Let's build a blockchain!

Transcription

1 I'm Haseeb. That's me. Let's build a blockchain! A mini-cryptocurrency in Ruby

2 I'm Haseeb Qureshi. I'm a software engineer. I'm working at a blockchain company called 21.co. Unless something terrible has happened, I'm the guy who's saying these words right now.

3 Here's the thing. "Blockchain" is a red herring. Blockchain is just one tiny component of why cryptocurrencies work.

4 In order to truly understand what makes cryptocurrencies hard, we have to start from first principles. So let's do that.

5 1 MONEY ON THE INTERNET MAKE $1500/day CLICK HERE

6 It started with the cypherpunks.

7 The Cypherpunks (80s-90s) Mailing lists, e.g. Libertarianism Cypherpunks deeply distrusted centralized institutions. They believed that people should be free from the tyranny of governments. Privacy Information is power. Ensuring privacy meant the individual was sovereign over their information. Cryptography Cryptography, the mathematics of encryption, was a cypherpunk's principal defense.

8

9 The Cypherpunk's Manifesto (1993, Eric Hughes) On privacy: "Privacy is necessary for an open society in the electronic age. We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy. We must defend our own privacy if we expect to have any." On code: "Cypherpunks write code. We know that someone has to write software to defend privacy, and we're going to write it."

10 So if you want to build a community free from the state, what do you need? The answer: digital money.

11 $ STEP 1: REPLACE MONEY. DUH. Let's write some code.

12 Okay, so what was wrong here? Fill in here

13 The major problems were: Authentication Anyone can control anyone's account... We can solve this with passwords for now Availability / reliability If the server goes down, no more money for anyone! If a government shuts down our server, or we become insolvent, the currency dies. Security If anyone successfully infiltrates the server, they can take all the money. That includes us!

14 The cypherpunks knew... People SUCK.

15 CENTRALIZED SYSTEMS ARE NO GOOD.

16 How can we avoid a single point of failure? Simple. Kill the server.

17 2 DECENTRALIZED PROTOCOLS Knock knock, who's there? No one! No one! No one! No one! No one! NoNoone! one! No one! No one! No one! No one! No one! No one! No one! No one! No one!

18 Go from this... Server/client to this. Gossip

19 Gossip Protocols Leaderless Everyone in the protocol is equal and replaceable. This means if any individual goes offline, the network can still function. Bootstrapping the network Eventual consistency Each member of the protocol connects to other peers to learn about the current state of the network. To send a transaction, we just gossip to our peers and trust that they'll relay it onward. Messages may take a while to propagate through the network.

20 Let's code up a gossip protocol.

21 Okay, so what was wrong here? Fill in here

22 Fault Tolerance We have achieved fault-tolerance. Any individual node can fail, and the system can stay up. But we want a stronger guarantee: Byzantine-fault tolerance (BFT) A Byzantine Fault is when an actor misbehaves by doing something arbitrary or malicious For a monetary system, we want everything to still work in spite of bad actors!

23 Authentication! A potential attack: pretending someone said something they didn't. Haseeb told me his state was: ["Transformer", 9999] How can we establish identity? Passwords no longer work. Everything is out in the open! IPs? It's not stable, it's easy to spoof, and multiple users can have the same IP So what then?

