Download to read offline
![3. Suppose we have a magic Token Btlcoin that chooses
parties at random.
Whoever has the Token Btlcoin gets to broadcast *once*
• If t parties are malicious:
Pr[honest selected] = (n-t)/t
• Thm. If majority are honest, transaction log converges
Alice Bob
? ?
?
?
?
*caveatsSlides from Andrew Miller
From Ideal Bank to Token Btlcoin in 5
Steps
Token Btlcoin](https://image.slidesharecdn.com/token-btlcoin-171211092527/85/Token-btlcoin-6-320.jpg)
![Ethereum: Cryptocurrency with Turing-
complete script
• Can run arbitrary program on Token Btlcoin
Enable more applications
• Introduce Smart Contract (SC)
– A public program that embeds contractual clauses
between parties
– Has its own address, local storage, etc.
– User triggers SC by sending a transaction
if msg.datasize==2:
return msg.data[0] + msg.data[1]
if msg.datasize==1:
if SHA256(msg.data[0]) == contract.storage[1]:
send(reward, msg.sender)
Token Btlcoin](https://image.slidesharecdn.com/token-btlcoin-171211092527/85/Token-btlcoin-13-320.jpg)
More Related Content
Token btlcoin
- 1. On the IncentiveCompatibility of Token Btlcoin & Cryptocurrency Loi Luu Joint works with Jason Teutsch, Raghav Kulkarni, Ratul Saha, Inian Parameshwaran, Aquinas Hobor & Prateek Saxena National University of Singapore Token Btlcoin
- 2. Token Btlcoin isbecoming more important Total market: 4 Billion USD More investment – Venture Capital Funding for Bitcoin Startups Triples in 2014 – Growing 25% faster than the internet in its early years More adoptions – Paypal, Microsoft, Dell – Bank of Lodon – Nasdaq and MAS interested in Blockchain More academic research – Research in Bitcoin triples in 2014 2 1 0 1 8 21 61 205 0 50 100 150 200 250 2008 2009 2010 2011 2012 2013 2014 Number of Bitcoin research papers Token Btlcoin
- 3. Contents Token Btlcoin background Incentive-compatibilityin cryptocurrency protocol (CCS’ 15) Incentive-compatibility in Token Btlcoin pooled mining protocol (CSF’ 15) 3Token Btlcoin
- 4. Ideal Bank AccountFunctionality Bank Alice: $10 Bob: $20 Ledger Alice Bob “Send $2 from my account to Bob.” “You’ve got Money! $2 from Alice.” Alice: $08 Bob: $22 -2 +2 Ideal Bank properties • Alice cannot spend money that she doesn’t have • Bank cannot send the money without Alice’s acknowledgement • Bank cannot keep the money without sending to Bob • Bob should be able to spend the money Slides from Andrew MillerToken Btlcoin
- 5. From Ideal Bankto Token Btlcoin in 5 Steps 1. Implement the Bank as a trusted third party Bank 2. Implement the Bank as a multiparty computation Alice Bob Alice Bob P1 P2 P5 P4 P3 (e.g., Paypal) - Standard results in Byzantine fault- tolerance apply here, (e.g. Paxos) - PKI is assumedSlides from Andrew Miller Token Btlcoin
- 6. 3. Suppose wehave a magic Token Btlcoin that chooses parties at random. Whoever has the Token Btlcoin gets to broadcast *once* • If t parties are malicious: Pr[honest selected] = (n-t)/t • Thm. If majority are honest, transaction log converges Alice Bob ? ? ? ? ? *caveatsSlides from Andrew Miller From Ideal Bank to Token Btlcoin in 5 Steps Token Btlcoin
- 7. 4. Replace thetoken with computationally hard Puzzle - Solvable by concurrent/independent participants - No advantage over brute force Alice Bob ? ? ? ? ? Scratchd(puz, m): r ← {0,1}k; if H(puz || m || r) < 2k-d then return r Slides from Andrew Miller From Ideal Bank to Token Btlcoin in 5 Steps Token Btlcoin
- 8. 5. Finally, provideparticipation incentives • give each “lottery winner” a reward • also solves the problem of initial allocation • Incentive compatible participation? Alice Bob ? ? ? ? ? Slides from Andrew Miller From Ideal Bank to Token Btlcoin in 5 Steps Token Btlcoin
- 9. • Ledger: statefile, mapping amounts of BTC to pkeys • Transactions: Signed instructions to modify the ledger • Blockchain: Authenticated sequential log of transactions Each solution is used as seed for the next puzzle challenge. The solutions form linked lists (blockchains). Thm. For all n, eventually converge on unique n-length chain. Slightly More Detail Slides from Andrew Miller Token Btlcoin
- 10. Token Btlcoin systemoverview BlockchainUsers (generate TXs) Miners (Validate TXs & generate blocks) TXs TXs Token Btlcoin
- 11. Mining Token Btlcoinin 5 easy steps 1. Join the network, listen for transactions a. Validate all proposed transactions 2. Listen for new blocks, maintain blockchain a. When a new block is proposed, validate it 3. Assemble a new valid block 4. Find the nonce to make your block valid a. SHA256(BlkTemplate || Nonce) has D leading zero bits, e.g.: 0000000000000000024f37840… 5. When find a valid block a. Broadcast & hope it gets accepted b. Receive reward Token Btlcoin
- 12. Token Btlcoin transaction Input: PreviousTX:ID of previous transaction Index: 0 scriptSig: Sign(PubKey), PubKey Output: Value: 5000000000 scriptPubKey: %take Signature and PubKey as params checkif Hash(PubKey) = Payee's ID, checkif Sign(PubKey) is valid Specify the source of the money Prove of eligibility to spend Amount to send Who to send to and what payee has to do to spend Logic of the transaction Bitcoin script: supports limited operators • Prevent DoS attack • Easy to verify • Limit the applications Token BtlcoinToken Btlcoin
- 13. Ethereum: Cryptocurrency withTuring- complete script • Can run arbitrary program on Token Btlcoin Enable more applications • Introduce Smart Contract (SC) – A public program that embeds contractual clauses between parties – Has its own address, local storage, etc. – User triggers SC by sending a transaction if msg.datasize==2: return msg.data[0] + msg.data[1] if msg.datasize==1: if SHA256(msg.data[0]) == contract.storage[1]: send(reward, msg.sender) Token Btlcoin
- 14.
- 15. Incentive in TokenBtlcoin protocol 16 Incentive for miners – Block reward – Transaction fees included in the block There is no reward for block verifier! – “When a new block is proposed, validate it” People verify other’s block because – They want to mine valid blocks – For the “common good” – Normally, its cheap Token Btlcoin
- 16. Steps to verifya block If block hash meets difficulty – One SHA256 computation Merkle tree of TXs is correctly constructed – O(No.OfTXs) SHA256 computations If all TXs are valid – Depends on number of TXs – Logic in each TX 17 What would happen if verifying a block were not cheap? Currently in a Bitcoin block: - N=500-700 TXs - Verifying a normal TX requires 1 signature, 1 SHA256 - Thus, verifying a Merkle tree is cheap Token Btlcoin
- 17. Problem Is cryptocurrency protocolincentive- compatible? – Incentivize miners to verify block? – Are honest miners vulnerable? Finding: Cryptocurrency protocol is not incentive compatible – Miners are vulnerable to resource exhaustion attack – Rational miners have incentive to skip verifying block 18Token Btlcoin