Let's build a blockchain!

Similar documents
ENEE 457: E-Cash and Bitcoin

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Bitcoin, Security for Cloud & Big Data

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Blockchains & Cryptocurrencies

Problem: Equivocation!

BLOCKCHAIN The foundation behind Bitcoin

Bitcoin, a decentralized and trustless protocol

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Introduction to Bitcoin I

SpaceMint Overcoming Bitcoin s waste of energy

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Consensus & Blockchain

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Jan Møller Co-founder, CTO Chainalysis

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Bitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Biomedical Security. Cipher Block Chaining and Applications

Bitcoin and Blockchain

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Proof of Stake Made Simple with Casper

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

The nuts and bolts of blockchain technology

P2P BitCoin: Technical details

I. Introduction. II. Security, Coinage and Attacks

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

What is Proof of Work?

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Security (and finale) Dan Ports, CSEP 552

About cryptocurrencies and blockchains part 1. Jyväskylä 17th of April 2018 Henri Heinonen

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

primechain building blockchains for a better world

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

ECC: Peer-to-Peer Electronic Cash with Trustless Network Services

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

Security: Focus of Control

EECS 498 Introduction to Distributed Systems

Burstcoin Technical information about mining and block forging

Bitcoin (and why it uses SO much energy)

REM: Resource Efficient Mining for Blockchains

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Crypto tricks: Proof of work, Hash chaining

Chapter 9: Key Management

DAVID ANDREWS, FOUNDER RYATTA BLOCKCHAIN FOUNDATIONS

Introduction to Cryptoeconomics

Cryptographic Checksums

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Radix - Public Node Incentives

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Proof-of-Stake Protocol v3.0

The security and insecurity of blockchains and smart contracts

What did we talk about last time? Public key cryptography A little number theory

Kurose & Ross, Chapters (5 th ed.)

Distributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017

The game If you listen very carefully during the first 4 cards (or use the cheat sheet) you will get an advantage on the last 5 cards

15-440/15-640: Homework 4 Due: December 4, :59pm

Proof-of-Work & Bitcoin

MITOCW watch?v=zlohv4xq_ti

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

Reliability, distributed consensus and blockchain COSC412

Distributed Algorithms Bitcoin

Brown University. Yana Hrytsenko. Final Project: Blockchain for PKI: Using Blockchain data structure for Public Key. Infrastructure.

The Blockchain. Josh Vorick

CS Computer Networks 1: Authentication

Yada. A blockchain-based social graph

Elphyrecoin (ELPH) a Private, Untraceable, ASIC-Resistant CryptoCurrency Based on CryptoNote

CSE 5852, Modern Cryptography: Foundations Fall Lecture 26. pk = (p,g,g x ) y. (p,g,g x ) xr + y Check g xr +y =(g x ) r.

A Gentle Introduction To Bitcoin Mining

Introduc)on to Bitcoin

Cryptography and Network Security. Sixth Edition by William Stallings

TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN

P2_L8 - Hashes Page 1

Outline More Security Protocols CS 239 Computer Security February 4, 2004

Outline Key Management CS 239 Computer Security February 9, 2004

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

Cryptography (Overview)

Outline More Security Protocols CS 239 Computer Security February 6, 2006

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Payment systems. Andrew Paverd & Tuomas Aura CS-C3130 Information security. Aalto University, Autumn 2018

Zero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018

A simple approach of Peer-to-Peer E-Cash system

From One to Many: Synced Hash-Based Signatures

Failure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18

An Introduction to Blockchain and Distributed Ledger Technology

Privacy Enhancing Technologies CSE 701 Fall 2017

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

Technical White Paper. Cube Engine Version 1.0

Transcription:

I'm Haseeb. That's me. Let's build a blockchain! A mini-cryptocurrency in Ruby

I'm Haseeb Qureshi. I'm a software engineer. I'm working at a blockchain company called 21.co. Unless something terrible has happened, I'm the guy who's saying these words right now.

Here's the thing. "Blockchain" is a red herring. Blockchain is just one tiny component of why cryptocurrencies work.

In order to truly understand what makes cryptocurrencies hard, we have to start from first principles. So let's do that.

1 MONEY ON THE INTERNET MAKE $1500/day CLICK HERE http://45.gs/make-money-onlin-today

It started with the cypherpunks.

