart contract
Smart contractSmart contract
Smart contractAkhmad Daniel Sembiring
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain PresentationZied GUESMI
 
Blockchain in FinTech
Blockchain in FinTechBlockchain in FinTech
Blockchain in FinTechAurobindo Nayak
 
Smart contracts using web3.js
Smart contracts using web3.jsSmart contracts using web3.js
Smart contracts using web3.jsFelix Crisan
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesCyberBahn Federal Solutions
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and CryptocurrenciesnimeshQ
 
Non-fungible tokens (nfts)
Non-fungible tokens (nfts)Non-fungible tokens (nfts)
Non-fungible tokens (nfts)Gene Leybzon
 
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...Edureka!
 
Understanding Bitcoin
Understanding BitcoinUnderstanding Bitcoin
Understanding BitcoinLeslie Bayona
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptxRajapriya82
 
Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101Thiago Araujo
 
An Overview of Stablecoin
An Overview of StablecoinAn Overview of Stablecoin
An Overview of Stablecoin101 Blockchains
 
Ethereum (Blockchain Network)
Ethereum (Blockchain Network)Ethereum (Blockchain Network)
Ethereum (Blockchain Network)Qais Ammari
 
Bitcoin
BitcoinBitcoin
BitcoinNoopur Singh
 
Blockchain Basics
Blockchain BasicsBlockchain Basics
Blockchain BasicsBluechip Technologies
 
NYS Forum - Blockchain
NYS Forum - BlockchainNYS Forum - Blockchain
NYS Forum - BlockchainJoel Binn
 
Introduction to blockchain
Introduction to blockchainIntroduction to blockchain
Introduction to blockchainKrzysztof Bury
 

More Related Content

What's hot

Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsGautam Anand
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain PresentationZied GUESMI
 
Smart contracts using web3.js
Smart contracts using web3.jsSmart contracts using web3.js
Smart contracts using web3.jsFelix Crisan
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and CryptocurrenciesnimeshQ
 
Non-fungible tokens (nfts)
Non-fungible tokens (nfts)Non-fungible tokens (nfts)
Non-fungible tokens (nfts)Gene Leybzon
 
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...Edureka!
 
Understanding Bitcoin
Understanding BitcoinUnderstanding Bitcoin
Understanding BitcoinLeslie Bayona
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptxRajapriya82
 
Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101Thiago Araujo
 
An Overview of Stablecoin
An Overview of StablecoinAn Overview of Stablecoin
An Overview of Stablecoin101 Blockchains
 
Ethereum (Blockchain Network)
Ethereum (Blockchain Network)Ethereum (Blockchain Network)
Ethereum (Blockchain Network)Qais Ammari
 

What's hot (20)

Ethereum A to Z
Ethereum A to ZEthereum A to Z
Ethereum A to Z
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
 
DeFi 101
DeFi 101DeFi 101
DeFi 101
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAIN
 
Smart contract
Smart contractSmart contract
Smart contract
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
 
Blockchain in FinTech
Blockchain in FinTechBlockchain in FinTech
Blockchain in FinTech
 
Smart contracts using web3.js
Smart contracts using web3.jsSmart contracts using web3.js
Smart contracts using web3.js
 
Blockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and DegreesBlockchain Poc for Certificates and Degrees
Blockchain Poc for Certificates and Degrees
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and Cryptocurrencies
 
Non-fungible tokens (nfts)
Non-fungible tokens (nfts)Non-fungible tokens (nfts)
Non-fungible tokens (nfts)
 
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
 
Understanding Bitcoin
Understanding BitcoinUnderstanding Bitcoin
Understanding Bitcoin
 
Consensus Algorithms.pptx
Consensus Algorithms.pptxConsensus Algorithms.pptx
Consensus Algorithms.pptx
 
Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101Blockchaindev #1 - Ethereum Smart Contracts 101
Blockchaindev #1 - Ethereum Smart Contracts 101
 
An Overview of Stablecoin
An Overview of StablecoinAn Overview of Stablecoin
An Overview of Stablecoin
 
Ethereum (Blockchain Network)
Ethereum (Blockchain Network)Ethereum (Blockchain Network)
Ethereum (Blockchain Network)
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
Blockchain Basics
Blockchain BasicsBlockchain Basics
Blockchain Basics
 

Similar to Blockchain Credit Introduction

NYS Forum - Blockchain
NYS Forum - BlockchainNYS Forum - Blockchain
NYS Forum - BlockchainJoel Binn
 
Introduction to blockchain
Introduction to blockchainIntroduction to blockchain
Introduction to blockchainKrzysztof Bury
 
Blockchain & crypto
Blockchain & cryptoBlockchain & crypto
Blockchain & cryptoAtul Mangat
 
Blockchain and Hook model of engagement
Blockchain and Hook model of engagement Blockchain and Hook model of engagement
Blockchain and Hook model of engagement Rajeev Soni
 
Blockchain technology.pptx
Blockchain technology.pptx Blockchain technology.pptx
Blockchain technology.pptxARNAV PATEL
 
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...Zeeve
 
blockchain bootcamp @WCNJ
blockchain bootcamp @WCNJblockchain bootcamp @WCNJ
blockchain bootcamp @WCNJAsh Yadav
 
Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017🔗Audrey Chaing
 
Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the HypeSalman Baset
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and BitcoinM Shamim Iqbal
 
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018🔗Audrey Chaing
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyNimmy Solomon
 
Integrating blockchain and traditional web
Integrating blockchain and traditional webIntegrating blockchain and traditional web
Integrating blockchain and traditional webMichael Coon
 
Blockchain Future & Investments 2018 - Women in Product
Blockchain Future & Investments 2018 - Women in Product Blockchain Future & Investments 2018 - Women in Product
Blockchain Future & Investments 2018 - Women in Product Aarthi Srinivasan
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014WeKCo Coworking
 

Similar to Blockchain Credit Introduction (20)

NYS Forum - Blockchain
NYS Forum - BlockchainNYS Forum - Blockchain
NYS Forum - Blockchain
 
Introduction to blockchain
Introduction to blockchainIntroduction to blockchain
Introduction to blockchain
 
Blockchains 101
Blockchains 101Blockchains 101
Blockchains 101
 
Blockchain & crypto
Blockchain & cryptoBlockchain & crypto
Blockchain & crypto
 
Blockchain and Hook model of engagement
Blockchain and Hook model of engagement Blockchain and Hook model of engagement
Blockchain and Hook model of engagement
 
Blockchain technology.pptx
Blockchain technology.pptx Blockchain technology.pptx
Blockchain technology.pptx
 
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...
Webinar – Blockchain, NFT, Crypto & DeFi – A Primer for these exciting develo...
 
blockchain bootcamp @WCNJ
blockchain bootcamp @WCNJblockchain bootcamp @WCNJ
blockchain bootcamp @WCNJ
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017Blockchain and Crypto 101 - October 2017
Blockchain and Crypto 101 - October 2017
 
Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the Hype
 
Blockchain and Bitcoin
Blockchain and BitcoinBlockchain and Bitcoin
Blockchain and Bitcoin
 
Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
Blockchain Projects - Core Pillars of Shipping Product, Feb 2018
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
module-1.pptx
module-1.pptxmodule-1.pptx
module-1.pptx
 
Blockchain 101
Blockchain 101Blockchain 101
Blockchain 101
 
Integrating blockchain and traditional web
Integrating blockchain and traditional webIntegrating blockchain and traditional web
Integrating blockchain and traditional web
 
Blockchain Future & Investments 2018 - Women in Product
Blockchain Future & Investments 2018 - Women in Product Blockchain Future & Investments 2018 - Women in Product
Blockchain Future & Investments 2018 - Women in Product
 
Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014Blockchain - Presentacion Betabeers Galicia 10/12/2014
Blockchain - Presentacion Betabeers Galicia 10/12/2014
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Blockchain Credit Introduction

