Introduction to cryptography primitives and fundamental data structures. Discuss the process of achieving distributed consensus, proof-of-work and potential attacks on network.

1. Introduction to blockchain
and cryptocurrency technologies
@pawaclawczyk

2. Agenda
• Cryptographic primitives
• Building blocks
• Making cryptocurrency
• Under the hood
• Not only currency — adToken

3. Cryptographic primitives

4. Cryptographic primitives
• Cryptographic hash function
• Digital signature

5. Cryptographic primitives: hash function
H(x) = y
• maps input of arbitrary size into fixed size output
• is efficiently computable

6. Cryptographic primitives: cryptographic hash function
• collision-resistance
• hiding
• puzzle-friendliness

7. Cryptographic primitives: cryptographic hash function

8. Cryptographic primitives: cryptographic hash function
A hash function H is collision resistant
if it is infeasible to find two values, x and y,
such that x ≠ y, yet H(x) = H(y).

9. Cryptographic primitives: cryptographic hash function
Example of not collision resistant hash function:
H(x) = x mod 2256
It’s easy to find that:
H(x) = H(x + 2256)

10. Cryptographic primitives: cryptographic hash function
A hash function H is hiding if:
when a secret value r is chosen from
a probability distribution that has high min-entropy,
then given H(r || x) it is infeasible to find x.

11. Cryptographic primitives: cryptographic hash function

12. Cryptographic primitives: cryptographic hash function
Application: commitments
commitment := commit(message, nonce)
:= H(nonce || message)
isValid := verify(commitment, message, nonce)
:= commitment == H(nonce || message)

13. Cryptographic primitives: cryptographic hash function
A hash function H is said to be puzzle-friendly if for every possible
n-bit output y, if k is chosen from a distribution with high min-entropy,
then it is infeasible to find x such that H(k || x) = y in time significantly
less then 2n.

14. Cryptographic primitives: cryptographic hash function
Application: search puzzle
Given:
• a hash function H
• a value v, chosen from high min-entropy distribution
• a target set Y
Find value x — solution to this puzzle — such that
H(v || x) ∈ Y

15. Cryptographic primitives: digital signature
Analogy to handwritten signature
• only you can make your signature
• anyone who sees it can verify it’s valid
• it’s tied to a particular document

16. Cryptographic primitives: digital signature
Digital signature scheme
(secKey, pubKey) := generateKeys(keyLength)
signature := sign(secKey, message)
isValid := verify(pubKey, message, signature)

17. Cryptographic primitives: digital signature
We require that digital signature scheme holds following two properties:
• valid signature must verify
• signatures are unforgeable

18. Cryptographic primitives: digital signature
Unforgeability of digital signature
• it’s computationally infeasible to forge signature
• an adversary, who knows your public key and gets to see your
signatures on some other messages can’t forge your signatures on
some message for which he has not seen your signature

19. Cryptographic primitives: digital signature
Practical concerns:
• many signature algorithms are randomized and therefore we need
good source randomness
• there's a limit on the message size that you’re able to sign, in
practice you can sign the hash of the message

20. Cryptographic primitives: digital signature
Public key as an identity
• if we see message that verifies correctly under public key pubKey, then
we can think of this as pubKey is saying the message
• in order for someone to speak for the identity pubKey, they must know
the corresponding secret key
• these identities are called addresses — commonly represented with the
hash of pubKey
• you can have as many identities as you want

21. Building blocks

22. Building blocks
• Hash pointer
• Block chain
• Merkle tree

23. Building blocks: hash pointer

24. Building blocks: hash pointer
A hash pointer is
• a pointer to where data is stored
• together with cryptographic hash of the value of that data at some
fixed point in time

25. Building blocks: hash pointer
We can use hash pointers to build almost all data structures that we
could build using regular pointers.
The exceptions are data structures containing cycles.

