Blockchain
Technology

Andreas Park

Part 2: Drilling down

Features

peer to peer

no trusted third parties

censorship resistant 

secure

fully decentralized

Key Questions

properties of records

updating protocol for record changes

What's needed for trust in  anonymous deals?

Authority

Execution

Continuity

Part 0:
useful tools

Part 1:
properties of records

Part 2:
updating mechanism

Hashing

  1. What is hashing?
  2. Why do we use hashing?

Drilling down part 0: useful tools

Definition

  • M: a message/text of arbitrary length
  • h(M): a fixed length output or "digest"

What is cryptographic hashing?

What is cryptographic hashing?

Properties

  1. Deterministic (i.e., not random)
    • the same message always generates the same digest
  2. Fast
    • you don't need much time/many computing cycles to compute a hash
  3. "unpredictable"
    • if two messages M and M' are similar, their digests should look very different
  4. not invertible
    • there is no inverse function, i.e., there is no functional form h^-1(M) such that one can infer M from h(M),  nor can an attacker find M from h(M) in "normal" (polynomial) time.
  5. Collusion resistant
    • an attacker cannot find two messages M and M' such that h(M)=h(M') in "normal" time.

What is cryptographic hashing?

Simple Application

  • Databases should not store user passwords and usernames in plain text
    • => attacker could immediately impersonate every user
  • Store as a hash: attacker cannot invert the username & password

Nerdy stuff:

  • read up on P vs NP hard problems
  • Idea: If a solution to a problem is easy to check, is the problem easy to solve?
    • We don't know the answer yet.

What hashing functions are there?

  • Many!
  • MD5
  • SHA1 (better than MD5)
  • SHA256 (better than MD5)
    • output of 256 bits; 4 bit= 1 characters => 64 characters
    • developed by the NSA
    • Code, e.g., https://www.movable-type.co.uk/scripts/sha256.html
  • SHA512
  • RIPEMD-160 (for "160 bit output)

What hashing functions are used with blockchains?

  • MD5
    • cac58b5234e1f98b4c956998b8ac2e26
  • SHA1
    • 60D795AC720DEB5B29AB44F3A690A90DDF147D75
  • SHA256 
    • 9EEA6242471F9B3999F21C6FE247679CAB1EAE0B6E8431A3A1A5FAADB27051C8

Examples of "Andreas"

  • MD5
    • bcc9d898264b67515fba62598bdc58c0
  • SHA1
    • DE2737F0E88865DCDF7A33848F664FF807A3208C
  • SHA256 
    • 62D3869E008362B2DD4490D8BF9D4AFC4CED4FF34045709DD1EEAA743CF5C793

Examples of "AnDrEaS"

What hashing functions are used with blockchains?

Problem: Hashes can be cracked!

cracked by "CrackStation"

Why are hashing functions used with blockchains?

  1. efficient way to represent data
    • always same-length output
    • => good convention
  2. small changes to data trigger large changes in hash
    • (recall the demonstration)
    • => easy to check consistency 
  3. they work as "pointers"
    • each block contains a hash of the past block
    • this hash is a pointer
    • pointers make searches easy
  4. Hashes of hashes are used to simplify data storage
    • the process of hashing hashes repeatedly creates the "Merkle Tree" 

Cryptography

  • Foundation: let's understand the secure sending of information
  • Problem: send message M that you want no-one to be able to read 
  • Basic idea (just as with hashing):
    • should be easy to decrypt with the right tools
    • hard to decrypt without it

Some formalism

  • message M 
  • public key P
  • private key S (for "safe")
  • cipher text C
  • Two functions:
    • encode message: enc(M,P)=p(M) 
    • decode cipher: dec(C,S)=s(C)

Alice wants to send Bob money without Charles seeing it

Symmetric Encryption: Bob and Alice use the same key to encrypt and decrypt a message

Formally: public key P = private key S

Asymmetric Encryption: Bob has a public and a private key, (Pb Sb)

Pb

Sb

Pb

Sb

Digital Signatures

  • Problem: send message M and ensure that the other side believes that you sent this particular message
    • worry about manipulation
    • other side may worry about proving what you did, etc.
    • => want to digitally sign the message
  • As with encryption:
    • should be easy to prove that you signed 
    • hard to forge your signature

Drilling down part 1: properties of records

Digital Signatures

Formally

  • Components:
    • Message M
    • Signature or Tag T
    • Public & private keys P & S
  • Two functions
    • Sign(M,S)
    • Check(M,T,P)

required property

if S applied to M created T, T=Sign(M,S) => Check(T,M,P)=1

Alice wants to send Bob a message and provide proof that its her.