  • 1. Introduction to Blockchain Credit – Countless sources on Internet - Devdatta Ajgaonkar
  • 2.
  • 3.
  • 4. The problem • Internet is great but too easy to lie. • The old solution : Identify the authority. Allow authority to impose the ‘truth’. Blindly trust the authority. • Single point of control/failure/bottleneck. • Authority may be (or become) incompetent/compromised/biased or corrupt/unavailable or some other unknown issue. • No transparency. Can not verify much. Trust in institutions is waning. • How can we do better? Avoid relying on authority. Use consensus of peers. Liars can lie but ultimately, they will be ignored by all. • Solution : chronicling : time series of archivable data that anyone can verify. • Decentralized (storage, authority), transparent and permission-less, immutable.
  • 5. What is a blockchain? Block N Prev Hash Data Block N+1 Prev Hash Data Block N+2 Prev Hash Data Latest new block • Digital messages bundled into blocks linked using cryptography • Immutable Decentralized ledger • Each block contains cryptographic hash of previous block, timestamp and transaction data (arranged as a Merkle tree) => chronicling ! • Invented by Satoshi Nakamoto in 2008 as a public ledger of bitcoin timestamp timestamp timestamp Old block
  • 6. The Times 03/Jan/2009 Chancellor on brink of second bailout for banks • Bitcoin’s first block. • This was probably intended as proof that the block was created on or after January 3, 2009, as well as a comment on the instability caused by fractional- reserve banking. • This detail, "second bailout for banks" could also suggest that the fact a supposedly liberal and capitalist system, rescuing banks like that, was a problem for Satoshi . . . the chosen topic could have a meaning about bitcoin’s purpose . . . • First draft published in Cypherpunk mailing list. • Could be a social, ecomomic and political movement (similar to “occupy movement”, Metoo, LGBTQ, black lives matter etc). • https://activism.net/cypherpunk/manif esto.html
  • 7. What is a Distributed Ledger Technology (DLT)? • Database of records that isn’t stored or confirmed by any central body. A distributed ledger is merely a type of database spread across multiple sites, regions, or participants. • In DLT, the implementer has greater control over how it is in fact implemented. They could, in principle, dictate the structure, purpose, and functioning of the network that underpins its service. • Cryptographic signing and linking groups of records in the ledger, to form a chain is what sets blockchain apart from DLT. • Blockchain is a type of DLT. DAG (Directed Acyclic Graph) based Tangle (used by IOTA) and Hashgraph, are examples of DLT without any blocks/chain.
  • 8. The Benefits Of Blockchain And Distributed Ledger Technology DLT gives control of all its information and transactions to the users and promotes transparency. Decentralization. They can minimize transaction time to minutes and are processed 24/7 (saving businesses lot of money). The technology also facilitates increased back-office efficiency and automation (saving businesses lot of money). DLTs cut down on operational inefficiencies. Cuts the middle party. Greater security is also provided due to their decentralized nature, as well as the fact that the ledgers are immutable.
  • 9. Blockchain Applications Crypto currencies & Smart contracts Defi (traditional financial instruments in a decentralized way, lending/credit etc) Banking the unbanked (Humaniq, bloom, moneyamigo) Unbanking the banked (OmiseGo) Payments, Cross border money transfer (Stellar, ripple) Asset management Wallets, crypto exchanges, DEX DAO (Decentralized autonomous organization) Games : lottery based games (eg Fomo3D), non-fungible tokens (eg cryptokitties) Prediction market : Augur Notary : blocknotary.com, stampd.io: immutable copyrights, timestamp, interview Infra – resource tokens – compute/storage etc Distributed cloud storage : ipfs, storj.io : encrypt, split, distribute Supply chain and proof of provenance Digital identity, Authentication and authorization IOT
  • 10. Types of blockchains Public blockchain (e.g. bitcoin, Ethereum, Litecoin etc) • Public - permissionless, trustless, immutable. • Fully decentralized Private blockchain aka permissioned blockchain (e.g. JP Morgan Quorum, BankChain) • Fully private with write permissions kept within a single organization • Businesses have sensitive information that can not be shared publicly. • Privacy of participants (ring signatures, stealth addresses etc) • Privacy of data/transactions/balances (Zero Knowledge proofs, Pedersen commitments) • Transactions are private, known only to participants with permissions. • Controlled by single organization. Centralized. • Participants are known and trusted and need consent to join Consortium blockchain aka shared permissioned blockchain (e.g. Hyperledger, Ripple, R3) • Partly private, permissioned, multi-org, semi-decentralized - Hybrid between public and private
  • 11. Big names in “Enterprise Blockchain”: Hyperledger (https://www.hyperledger.org/) Led by Linux Foundation, IBM (Hyperledger Fabric) Focus: finance, healthcare, supply chain Consortium of 20+ corporate members, 120+ start-up & ecosystem participants, 20+ institutions to advance blockchain technologies through open-source, collaborative development Produces enterprise-focused software solutions & tools for implementing blockchain applications, PoCs, solutions, etc. Hyperledger Fabric - Private permissioned blockchain, modular plug-and-play solutions
  • 12. Hyperledger (https://www.hyperledger.org/) Burrow : modular blockchain client with a permissioned smart contract interpreter built in part to the specification of the Ethereum Virtual Machine (EVM). Fabric : An enterprise-grade permissioned DLT framework that offers modularity, privacy options to satisfy a broad set of industry use cases ranging from finance, to healthcare, to supply-chain and more. Grid : Hyperledger Grid is a WebAssembly-based project for building supply chain solutions. It includes a set of libraries, data models, and SDK to accelerate development for supply chain smart contracts and client interfaces. Indy : It provides tools, libraries, and reusable components for creating and using independent digital identities rooted on blockchains or other distributed ledgers for interoperability. Iroha : This is a modular distributed blockchain platform with its own unique consensus and ordering service algorithms, rich role-based permission model and multi- signature support. Sawtooth : It includes a novel consensus algorithm, Proof of Elapsed Time (PoET), which targets large distributed validator populations with minimal resource consumption. And many more ...
  • 13. (https://consensys.net/) Incubator for Ethereum- focused applications, startups, and developer tools. Founded in 2015 by Joe Lubin (co-founder of Ethereum). “Hub-and-spoke” model with shared, central resources and “spoke” ventures. Enterprise Ethereum. Supports adoption, ecosystem expansion, network effects for Ethereum. Multiple divisions & efforts : e.g. Gitcoin, MetaMask, truffle, Infura, https://kaleido.io/ Blockchain as a Service.
  • 14. R3 (https://www.r3.com/) Enterprise blockchain company. It leads an ecosystem of More than 300 firms working together to build dApps on top of Corda for usage across industries such as financial services, insurance, healthcare, trade finance, and digital assets. Corda is R3’s distributed ledger technology platform, open sourced in November 2016, specifically designed for financial sector. Data privacy, regulator focused, smart contracts, enterprise grade. Point to point, no mining, no broadcast, data sharing on need- to-know basis. https://www.corda.net/
  • 15.
  • 16. Intersection of many different fields Cryptography & mathematics Distributed computing, consensus algorithms Computer Security Fintech/DeFi, Banking Art, music, gaming, sports Politics & government Law and regulation Game theory & crypto economics Experts from all these fields trying to sort this out Wild wild west right now
  • 18. Fun facts about Bitcoin • Total #bitcoins fixed (deflationary) = 21 million, 85% mined so far. • Inventor is unknown. Pseudo name - Satoshi Nakamoto. • Published paper on 10/31/2008 : Bitcoin: A Peer-to-Peer Electronic Cash System. • May 22 bitcoin pizza day. First real world transaction in 2010, paid 10000 BTC for 2 Papa John’s pizzas. • Genesis block “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks” https://en.bitcoin.it/wiki/Genesis_block • HODL - originated in 2013 with a post to the bitcointalk forum. HODL as Strategy and Philosophy. Move over HODL, it's time to BUIDL. • Room 77 – Accepting Bitcoin since 2011. • https://www.blockchain.com/explorer • Not account based. Based on UTXO model (unspent transaction output). • Implementations : Bitcoind (C++), btcd (go), bcoin (node.js). • Bitcoin Improvement Proposals (BIPs) ~ RFC
  • 19. Fiat (traditional) versus Crypto currency FIAT (TRADITIONAL) CURRENCY CRYPTO CURRENCY Decentralized No (central bank) Yes (mathematical) Type Real Virtual Intermediates Yes No (peer to peer) Portability & speed Moderate (slow) Yes Durable Moderate Highly durable Acceptance National Global Secure Moderate High (but comes with Risks of hacks/exploits etc) Sovereign (government issued) Yes No Smart No yes
  • 21. Criticism Poor Scalability Hacks, attacks, vulnerability exploits PoW – wastage of energy, scale, privacy, confirmation time etc Regulatory issues Frauds & Scams Volatility UX and usability – work in progress Market manipulation Dark web, silk road, extortion etc Tax evasion No killer app?
  • 22. Fundamentals: Cryptographic Hash Function Properties • Pre-image resistance : Assume x is the message. Given H(x), it’s computationally difficult to find x. aka trapdoor or one-way Fingerprint analogy – whose fingerprint is this? • Collision Resistance : Hard to find any two x and y s.t. H(x) == H(y) Fingerprint analogy – can you find two random people with the same fingerprint? • Second pre-image resistance : Given x, it’s computationally difficult to find some value x’ s.t. H(x) == H(x’). Fingerprint analogy – can you find someone else with the same fingerprint as you? • Noncorrelation or Avalanche effect : A tiny change (even 1bit) in the input produces extensive change in output (significantly different) s.t. it can not be correlated to the hash of original message. • Verifiability : Computing the hash of a message is efficient (linear complexity). • Deterministic : A given input message always produces the same hash output. • Bitcoin uses double hash, SHA-256(SHA-256(x)).
  • 23. Crypto Basics – 1 Collision resistant hash functions (CRHF) • Collision resistant hash functions (CRHF) Hash(Message) ---> T | Input Message space | >> | target space | (256b) • Hard to find collision although, using pigeonhole principle, many collisions exist. • Use Merkle trees for shorter proofs. • Merkle tree is a tree in which every leaf node is labelled with the hash of a data block, and every non-leaf node is labelled with the hash of its child nodes.
  • 24. Crypto Basics – 2 Proof of Work • Proof of Work - Goal : to build a puzzle such that to solve it, it takes at least a constant time controlled by difficulty level O(D), to verify though it takes O(1) time. • Puzzle : Input x, solution y : H(x, y) < 2^n / D … n=256, D varies. - Verify(x, y) : accept if H(x,y) if hash has at least D zeroes in the left of hash. • CRHF does not mean it’s PoW secure
  • 25. Crypto Basics - 3 Digital signatures • Digital signatures - Authentication, non-repudiation, immutable (message integrity). • Set of 3 algorithms. (G, S, V) - Generator(): o/p (pk, sk), no i/p - Sign(sk, m) : o/p sig - Verify(pk, m, sig) : o/p yes/no • Bitcoin, Ethereum uses ECDSA (suffers from malleability attack) • Future : Schnorr signatures, BLS signatures, Ring signatures etc
  • 26. Security perspective • Do not roll your own crypto, must be peer reviewed and battle tested. Even great mathematicians and cryptographers make mistakes. • Algorithms will be broken (advances in maths, computers, tech etc). • The time from acceptance to deprecation is shrinking. • Keep up to date with deprecated functions (RC2/RC4, (X)DES, SHA-1, MD2/MD4/MD5, RSA < 1024b, ECDSA 160b, SSL). Be ready to swap in different encryption methods. • Humans are the weakest link, how one uses cryptography can undo security.
  • 27. Merkle tree A Merkle tree is a tamper-resistant data structure that allows a large amount of data to be compressed into a single number and can be queried for the presence of specific elements in the data with a proof constructed in logarithmic space.
  • 28. Bloom filter • A bloom filter is a probabilistic data structure that can answer the question of whether a value is absent from a set while maintaining a constant space requirement and a constant lookup time • If the bloom filter responds that an item does exist in a set, it may be a false positive. • A bloom filter consists of an array of bits and a set of hashing functions that each return a number that corresponds to the index of a bit in the bit field. • To encode a value, we pass the value as an input to each hashing function. We set the bit at each returned index to 1. If the bit at a given index is already 1, no change occurs. • To ask the whether a value already exists in the bloom filter, we run the value through each hashing function. If any function returns an index in the bit field that is still 0, we can say for certain that the value has not yet been encoded. • In Bitcoin, bloom filters allow lightweight wallets to request the transactions they care about without revealing the user's identity. For example, the wallet may encode its addresses into a bloom filter and send the bit field in a request to the network. The answering node returns a list of transactions that involve addresses for which the bloom filter returns a positive result. The list of transactions returned may contain many false positives. • The false positives help hide which addresses actually belong to the requester.
  • 29. Simple Payment Verification (SPV) • SPV nodes don’t have all transactions and do not download full blocks, just block headers. In order to verify that a transaction is included in a block, without having to download all the transactions in the block, they use an authentication path, or merkle path. • The SPV node will establish a bloom filter on its connections to peers to limit the transactions received to only those containing addresses of interest. • When a peer sees a transaction that matches the bloom filter, it will send that block using a merkleblock message. The merkleblock message contains the block header as well as a merkle path that links the transaction of interest to the merkle root in the block. • The SPV node can use this merkle path to connect the transaction to the block and verify that the transaction is included in the block. The SPV node also uses the block header to link the block to the rest of the blockchain. • The combination of these two links, between the transaction and block, and between the block and blockchain, proves that the transaction is recorded in the blockchain. • All in all, the SPV node will have received less than a kilobyte of data for the block header and merkle path, an amount of data that is more than a thousand times less than a full block (about 1 megabyte currently). • Application -> Thin wallets, say, on a Mobile.
