Andreas Park PRO
Professor of Finance at UofT
Andreas Park
Definition
Properties
Simple Application
Nerdy stuff:
Examples of "Andreas"
Examples of "AnDrEaS"
Problem: Hashes can be cracked!
cracked by "CrackStation"
Some formalism
Alice wants to send Bob money without Charles seeing it
Symmetric Encryption: Bob and Alice use the same key to encrypt and decrypt a message
Formally: public key P = private key S
Asymmetric Encryption: Bob has a public and a private key, (Pb Sb)
Pb
Sb
Pb
Sb
Formally
required property
if S applied to M created T, T=Sign(M,S) => Check(T,M,P)=1
Alice wants to send Bob a message and provide proof that its her.
Sa
Pa
formally: computes T=Sign(M,Sa)
formally: computes check(T,M,Pa)
https://anders.com/blockchain/public-private-keys/signatures.html
Order of transactions?
Cancel one before the other?
When is it in the "database"?
Simple Version Problem
Possible Solution?
Problem
Note:
They don't care if they coordinate on attack or withdraw = either is OK as long as there is consensus
seek consensus for time of attack
leader proposes \(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t,t,x\)
\(t,t,x\)
\(t,t,t\)
\(x\)
\(y\)
\(z\)
\(y\)
\(x\)
\(z\)
\(y\)
\(x\)
\(z\)
\(x,y.z\)
\(x,y,z\)
\(x,y,z\)
Equilibrium
Blockchain requirement
= 00000xd4we...
= 00000xd4we...
= 00000xd4we...
consensus is reached if hash starts with right number of leading zeros
https://anders.com/blockchain/block.html
Contains transaction from Bob to Alice
Question: Can Bob rewrite history?
Where to add a new block B7?
Equilibrium for "the longest chain"? - Yes!
"The blockchain folk theorem" by Biais, Bisière, Bouvard, and Casamatta, RFS 2018
Contains transaction from Bob to Alice
Bob wants to undo the transaction by rewriting history with B6
https://anders.com/blockchain/distributed.html
Bob's objective
What does it take?
How does Proof of Work prevent this?
Back of the envelope calculation
Double spend attack prevention
Basic idea of competitive equilibrium
aggregate mining cost = aggregate reward
Double spending attack
condition that prevents it
(Chiu & Koeppl RFS 2018)
Major innovation of bitcoin
Performance limited by design
Tweaks: lighting network (BTC) or side chains, SegWit, blocksize possible, but there are limits
microtransactions, IoT, and other smart contract use cases place very high demands
Conceptual limitations of POW
Provides a probabilistic guarantee, though on practice, 1-ε = 1
Minting is performed according to a set schedule
=> no monetary policy and adequate liquidity management
Hash difficulty adjusted to achieve target inter-block latency => Implies a hard limit to protocol throughput
Block size: performance - decentralization trade off
larger blocks lead to more orphans, especially for smaller miners
There exists a blocksize at which the network fractures
Source: blockchain.info 25/02/2018
Source: etherscan.io 25/02/2018
Miners
have a huge say over changes in the protocol, and
they can collectively block changes, force forks, etc., and
have incentives that may run counter to the common good
vs
Root Problem
Solutions
https://blog.stephantual.com/what-are-state-channels-32a81f7accab
Where to add a new block B7?
My personal problem: I have not yet seen a convincing theoretical model of PoS
Common Idea:
Advantages
Objectives
My JAXX addresses:
By Andreas Park
This deck 2/3 for the MFRM Blockchain technology module in finance, taught at the Rotman School of Management, Fall 2019.