Sa

Pa

formally: computes T=Sign(M,Sa)

formally: computes check(T,M,Pa)

Putting it together

  • Hashing is used widely and provides convenient outputs of fixed length => concise representation of information
  • Public-private key signatures ensure that you can prove ownership and that there is security
  • Encrypting messages is a lesser concern for blockchains => info on transaction is supposed to be out in the open
  • But: all the theory used numbers not letters - how does that go together?
  • Answer: you can present any text by a number using ASCII code!
    • Long Text => H(Long text)
    • H(Long text) = fixed length text
    • => ASCII(H(text)) = number of fixed length.

Another Anders Brownworth Demo

https://anders.com/blockchain/public-private-keys/signatures.html

Drilling down part 2: updating of records

Cryptography is nice but not enough!

  • Order of transactions?

  • Cancel one before the other?

  • When is it in the "database"?

Byzantine Generals' Problem

Simple Version Problem

  • Attack only succeeds if both attack.
  • Two need a coordinated attack.
  • Messengers can be intercepted and compromised.

Possible Solution?

  • None. 
  • A needs to know B plays ball, and B needs to know that A plays ball
  • messages go back and forth ad infimum.

Byzantine Generals' Problem

Problem

  • Many generals.
  • Need consensus to succeed.

Note:

They don't care if they coordinate on attack or withdraw = either is OK as long as there is consensus

Byzantine Generals' Problem

seek consensus for time of attack

leader proposes \(t\)

Byzantine Generals' Problem

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

Byzantine Generals' Problem

\(t\)

\(t\)

\(x\)

\(t\)

\(t\)

\(t\)

\(t\)

\(t\)

\(x\)

\(t,t,x\)

\(t,t,x\)

\(t,t,t\)

consensus is reached!

Byzantine Generals' Problem

\(x\)

\(y\)

\(z\)

\(y\)

\(x\)

\(z\)

\(y\)

\(x\)

\(z\)

\(x,y.z\)

\(x,y,z\)

\(x,y,z\)

consensus is reached (no attack)

Byzantine Generals' Problem

Equilibrium

  • generals pick majority message
  • successful consensus as long as no more than 1/3 cheats

Blockchain requirement

  • reach Byzantine Fault Tolerant consensus
  • trick: messages are hard to forge

Proof of Work Protocol

A Byzantine Fault Tolerant Algorithm

This Hash starts with a pre-specified number of zeros!

Blockchain BFT

Blockchain BFT

= 00000xd4we...

= 00000xd4we...

= 00000xd4we...

consensus is reached if hash starts with right number of leading zeros

PoW does two things

- selects a leader

- makes messages hard to forge

A demonstration of Hashes and Nonces

https://anders.com/blockchain/block.html

How does the proof of work protocol address Byzantine Fault Resistance?

  1. Looking for leading zeros is a coordination device
    • If you see such a message update what you want to do.
  2. Mining is difficult and time consuming
    • a forger needs to work hard to change the message
  3. Message is send to many entities
    • strength in numbers: a forger needs to capture many messages 
    • unless there are too many forgers (there is a math result here) can trust

Proof of Work:

yields Consensus

=> "Existence"

B3

B1

B2

B4

B5

Contains transaction from Bob to Alice

Question: Can Bob rewrite history?

Drilling down part 2b: immutability

No! Bcause: Economics!

Importance of Economics, Step 1: Incentive to support longest chain

B3

B1

B2

B4

B5

B6

Where to add a new block B7?

  • Add to B3?
    • => people after still more likely to add to B6
    • lose "coinbase" reward

Economic Analysis, Part I

Equilibrium for "the longest chain"? - Yes!

  • "Blockchain Mining Games" by Kiayias,Koutsoupias, Kyropoulouz, and Tselekounis, Proceedings of the 2016 ACM Conference on Economics and Computation, 2016

  • "The blockchain folk theorem" by Biais, Bisière, Bouvard, and Casamatta, RFS 2018

Importance of Economics, Step 2: Altering the past?