24 3 CRYPTOGRAPHIC IDENTITIES Damn mqgibekj+qcrbadkdtczlydrtp1q7/shuzbjzuh9hov Vowogf2W07U6G9BqKW24rpiOxYmErjMFfvNtozNk+33 cd/sq3gi05o1immzzg2rbf4ne5t3iplxnnuznh+j+6vxxa16 GPhBRprvnng8r9GYALLUpo9Xk17KE429YYKFgVvtTPtE GUlpO1EwCg7FmWdBbRp4mn5GfxQNT1hzp9WgkD/3p Z0cB5m4enzfylOHXmRfJKBMF02ZDnsY1GqeHv/LjkhC ustp2qz4thlycyofkgmaddpvnmse/tyzlgpsxjrjsrep NSdoXk3IgEStowmXjTfr9xNOrB20Qk0ZOO1mipOWMgs e4pmiu02x24oapwtyhdhsx3oblcwddke8aegah8a/sh lk7fl1bi8rfzx6hb+2yild/fazmbvzue0r2uo7ldqez5+geei BFignd5HHhqjJw8rUJkfeZBoTKYlDKo7XDrTRxfyzNuZZ PxBLTj+keY8WgYhQ5MWsSC2MX7FZHaJddYa0pzUmF ZmQh0ydulVUQnLKzRSunsjGOnmxiWBZwb6bQjU2F0b 3NoaSBOYWthbW90byA8c2F0b3NoaW5AZ214LmNvbT 6IYAQTEQIAIAUCSQn6pwIbAwYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEBjAnoZeyUihXGMAnjiWJ0fvmSg SM3o6Tu3qRME9GN7QAKCGrFw9SUD0e9/YDcqhX1aP MrYue7kCDQRJCfqnEAgA9OTCjLa6Sj7tdZcQxNufsDSC SB+yznIGzFGXXpJk7GgKmX3H9Zl4E6zJTQGXL2GAV4kl ksfntvgssgjkqcnebuzvwutyq1vxrnvfpqfvlvvo2jjc BHWjb03fmXmavIUtRCHoc8xgVJMQLrwvS943GgsqSb dokzwdtnfneq+uago+qfv66npt3yl0cxuinbitzojcj djhdtboxrqomx2wsguv+btydhqggqiaex73xmftxnc xbopqwsodqns7xtcl2enru9bniqmei7l9fybquikhm1k 6RrBy1as8XElS2jEos7GAmlfF1wShFUX+NF1VOPdbN3Zd FoWqsUjKk+QbrwADBQgA9DiD4+uuRhwk2B1TmtrXnw whcdke7zblhjxbfcslpaziph8cicfv3s418i4h1ycz2itcnc 8KAPoS6mipyS28AU1B7zJYPODBn8E7aPSPzHJfudMKM qichljvjre23xsktc0sihhskcr2g+6arog5lwuoqjqeydr blvqqfpvxbnphstquo5polxqc7pkgc5syquzbealek Itl2SL2yBRRGOlVJLnvZ6eaovkAlgsbGdlieOr0UwWuJC, back at it again with the white Vans!

25 Let's use cryptography. Specifically, we're going to use what's known as public-key cryptography (a.k.a. asymmetric encryption)

26 Public and private keys Generate a pair of keys, public and private The private key can cryptographically "sign" statements Your public key can be published out in the open. You must keep your private key secret. Anyone who has your public key can use it to verify the authenticity of your signature. These keys become your identity. This is signature is intractable to forge. Derives its power from mathematical puzzles I.e., what's something easy to verify but hard to compute? RSA uses integer factoring. Other systems use discrete logarithms or elliptic curve relationships.

27 Let's test it out.

28 Cryptographic identities Now you can't forge messages! We can trust all signed messages come from their claimed senders. So are we there yet? We're actually most of the way to a digital currency. We can do a lot with this. In fact, we're already (mostly) where David Chaum was when he created the first digital currency, DigiCash.

29 You see, digital currency has a big problem which wasn't an issue for us with movies. It's called the double-spend double-spend problem.

30 po ou, y reb nt y gra I he I he reb yg ran t yo sole e, Alic u, B o b, s o le o rshi wne. coin s i f th o wn ers h ip o f th is c o in.

31 Hehehe...

32 DigiCash solved the double-spend problem by being centralized. Every transaction had to check in with a central bank (centralized server) to ensure there were no double-spends.

33 DigiCash went bankrupt in And with that, all of the DigiCash anyone owned disappeared.

34 Centralization is no good. The cypherpunks knew: WANT BIG IMPACT? Use big image. for a digital currency to be stable and trustworthy, it must be decentralized.

35 But in a peer-to-peer network, how can you track and prevent double-spends?

36 4 ENTER THE BLOCKCHAIN FUCKING FINALLY, AM I RIGHT GUYS

37 In October 2008, a pseudonymous cypherpunk by the name of Satoshi Nakamoto published a white paper, in which he described a new protocol for a decentralized digital currency. He called this protocol:

38 What was Satoshi's key insight?

39 Double spends are problematic because we can't agree on timing In a distributed system, there's no global ordering of all events. People can lie about when things happened. If we just rely on Alice thinks her people to report their spend happened own timestamps, bad first, Bob Ross thinks actors will claim that his happened first. their events happened first. How do we decide between them? There's no way to There's no canonical prove a timestamp! timekeeper. In order to prevent double-spends, people need to coordinate. If Alice and Bob could stop, talk to each other, and verify the double spend before completing the deal, we'd be fine. But we can't coordinate until we slow things down!

40 To prevent double-spends, we want to slow things down, order all events, and make it hard to change that ordering. In other words, we want to build a decentralized timestamping server.

41 Proof of Work (a.k.a. Nakamoto Consensus) Satoshi achieved these properties through cryptographic puzzles. You can't just send a message and have it be accepted. The message has to be backed up with computational work in the form of solving a puzzle. This puzzle is hard, and you can't fake a solution. The solutions to these puzzles are known as proof of work. You have to prove you've done some work if you want to send a message! The next person who can find a solution to this puzzle gets to send their message.

