Andreas Park PRO
Professor of Finance at UofT
Definition
Properties
Example for "normal" or polynomial time:
Example for exponential time:
Simple Application
Nerdy stuff:
Examples of "Andreas"
Examples of "AnDrEaS"
Problem: Hashes can be cracked!
cracked by "CrackStation"
Some formalism
Alice wants to send Bob money without Charles seeing it
Symmetric Encryption: Bob and Alice use the same key to encrypt and decrypt a message
Formally: public key P = private key S
Symmetric Encryption: Example
Letter | number | encoding |
---|---|---|
A | 0 | 3 |
B | 1 | 4 |
C | 2 | 5 |
... | ||
W | 21 | 25 |
X | 23 | 0 |
Y | 24 | 1 |
Z | 25 | 2 |
Asymmetric Encryption: Bob has a public and a private key, (Pb Sb)
Pb
Sb
Pb
Sb
Formally
required property
if S applied to M created T, T=Sign(M,S) => Check(T,M,P)=1
Alice wants to send Bob a message and provide proof that its her.
Sa
Pa
formally: computes T=Sign(M,Sa)
formally: computes check(T,M,Pa)
n | |
---|---|
1 | 1 |
5 | 4 |
10 | 4 |
12 | 4 |
14 | 6 |
15 | 8 |
and now going backward:
so we have \(x=7\) and \(y=-17\) so that
\(1=x\cdot m+y\cdot n=7\cdot 175+(-17)\cdot 72\)
Ingredients for encryption
What do we want to do?
What do we send?
How do you decrypt?
Calculate \({\tilde{w}_i}^x\text{ mod } n.\)
Sa
Pa
S=(x,n)=(2011,3127)
P=(e,n)=(3,3127)
for greater satisfaction, the formal argument for the encrypter
(assumes \(n\) is large and \(w\) small)
this step uses Euler's theorem
Sa
Pa
S=(x,n)=(2011,3127)
P=(e,n)=(3,3127)
Example parameters
https://anders.com/blockchain/public-private-keys/signatures.html
Order of transactions?
Cancel one before the other?
When is it in the "database"?
Simple Version Problem
Possible Solution?
Problem
Note:
They don't care if they coordinate on attack or withdraw = either is OK as long as there is consensus
seek consensus for time of attack
leader proposes \(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t\)
\(t\)
\(t\)
\(t\)
\(t\)
\(x\)
\(t,t,x\)
\(t,t,x\)
\(t,t,t\)
\(x\)
\(y\)
\(z\)
\(y\)
\(x\)
\(z\)
\(y\)
\(x\)
\(z\)
\(x,y.z\)
\(x,y,z\)
\(x,y,z\)
Equilibrium
Blockchain requirement
= 00000xd4we...
= 00000xd4we...
= 00000xd4we...
consensus is reached if hash starts with right number of leading zeros
https://anders.com/blockchain/block.html
Contains transaction from Bob to Alice
Question: Can Bob rewrite history?
Where to add a new block B7?
Equilibrium for "the longest chain"? - Yes!
"The blockchain folk theorem" by Biais, Bisière, Bouvard, and Casamatta, RFS 2018
Contains transaction from Bob to Alice
Bob wants to undo the transaction by rewriting history with B6
https://anders.com/blockchain/distributed.html
Bob's objective
What does it take?
How does Proof of Work prevent this?
Back of the envelope calculation
Double spend attack prevention
Basic idea of competitive equilibrium
aggregate mining cost = aggregate reward
Double spending attack
condition that prevents it
(Chiu & Koeppl RFS 2018)
Major innovation of bitcoin
Performance limited by design
Tweaks: lighting network (BTC) or side chains, SegWit, blocksize possible, but there are limits
microtransactions, IoT, and other smart contract use cases place very high demands
Conceptual limitations of POW
Provides a probabilistic guarantee, though on practice, 1-ε = 1
Minting is performed according to a set schedule
=> no monetary policy and adequate liquidity management
Hash difficulty adjusted to achieve target inter-block latency => Implies a hard limit to protocol throughput
Block size: performance - decentralization trade off
larger blocks lead to more orphans, especially for smaller miners
There exists a blocksize at which the network fractures
Source: blockchain.info 25/02/2018
Source: etherscan.io 25/02/2018
Miners
have a huge say over changes in the protocol, and
they can collectively block changes, force forks, etc., and
have incentives that may run counter to the common good
vs
Common Idea:
Advantages
My JAXX addresses:
n | |
---|---|
1 | 1 |
5 | 4 |
10 | 4 |
12 | 4 |
14 | 6 |
15 | 8 |
A task that'll come up
trick: pick k and then find d s.t.
Example
Example
A task that'll come up
trick: pick k and then find d s.t.
k | ||
---|---|---|
1 | (1+4)/3 | |
2 | (1+8)/3=... | 1 |
3 | (1+12)/3 | |
4 | (1+16)/3 | |
5 | (1+20)/3=... | 7 |
By Andreas Park
This deck covers basics of cryptography such as hashing, digital signatures, the RSA algo.