B3

B1

B2

B4

B5

  • needs to be faster than anyone after who adds to B5 and build a longer chain
  • or needs to be able to mine repeatedly

B8

B7

B9

B10

B6

Contains transaction from Bob to Alice

Bob wants to undo the transaction by rewriting history with B6

Last part of Anders Brownworth's Demo

https://anders.com/blockchain/distributed.html

Bob's objective

  • Wants to undo this trade and cheat Alice by building alternative chain from B6

What does it take?

  1. needs to be predictably able to add several blocks to the chain without interference, or
  2. needs to be faster than anyone after who adds to B5 and build a longer chain, or
  3. needs to ability to reject new blocks that are added to B5 .

How does Proof of Work prevent this?

  • mining success is random subject to resources spend:
    • computers/GPUs
    • electricity
  • you need faster/more computers than 51% of the network
    • current network power: 25million tera-hashes per second (blockchain.info)

Back of the envelope calculation

  • hashrate: 25,000,000 TH/s
  • best GPUs have 2.5GH/s per card=0.0025 TH/s
  • => need 25,000,000 x 400 x 0.5 = 5,000,000,000 GPUs
  • 1 GPU costs around $200
  • =>Cost = $1,000,000,000,000

Economic Analysis, Part II

Double spend attack prevention

  • Validation rewards are taken as given, but they are crucial in
    • determining incentives to participate,
    • to support the chain, and
    • to expense electricity and computing power

Basic idea of competitive equilibrium

aggregate mining cost = aggregate reward

Double spending attack

  • expense resources but:
  • win N block rewards until "confirmation" block
  • ability to double-spend

condition that prevents it

(Chiu & Koeppl RFS 2018)

 

 

\text{mining reward} \times (N+1)N > \text{double spend amount}

Bigger Insights

  • Philosophy: anyone is allowed to write to the ledger, but we don't trust anyone
  • Key requirement: you cannot predict or determine when you'd write again
    • => cannot manipulate/take over
  • PoW achieves "randomness" by solve a hard, expensive cryptographic puzzle
  • much work goes into finding viable alternatives, which we will discuss later
    • Proof of Stake, Proof of Burn, Proof of Elapsed Time

Major innovation of bitcoin

  • combine cryptography, blockchains, and proof-of-work
  • first application of PoW: HashCash
  • Blockchains have been used for timestamp servers (with central authority)

Proof of Work uses unsustainable amounts of energy

  • Nakamoto consensus consumes energy on par with (Jan 2019)
    • Austria
    • 2x Denmarks
    • 3x Irelands
    • 4x nuclear power plants
  • No connection between energy burned and economic value created

Performance limited by design

  • BTC Throughput: 3.3-7 tps, latency: 10-60 minutes
  • ETH throughput: 15 tps, latency: 14s to 30 minutes

  • Tweaks: lighting network (BTC) or side chains, SegWit, blocksize possible, but there are limits

  • microtransactions, IoT, and other smart contract use cases place very high demands

Conceptual limitations of POW

  • Provides a probabilistic guarantee, though on practice, 1-ε = 1

  • Minting is performed according to a set schedule
    => no monetary policy and adequate liquidity management

  • Hash difficulty adjusted to achieve target inter-block latency => Implies a hard limit to protocol throughput

  • Block size: performance - decentralization trade off

    • larger blocks lead to more orphans, especially for smaller miners

    • There exists a blocksize at which the network fractures

Mining concentration

Source: blockchain.info 25/02/2018 

Source: etherscan.io 25/02/2018 

Ether

Bitcoin

Miners

  • have a huge say over changes in the protocol, and

  • they can collectively block changes, force forks, etc., and

  • have incentives that may run counter to the common good

Mining 2009

Mining 2010

Mining 2011

Mining 2012

Mining 2013-15

Mining 2015-17

Mining 2018

  • blockchain 1.0
  • first solution to double spending
  • clunky, slow, expensive
  • huge following and computing power
  • one trick pony

vs

  • blockchain 2.0
  • universal turing machine for decentralized execution of code
  • highly flexible
  • foundation for many private initiatives
  • cryptocurrency Ether is a means to an end
  • code execution = requires computing power
    • pay for GPU cycles (=Gas) =>Ether is the "fuel" 
    • malicious code could "crash" virtual machine
  • Big message:
    • Ethereum is not a "better" cryptocurrency
    • It is a code execution network that runs on Ether
  • Allows generation of "tokens" = digital assets

Ethereum

  • developed and built by a Waterloo-based team around Vitalik Buterin
  • not a firm
  • team had the chance to sell their system to Google, but declined
  • instead built a "Foundation" => Ethereum cannot be "bought" 
  • founders still got wealthy as they did/do have a stake in the coins