  • 30. Private Key & Public Key & Bitcoin address • Bitcoin uses ECDSA to create sk and pk. • secp256k1 : Y^2= ( X^3+ 7 ) over ( Fp) • Private key (k)– simply a 256 bit number picked randomly. Toss a coin 256 times. Must be kept secret. • Public key (K) – scalar point multiplication of G by k on secp256k1 curve. Public. (x, y) • Bitcoin address = Base58CheckEncode ( RIPEMD160(SHA256(K)) ) is 160 bit hash of Public key. • Base-58 alphabet: - 1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz 58 characters (omits 0, O, I, l) => Note : Case sensitive !!! • Practically impossible for anyone to overlap. For reference - Grains of sand on earth: 2^63 - With 2^63 earths, each with 2^63 grains of sand : 2^126 total grains of sand. - 2^126 is only 0.000 000 00 58 % of 2^160. - Population of earth : 7.5 billion (2017). Every person could have 2^127 addresses all to themselves. Private Key (k) 256 bit Bitcoin Address (160 bit) ECM RIPEMD160(SHA256(K)) Public Key (K) K = (x, y)
  • 31. Public Key • Public Key (K) derived from private key (k) using elliptic curve multiplication. - K = k * G where G is a fixed generator point. - ECC is a trapdoor function. easy to compute in one direction, yet difficult to compute in the opposite direction without knowing the trapdoor. • The reverse operation, calculating k, for a Public K is as difficult as trying all possible values of k i.e. Brute Force search. This is aka “finding the discrete logarithm problem”. • Bitcoin uses a specific elliptic curve as defined in an NIST standard, called secp256k1 curve.
  • 32. Base58 Bitcoin Address Type Version Base58 result prefix Bitcoin Address 0x00 1 Pay-to-Script-Hash Address 0x05 3 Bitcoin Testnet Address 0x6F m or n Private Key WIF 0x80 5, K or L BIP-38 Encrypted Private Key 0x0142 6P BIP-32 Extended Public Key 0x0488B21E xpub Note that Base-58 encoded Bitcoin address is case sensitive. The new style addresses aka bech32 addresses are not case sensitive.
  • 33. Blockchain layers • Layer2 : Decentralized computing model. (BTC scripts, EVM etc) • Layer3 : dApps (wallets, games, prediction markets etc) • Layer1 : Consensus protocols (PoW, PoS, PoSpace etc)
  • 34. Layer 1 Consensus Basics : Distributed systems properties, BFT • Concurrency • Message passing – Synchronous (message delivered in fixed time) or Asynchronous (network may delay/duplicate/deliver out of order) • Lack of global clock – time and order of events • Independent failures, failure modes : • Crash fail (stops without warning) • Omission (messages dropped, delay/duplicate/out of order) • Byzantine (may choose to be malicious, lie / collude), hardest • Byzantine fault tolerance - Nodes can be both, honest or dishonest depending on incentives. Nodes may be B (byzantine) or A (altruistic) or R (rational) meaning follow protocol only when it suits them.
  • 35. FLP impossibility, CAP theorem and Blockchain Trilemma • FLP impossibility (Fischer Lynch Patterson 1982) : In case of async, pick any 2 out of the following 3 to get a consensus Safety/Liveness/Fault tolerance. • CAP theorem (1998 Brewer’s theorem @ UCB): It is impossible for a distributed data store to simultaneously provide more than two out of the following three guarantees:[ • Consistency: Every read receives the most recent write or an error • Availability: Every request receives a (non-error) response – without the guarantee that it contains the most recent write • Partition tolerance: The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes • Distributed systems must have Partition Tolerance. That leaves A or C. A is a must. So C goes out. It becomes eventual consistency. • Blockchain Trilemma (Vitalik Buterin) : Can not have all three properties – decentralization, security and scalability.
  • 36. Consensus (timeline) • Byzantine generals problem : If f >= N/3 => consensus impossible. (f: faulty/traitors N: total nodes). 2/3 nodes must be loyal. • Fischer Lynch Patterson, FLP impossibility result (1982) : In case of async, pick any 2 out of the following 3 to get a consensus Safety/Liveness/Fault tolerance. • Ben Or (1983), Rabin (1983), Partial Synchrony (1984), Viewstamped replication (1988), Paxos (1990) • Sybil attack – voting based systems, based on identity. Attacker can make up identities. Solution : Make identities cost something. • Practical Byzantine Fault tolerance PBFT (1999) : based on state machine replication. f must be < N/3. Uses voting (leader, backup). Exponential communication. Issue - Does not scale, Sybil Attacks possible. Used in Hyperledger. • RAFT (2014) Stanford, is not a BFT. Quorum uses a Raft implementation in `etcd` • Nakamoto (2008) – lottery. Used in Bitcoin. • Federated Byzantine Agreement – each node can decide whom to trust and be part of their decision-making group, called as a quorum slice. Used in Stellar and Ripple. Every Byzantine general, responsible for their own chain, sorts messages as they come in to establish truth. In Ripple the generals (validators) are pre-selected by the Ripple foundation. In Stellar, anyone can be a validator so you choose which validators to trust.
  • 37. Layer 1 : Consensus • Agreement – no two correct processes decide differently • Validity – If a process decides value v, then v was proposed by some valid process • Safety = agreement + validity • Termination – every correct process eventually decides correct value = liveness
  • 38. Nakamoto Consensus in Bitcoin No voting, no particular timing to hold a consensus. No need for precise membership. Permissionless. No identity required! Solve a cryptographic puzzle instead of voting. Not aiming for fully correct consensus. Eventual consistency. Proof of work • make it harder for dishonest miners to propose a block • miners solve computationally hard problems when a block is created Incentives for miners to be honest and to be on the longest chain.
  • 39. Nakamoto Consensus What do we agree on? – We agree on a block which has a set of valid transactions. Who can propose/author a block? – anyone who has solved the puzzle. PoW in Bitcoin. How do we agree? - Set of rules for consensus. Longest chain wins (most PoW) => finality in 6 confirmations. In Nakamoto : • Agreement – NO, successful PoW does not guarantee finality. • Validity – yes, o/p is one of the i/ps • Termination – statistically yes, mathematical proof. • Fault tolerance – yes, works even if one or more nodes fail. • Finality - a block can get reversed. Practically, finality of 6 confirmations. Cons - High latency, low throughput, does not scale, wastes energy. Anyone can author a block - PoW Finality : longest chain wins
  • 40. In Bitcoin • Agreement – NO. Different miners may work on different set of transactions and thus may output different blocks if they are able to solve the puzzle and this may cause a split or orphan blocks. This can happen due to network latency or some mining policy or also with a double spend attack. So a successful PoW never guarantees finality. • Validity – YES. Due to incentives, everyone wants to be on longest and valid chain. • Termination – YES. Solving the puzzle is probabilistic. It's a Bernoulli trial since it has only 2 outcomes. Nodes try many nonces (or reorder the transactions of Merkle tree) that this can be approximated by Poisson process. It is an exponential distribution. Some blocks may be found sooner than 10 minutes and some later. There is no guarantee that a solution is always found. But mathematically the probability of not finding a solution is very little. Also every 2016 blocks, the difficulty is auto adjusted (increased or decreased). So the output will be found almost always.
  • 41. Mining • A “full node” must do the following : - Download entire blockchain and verify the transaction history - Nodes broadcast transactions, verify incoming transactions - Miners create a block of valid transactions - Find a nonce, timestamp, merkle root to solve the puzzle - Reorder transactions in a block to change merkle hash if it runs out of nonce/timestamp - Broadcast your block - Hope that your block is accepted by other nodes => Profit ! - Unsuccessful miners abandon their current candidate blocks and start work on new ones, remove done tx from mempool • Transaction fees depend on size of transaction • Miner may also get an MEV (Miner extractable Value) - more on this later. • Profit = Mining revenue (Block reward + transaction fees) - Mining cost (fixed costs + variable costs) • Fixed costs = hardware • Variable costs = electricity , cooling, (pools : warehouse, personnel etc) • Rewards/Incentive for honesty => more secure network. • PoW ensures that miners willing to spend/invest for hw to earn BTC.
  • 42. Mining • Different miners may work on different set of transaction in a block. • Mempool in RAM holds validated unconfirmed transactions until they are picked. • Miners see transactions before they are confirmed and could maliciously change them before transactions are validated (e.g. Malleability of ECDSA attack). • Every block contains mining reward aka Coinbase transaction which is the first transaction of a block, wherein, miner sends a reward to its own address, for generating a new block through mining by solving the puzzle. • The reward for mining the first block was 50 BTC. The reward is halved every 210,000 blocks. Current block reward 6.25 BTC, mined approximately every 10 minutes. It will take about 132 years to mine all 6,929,999 blocks, and the last block will be mined in 2140. • Miners also collect transaction fees = Σ inputs – Σ outputs. Higher the fee, higher the chance of transaction making into a block.
  • 43. Mining • CPU -> GPU -> Fpga -> Asic • Asic mining - Pros: Low power, higher hash rate, smaller, high profit - Cons: Costly, coin specific, low resale, short life span, non- upgradable, monopolies using dubious methods (asic boost, selfish mining, eclipse attacks etc • Asic resistant mining algorithms - Reduce barrier to entry, increase decentralization, improve security via increasing community participation • PoW for Bitcoin is SHA256(SHA256(block_header)) • Ethereum uses PoW algorithm called 'ethash', designed to require more memory to make it harder to mine using expensive ASICs. • In 2018, Bitmain released Ethereum asic miner called Antminer E3. Eth has proposed ProgPoW.
  • 44. Mining Puzzles • Memory-hard : requires lot of memory to solve puzzle. Asic resistant. • Memory-bound : time to access memory dominates time to compute. Note : A puzzle can be just memory‐hard without being memory‐bound, or memory‐bound without being memory‐hard, or both. • SHA-256 – Secure Hash, Bitcoin PoW (and used by many others) • ETHASH - Ethereum’s PoW. Asic resistant via memory hardness. • Scrypt – memory hard. Simpler and quicker than SHA-256. PoW in Dogecoin, Litecoin etc • Equihash – PoW for standard CPUs. Used in Bitcoin Cash, Zcash. • Cryptonight – PoW for CPU mining. Used in Monero. • Cuckoo cycle - ASIC-resistant PoW algorithm which is memory bound. Goal is to find a fixed length L ring in the Cuckoo Cycle bipartite graph randomly generated. CuckARoo (anti-ASIC) and CuckAToo (ASIC-friendly). Grin uses 90% CuckARoo + 10% CuckAToo.
  • 45. What if two miners solve puzzle at the same time? • Both miners will broadcast their solution on the network • Nodes will accept the first solution they hear and reject others • Nodes always switch to the longest chain they hear • Eventually the network will converge and achieve consensus • Block height = Current block number starting from genesis block • Block depth = #blocks after the given block • To avoid double spend attack, 6 confirmations are recommended by Satoshi. • Finality time => one hour! Similar to credit card transactions which can get reversed!
  • 46. Bitcoin Block time and total supply How often are new blocks created? Approximately once every 10 minutes. Every 2016 blocks, the target T is recalculated. Let tsum = Number of seconds taken to mine last 2016 blocks Tnew = (tsum/(14 × 24 × 60 × 60) ) × T The block reward was initially 50 BTC per block Halves every 210,000 blocks ≈ 4 years Became 25 BTC in Nov 2012 and 12.5 BTC in July 2016 Total Bitcoin supply is fixed - 21 million bitcoins The last bitcoin will be mined in 2140 Fun fact : In Sep2019, Block #597,273 was mined 119 minutes after its parent. This happened only 10 times in Bitcoin's history, last time in May of 2014.
  • 47. Mining calculators. When is Bitcoin Mining profitable exactly? • Ant-miner hydra : hash rate 18 TH/sec (tera = 10^12), power consumption 1.7kWH • #hashes per ant-miner in 1 hour = 64,800 * 10^12 • Assume Difficulty = 2^75 • #ant miners to mine 6 blocks in 1 hr = (2^75 * 6)/ 64,800 * 10^12 = 3,498,050 • Total power consumed = 3,498,050 * 1.7kW = 5.9million kWH • Cost of electricity = $0.05 per kwh * 5.9 million kwh = 295K$ • 6 rewards = 6 * 12.5 BTC * 10000$ = 750K USD • Pool fee, cooling, data center Opex costs, transaction fees, attacks etc • Rigs 'Sold By Kilo' https://news.bitcoin.com/miner-goes-bankrupt- manufacturers-stuck-with-inventory-old-rigs-sold-for-scraps/
  • 48. Mining pools • A user has to wait on average few years to mine a block alone. • Pooling of resources by miners, who share their processing over a network, to share the reward. Expected revenue from pool slightly lower than solo but it significantly reduces variance of income. • Monopoly 84% of mining by mining pools – centralization? • A single pool with hash rate > 50% is a real threat. • 74% of the hash power coming from China! “The Looming Threat of China: An Analysis of Chinese Influence on Bitcoin” – a Princeton research paper. https://blockchain.princeton.edu/papers/2018-10-ben- kaiser.pdf • Geographical Centralization of Mining Risks 51% Attack. • https://miningpoolstats.stream/bitcoin • Multi pool mining – switch between altcoins. Pool hopping attack. • Stratum – pool mining protocol between miners and pool. https://github.com/ctubio/php-proxy-stratum/wiki/Stratum- Mining-Protocol
  • 49. Why the miners are not in control? Bitcoin : No foundation, unknown founder(s). Ethereum : foundation ✔, founders known. ICO : money raised by single company Exchanges also play a role – what to list, to support a fork or not, how to label forks (BTC vs BCH) etc /o
  • 50. Game theory • Game theory is the study of mathematical models of strategic interaction between rational decision- makers. It has applications in all fields of social science, as well as in logic and computer science. Originally, it addressed zero-sum games, in which one person’s gains result in losses for the other participants. — Wikipedia B betrays B stays quiet A betrays Both jailed for 2 years. A is free. B is jailed for 3 years. A stays quiet B is free. A is jailed for 3 years. Both jailed for 1 year. Prisoner’s dilemma The only possible outcome for two purely rational prisoners is to betray each other!
  • 51. Mining pool strategy and attacks Pay per share: flat fee for each header < pool_target, beneficial for miners, pool takes risk from reward variance. no incentive to submit valid block. Proportional: get proportion of work done/block reward only when a block is found. Lower risk for pool operators, one issue : pool hopping. Finney attack (double spend), 51% attack, feather forking attack, asic boost, Selfish mining, eclipse attack, goldfinger attack, fee sniping etc Selfish mining – block withholding. Dishonest minority can attack! Solution - Uncle blocks, choose randomly if more than one block appear approximately at the same time (instead of choosing first) and Publish or perish Verifier’s dilemma – verification of blocks takes time. May be cheaper not to verify?
  • 52. Miner’s dilemma A pool member can sabotage an open pool by seemingly joining it but never sharing its proofs of work. The pool shares its revenue with the attacker, and so each of its participants earns less. Any open pool can increase its own profits by attacking another open pool. However, if both attack each other, both earn less than if none attacks. With any number of pools, no-pool-attacks is not a Nash equilibrium. With two pools, or any number of identical pools, there exists an equilibrium that constitutes a tragedy of the commons where the pools attack one another and all earn less than they would have if none had attacked. For two pools, the decision whether or not to attack is the miner's dilemma, an instance of the iterative prisoner's dilemma. The game is played daily by the active Bitcoin pools, which apparently choose not to attack. If this balance breaks, the revenue of open pools might diminish, making them unattractive to participants.
