Downloaded 18 times
![Public Ledger
16
Node A Node B Node C
M = transfer X to Bob EKRA
[H(M)]
Bob wants to verify:
1. Alice hasn’t already transferred X
2. The coin will be valuable for Bob](https://image.slidesharecdn.com/class6-inked-150202145534-conversion-gate02/75/Proofs-of-Work-17-2048.jpg)
![Public Ledger: Distributed Trust (?)
17
Node A Node B Node C
M = transfer X to Bob EKRA
[H(M)]
Bob wants to verify:
1. Alice hasn’t already transferred X
2. The coin will be valuable for Bob
tb
tb
tb tb](https://image.slidesharecdn.com/class6-inked-150202145534-conversion-gate02/75/Proofs-of-Work-18-2048.jpg)
![18
Node A Node B Node C
M = transfer X to Bob EKRA
[H(M)]
Bob wants to verify:
1. Alice hasn’t already transferred X
2. The coin will be valuable for Bob
tb
tb
tb tb
ok!
ok!
t
Transactions
1 tb (X->Bob)
Transactions
1 tb (X->Bob)](https://image.slidesharecdn.com/class6-inked-150202145534-conversion-gate02/75/Proofs-of-Work-19-2048.jpg)
![20
Node A Node B Node C
M = transfer X to Cathy EKRA
[H(M)]
tc
tc
tc tc
BAD!
t
Transactions
1 tb (X->Bob)
Transactions
1 tb (X->Bob)
Transactions
1 tc (X->Cathy)](https://image.slidesharecdn.com/class6-inked-150202145534-conversion-gate02/75/Proofs-of-Work-21-2048.jpg)
Uploaded byDavid Evans
Proofs of Work
This document discusses proofs of work and blockchain technology. It begins by explaining the purpose of project 1 and opportunities for students to earn credit. It then covers how proofs of work can be used to establish distributed trust in a public ledger or blockchain without a centralized authority. Specifically, it discusses how Bitcoin uses the SHA-256 hash function and difficulty adjustment to implement a proof of work that requires computational resources to add a block to the blockchain and maintain consensus. Students are also given opportunities to earn credit for project 1 by posting additional comments.
More Related Content
Proofs of Work
- 1. Cryptocurrency Café UVa cs4501Spring 2015 David Evans Class 6: Proofs of Work
- 2. Plan for Today Project1 Distributed Consensus Proof-of-Work Blockchain 1
- 3. Project 1 Graded on100,000 satoshi scale Full credit: 1. Successfully generated vanity address and transferred coin to it 2. Contributed something of value to discussions 2 If you did this, should have received a transfer to your vanity address of 100,000 satoshis If not, can make up for this by posting something of value by Thursday.
- 4. Opportunities for Value 3 Youshould have better ideas of things to try after today…
- 5. Where does trustcome from? 4
- 6.
- 7. 6 Image credit: https://howveryromanian.wordpress.com/2013/09/15/ba Queuing forcooking oil (Bucharest, 1986) Scott Edelman
- 8.
- 9. Sources of Trust Yourself(super trustworthy!) Mathematics and Science Trustworthy because of logic, verified experiments Organizations and People Trustworthy because of what they have to lose (reputation) Trustworthy because of trusted oversight (law, police) Trustworthy because incentives are aligned Trustworthy because of processes they follow 8
- 10. Project 1 Comments 9 “Agood deal of the cryptography is new to me so maybe a little more "big picture" how this all connects would be helpful for people feeling the same way.” “Some details about cryptography in class are difficult to grasp without any prior knowledge on the subject.”
- 11. Project 1 Comments 10 “Italso seems like there are questions listed on the class notes that aren’t necessarily covered/touched upon in class meetings. In order to better understand the material, I feel like it would be good to either touch upon these in class or via an online discussion forum.”
- 12. Project 1 Comments 11 “Ithink it would be interesting to talk about the start up scene around bitcoin in more depth.” “I would like to see more current issues about the market being discussed in class at some point soon - maybe through presenting some new bitcoin news at the beginning of every class.”
- 13. Project 1 Comments 12 “Homeworkdirections were REALLY vague.” “I think that the assignments need to be designed much more clearly. Specifically, we need much clearer descriptions on what software, downloads, and packages we will need. This was absolutely the hardest part of project1: getting git set up, and recognizing that you needed to no only install go but also the btcsuite stuff. After this was accomplished, the project was a more than reasonable exploration into vanity addresses and bitcoin transactions.” “I feel that in my past CS classes everything is already set up nice and tidy on a VM for you and there's little to figure out on your own.