Some Ethereum History

  • with this history comes a philosophy
  • Blockchain entities don't strive to be "firms"
  • they form teams for projects, invite everyone, not concerned about IP
  • they don't strive to get high-powered jobs or sell to a large bank
  • but yes, they want to drive Lambos 

Key Technology Questions for  Blockchain Design

interoperability

cybersecurity and privacy

functionality

scalability

smart contract features and verification

recently and unexpectedly: finality

Scalability projects for Ethereum

  • Ethereum blocks have no size limit
  • but: gas limit imposes computation  limit and thus transaction limit
  • note: in contrast to Bitcoin, Ethererum always announced that it would eliminate proof-of-work eventually

Root Problem

  • Side Channels:
    • Keep two-party interactions off the main chain and use chain only for terminal settlement
  • Sharding
    • instead of storing all info on all nodes, break up the blockchain into shards

Solutions

https://blog.stephantual.com/what-are-state-channels-32a81f7accab

Key problem of Proof-of-Stake:

How to incentivize support of longest chain?

B3

B1

B2

B4

B5

B6

Where to add a new block B7?

  • PoW: only longest chain
  • PoS: could add both at B3 and  B6 (nothing-at-stake)
    • solution: punish deviations!

My personal problem: I have not yet seen a convincing theoretical model of PoS

Most promising fundamentalprojects

Ethereum: Casper & related proof of stake implementations

Bitcoin: Lighting Network

Cardano: delegated proof of stake

Avalanche: iterative algorithmic validation & staking

Algorand: developed by Turing Award winner with random validator assignment & staking

Key Challenges for the Blockchain/Crypto Community for 2019

Technology

Legal/Regulation

Economic functions

Key Economic Questions for Blockchain Design

  • system governance

    • political economy

  • contract/token design

    • corporate finance

  • How does platform payment interactions with outside world

    • open-economy macro

  • How much do we have to pay operators to maintain the chain?

    • mechanism design

Ethereum Enterprise Alliance

Common Idea:

  • build private blockchains on top of Ethereum
  • use open source tools

Advantages

  • preserve interoperability of systems
  • compatibility and free development
  • best of two worlds? 
  • 150 companies are members of EEA
  • US$400M invested in VC funding (CBInsight)
  • US$900M from tokens since Nov 2016 (Smith and Crown).

Objectives

  • deep understanding components of blockchain transactions:
    • hashing
    • keys, signatures, and addresses
    • consensus protocols
    • mining & economic incentives
  • awareness of limitations and continuous development

End of Part 2:

Drilling Down

  • financing through tokens & coins
  • crypto markets
  • other economic applications and business canvas

Coming up Part 3:

Finance Applications

Bitcoin and Ethereum Addresses

My JAXX addresses:

  • Bitcoin:
    • 16dNbpPnA5vz41f6D8iQsBwN9j8G6YW7zP
  • Ethereum
    • 0x91c44e74ebf75baa81a45dc589443194d2eba84b
  • General rule: Bitcoin commonly start with 1 (other models exist), Ethereum addresses with 0x

Bitcoin Addresses

  • Usually, your wallet creates your public/private keys
  • Recall that Bitcoin uses an "Elliptic Curve" algorithm
    • With RSA pick primes, e and then d
    • With Elliptic curves, you "pick points on a curve"
    • => your wallet does this and then creates the keys for you
  • From these items it creates your address through a series of hashing operators, mixed with adding "stuff"

Bitcoin Addresses (nerdy stuff)

Ethereum Addresses

  • are essentially a hexidecimal string that always starts with 0x
  • Like Bitcoin, get public/private key with the Elliptic Curve algo
  • Hash public key with Keccak-256.
    • ​=> 32-byte string.
  • Drop first 12 bytes
    • 20 bytes = 40 character remain
  • Add prefix 0x.
    • ​=>your Ethereum address
  • ​Note:
    • not as crafted as Bitcoin
    • ​Ethereum is more flexible and works to to use a name-representation
    • => interaction with the International Bank Account Number (IBAN) System

Blockchain MFRM Lecture 1.5 2019

By Andreas Park

Blockchain MFRM Lecture 1.5 2019

This deck 2/3 for the MFRM Blockchain technology module in finance, taught at the Rotman School of Management, Fall 2019.

  • 671

More from Andreas Park