  • 53. Cryptoeconomics • The creation of Bitcoin as a Byzantine Fault Tolerance (BFT) system is the result of a harmonious blend of cryptography and game theory. • The use of game theory within the cryptocurrency context is what gave birth to the concept of Cryptoeconomics, which is basically the study of the economics of blockchain protocols and the potential consequences that the design of these protocols may present - as a result of its participant behaviors. It also considers the behavior of “external agents” that are not really part of the ecosystem, but could eventually join the network only to try and disrupt it from within. • One of the most important features of the Bitcoin network that protects it from malicious activity is the Proof of Work consensus algorithm. • It applies cryptographic techniques that cause the mining process to be very costly and demanding, creating a highly competitive mining environment. • Therefore, the architecture of PoW-based cryptocurrencies incentivizes the mining nodes to act honestly (so they do not risk losing the resources invested). • In contrast, any malicious activity is discouraged and quickly punished. The mining nodes that present dishonest behavior will probably lose a lot of money and will get kicked out from the network. • Consequently, the most probable and rational decision to be made by a miner is to act honestly and keep the blockchain secure.
  • 54. Double spending attack Alice sends btc to Bob for goods, Bob does not wait for confirmation. Alice can spend the same btc to pay address controlled by herself before Bob’s transaction is confirmed. This is known as Double spending attack. Sometimes done using ‘Replace by Fee’ (pay higher transaction fee). Even if it’s confirmed, Alice can mine herself and create longer chain => 51% Attack! What if Alice controls > 50% of the total network hash power? If not, Alice can always collude with miners or bribe a miner operator.
  • 55. Double spending attack Cryptocurrencies prevent double spending by reaching consensus on an ordered log of transactions. Reaching consensus is difficult because of the open setting. Since anyone can participate, an adversary can create an arbitrary number of pseudonyms (Sybils) making it infeasible to rely on traditional consensus protocols that require a fraction of honest users. Bitcoin solves this problem by using Proof of work, where users must repeatedly compute hashes to solve puzzles and longest chain wins. PoW ensures that an adversary does not gain any advantage by creating sybils. However, PoW allows possibility of forks when two blocks are mined at same time. Mitigating forks requires unfortunately high block time and longer confirmation time. This is where PoS comes in picture.
  • 56. Bitcoin PoW issues • Wastage of energy - https://digiconomist.net/bitcoin-energy-consumption • Centralization in the hands of bunch of mining pools • Scalability : bitcoin 7tps, eth 15 tps, ripple 1500 tps, visa 24000 tps! • Forks : ambiguity not good in finance • Long latency for confirmation (6 confirmations = 1 hour)! • Not economical for micro-payments (use payment channels, e.g. lightening)
  • 57. Proof of stake and other consensus algorithms PoW issues – wastage of energy, concentration(mining pools), scalability, forks (ambiguity not good in finance), long latency. Incentivizes to be good, but does not punish cheaters. PoS : reward good + punish bad. node’s stake = the amount of currency a user holds in the system. The more stake a user controls, the more authority they have over validation. Slashing – coins locked up to avoid nothing-at-stake attack. Validators lock up coins as stake. Stake slashed if found malicious. delegated PoS : Active delegates are voted into their roles by token holders. Used in EOS, stemmit, ARK etc BFT • Practical (PBFT) - good for enterprise consortium Used in Hyperledger, Zilliqa. • Delegated (dBFT) – use stake to elect validators/ council to run PBFT. Used in NEO. • Federated BFT – verified by a group. Used in Stellar (permissionless validators) and Ripple (permissioned validators) PAXOS and RAFT – RAFT from Stanford, much easier to understand than Paxos. RAFT is crash fault tolerant (CFT) followers blindly replicate leader, does not deal with Byzantine failures, so of not much use in Bitcoin world. Algorand – uses PoS, voting to agree on a block. Sharding - instead of delegates, work is split among all participating nodes. Example: Ethereum shard chains and Near protocol
  • 58. Consensus Algorithms : PBFT (Practical Byzantine Fault Tolerance) • Used in enterprise consortiums where members are partially trusted. • #multicast messages needed in each phase of the three phase protocol multiplied by each replica in set. Replica set |R| with the maximum number of replicas that can be faulty is |R|= 3f + 1 • Issue 1: exponentially increasing message count as nodes (rather replicas) are added to the set. Does not scale with #nodes. • Solution: Rather than node == server, each organization would represent a node on the network node == organization. • Used in Hyperledger. • Issue 2 : Closed (permissioned) membership list, otherwise susceptible to Sybil attack.
  • 59. Delegated BFT (dBFT) • To solve scaling issues of PBFT, here the stake holders (who own the native crypto currency) vote to select delegates. • Delegates is a validator responsible for voting on block proposal. • “Speakers” are randomly chosen from delegates. • The speaker creates and broadcasts (proposes) the new block. Two thirds of delegates must validate and approve the block, otherwise it’s discarded. Based on PBFT. • Delegates or speaker could be dishonest. • Used in Neo. Delegates in Neo network currently held by NEO council, thus impossible to launch 51% attack, but this is centralized.
  • 60. Federated BFT Open to nodes joining in a permission-less way => decentralized. Used in Stellar and Ripple. In Ripple, validators are preselected by Ripple foundation, whereas in Stellar, anyone can be a validator and you choose which validators to trust. A quorum is defined as a set of nodes needed to reach an agreement in a distributed system. Quorum slices are the subsets of a quorum that are capable of convincing particular nodes of an agreement. The FBA model relies on individual nodes to choose their own sets of quorum slices. A node can depend on numerous slices for information, and this trust can be based on information from outside of the system and can be dynamic. Traditional BA requires that all nodes accept the same slices. Quorums intersect if they share a node (good). When quorums do not intersect, they are known as disjoint quorums (bad).
  • 61. Ethereum proposed move to PoS using casper • Casper FFG (Friendly Finality Gadget), a hybrid version of PoS and PoW, where validators create checkpoints after every 50 blocks, which creates a new genesis block. Now discarded. • Casper TFG (The Friendly Ghost), which requires validators to put a certain amount of ETH as a deposit to be able to create blocks. Any malicious attempt by the validator may invoke a smart contract to destroy the deposited amount. Uses slashing. This proposal is based on the assumption that fear of penalty will keep the validators in check to stay honest, thereby resolving the nothing-at-stake problem. • Casper v2 – PoS pure + sharding. Latest.
  • 62. Verifiable Random Function (VRF) - Micali, Rabin, Vadhan @ MIT • VRF is a pseudo-random function that provides publicly verifiable proofs of its output’s correctness. • Given an input value x, the owner of the secret key SK computes value y = FSK(x) and the proof pSK(x). • Using the proof and the public key PK=g^{SK}, anyone can check that the value y = FSK (x) was indeed computed correctly, yet this information cannot be used to find the secret key. • VRFs provide deterministic pre-commitments which can be revealed at a later time using proofs which can only be generated by a private key. • Unlike traditional digital signature algorithms, VRF outputs can be published publicly without being subject to a preimage attack, even if the verifier knows the public key (but not the proof). • Example : Non-interactive lottery. Organizer has secret function FSK. Each user chooses some x. Organizer computes y = FSK(x). Y somehow decides who is the winner. Issue is, users should not bias the lottery ie. FSK(x) should look random and organizer should not be able to lie about true y = FSK(x). => VRF.s
  • 63. Algorand (Silvio Micali@ MIT) • Based on VRF & Byzantine Agreement (BA), called BA⋆. Communication using Gossip protocol. “Pure Proof of Stake”. • To prevent Sybil attack, Algorand assigns weight to each user based on money in the account. As long as money owned by honest users is > 2/3, it can avoid double spend. Phase 1 A single token is randomly selected, its owner can propose the next block. • Scalability is achieved using consensus by committee. A small set of representatives randomly selected based on weights. Committee changes every round. Phase 2 committee may approve the block proposed. • Cryptographic Sortition - To avoid targeted attacks on committee members, BA⋆ selects committee members in a private and non-interactive way. . This means that every user in the system can independently determine if they are chosen to be on the committee, by computing a function (a VRF) of their private key and public information from the blockchain. Secret self selection lottery. If the function indicates that the user is chosen, it returns a short string that proves this user’s committee membership to other users, which the user can include in his network messages. Since membership selection is non-interactive, an adversary does not know which user to target until that user starts participating in BA⋆. • Participant replacement. An adversary may target a committee member once that member sends a message in BA⋆. BA⋆ mitigates this attack by requiring committee members to speak just once. Thus, once a committee member sends his message (exposing his identity to an adversary), the committee member becomes irrelevant to BA⋆ • Fast agreement, on-the-fly, mostly in first round itself. No forks ever (extremely rare). Trivial computation. Finality (no need for ”eventual consistency”, true decentralization (no miners, no incentives). • Able to scale to millions of users and sustain a high transaction rate, without incurring significant cost to participating users. Consensus on a block is reached in parallel while the block is being propagated to the network, which typically happens in a few seconds. • Algorand Claims : True decentralization, Security and Scale. Decentralized : anyone can participate, no miners. Secure : random committee not known until after the fact. Messages are signed. Scalability : minimal messages, fast lottery, small committee.
  • 64. Privacy & Anonymity & Ambiguity • Privacy is the ability to keep some things to yourself, regardless of their impact to society. ... So privacy is a concept describing activities that you keep entirely to yourself, or to a limited group of people. Failed in an exam? • In contrast, anonymity is when you are okay for people to see what you do, just not that it's you doing it. Eg wikileaks donations • Weak anonymity: pseudonym (eg reddit/Slashdot) pro: reputation, con: side channel leakage • Strong anonymity: un-linkable posts (eg 4chan) con: no reputation • Ambiguity – Ring signatures. “How to leak a secret” from MIT. Used in Monero. • Bitcoin is pseudonymous. Not anonymous. Sender and receiver addresses are known but their identity is not known. • In Bitcoin, sender, receiver address and value is in clear (not encrypted).
  • 65. Bitcoin de-anonymization • Bitcoin de-anonymization - At network layer. If enough nodes collude, use User’s IP address. - Linking by “Idioms of use”. Heuristic 1 : Two or more address i/p to same transaction => they are controlled by same entity Heuristic 2 : change address is controlled by same entity as i/p address - Once one address is de-anonymized in a cluster, entire cluster can be de- anonymized. - Use mixer to be more anonymous, but has limitations - Little better to use coin join. Also has issues. - https://www.chainalysis.com/ and https://www.elliptic.co/
  • 66. Bitcoin internals Magic number 0xD9B4BEF9 Blocksize (4B) Blockheader (80B) Transaction counter (1-9B) VarInt Transactions (variable size) nVersion (4B) hashPrevBlock (32B) = SHA256(SHA256( prev BlockHeader)) hashMerkleRoot (32B) nTime (4B) Timestamp nBits (4B) Target Difficulty nNonce (4B) Block header Version (4B) nVersion Input counter (1-9B, varInt) Inputs (variable) vector<CTxIn> vin Output counter (1-9B, varInt) Outputs (variable) vector<CTxOut> vout Lock time (4B) nLockTime Transaction structure Transaction ID (32B) hashPrevTx Output index (4B) nOut ScriptSig size (1-9B) scriptSigIn ScriptSig (variable) Sequence# (4B) nSequenceIn Value (8B) nValue ScriptPK size(1-9B, varInt) ScriptPubKey (variable) Input Output
  • 67. A bitcoin transaction • Forth like stack based language. Example Alice wants to pay Bob • Funding transaction • Spending transaction • UTXO model Output locktime 2฿ Script PK1 5฿ Script PK (Alice) Transaction ID 1 Script Sig Alice Output0 Output1 To Bob To Alice (change) o/p index 1 Alice proves with SigAlice that this is Alice’s money to spend
  • 68. Bitcoin Units of Measurement Unit BTC Cent-bitcoin (cBTC or bitCent) 0.01 Milli-bitcoin (mBTC or millibit) 0.001 Micro-Bitcoin (μBTC or bit) 0.000001 finney 0.0000001 satoshi 0.00000001 • Smallest unit is satoshi. • There are 100,000,000 Satoshis in every Bitcoin (10^8).
  • 69. Layer 2 : Bitcoin script (programmable currency) • Bitcoin Script is simple, stack-based, and processed from left to right (reverse polish). It is intentionally not Turing-complete, with no loops. • ScriptPublicKey is the locking script in output of funding transaction. - [OP_DUP, OP_HASH160, PUSHDATA(20)[…20B..], EQUALVERIFY, CHECKSIG] where DATA is bitcoin address which is H(PK). • ScriptSig is the unlocking script in the input of spending transaction. - [<sig>, <PK>] signature to prove that this money was yours to spend. • {ScriptSig | ScriptPK } this runs as one program. A transaction is valid if nothing in the combined script triggers failure & the top stack item is non-zero when the script exits. • {Txid | o/p index} identifies utxo. UTXO = unspent transaction O/P • Must be present in miners’ mempool ‘UTXO set’ before it’s allowed to spend. • After spending, utxo is removed from miner’s mempool and now lives in blockchain. • https://en.bitcoin.it/wiki/Script • Recommended to have 6 blocks for confirmation.
  • 70. P2PK (Pay to Public Key) scriptPubKey <PK> OP_CHECKSIG • Simplest. • Remember, for any transaction to be valid, { ScriptSig | ScriptPK } must return (top of stack) non-zero. • When the script runs, the CHECKSIG opcode compares the signature against the public key, and pushes a 1 on to the stack if it is valid. • Not used any more. scriptSig <Signature>
  • 71. P2PKH (Pay to Public Key Hash) scriptPubKey OP_DUP OP_HASH160 <Hashed PK> OP_EQUALVERIFY OP_CHECKSIG • Shortest, safer, default. • The original public key is DUPlicated and then HASH160'ed. This hashed value is compared with the hashed public key in the scriptPubKey to make sure it is EQUALVERIFY. If it matches, the script continues and the CHECKSIG checks the signature against the public key (just like a P2PK script). • Why Hash the public key? Elliptic Curve Discrete Logarithm Problem (ECDLP). Currently hard but no future guarantees. Hashing the public key gives extra protection. scriptSig <Signature> <PK>