42 Satoshi used SHA-2 hashes as his puzzle (inspired by HashCash)

43 Specifically: The puzzle is to find a nonce, which combined with your message, produces a hash with some number of leading 0s.

44 Let's see it in action.

45 Satoshi called this "mining." The tool you use to mine is your CPU!

46 Okay, so mining puzzles are hard. But if I have a solution to a puzzle, can't I just show it to two people and still double-spend?

47 Okay, those puzzles are hard. YES. But if I have a solution to a puzzle, can't I just show it to two people and still double-spend?

48 We have slowed things down... But we still have no global ordering. For that, we'll need...

49 A Blockchain! (for real this time) A blockchain is a sequence of these puzzle solutions. The key is that each input to each puzzle includes the hash of the PREVIOUS block. Block 42 Block 43 Block d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 "Gladiator" d087977a769de d087977a769de2 Nonce: ded abf582c444 "Goodfellas" da4fedee9b1ce da4fedee9b1ce5 Nonce: 9cdd1c84b d12da "Fight Club" 00000d d338c4c8

50 Basically, the solutions are chained together in blocks that depend on each other. Hence the name "blockchain." This forces an ordering on each message! Block 42 Block 43 Block d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 "Gladiator" d087977a769de d087977a769de2 Nonce: ded abf582c444 "Goodfellas" da4fedee9b1ce da4fedee9b1ce5 Nonce: 9cdd1c84b d12da "Fight Club" 00000d d338c4c8

51 So let's build a goddamn blockchain.

52 We said we wanted three properties. 1. Slow things down 2. Order all events 3. Make it hard to change that ordering. How do we get this?

53 Let's say an attacker wanted to change history. Block d087977a "Twilight" d172 Block 42 Block 43 Block d06647ee3a54 "Gladiator" d087977a d087977a "Goodfellas" da4fedee da4fedee "Fight Club" 00000d d3

54 How can we prevent this? Block d087977a "Twilight" d172 Block 42 Block 43 Block d06647ee3a54 "Gladiator" d087977a d087977a "Goodfellas" da4fedee da4fedee "Fight Club" 00000d d3

55 Satoshi had a simple idea. He called it the Choice rule.

56 Whenever there's a fork in the blockchain, users should accept the fork with the most blocks. Block d087977a "Twilight" d172 Block 42 Block 43 Block d06647ee3a54 "Gladiator" d087977a d087977a "Goodfellas" da4fedee da4fedee "Fight Club" 00000d d3

57 If the attacker has less computational power than everyone else, they won't catch up! Block 43 Block d087977a d172 "Twilight" "Mamma Mia" d d7d172 Block 42 Block 43 Block d06647ee3a54 "Gladiator" d087977a d087977a "Goodfellas" da4fedee da4fedee "Fight Club" 00000d d3 Block Previous block 00000d5 "Jaws" 00000c9

58 The network is literally secured by CPU power!

59 Of course, the blockchain will sometimes split naturally. Block 44? da4fedee "Fight Club" 00000d d3 Block 42 Block d06647ee3a54 "Anastasia" d087977a d087977a "Goodfellas" da4fedee Block 44? da4fedee "The Lion King" 00000ac9d363c81

60 In this case, we keep building on each chain, but one will eventually become longer. Block 44? da4fedee "Fight Club" 00000d d3 Block 42 Block d06647ee3a54 "Anastasia" d087977a d087977a "Goodfellas" da4fedee Block 44? da4fedee "The Lion King" 00000ac9d363c81

61 Given any fork, you always have some risk of a double-spend! Block 44? da4fedee 00000d d3 Block 42 Block d06647ee3a d087977a d087977a da4fedee Block 44? da4fedee 00000ac9d363c81

62 Blockchains give you probabilistic guarantees. The longer you wait, the less risk of a double-spend. This is why in Bitcoin, it's recommended to wait 6 blocks before considering a transaction final.

63 We now have all the pieces. Identity Public-private key cryptography Networking A gossip protocol Consensus Proof-of-work Longest chain rule Each node re-validates each block in the blockchain to ensure it's valid

64 Let's fulfill the cypherpunk dream.

65 And there you have it. We did skip a few things: Economics (miners, block rewards) Merkle trees, proofs SPVs (light clients) Replay protection (via nonces) Ethereum (a virtual machine atop a blockchain) Read the Bitcoin white paper!

66 Thanks for listening! ANY QUESTIONS? You can find the code for this talk at my You can find me on Twitter Or follow my blog at haseebq.com