26. Building blocks: block chain

27. Building blocks: block chain

28. Building blocks: block chain

29. Building blocks: block chain

30. Building blocks: block chain

31. Building blocks: block chain

32. Building blocks: Merkle tree

33. Building blocks: Merkle tree

34. Building blocks: Merkle tree

35. Building blocks: Merkle tree
• Sorted Merkle tree — data blocks are ordered
• Proof of non-membership — it is possible to verify non-membership
in a logarithmic time and space

36. Making cryptocurrency

37. Making cryptocurrency
• A very naive currency
• Central authority protocol
• Decentralized network
• Reaching consensus
• Economy

38. Making cryptocurrency: a very naive currency

39. Making cryptocurrency: a very naive currency

40. Making cryptocurrency: a very naive currency

41. Making cryptocurrency: central authority
• Let Alice be a central authority that accepts transactions and
appends them to the block chain.
• Alice will create new block with transaction when decide that
transaction is valid.

42. Making cryptocurrency: central authority

43. Making cryptocurrency: central authority

44. Making cryptocurrency: central authority

45. Making cryptocurrency: decentralized network
• When central authority is compromised or is not operant, the whole
system is affected. It’s single point of failure.
• Central authority may not treat all users equally. Some transactions
may be significantly delayed or rejected at all.

46. Making cryptocurrency: decentralized network
• How to maintain ledger in a distributed peer-to-peer network?

47. Making cryptocurrency: decentralized network
In such network we have to remember that:
• network is imperfect,
• some nodes may act maliciously.

48. Making cryptocurrency: reaching consensus
Nodes must agree on:
• exactly which transactions were broadcasted,
• the order in which these transactions happened.

49. Making cryptocurrency: reaching consensus
The result is a single, global ledger consisting of a sequence of blocks,
each block containing a list of transactions, that the’ve reached
consensus on.

50. Making cryptocurrency: reaching consensus
• New transactions are broadcasted to all nodes.
• Each node verifies and collects new transactions into a block.
• In each round a random node gets to broadcast its block.
• Other nodes accept the block only if all transactions in it are valid.
• Nodes express their acceptance of the block by including its hash in
the next block they create.

51. Making cryptocurrency: reaching consensus

52. Making cryptocurrency: reaching consensus

53. Making cryptocurrency: reaching consensus

54. Making cryptocurrency: reaching consensus

55. Making cryptocurrency: reaching consensus

56. Making cryptocurrency: reaching consensus

57. Making cryptocurrency: reaching consensus

58. Making cryptocurrency: reaching consensus

59. Making cryptocurrency: reaching consensus

60. Making cryptocurrency: reaching consensus

61. Making cryptocurrency: reaching consensus
• How to select node in a random manner?

62. Making cryptocurrency: reaching consensus
The key idea behind proof of work is that we approximate the
selection of random node by instead selecting nodes in proportion to a
resource that we hope that nobody can monopolize.

63. Making cryptocurrency: reaching consensus
H ( nonce | block data ) < target
• Difficult to compute.
• Parametrizable cost.
• Trivial to verify.

64. Making cryptocurrency: economy
• Why do we assume that majority of nodes will follow the protocol?

65. Making cryptocurrency: economy
• Block rewards.
• Transaction fees.

66. Making cryptocurrency: economy
We’re talking about cryptocurrency, so we can introduce incentives.
• Block rewards.
• Transaction fees.

67. Making cryptocurrency: economy
• We can assume that we have viable cryptocurrency when we trust in
security of blockchain protocol.
• It is secure when the nodes ecosystem is healthy — majority of the
hash power is in hand of following the protocol nodes.
• The nodes are going to act honestly only when the value of the
reward for solving puzzle is high.
• And the value is high and stable only when there is a trust in the
security of the blockchain.

68. Making cryptocurrency: economy

69. Making cryptocurrency
• Stealing bitcoins
• Denial of service attack
• Double-spend attack
• Sybil attack
• 51-percent attack

70. Under the hood

71. Under the hood
• Blocks and transactions in Bitcoin.
• Smart contracts.

72. Under the hood

73. Under the hood

74. Under the hood

75. Under the hood

76. Under the hood

77. Under the hood

78. Under the hood

79. Under the hood
• The script says: that coins can be redeemed by person owns a public
identity and proves it.
• Script is a stack based language.
• Escrow transaction using multisig.

80. Under the hood
• Smart contracts.
• Solidity — Turing complete language working on EVM (Ethereum).

81. Not only currency

82. Not only currency — adToken
• Overview of adToken white paper

83. Not only currency — adToken

84. Not only currency — adToken

85. • http://bitcoinbook.cs.princeton.edu/
• https://en.bitcoin.it/
• https://blockchain.info/

86. Q & A