The Cypherpunks (80s-90s) Mailing lists, e.g. cypherpunks@lists.cpunks.org Libertarianism Cypherpunks deeply distrusted centralized institutions. They believed that people should be free from the tyranny of governments. Privacy Information is power. Ensuring privacy meant the individual was sovereign over their information. Cryptography Cryptography, the mathematics of encryption, was a cypherpunk's principal defense.

The Cypherpunk's Manifesto (1993, Eric Hughes) On privacy: "Privacy is necessary for an open society in the electronic age. We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy. We must defend our own privacy if we expect to have any." On code: "Cypherpunks write code. We know that someone has to write software to defend privacy, and we're going to write it."

So if you want to build a community free from the state, what do you need? The answer: digital money.

$ STEP 1: REPLACE MONEY. DUH. Let's write some code.

Okay, so what was wrong here? Fill in here

The major problems were: Authentication Anyone can control anyone's account... We can solve this with passwords for now Availability / reliability If the server goes down, no more money for anyone! If a government shuts down our server, or we become insolvent, the currency dies. Security If anyone successfully infiltrates the server, they can take all the money. That includes us!

The cypherpunks knew... People SUCK.

CENTRALIZED SYSTEMS ARE NO GOOD.

How can we avoid a single point of failure? Simple. Kill the server.

2 DECENTRALIZED PROTOCOLS Knock knock, who's there? No one! No one! No one! No one! No one! NoNoone! one! No one! No one! No one! No one! No one! No one! No one! No one! No one!

Go from this... Server/client to this. Gossip

Gossip Protocols Leaderless Everyone in the protocol is equal and replaceable. This means if any individual goes offline, the network can still function. Bootstrapping the network Eventual consistency Each member of the protocol connects to other peers to learn about the current state of the network. To send a transaction, we just gossip to our peers and trust that they'll relay it onward. Messages may take a while to propagate through the network.

Let's code up a gossip protocol.

Okay, so what was wrong here? Fill in here

Fault Tolerance We have achieved fault-tolerance. Any individual node can fail, and the system can stay up. But we want a stronger guarantee: Byzantine-fault tolerance (BFT) A Byzantine Fault is when an actor misbehaves by doing something arbitrary or malicious For a monetary system, we want everything to still work in spite of bad actors!

Authentication! A potential attack: pretending someone said something they didn't. Haseeb told me his state was: ["Transformer", 9999] How can we establish identity? Passwords no longer work. Everything is out in the open! IPs? It's not stable, it's easy to spoof, and multiple users can have the same IP So what then?

3 CRYPTOGRAPHIC IDENTITIES Damn mqgibekj+qcrbadkdtczlydrtp1q7/shuzbjzuh9hov Vowogf2W07U6G9BqKW24rpiOxYmErjMFfvNtozNk+33 cd/sq3gi05o1immzzg2rbf4ne5t3iplxnnuznh+j+6vxxa16 GPhBRprvnng8r9GYALLUpo9Xk17KE429YYKFgVvtTPtE GUlpO1EwCg7FmWdBbRp4mn5GfxQNT1hzp9WgkD/3p Z0cB5m4enzfylOHXmRfJKBMF02ZDnsY1GqeHv/LjkhC ustp2qz4thlycyofkgmaddpvnmse/tyzlgpsxjrjsrep NSdoXk3IgEStowmXjTfr9xNOrB20Qk0ZOO1mipOWMgs e4pmiu02x24oapwtyhdhsx3oblcwddke8aegah8a/sh lk7fl1bi8rfzx6hb+2yild/fazmbvzue0r2uo7ldqez5+geei BFignd5HHhqjJw8rUJkfeZBoTKYlDKo7XDrTRxfyzNuZZ PxBLTj+keY8WgYhQ5MWsSC2MX7FZHaJddYa0pzUmF ZmQh0ydulVUQnLKzRSunsjGOnmxiWBZwb6bQjU2F0b 3NoaSBOYWthbW90byA8c2F0b3NoaW5AZ214LmNvbT 6IYAQTEQIAIAUCSQn6pwIbAwYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEBjAnoZeyUihXGMAnjiWJ0fvmSg SM3o6Tu3qRME9GN7QAKCGrFw9SUD0e9/YDcqhX1aP MrYue7kCDQRJCfqnEAgA9OTCjLa6Sj7tdZcQxNufsDSC SB+yznIGzFGXXpJk7GgKmX3H9Zl4E6zJTQGXL2GAV4kl ksfntvgssgjkqcnebuzvwutyq1vxrnvfpqfvlvvo2jjc BHWjb03fmXmavIUtRCHoc8xgVJMQLrwvS943GgsqSb dokzwdtnfneq+uago+qfv66npt3yl0cxuinbitzojcj djhdtboxrqomx2wsguv+btydhqggqiaex73xmftxnc xbopqwsodqns7xtcl2enru9bniqmei7l9fybquikhm1k 6RrBy1as8XElS2jEos7GAmlfF1wShFUX+NF1VOPdbN3Zd FoWqsUjKk+QbrwADBQgA9DiD4+uuRhwk2B1TmtrXnw whcdke7zblhjxbfcslpaziph8cicfv3s418i4h1ycz2itcnc 8KAPoS6mipyS28AU1B7zJYPODBn8E7aPSPzHJfudMKM qichljvjre23xsktc0sihhskcr2g+6arog5lwuoqjqeydr blvqqfpvxbnphstquo5polxqc7pkgc5syquzbealek Itl2SL2yBRRGOlVJLnvZ6eaovkAlgsbGdlieOr0UwWuJC, back at it again with the white Vans!