  • 72. P2SH (Pay to Script Hash) scriptPubKey OP_HASH160 <scriptHash> OP_EQUAL • It makes it easier to share complex locking scripts with other people. It allows you to lock bitcoins to the hash of a script, and you then provide that original script when you come unlock those bitcoins. With P2SH, instead of giving someone an entire locking script, you can essentially just give them a hash of your script instead. As a result, the sender is no longer burdened with the size (or the details) of your locking script. • Scripts smaller now => cheaper transaction cost for sender. • P2SH scripts give more privacy. • A smaller UTXO set. UTXO are in memory and contain ScriptPubKey. So by using smaller P2SH scripts instead of larger P2MS scripts, you save on the amount of RAM needed to hold the UTXO set. scriptSig OP_0 <Signature> <Script>
  • 73. P2MS (Pay to Multi Sig ) scriptSig OP_0 <Sig1> … <SigM> <redeemScript> • Co-signatory : 2-of-2 address. Both signatures required. Dangerous. - 2 on-chain transactions : open and close. Unlimited in off-chain. • Escrow : 2-of-3. • Many more applications of multi-sig. • Caution – do not get fancy with scripting, most miners accept well known scripts only. scriptPubKey OP_DUP OP_HASH160 <redeemScriptHash> OP_EQUAL redeemScript OP_M <PK1> … <PK_M> OP_N OP_CHECKMULTISIG M-of-N PK M signatures
  • 74. The Bitcoin Network Node types Reference Client (Bitcoin Core): Contains a wallet, a full blockchain database, a miner and the network routing capabilities. Full Blockchain Node: Contains full blockchain database, and network routing capabilities Solo Miner: Contains the mining function, the full copy of the blockchain database and the network routing capabilities. Lightweight (SPV) Wallet: Contains a wallet and the network routing capabilities. Pool Protocol Servers: These are gateway routers connecting the P2P network nodes running other protocols such as pool mining nodes or Stratum. Mining Nodes: Contains the mining function without the full copy of the blockchain, instead they have the Stratum protocol or other pool mining protocols. Lightweight (SPV) Stratum Wallet: Contains the wallet and the network capabilities on the Stratum protocol without the blockchain. The Bitcoin Relay Network is a high-speed block-relay system primarily for miners. It relays blocks around the globe in low global latency. New : “FIBRE” based relay.
  • 75. From “Mastering Bitcoin” by Andreas M. Antonopoulos The Bitcoin Network Node types
  • 76. The bitcoin P2P network • P2P architecture. Randomly wired gossip protocol network. All nodes equal. • Peer discovery • Option 1 : query DNS using some DNS seeds hard coded in bitcoin core (option – dnsseed). These seeds are maintained by bitcoin community. Some of the DNS seeds are custom implementations of BIND that return a random subset from a list of bitcoin node addresses collected by a crawler or a long-running bitcoin node. • Option 2 : The cli argument -seednode can be used to connect to one node just for introductions using it as a seed. After the initial seed node is used to form introductions, the client will disconnect from it and use the newly discovered peers (bitcoin-cli getpeerinfo) • To connect to a peer, nodes establish a TCP connection, usually to port 8333 or an alternative port if one is provided. Typical nodes create 8 outgoing connections, and if publicly reachable, accept up to a few 100 incoming connections. Connections are used to exchange transaction or blocks (using hash). • Paths are not reliable, nodes come and go, and so the node must continue to discover new nodes as it loses old connections as well as assist other nodes when they bootstrap. • SPV nodes weaker privacy than full nodes since it receives a subset of transactions. Bloom filters are a way to reduce the loss of privacy. • Original implementation of bitcoin communicates entirely in the clear. While this is not a major privacy concern for full nodes, it is a big problem for SPV nodes. • Two solutions : Tor Transport and P2P Authentication and Encryption with BIP-150/151.
  • 77. Tor • Tor is a distributed 'onion' network, that makes it more difficult for an adversary to track any one peer on the network. • Tor sends TCP packets over 3 (normal) or 7 (hidden services) Tor relays. This is why it is so slow: your packet might have to go through 100s of computers (counting Internet routers) before it reaches its destination. Tor uses multiple layers of encryption that are pulled away for each node. Hence the name The Onion Router • Tor also is very useful to access the 'uncensored' internet in countries. • Bitcoin's security model assumes that your node is well connected to the rest of the network, so even in less-censored countries using bitcoin over both Tor and clearnet can avoid being partitioned from the network by the internet service provider. • Preserving privacy means not only hiding the content of messages, but also hiding who is talking to whom (traffic analysis). • Tor provides anonymous connections that are strongly resistant to both eavesdropping and traffic analysis. • Bitcoin can run easily on the Tor network. • https://en.bitcoin.it/wiki/Tor
  • 78. Censorship • 3 ways governments censor technology • Regulations (claim it is illegal using out of date regulations) • Internet shutdown (& it’s common!) • Fake news! • Great firewall of China defeating ToR • Deep packet inspection : Look inside payload, blocking based on static signatures, or dynamically using ML. • You can only be anonymous in a crowd • Add multiple hops (ToR has only 3) • Dummy traffic (create crowd) • Timing obfuscation (random delay added) • Packet size obfuscation (random size added) • Nym Mixnets and Loopix Anonymous system
  • 79. Bitcoin core • git clone https://github.com/bitcoin/bitcoin.git • ./autogen.sh ; ./configure ; make ; make install; bitcoind -prune=550 • bitcoin-cli -help • bitcoin-cli getblockhash <height> • bitcoin-cli getblock <block-hash> […] • Types of messages : VERSION, VERACK, ADDR, INV, GETDATA, MERKLEBLOCK, GETBLOCKS, GETHEADERS, TX, HEADERS, BLOCK, GETADDR, MEMPOOL, PING, PONG, NOTFOUND, FILTERLOAD, FILTERADD, FILTERCLEAR, REJECT, SENDHEADERS, FEEFILTER, SENDCMPCT, CMPCTBLOCK, GETBLOCKTXN, BLOCKTXN. • https://github.com/bitcoin/bitcoin/blob/master/src/protocol.h
  • 80. Bitcoind Protocol Messages src/protocol.h • version - Information about program version and block count. Exchanged when first connecting. • verack - Sent in response to a version message to acknowledge that we are willing to connect. • addr - List of one or more IP addresses and ports. • inv - "I have these blocks/transactions: ..." Normally sent only when a new block or transaction is being relayed. This is only a list, not the actual data. • getdata - Request a single block or transaction by hash. • getblocks - Request an inv of all blocks in a range (block header hashes) • getheaders - Request a headers message containing all block headers in a range. • tx - Sends a single transaction. This is sent only in response to a getdata request. • block - Send a block. This is sent only in response to a getdata request. • headers - Send up to 2,000 block headers. Non-generators can download the headers of blocks instead of entire blocks. • getaddr - Request an addr message containing a bunch of known-active peers (for bootstrapping). • submitorder, checkorder, and reply - Used when performing an IP transaction. • alert - Send a network alert. • ping - Does nothing. Used to check that the connection is still online. A TCP error will occur if the connection has died.
  • 81. Layer 3 : Wallets • Track/store private key. Store, receive, transmit and list transactions. • HD wallets – Hierarchically Deterministic, seed based. Back up only seed. • Hot wallets - Smartphone Apps : Trust wallet, MyCelium - Online Web wallets : coinbase, binance - Desktop wallets : exodus.io, Electrum • Cold storage - Brain wallet : uses mnemonic phrase. brainwallet.io, bad idea. - Hardware wallet : Ledger nano S, Trezor Model T, manufacturing attacks. - Paper wallet : safest. Can you trust https://www.bitaddress.org ? • Multi-sig wallets – bitgo (mostly cold, small percentage hot)
  • 82. Custodial wallets • Private keys are stored by a third party. Thus, you do not have full control over your funds, which makes ​these​ wallets a dubious choice. • Advantages - manage funds quickly, @ any time with internet. - No chance to lose private key and lose access to money • Disadvantages - Custodian has control of your private keys and money - Your crypto-coins can be seized by a court decision - If your wallet gets hacked, your coins may go missing • Similar in principle to bank. • Custodial exchanges providing you wallets - Bitfinex, Kraken, Bithumb, Coinbase, Mt Gox, BTC-e, Poloniex • Custodial wallets - Freewallet, blockchain.info, BTC.com
  • 83. Wallets Comparison Security Ease of use Frequency of use Web wallet Low High High Hardware wallet High Low Low Desktop wallet Medium Medium Medium
  • 84. Layer 3 - dApps : High level flow • dApps have backend code running on a decentralized peer-to-peer network and decentralized storage. • Front-end : Build and deploy a normal HTML/CSS/JS front end. Front end checks for a wallet and sends it the transaction. • Wallet : Add the code to connect front end with wallet which holds private keys and can sign a transaction. Metamask is a Ethereum wallet in a browser as an extension. It injects web3.js code into the browser to talk with Ethereum network. Front end can now talk with Web3. • Library : Web3.js is the Ethereum compatible JavaScript API library which implements the Generic JSON RPC spec. Web3js communicates via RPC with the local node or test node. To interact with a deployed smart contract, the contract’s address and the Application Binary Interface (ABI) is required. The ABI is a description of the contract’s public interface in the form of a JSON object. • Smart contract : Write the smart contract to implement app’s core functions. This smart contract runs on each node. • Example : Etherisc dApp allows users to either buy or sell insurance for flight delays and cancellations. Using the Ethereum blockchain, each and every insurance agreement is available to view on a public database.
  • 85. dApps of Web 3.0 • The front end is still the same (HTML/CSS/Js etc), served from static hosting or cloud or P2P (IPFS). • Front end talks to Smart Contracts using APIs. • Smart contracts run code and store data on blockchain network. Web 2.0 Web 3.0 (dApps) Scalable computation AWS EC2 Ethereum, Truebit File storage Amazon S3 IPFS, Storj External Data 3rd party APIs Oracles Monetization Selling Ads, goods Token model Payments Credit cards, paypal Ethereum, bitcoin, state channels, 0x etc
  • 86. Issues with dApps • Scale – decentralization and speed are always a trade-off for a public Blockchain. Solution is off chain payment channels or sidenchains. • Cost – computation runs on every node. By definition, at least as costly as number of nodes. • Time – Since multiple nodes have to first run the computation (fast) and then come to a consensus about its result (slow), it’s much slower than central servers. • Governance model – It’s getting better, but harder to make fast decisions to reach a consensus. Results in forks sometimes. • Independence – CryptoKitties dApp should not stop fundamental transaction of A paying B. • Privacy – right to be forgotten. Use ZKP and such technologies
  • 87. Tokens and coins Coins – have their own native blockchain. Tokens – Don’t need their own blockchain. Created on top of other blockchains. Give certain rights to holders such as voting or ability to use a platform/service/product etc
  • 88. Legal aspects & regulation – country specific Black Letter law – basic principles free from doubt or dispute. Plain language, Supreme court. Areas of law Securities (SEC) The Securities and Exchange Commission (SEC), as its name implies, oversees securities issuance and exchange. According to the SEC, Bitcoin is not a security. Taxes (IRS) According to the Internal Revenue Service (IRS) Bitcoin is property, taxed as property, like stocks or bonds, any gain or loss from the sale or exchange is taxed as a capital gain or loss Commodities (CFTC) The Commodities Futures Trading Commision (CFTC) ensures the integrity of futures and swaps markets. . According the the CFTC, Bitcoin is a commodity. Any swaps and futures involving bitcoin are part of the CFTC mandate. AML/KYC (FinCEN/states) The Financial Crimes Enforcement Network (FinCEN) oversees financial crime as part of the Bank Secrecy Act or BSA Not Black letter law : Cryptocurrency law, analogies, guidance, speeches, settlements Hinman’s speech: When Howey meets Gary
  • 89. Howey test, 1946 SEC v/s W.J.Howey Co. • The said transaction will be called an investment contract if it fulfills the following criteria: 1. It is an investment of money 2. The investment is in a common enterprise 3. There is an expectation of profit from the work of the promoters or the third party. • If the token/coin meets all the three aforementioned criteria, then it is regarded as security. • SEC chair said Bitcoin is NOT a security. • There is simply no promoter or third-party upon which the value of the “investment” in cryptocurrency depends. There is no “effort” or “work” in the background which affects the value of Bitcoin. Instead, its value depends on government regulation, political and economic upheaval, and media and trader enthusiasm.
  • 90. Jurisdiction, Regulation & Enforcement • Jurisdiction is challenging to define in a fully digital world. Historically jurisdiction have been defined by physical boundaries. However, these are difficult to draw in a world that is already fully digital and concerned with privacy. • Regulation is dependent on jurisdiction. If you don’t have a jurisdiction, how do you identify relevant regulation? Without harmonized global regulation, people will use jurisdiction as a tool to change the rules. • Lastly, enforcement is what scares people into following regulation. Enforcement requires penalties, which is what makes people fear the consequences of not following the rules. Hence, enforcement will continue to be aggressive. • Regulation is clear (mostly). It’s a Public ledger. • Silk road case. DoJ seized bitcoins. • Please pay your crypto taxes.
  • 91. 3 types of tokens Cryptocurrencies (SEC)/Payment tokens(FINMA) • means of payment/exchange. Not issued by a central authority. Utility token (SEC) / Utility token (FINMA) • holding a utility token gives right to access to a function/service provided directly by the businesses who issued it or right to vote. • Eg. filecoin – provides access to unused hard drive space. • Does not pass Howey test. Relatively unregulated. • The most popular example of utility token is the ERC20 Ethereum standard. Security token (SEC) / Asset token (FINMA) • passes Howey test. Tokens that equate to an ownership stake in a company or DAO
  • 92. ICO (Initial Coin Offering) • Cryptocurrency is sold in the form of tokens or coins to raise funding for the startup. Allows startups to avoid regulatory compliance and intermediaries such as venture capitalists, banks and stock exchanges. • First one Mastercoin (July2013). Also Ethereum in 2014. • Crowdfunding or Private ICO. Most give access to native platform or to the dApps. Purpose is usage and not investment. • Pros : Open to general public, total decentralization as compared to IPO. Equal opportunity and ease of access without “knowing the guy” to invest at an early stage. Low entry threshold. No country barriers. No commission, no taxes. • Cons : No regulation, scams, hacker attacks, high volatility. Not backed by any collateral. • “SEC versus Kik” • 43 ICOs in 2016 raising an aggregate $256 million; 343 ICOs in 2017 raising in excess of $6B; in 2018 $7.8B. Drop in 2019.