- 14. 13 This generation ofstudents got into “UVa” by doing exactly and precisely what teacher wants. If teacher is vague about what he wants, they work a lot harder to figure out what they want and whether or not it is good. The vaguer the directions, the more likely the opportunity for serendipity to happen. It drives them nuts! Harvard Professor John Stilgoe (on "60 Minutes", 4 January 2004)
- 15. Redemption on Project1 14 If you didn’t get full credit for Project 1 because of failure to post something interesting, you can (and should!) redeem yourself and earn full credit by posting an interesting comment by Thursday: - Discussion questions from Project 1 - Notes from classes - General forum
- 16. 15 Bitcoin’s solution: apublic ledger
- 17. Public Ledger 16 Node ANode B Node C M = transfer X to Bob EKRA [H(M)] Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob
- 18. Public Ledger: DistributedTrust (?) 17 Node A Node B Node C M = transfer X to Bob EKRA [H(M)] Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb
- 19. 18 Node A NodeB Node C M = transfer X to Bob EKRA [H(M)] Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb ok! ok! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob)
- 20. 19 Node A NodeB Node C Bob wants to verify: 1. Alice hasn’t already transferred X 2. The coin will be valuable for Bob tb tb tb tb ok! ok! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob)
- 21. 20 Node A NodeB Node C M = transfer X to Cathy EKRA [H(M)] tc tc tc tc BAD! t Transactions 1 tb (X->Bob) Transactions 1 tb (X->Bob) Transactions 1 tc (X->Cathy)
- 22. Scaling the Network 21 NodeA Node B Node C ta tb tb Node D Node E Node F Node G
- 23. Blockchain 22 Public ledger withoutfixed set of nodes – decentralized, distributed trust Requires coalition with majority of computing power to collude to cheat
- 24. Blockchain 23 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2)Nonce Transactions
- 25. Inconsistent Blockchains 24 Node ANode B Node C Node D Node E Node F Node G How do we know which blockchain is “correct”?
- 26. 25 CRYPTO 1992 Cynthia Dwork (nowat MSR) Moni Naor (Weizmann Institute)
- 27.
- 28. Idea: Proof-of-Work Pricing Function:(f) - moderately easy to compute - cannot be amortized computing f(m1),…, f(ml) costs l times as much as computing f(mi). - easily verified: given x, y easy to check y = f(x) 27
- 29. Proposed Pricing Function 28 ExtractingSquare Roots index: p find x, y such that y2 = x mod p Dwork and Naor proposed two other pricing functions, designed to have “shortcuts” (backdoors) to allow administrators to compute them efficiently.
- 30.
- 31. Interactive Hashcash 30 mail sender mailrecipient’s server Hello Challenge: r r random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail)
- 32. Interactive Hashcash 31 mail sender mailrecipient’s server Hello Challenge: r r random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r Can we make this non-interactive?
- 33. Non-Interactive Hashcash 32 mail sender mailrecipient’s server (Mail, x) Challenge: r r random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r How well would this work if f is SHA-256?
- 34. Pre-image Attack onSHA-256 33 Requires approximately 2255 attempts Bitcoin Network total hashrate: 316,012,834 GH/s
- 35.
- 36. Non-Interactive Hashcash 35 mail sender mailrecipient’s server (Mail, x) Challenge: r r random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r Making an easier f
- 37. Variable-Difficulty f 36 Challenge: r,Difficulty: d Find an x such that:
- 38. Variable-Difficulty f 37 Challenge: r,Difficulty: d Find an x such that: SHA-256(r + x) < T/d T is some set “target”. If the difficulty doubles, how much more work is expected?
- 39. Bitcoin’s Proof-of-Work 38 Find anx such that: SHA-256(SHA-256(r + x)) < T/d Why use double SHA-256?
- 40.
- 41. Bitcoin’s Difficulty 40 https://bitcoinwisdom.com/bitcoin/difficulty Difficulty adjusts(every 2016 blocks) to keep block-finding time around 10 minutes
- 42.
- 43. Finding the NextBlock 42 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r + x)) < T/d
- 44. Finding the NextBlock 43 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r + x)) < T/d r = header + transactions (including mining fee) header = H(previous block)
- 45.
- 46. Charge Wednesday: Merkle Trees(recording transactions) Project 2 will be posted Wednesday, due Feb 22 45 If you did not receive a grade for Project 1 yet, you have until Thursday to contribute a worthwhile comment to justify full credit for Project 1.