Let's use cryptography. Specifically, we're going to use what's known as public-key cryptography (a.k.a. asymmetric encryption)

Public and private keys Generate a pair of keys, public and private The private key can cryptographically "sign" statements Your public key can be published out in the open. You must keep your private key secret. Anyone who has your public key can use it to verify the authenticity of your signature. These keys become your identity. This is signature is intractable to forge. Derives its power from mathematical puzzles I.e., what's something easy to verify but hard to compute? RSA uses integer factoring. Other systems use discrete logarithms or elliptic curve relationships.

Let's test it out.

Cryptographic identities Now you can't forge messages! We can trust all signed messages come from their claimed senders. So are we there yet? We're actually most of the way to a digital currency. We can do a lot with this. In fact, we're already (mostly) where David Chaum was when he created the first digital currency, DigiCash.

You see, digital currency has a big problem which wasn't an issue for us with movies. It's called the double-spend double-spend problem.

po ou, y reb nt y gra I he I he reb yg ran t yo sole e, Alic u, B o b, s o le o rshi wne. coin s i f th o wn ers h ip o f th is c o in.

Hehehe...

DigiCash solved the double-spend problem by being centralized. Every transaction had to check in with a central bank (centralized server) to ensure there were no double-spends.

DigiCash went bankrupt in 1998. And with that, all of the DigiCash anyone owned disappeared.

Centralization is no good. The cypherpunks knew: WANT BIG IMPACT? Use big image. for a digital currency to be stable and trustworthy, it must be decentralized.

But in a peer-to-peer network, how can you track and prevent double-spends?

4 ENTER THE BLOCKCHAIN FUCKING FINALLY, AM I RIGHT GUYS

In October 2008, a pseudonymous cypherpunk by the name of Satoshi Nakamoto published a white paper, in which he described a new protocol for a decentralized digital currency. He called this protocol:

What was Satoshi's key insight?

Double spends are problematic because we can't agree on timing In a distributed system, there's no global ordering of all events. People can lie about when things happened. If we just rely on Alice thinks her people to report their spend happened own timestamps, bad first, Bob Ross thinks actors will claim that his happened first. their events happened first. How do we decide between them? There's no way to There's no canonical prove a timestamp! timekeeper. In order to prevent double-spends, people need to coordinate. If Alice and Bob could stop, talk to each other, and verify the double spend before completing the deal, we'd be fine. But we can't coordinate until we slow things down!

To prevent double-spends, we want to slow things down, order all events, and make it hard to change that ordering. In other words, we want to build a decentralized timestamping server.

Proof of Work (a.k.a. Nakamoto Consensus) Satoshi achieved these properties through cryptographic puzzles. You can't just send a message and have it be accepted. The message has to be backed up with computational work in the form of solving a puzzle. This puzzle is hard, and you can't fake a solution. The solutions to these puzzles are known as proof of work. You have to prove you've done some work if you want to send a message! The next person who can find a solution to this puzzle gets to send their message.

Satoshi used SHA-2 hashes as his puzzle (inspired by HashCash)

Specifically: The puzzle is to find a nonce, which combined with your message, produces a hash with some number of leading 0s.

Let's see it in action.

Satoshi called this "mining." The tool you use to mine is your CPU!

Okay, so mining puzzles are hard. But if I have a solution to a puzzle, can't I just show it to two people and still double-spend?