  • 93. IEO (Initial Exchange Offering) • The main difference between ICO and IEO is the appearance of a third party. The exchange. The funds aren’t sent to the smart contracts as they are during an ICO. Everything is done through an exchange. • Projects can outsource marketing and KYC/AML compliance to exchanges with significant staff and resources while benefiting from their exchange partner’s professional reputation among traders. • For the exchanges themselves, IEOs can be lucrative because the exchanges charge partners sign-on fees and a cut of each sale. • Exchange and their IEO platforms: Binance Launchpad, Bittrex International IEO, BitMax Launchpad, Huobi Prime, OKEx IEO etc
  • 94. ICO versus IEO ICO IEO Fundraising At issuer’s site At exchange Smart contract managed by startup conducting token sale exchange Cost of listing Low high Screening None- anyone can launch Vetting by exchange before listing Marketing budget needed significant low (exchange markets the tokens) AML/KYC needed by token issuer Yes, but may vary No. Exchange conducts it. Fraud risk High less Crowdsale security Low - Token issuer’s headache – reinvent the wheel Exchange manages
  • 95. STO (Security Tokens Offerings) • Security tokens are actual financial securities that are backed by something tangible like assets, equity, profits, or revenue of the company. • So if a startup is giving a Security token, you are either getting actual equity in the company based on your investment dollars, or you are getting a portion of the company’s revenue or profit (dividend) plus certain rights in the company. • Like ICO, Security Token Offerings (STO) is the process to issue security tokens but on a compliant basis after going through KYC, AML, accredited investors checks etc. • Pros : Compliant with laws. Lower risk than an ICO. • Cons : bigger administrative burden, most difficult and complex.
  • 97. ICO vs IEO vs STO: Which One Is The Best? ICO is for cheap investments with fast cash out options. IEO is good for investors looking for better security and more serious investment opportunities. STO is for investors with large budgets, who prefer familiar real-life structure in the crypto investment industry. Since tokens are protected by KYC/AML processes and other regulatory security, STO keeps small and amateur investors away. Such tokens can only be purchased by accredited investors.
  • 98. Hard fork Follows Old rules Follows Old rules Follows Old rules Follows Old rules Follows New rules Follows New rules Follows New rules Hard fork : Non upgraded nodes reject new rules, thus diverging the chain. - Planned : Usually upgrade to protocol with consensus from developers and community. E.g. monero introducing ring CT. - Contentious : Disagreement between various stakeholders in the project (developers, users, miners etc). E.g. increasing Bitcoin’s block size from 1MB to 8MB - bitcoin cash hard fork. • A hard fork can be implemented to correct important security risks found in older versions of the software, to add new functionality, or to reverse transactions (as in the case with the hard fork to reverse the exploit in the DAO (decentralized autonomous organization) in the Ethereum blockchain)
  • 99. Soft fork Follows Old rules Follows Old rules Follows Old rules but violates new rules Follows Old & New rules Follows Old & New rules Follows Old & New rules Soft fork : Blocks violating the new rules are made stale by the new mining majority. • A soft fork is a backward compatible method of upgrading a blockchain. E.g. blocksize 1MB->500kb - Does not need a upgrade to maintain consensus since all blocks with the new soft-forked in rules also follow the old rules, therefore old clients accept them. - miner-activated soft fork (MASF) : a majority of miners upgrade to enforce new rule. - user-activated soft fork (UASF) : full nodes coordinate to enforce new rules, without support from miners. • New transaction types can often be added as soft fork, example P2SH got added to Bitcoin.
  • 100. Forks in Practice • Hard forks - New Bitcoins (Bitcoin Cash, Bitcoin Gold, Bitcoin Diamond) - Ethereum DAO hard fork - Some cryptocurrencies hard fork frequently (Monero, every 6 months) • Soft forks - Lots! - Examples : P2SH, Segwit, OP_CHECKSEQVERIFY …
  • 101. Payments • Payment systems inaccessible to 65% of the world. • Study by World Bank - Of the 1.7B unbanked, 1.1B have access to a mobile device (this is about 65%). • When they are accessible - Up to 15-20% fees to send money cross border - Credit card companies engage in rent seeking behavior – collecting high fees, costs which are passed first to the merchant and then eventually back to the consumers as well. • Limitations - Scale of tps (transactions per second) Bitcoin 7, Eth 15, visa few thousand - Token volatility
  • 102. Scaling Bitcoin • 1MB/block * 1 transaction/250B * 1 block/10 min = 5-7 tx/sec Size of Block * Average Size of transaction * Block rate = TPS • Larger block size needs hard fork. More propagation delay, harder to run full node, only DC can do, increases centralization. • Layer 1 solutions (on-chain) : SegWit, Hard fork (new currency) Dash/litecoin/BitcoinCash, Sharding (eth) • Layer 2 solutions (off-chain) - Payment channels: Lightening for Bitcoin, Raiden for Ethereum. Sets up payment channels, unlimited off-chain transactions, instant, micropayments. Cross block chain, atomic swaps. Layer 2 solution using multi sig and HTLC. - Sidechains : are separate Blockchains (child) that are linked to the main (parent) Blockchain using a two-way peg. A sidechain enables bitcoins and other ledger assets to be transferred between multiple blockchains.
  • 103. Layer 1 scaling : Segregated Witness (SegWit) • Original Blocksize 1MB. How to increase size without impacting legacy nodes ? => Soft fork • The scriptSig part of Segwit transactions is called the “witness data”. When Segwit transactions are sent to Legacy nodes the witness data is stripped. The key is that these “stripped” transactions are still valid transactions on Legacy nodes, which gives us a savings over non-Segwit transactions. Thus, more transactions can fit into the block sent to Legacy nodes without going over the 1,000,000 byte limit. • p2wpkh and p2wsh are very similar to p2pkh and p2sh respectively but move scriptSig data to the end of the transaction. • Pros - More transactions in a block, making them cheaper, faster. - Transaction malleability fixed. Also adds to scale. Enabling Lightening network. • Cons - Miners don’t like it. Covert asicboost incompatible with SegWit. Also lower fees affect their profits. They don’t appreciate having to support the witness-data sidechain which doesn’t provide any fee revenue at all. Wallets slow to adopt. Still about only 36% transactions use segwit (Jan’19). - Not a long-term solution for scalability problem. - Caused divide in Bitcoin community. Disagreement caused hard forks, bitcoin cash for example (BCH).
  • 104. Layer 2 scaling using Payment channels - Lightening network (BTC) How does it work? Bidirectional Payment channels Unconfirmed transactions : constructed and signed but not broadcast Multi-sig: both keys required to unlock Revocable HTLC (hashed Timelocks) Enter Lightening => Layer-2 protocol. Instant payments, micropayments, scalable, low cost, cross chain atomic swap! https://lightning.network/ BTC transaction fees high, confirmation time long, paying for coffee on blockchain no longer possible. Can not be used for micro payments.
  • 105. Some fundamental constructs Construct 1 : Locktime • How can A irreversibly give B coins B can only spend *after* time T? • A pays coins to 2-of-2 multisig address owned by A and B, creating UTXO • A creates + signs transaction sending this UTXO to B, with lock_time T • A gives new transaction to B. B can sign, but can't submit until time T. • Example : B can spend only after say 18th birthday.
  • 106. Construct 2 : OP_CLTV • How can A give B coins but reclaim them, if not spent *before* time T? B must spend *before* time T, if not spent, A should get it back. • A creates + signs but doesn't submit tx1 paying coins to B • A sends H(tx1) to B, B creates + signs transaction tx2 paying tx1 back to A with lock_time T, B sends tx2 to A, and NOW A submits tx1. • Issue is A requires B's interactive participation. • Solution: New Bitcoin opcode OP_CheckLockTimeVerify (OP_CLTV) • ScriptPK: IF <PK_B> ELSE <T> OP_CLTV DROP <PK_A> ENDIF OP_CHECKSIG • ScriptSig_B: <Sig_B> OP_1 • ScriptSig_A: <Sig_A> OP_0 [with lock_time >= T] • Thus B can spend before time T, A can reclaim after time T.
  • 107. Construct 3 : Hashlock • A pays B coins, but B must reveal x where y=SHA256(x) to claim • ScriptPK: OP_HASH256 <y> OP_EQUAL <B's Key> OP_CHECKSIG • ScriptSig: <Sig> <x> • This is known as a *hashlock* transaction • Note these examples could use P2PKH as well
  • 108. Construct 4 : Hashed Time Lock Contract HTLC • A pays B, B must reveal x by time T or else A can reclaim coins. • ScriptPK: IF OP_HASH256 <y> OP_EQUALVERIFY <PK_B> ELSE <T> OP_CLTV DROP <PK_A> ENDIF OP_CHECKSIG • ScriptSig_B: <Sig_B> <x> OP_01 • ScriptSig_A: <Sig_A> OP_0 [with lock_time >= T] • This is a *Hashed Time Lock Contract* (HTLC)
  • 109. Atomic cross-chain swaps • Based on HTLC • B picks random x, computes y = SHA256(x). • B Submits HTLC sending BTC to A with hash y, timeLock=now+2days • A submits HTLC to say Litecoin, sending LTC to B, hash y, timelock=now+1 day. • Note - For cross chain atomic swaps (without third party), both blockchains should support same hash function.
  • 110. OP_CheckSequenceVerify (OP_CSV) • New feature: recycle sequence field of input for relative timelock (BIP68). Low 16 bits specify time or block height since corresponding output mined. • Now we can use OP_CSV to let A *revoke* her transaction. • Use this ScriptSig for funding transaction(E): HASH160 <CR- HASH> EQUAL IF <PK_B> ELSE "24h" OP_CSV DROP <PK_A> ENDIF CHECKSIG • B can immediately spend this UTXO if he knows hash preimage CR of CR-HASH A can spend this UTXO 24 hours after it hits the blockchain
  • 111. Revocable HTLC • Now each commitment transaction has 3 outputs: • Pay to A, pay to B, and pay to A or B depending if R known by time T • Construct a *revocable* HTLC for the third output • In commitment transaction A gives to C, third output has: HASH160 DUP <R-HASH> EQUAL IF "24h" CHECKSEQUENCEVERIFY 2DROP <PKC> ELSE <CRC-Hash> EQUAL NOTIF <T> CHECKLOCKTIMEVERIFY DROP ENDIF <PKA> ENDIF CHECKSIG • So A can spend if C revoked by revealing CRC, or if time T is passed C can spend by revealing R and waiting 24h in case revoked • In commitment transaction from C to A HASH160 DUP <R-HASH> EQUAL SWAP <CRA-Hash> EQUAL ADD IF <PKC> ELSE <T> CHECKLOCKTIMEVERIFY "24h" CHECKSEQUENCEVERIFY 2DROP <PKA> ENDIF CHECKSIG • So C can spend immediately if it knows either R or CRA • A must wait until time T and until 24 hours after submitted
  • 112. Lightening (on Bitcoin network)/Raiden (on Ethereum) • On chain : only two transactions, open and close payment channel. • Off chain : use revocable HTLC to do as many micropayments as needed. • These channels can be closed unilaterally or bilaterally. This doesn’t mean that you need to create a channel every time you want to transact with someone. You can use existing channels of the people you are connected with (intermediaries). • Low cost, instant payments, scalable, secure, private, cross blockchain atomic swaps. • Types - Poon-Dryja Payment Channels - Decker-Wattenhofer duplex payment channels - Decker-Russell-Osuntokun eltoo Channels • Use case - Frequent transactions between any two parties. - Metering (streaming content, consult lawyer, doctor, or using parking lot) etc - Tipping (https://tippin.me/) • Limitations - Interactive – all parties involved in transaction need to communicate. IOW, no offline capability (unlike bitcoin). Sender, receiver and if you are using someone else’s payment channel, then that party as well, needs to be online. - Limit of max payment size 4,294,967 satoshis (339$ @ 1BTC=8K USD). Of course, this may change in future software. - The channel you are making the transaction through, should have enough funds to support your transaction, that is, twice the amount of the transaction value.
  • 113. Layer 2 scaling - Sidechains • Sidechains are separate blockchains (child) that are linked to the main (parent) blockchain using a two-way peg. A sidechain enables bitcoins and other ledger assets to be transferred between multiple blockchains. • Gives users access to new and innovative cryptocurrency systems using the assets they already own. • Avoids the liquidity shortages and market fluctuations associated with new currencies. • Developers get the opportunity to test software upgrades as well as beta coin releases before they are released on the main chain. • Sidechains are isolated, in the case of a break in a sidechain, the damage is entirely confined to the sidechain itself. • Goal is to move as much transaction bloat off of the main chain as possible. • Ethereum solution -> Plasma https://www.learnplasma.org/en/learn billions of updates per sec • Matic network (area finance) uses PoS + Plasma MVP • Loom network (area gaming) uses DPoS + Plasma Cash
  • 114. Sidechains : An example – Matic Network • Ethereum transactions take an average of 14 to 20 seconds, and costs $0.20 or so, in peak time it costs $0.50. Traditional centralized apps do this in less than a second. Users have come to expect that when they stream a video from YouTube, post an article to Twitter, or loot a monster’s corpse in World of Warcraft, this action will occur instantly and at no cost. Yet in blockchain applications, users have been expected to pay for these same types of actions before waiting several seconds or even minutes for them to process. Issue is PoW. Solution use PoS/dPoS + Sidechains. • The Matic Network consists of a root contract on the Ethereum mainnet (validated using PoW)and a Matic side- chain that uses PoS to validate transactions. If a user wants to create a Matic account, he must transfer ETH to the Matic Contract. This transaction is validated the same way that any Ethereum transaction is. Once the account is created, the user receives Matic tokens in his account on the Matic sidechain. • From there on, the user can transfer his Matic tokens to anyone in less than a second. He should also be able to make transfers with no fees or fees that are negligible. If a user decides that he wants to remove his ETH from the contract, he can burn his Matic tokens and get his ETH back in return. To validate Matic token transactions, the Matic Network uses a Proof of Stake system. • All owners of Matic tokens have the right to stake their tokens. Essentially, this means that they hold onto the tokens and don’t spend them. In return, they earn the right to choose who the Proposer will be. After a certain number of blocks have been produced, stakers will choose a Proposer who will propose that these blocks be added to the Ethereum blockchain as a header block. The Proposer must first validate the blocks. The stakers must then validate the blocks themselves to make sure that the Proposers’ blocks are correct. Once ⅔ of the stakers have approved the checkpoint, there is a trial period in which any Ethereum node can challenge the transaction. If no one challenges it, the transaction becomes part of the Ethereum blockchain. The Matic Network does not publish its blocks to the Ethereum blockchain each time a block is produced. Instead, it publishes numerous blocks to the Matic sidechain. Then, at the next checkpoint, it publishes all of these blocks to the mainnet at once. This is how the Matic Network speeds up transactions and lowers costs. Blocks are created by a smaller number of nodes called block producers. Block producers are chosen by stakers during checkpoints.
  • 115. The Alts • An altcoin is any digital cryptocurrency similar to Bitcoin and is used describe any cryptocurrency that is not a Bitcoin. • Attributes altered such as - Proof of something - Supply : increase, reduce, fixed, random etc - Speed : lower block time - Privacy etc
  • 116. Ethereum introduction • Bitcoin some of the issues - Not Turing complete (no jumps, no loops, long scripts) - ScriptPK: does not control where the output goes to. Anybody who solves the script. - Does not support state for multi stage contracts. • Meet Ethereum. Open source Smart contract Blockchain platform. • Creator Vitalik Buterin (Proposed in 2013, Launched in July 2015). License GPLv3. • Currency 1 ether = 10¹⁸ weis. Also pays for Smart contracts. • Note that ether supply is unlimited, unlike Bitcoin. • New tools -> • Solidity : Smart Contract programming language. Turing complete. • Whisper : communication protocol for dApps • Swarm : Ethereum decentralized storage protocol • Mist: dApp browser • Implementations : Parity (written in Rust) and Geth (written in Go) • Some acronyms - EIP Ethereum Improvement Proposal - ERC Ethereum Request for Comments - EVM Ethereum Virtual Machine - ENS Ethereum Naming service
  • 118. Transaction Parameters nonce: #transactions sent by address of transactions sender. Nonce is incremented for every new transaction and this allows the network to know the order in which the transactions need to be executed. Used for the replay protection. gas : is the unit used to measure the fees for a particular transaction. Init: only exists for contract creating transactions. EVM code fragment used to initialize the new contract account. Data (optional): first 4 bytes of H(function signature from ABI) +arguments. The input data (args) of a message call. gasPrice: is the amount of ether you are willing to spend on every unit of gas. Gas prices are current measured in GWei and range from 0.1->100+Gwei. This is the transaction fee. gasLimit: Maximum gas you are willing to pay for this transaction. This value insures that in case of an issue executing your transaction (like infinite loop), you account is not drained of all the funds. Once the transaction is executed, any remaining gas is sent back to your account. With every transaction, sender sets gasPrice and gasLimit. gasPrice * gasLmit = max amount of wei sender if willing to pay for a transaction. When 2 numbers are added a million times in Ethereum it costs ~$26.55 in fees. Danny Ryan compared that to an AWS system, in 0.04 seconds, which going by the $0.0059 hourly Amazon EC2 rate costs $0.000000066. This means that computation in Ethereum is 400 million times more expensive!
  • 119. Gas table • Smart contracts are compiled into low-level machine instructions which are executed by EVM (Ethereum Virtual Machine). • Every single instruction costs gas. • Storage is expensive and should be used sparingly. • Writing to storage is the most expensive (20000) and reading is cheaper (200). • Some gas is refunded when storage is deleted or set to 0.
  • 120. Ether denominations and Unit names • https://github.com/ethereu m/web3.js/blob/0.15.0/lib/u tils/utils.js#L40
  • 122. Ethereum’s P2P network • A Peer-to-Peer (P2P) network is an overlay network. It can be viewed as a directed graph G = (V,E), where V is the set of peers in the network and E is the set of links between peers. Each peer p has a unique identification number pid. A link (p,q) in E means that p has a direct path to send a message to q; that is, p can send a message to q over the network using q’s pid as the destination. At each peer’s level, the connectivity of the graph is reflected in terms of its adjacencies to other peers. Overlay maintenance mechanisms are used to keep the adjacency information updated, thus maintaining connectedness across all nodes. • Participants in the P2P network make a portion of their resources available to other network participants. Each peer contributes compute cycles (CPU), disk storage, and network bandwidth, without the need for a central coordination instance. Peers are both suppliers and consumers of network resources, in contrast to the traditional client-server model. • The official Ethereum client node software, Geth, implements its peer discovery protocol (the RLPx Node Discovery Protocol) based on an overlay maintenance mechanism called Kademlia DHT (Distributed Hash Tables). While Kademlia is designed for efficiently locating and storing content in a P2P network, Ethereum’s P2P network is only used to discover new peers. • https://github.com/ethereum/devp2p/blob/master/rlpx.md
  • 123. Orphan blocks & Uncle/Ommer blocks Orphan blocks : Bitcoin concept. Two blocks created at the same time, but due to propagation delay, one becomes part of longest chain. Other one (aka Stale block) is discarded and no block reward is given to the miner. Uncle blocks : Ethereum concept, lower block time causes more Orphan blocks, here also it is a valid block mined at the same time and is rejected, however, it’s linked to the blockchain (with parent that is ancestor, max 6 blocks back) and miner is rewarded smaller block reward (2.625 eth instead of 3 eth). Note : transactions in uncle blocks are not considered valid. This adds to the security of the chain since more computing has gone into the blockchain with uncle blocks and thus is considered ‘heaviest’ and better than ‘longest’. This is EIP100, which changes the difficulty calculation algorithm to include Uncles. *Ommer is sometimes used but is not an English word, so uncle is more commonly used but is not gender-neutral.
  • 124. Tokens • Tokens live in smart contracts, which themselves live in the Ethereum blockchain. • Tokens can be looked at as a “coin in a coin” • The Ethereum blockchain itself has no salient distinction of ERC20, ERC721 as tokens. • To Ethereum, tokens are just variables defined in smart contracts. It’s just humans writing the contracts who decide to assign some particular meaning to some variables in smart contracts. • Tokens can be fungible or non-fungible. • Fungible : Alice’s 20$ bill is same as Bob’s 20$ bill. • Non-Fungible : Alice’s dog is not same as Bob’s dog although they may be of the same breed/color/age etc. Another example, the Mona Lisa is "non- fungible". • NFT properties : Unique, provably scarce, sometimes indivisible.
  • 125. ERC20 tokens (Fungible) • A standard API for fungible tokens that provides basic functionality to transfer tokens or allow the tokens to be spent by a third party. • An ERC20 token is itself a smart contract that contains its own ledger of balances. • A standard interface allows other smart contracts to interact with all ERC20 tokens, rather than using special logic for each different token. • https://github.com/ethereum/EIPs/blob/master/EI PS/eip-20.md • E.g. USDT, Dai, LEND, UNI, SNX etc
  • 126. ERC20 token Interface • function transfer(address _to, uint256 _value) external returns (bool); • function transferFrom(address _from, address _to, uint256 _value) external returns (bool); • function approve(address _spender, uint256 _value) external returns (bool); • function totalSupply() external view returns (uint256); • function balanceOf(address _owner) external view returns (uint256); • function allowance(address _owner, address _spender) external view returns (uint256);
  • 127. ERC721 tokens (Nonfungible) • Introduced as non-fungible token in 2017 by Cryptokitties. • While an ERC20 token represents a single type of asset, an ERC721 token represents a class of assets. In the case of CryptoKitties, its ERC721 token contract represents ALL the unique kitties in the game, as well as who owns which. • A player fully owns an asset, or not. It’s not possible to own “half a kitty” in Cryptokitties, for example.
  • 128. NFT • ERC-998 Allows bundles of separate ERC-721 tokens to be bought and sold in one transaction. For example, an avatar having a hat, shirt, sword, etc say 10 separate erc-721 tokens, they all can be sold in one transaction instead of 10 transactions. • ERC-1155 (pioneered by Enjin coin, blockchain based gaming) single contract that supports fungibility agnostic tokens (fungible, non-fungible, semi-fungible) and gas efficient contract. E.g. ERC-20 laser guns, but ERC-721 laser sword. • Currently, digital tickets on ticketmaster, Fortnite skin on Fortnite’s platform. All separate sites. With NFT market, they all can be interoperable on Ethereum due to standardization. • Marketplaces : create, buy/sell/exchange/ trades bid, bundle, decentralized, open economy. Instant tradability. Fast liquidity. E.g. opensea.io, rarible.com • Domain names, digital art, virtual world, collectibles, sports, gaming, music, utility etc. • Can also prove authenticity and scarcity of the digital asset.
  • 129. Wrapped Tokens (WBTC) • Wrapped tokens give the owners of digital assets freedom to explore other blockchains. • WBTC is an ERC-20 token that’s backed on 1:1 basis with Bitcoin. • When Bitcoin is wrapped, it is held in a reserve by the BitGo Trust (Custodian). • In an aim to be fully transparent, #WBTC in circulation has been made public. • A large chunk of DeFi and DApps run on Ethereum network. • The market cap of bitcoin is much larger than any other coin. • Majority of trading volume is on centralized exchanges. WBTC changes that. • WBTC brings in more liquidity to DeFi and DEX etc. • WBTC brings Bitcoin to the ERC20 format, creating smart contracts for Bitcoin. This makes it easier to write smart contracts that integrate Bitcoin transfers. • Maintaining various nodes and managing transaction types in order to support multiple currencies can be onerous. Now exchanges, wallets, and payment apps only need to handle an Ethereum node. • Send (W)BTC faster between Eth wallets, exchanges etc • Launched 31 Jan 2019. 2300 BTC locked in WBTC tokens currently. • Requesting or returning WBTC involves KYC => NOT private.
  • 130. DeFi • Conventional financial tools built on a blockchain, mostly Ethereum • Stablecoins (DAI, Tether, USDC by Circle, PAX, Gemini $) • Open Lending and borrowing Protocols (MakerDAO, BlockFi, Dharma, dYdX, Compound Finance, Nuo) • Lending and Margin trading (dYdX, Fulcrum) • Derivatives - futures, options, swaps (Synthetics, Binance, Kraken etc) • DEX (Deversify, Bancor, Kyber, Airswap, Uniswap) • Open Marketplaces (District0x, GitCoin, OpenSea, OpenBazaar) • Decentralized Prediction Markets (Augur, Gnosis) • Issuance Platforms and Investing (Polymath, Harbor) • Payments (Celer network, OmiseGo, Matic) • And more … • Instant transaction settlement and novel secured lending methods • Collateralization of digital assets • Integration with digital asset lending/borrowing • No credit checks, meaning broader access to people that cannot tap into traditional services. • Caution : The old crypto saying “don’t put in more than you can afford to lose” goes double for DeFi. • CeFi – crypto products managed by Centralized orgs that holds custody of assets. e.g. Getting a DeFi loan : • No credit rating check • No ID needed • No paper work • No banker • No income/job necessary • Instant approval • Just need eth as collateral!
  • 131. Stablecoins Currency - Store of value - Medium of exchange - Unit of account • Synthetic USD trade pair for blockchain settlement needed say for Crypto exchange to Crypto exchange. • Speed of settlement matters. On chain more important. • Liquidity between exchanges in USD equivalent is important • Store of value without off ramp in times of downturn or volatility. Long cash. • Cryptocurrency designed to minimize volatility of the price of stablecoin. • MS, Spotify, Quickbooks use BitPay to accept payment in BTC but quickly convert to USD. Why? Low margin business cannot afford high volatility. Because they are not in the business of speculating on Bitcoin. • Merchants faced with constantly adjusting BTC price for a potential purchase => terrible UX • Developing markets - Inflation : Egypt (32%), Argentina(23%), Nigeria(16%), Venezuela (741%). - Dollarization : Seychelles 20% to 60%, Argentina (‘dolar blue’) - Devaluation – Zimbabwe switched officially to USD in 2009. • Prediction markets (Augur) : reduce risk using stablecoin. • Financial markets: Hedging, Derivatives, Leverage – CDP allows permission-less leveraged trading using stablecoin as a reliable collateral.
  • 132. Stablecoins types • Backed by (fiat/precious metals/crypto) • Backed by fiat : either fully collateralized or partially. May be pegged. e.g USDT (counterparty & regulatory risk, may have solvency issues, TrueUSD etc). • Backed by commodity : backed by precious metals (gold, silver) e.g Digix Gold Tokens (DGX) • Decentralized and Backed by cryptocurrency : issued with cryptocurrencies as collateral (BTC/ETH etc). May be pegged using interest rate. eg. DAI. Risks : Liquidation cascade, oracle dependency • Seigniorage-style (not backed) : Algorithmic. Value is controlled by supply and demand through algorithms, stabilizing price. Eg. Basis, Carbon https://github.com/jordanlyall/dai- universe
  • 133. Tether (USD₮, EUR₮) • Three types : Omni Bitcoin Based, Erc20 based & proposed Tron based • Tether Volume (24hrs) $17B, Circulating supply $4B => Velocity = 4 • Biggest 24 hr volume cryptocurrency is Tether and not bitcoin! • Velocity = “the number of times money changes hands” • Note Tether daily volume ($17B) > Bitcoin daily volume ($15B). • Claims 100% backed by ‘reserves’ (may not be cash). • Market cap history – $1M (2015), $7M (2016), $1.3B (2017) - >100x, $2B (2018), $4B(2019) • Market caps of other notable stable-coins : Tether $4B, USDC $400M, Paxos standard $250M, TrueUSD $200M, DAI $80M, Gemini Dollar $50M
  • 134. MakerDAO Maker is a Decentralized Autonomous Organization (DAO) on the Ethereum blockchain with the objective of minimizing the price volatility of its own stablecoin DAI, pegged at 1$ against the USD and lending platform. It did 200M+ in loans in its 1st year – that took Lending club 5 years. Maker stabilizes the value of Dai through a dynamic system of Collateralized Debt Positions (CDPs), autonomous feedback mechanisms called Target Rate Feedback Mechanism (TRFM breaks peg to stabilize around target price), and appropriately incentivized external actors. Price of Maker (MKR) is not pegged. Maker is a utility token for governance and the price increases with the usage of the Dai. Must lock up 150% Eth in collateral + 0.5% stability fee. Deposit 150% collateral (say Eth) to create a CDP. Borrow DAI with a Collateralized Debt Position. At the end of contract - Repay DAI + stability fee to withdraw collateral and close CDP. Once generated, Dai can be used in the same manner as any other cryptocurrency When collateral to debt ratio (Debt ceiling) falls low, automatically liquidates enough of collateral to buy back as many Dai as issued. The issued Dai is thus taken out of circulation. It also collects principal + interest + 13% penalty. Global settlement : automatic last resort to cryptographic guarantee target price of DAI. Serious emergency e.g market irrationality, crash, hack, security breach, upgrades. External factors : Keepers (independent automated actor incentivized by profit opportunities in Debt Auctions and CDP liquidation), Oracles (real time information about market price of collaterals), Global settlers voted by MKR holders via governance.
  • 135. MakerDAO example • Investment leverage. • Imagine you own $1,500 in ETH, and believe that ETH will double in value. You do not have liquidity to buy more right now but want to profit from your knowledge. • First you lock up your $1,500 in ETH as collateral in a CDP. Then you issue 1,000 Dai against the collateral and acquire a 1,000 Dai debt. • Next you sell the 1,000 Dai on an exchange for $1,000 in ETH. Through the CDP you now own $2,500 worth of ETH, including the $1,500 that’s locked up as collateral. • Your initial investment is leveraged 1.66X. When ETH doubles, you sell it for Dai that you then use to repay your debt (with interest) and you can walk home with a handsome profit.

Editor's Notes

  1. Credit : Based on Gavin Wood’s slides
  2. Smart contracts are automatic execution of business logic when certain criteria or triggers are met.
  3. Credit Slideshare Jean-Christophe Busnel, Bitcoin
  4. How do you get a Bitcoin Public Key from a Private Key : https://bitcoin.stackexchange.com/questions/25024/how-do-you-get-a-bitcoin-public-key-from-a-private-key Private keys are secure from brute force attacks because of the sheer number of possible keys. There are approximately 10^77 possible private keys, and for perspective, there are estimated to be 10^80 atoms in the observable universe. 
  5. Credit Mastering Bitcoin.
  6. https://medium.com/@aakash_13214/the-scalability-trilemma-in-blockchain-75fb57f646df
  7. Replace by fee : allows sender to bump the fee of a stuck transaction. Beware, if receiver does not wait for confirmation and sends goods, then sender can double spend and replace the tx with her own address with rbf.
  8. Credit Neha Narula, MIT professor
  9. https://people.cs.uchicago.edu/~davidcash/23280-winter-19/miners.pdf - Ittay Eyal, Cornell University
  10. 51% attack to undo an attacker ! https://www.coindesk.com/bitcoin-cash-miners-undo-attackers-transactions-with-51-attack
  11. 51% attack to undo an attacker ! https://www.coindesk.com/bitcoin-cash-miners-undo-attackers-transactions-with-51-attack
  12. https://docs.neo.org/docs/en-us/tooldev/concept/consensus/consensus_algorithm.html
  13. https://people.csail.mit.edu/nickolai/papers/gilad-algorand-eprint.pdf
  14. https://www.oreilly.com/library/view/mastering-bitcoin/9781491902639/ch07.html https://bitcoin.stackexchange.com/questions/2337/how-was-the-magic-network-id-value-chosen/2355#2355
  15. UTXO : Transaction ID + o/p index = like a serial number of the UTXO and is referenced when you are trying to spend the UTXO (use it as input)
  16. https://en.bitcoin.it/wiki/Script
  17. https://en.bitcoinwiki.org/wiki/Pay-to-Script_Hash
  18. https://en.bitcoinwiki.org/wiki/Pay-to-Script_Hash
  19. https://en.bitcoin.it/wiki/Tor
  20. https://en.bitcoin.it/wiki/Network
  21. The Securities Act of 1933 and the Securities Exchange Act of 1934 dictate much of the U.S. government's approach to financial regulation, even nearly 100 years after they were established. Under these acts, transactions which qualify as "investment contracts" are considered securities, meaning that they are also subject to specific requirements related to disclosure and registration. https://www.investopedia.com/terms/h/howey-test.asp
  22. FINAMA – Swiss Financial Market Supervisory Authority 
  23. https://ieo.tokens-economy.com/
  24. https://www.icodata.io/stats/2017
  25. https://masterthecrypto.com/blockchain-scalability-solutions-crypto-scaling-solutions/
  26. https://medium.com/@jimmysong/understanding-segwit-block-size-fd901b87c9d4
  27. https://bitcoinmagazine.com/articles/understanding-the-lightning-network-part-building-a-bidirectional-payment-channel-1464710791
  28. https://en.bitcoin.it/wiki/Sidechain https://blockstream.com/sidechains.pdf
  29. https://www.castlecrypto.gg/matic-network/
  30. Yellow paper : https://ethereum.github.io/yellowpaper/paper.pdf
  31. https://etherscan.io The history of the block reward are as follows: Block 0 to Block 4,369,999: 5 Ether Block 4,370,000 to 7,280,000: 3 Ether (changed via EIP-649) Block 7,280,000 to now: 2 Ether (changed via EIP-1234)
  32. Auto liquidation https://medium.com/reserve-currency/our-analysis-of-the-makerdao-protocol-4a9872c1a824
  33. Credit –On A16z channel, Arianna Simpson.
  34. https://medium.com/ethex-market/how-to-use-the-rep-token-on-augur-b185d4148381
  35. https://ethereum.stackexchange.com/questions/59145/zk-snarks-vs-zk-starks-vs-bulletproofs-updated
  36. https://explorer.zcha.in/
  37. https://people.xiph.org/~greg/confidential_values.txt
  38. https://medium.com/beam-mw/mimblewimble-explained-like-youre-12-d779a5bb483d https://cryptobriefing.com/beam-grin-nimble-mimblewimble/
  39. https://coinrivet.com/guides/what-is-ripple/a-guide-to-the-ripple-product-suite/
  40. https://coinrivet.com/guides/what-is-ripple/a-guide-to-the-ripple-product-suite/
  41. https://coinrivet.com/guides/what-is-ripple/a-guide-to-the-ripple-product-suite/
  42. Dfinity : https://www.reddit.com/r/dfinity/comments/8vmedw/dfinity_for_beginners/
  43. https://www.ledger.com/academy/crypto/hacks-timeline/
  44. https://finematics.com/history-of-defi-explained/
  45. Tokenomics - UNI max supply 1B inflation rate of 2% per year after 4 yr vesting period. While 60% of UNI tokens are technically held by the community, a quick glance at Etherscan suggests that a substantial chunk of UNI’s supply is held by whales - CAKE Bep20 token on BSC No Supply cap Inflationary : effective emission/day 750,000 (1.2M/day - burning 450K) Distribution : 60% to yield farmers, 40% to CAKE stakers in syrup pools
  46. Replace by fee : allows sender to bump the fee of a stuck transaction. Beware, if receiver does not wait for confirmation and sends goods, then sender can double spend and replace the tx with her own address with rbf.
  47. https://watchtheburn.com/
  48. https://ethereum.org/en/eth2/
  49. Bridge: https://bridge.terra.money/ Mirror: https://mirror.finance/ Anchor: https://www.anchorprotocol.com/dashboard