Okay, those puzzles are hard. YES. But if I have a solution to a puzzle, can't I just show it to two people and still double-spend?

We have slowed things down... But we still have no global ordering. For that, we'll need...

A Blockchain! (for real this time) A blockchain is a sequence of these puzzle solutions. The key is that each input to each puzzle includes the hash of the PREVIOUS block. Block 42 Block 43 Block 44 675d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 "Gladiator" 0000040d087977a769de2 0000040d087977a769de2 Nonce: ded12545992abf582c444 "Goodfellas" 0000069da4fedee9b1ce5 0000069da4fedee9b1ce5 Nonce: 9cdd1c84b5636087d12da "Fight Club" 00000d5340078d338c4c8

Basically, the solutions are chained together in blocks that depend on each other. Hence the name "blockchain." This forces an ordering on each message! Block 42 Block 43 Block 44 675d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 "Gladiator" 0000040d087977a769de2 0000040d087977a769de2 Nonce: ded12545992abf582c444 "Goodfellas" 0000069da4fedee9b1ce5 0000069da4fedee9b1ce5 Nonce: 9cdd1c84b5636087d12da "Fight Club" 00000d5340078d338c4c8

So let's build a goddamn blockchain.

We said we wanted three properties. 1. Slow things down 2. Order all events 3. Make it hard to change that ordering. How do we get this?

Let's say an attacker wanted to change history. Block 43 0000040d087977a "Twilight" 00000636087d172 Block 42 Block 43 Block 44 675d06647ee3a54 "Gladiator" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee 0000069da4fedee "Fight Club" 00000d5340078d3

How can we prevent this? Block 43 0000040d087977a "Twilight" 00000636087d172 Block 42 Block 43 Block 44 675d06647ee3a54 "Gladiator" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee 0000069da4fedee "Fight Club" 00000d5340078d3

Satoshi had a simple idea. He called it the Choice rule.

Whenever there's a fork in the blockchain, users should accept the fork with the most blocks. Block 43 0000040d087977a "Twilight" 00000636087d172 Block 42 Block 43 Block 44 675d06647ee3a54 "Gladiator" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee 0000069da4fedee "Fight Club" 00000d5340078d3

If the attacker has less computational power than everyone else, they won't catch up! Block 43 Block 44 0000040d087977a 00000636087d172 "Twilight" "Mamma Mia" 00000636087d172 000005291d7d172 Block 42 Block 43 Block 44 675d06647ee3a54 "Gladiator" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee 0000069da4fedee "Fight Club" 00000d5340078d3 Block Previous block 00000d5 "Jaws" 00000c9

The network is literally secured by CPU power!

Of course, the blockchain will sometimes split naturally. Block 44? 0000069da4fedee "Fight Club" 00000d5340078d3 Block 42 Block 43 675d06647ee3a54 "Anastasia" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee Block 44? 0000069da4fedee "The Lion King" 00000ac9d363c81

In this case, we keep building on each chain, but one will eventually become longer. Block 44? 0000069da4fedee "Fight Club" 00000d5340078d3 Block 42 Block 43 675d06647ee3a54 "Anastasia" 0000040d087977a 0000040d087977a "Goodfellas" 0000069da4fedee Block 44? 0000069da4fedee "The Lion King" 00000ac9d363c81

Given any fork, you always have some risk of a double-spend! Block 44? 0000069da4fedee 00000d5340078d3 Block 42 Block 43 675d06647ee3a54 0000040d087977a 0000040d087977a 0000069da4fedee Block 44? 0000069da4fedee 00000ac9d363c81

Blockchains give you probabilistic guarantees. The longer you wait, the less risk of a double-spend. This is why in Bitcoin, it's recommended to wait 6 blocks before considering a transaction final.

We now have all the pieces. Identity Public-private key cryptography Networking A gossip protocol Consensus Proof-of-work Longest chain rule Each node re-validates each block in the blockchain to ensure it's valid

Let's fulfill the cypherpunk dream.

And there you have it. We did skip a few things: Economics (miners, block rewards) Merkle trees, proofs SPVs (light clients) Replay protection (via nonces) Ethereum (a virtual machine atop a blockchain) Read the Bitcoin white paper!

Thanks for listening! ANY QUESTIONS? You can find the code for this talk at my Github: @haseeb_qureshi You can find me on Twitter at: @hosseeb Or follow my blog at haseebq.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback