Prof Willy Susilo presented a seminar titled "Blockchain and its Applications" as part of the SMART Seminar Series on 20th September 2018.
More information: https://news.eis.uow.edu.au/event/blockchain-and-its-applications/
Keep updated with future events: http://www.uoweis.co/events/category/smart-infrastructure-facility/
4. Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin
5. Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin
Remove the
central party
7. Bitcoins revisited
• Bitcoin is a cryptocurrency, existing purely in
the digital realm – first deployed in 2009.
• Cryptocurrency: a currency built upon computer
science, cryptography and economics.
• Born out of the Cypherpunk movement – a
libertarian fight for privacy and self-governance.
• The inspiration for the invention of the
blockchain.
• Created by Satoshi Nakamoto (anonymous ID)
8. What is Blockchain?
• A chain of blocks
• Public ledger/database
• Records all transactions across P2P network
• Shared between participants
18. Ingredient #1: Hashes
• A hash function (like SHA-256) takes a block
of data in, and produces an effectively random
fixed size integer.
• Any change to the input randomizes it
SHA-256
“The quick brown fox did some crypto”
410312395834291203…
SHA-256
“The quick brown Fox did some crypto”
983249120432492340…
19. Hash property 1: Collision-free
• Nobody can find x and y such that
• x != y and H(x)=H(y)
x
y
H(x) = H(y)
20. • Collisions do exist ...
• … but can anyone find them?
possible inputs
possible outputs
21. Hash property 2: Hiding
• Hiding property:
• If r is chosen from a probability
distribution that has high min-entropy,
then given H(r | x), it is infeasible to
find x.
• High min-entropy means that the
distribution is “very spread out”, so
that no particular value is chosen with
more than negligible probability.
22. Hash property 3: Puzzle-friendly
• Puzzle-friendly:
• For every possible output value y,
• if k is chosen from a distribution
with high min-entropy,
• then it is infeasible to find x such
that H(k | x) = y.
23. Application: Search puzzle
• Given a “puzzle ID” id (from high min-entropy
distrib.),
• and a target set Y:
• Try to find a “solution” x such that
• H(id | x) ∈ Y.
• Puzzle-friendly property implies that no solving
strategy is much better than trying random
values of x.
24. SHA-256 hash function
256 bits 256 bits
512 bits
Theorem: If c is collision-free, then SHA-256 is
collision-free.
Padding (10* | length)
IV
Message
(block 1)
Message
(block 2)
Message
(block n)
Hash
c c c
25. Consensus--Hash-based Proof of Work
• To find a hash with N zeros at the start of the input,
requires 2N computations…proves computational work
• If we hash an incrementing “nonce” as the hash input,
we can go looking for zeros:
in 3e-05 seconds, nonce = 0 yielded 0 zeros. value =
4c8f1205f49e70248939df9c7b704ace62c2245aba9e81641edf…
in 0.000138 seconds, nonce = 12 yielded 1 zeros. value =
05017256be77ad2985b36e75e486af325a620a9f29c54…
in 0.000482 seconds, nonce = 112 yielded 2 zeros. value =
00ae7e0956382f55567d0ed9311cfd41dd2cf5f0a7137…
in 0.014505 seconds, nonce = 3728 yielded 3 zeros. value =
000b5a6cfc0f076cd81ed3a60682063887cf055e47b…
in 0.595024 seconds, nonce = 181747 yielded 4 zeros. value =
0000af058b74703b55e27437b89b1ebcc46f45ce55d6….
in 3.491151 seconds, nonce = 1037701 yielded 5 zeros. value =
00000e55bd0d2027f3024c378e0cc511548c94fbeed0e….
in 32.006105 seconds, nonce = 9913520 yielded 6 zeros. value =
00000077a77854ee39dc0dc996dea72dad8852afbde6….
26. PoW property 1: difficult to compute
~about 1020 hashes/block
Only some nodes bother to compete —
miners
27. PoW property 2: parameterizable cost
Nodes automatically re-calculate the target every
two weeks
Goal: average time between blocks = 10 minutes
Prob (Alice wins next block) =
fraction of global hash power she controls
29. PoW property 3: trivial to verify
Nonce must be published as part of block
Other miners simply verify that
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target
31. The Nonce / Hash Loop
• The algorithm to make a new block:
1. Verify the hashes of all the previous blocks
2. Build a new block with a random nonce
3. Hash the new block. Does it have N zeros?
– No? Go back to Step 2
– Yes? Send your new block to everyone!
• Note that as a result of step #1, you can find
out how many points anyone has by counting
how many blocks they have won
32. Ingredient #2: Signatures
Signing key
Public part 454F4D3E1..
Private part 56F23F2D..
Data
Signing
Algorithm
Signature
Private part
Signature
Verification
Algorithm
Yes/No
Public part
Data
33. What we want from signatures
• Only you can sign, but anyone can verify
• Signature is tied to a particular
document
• can’t be cut-and-pasted to another doc
34. API for digital signatures
• (sk, pk) := generateKeys(keysize)
• sk: secret signing key
• pk: public verification key
• sig := sign(sk, message)
• isValid := verify(pk, message, sig)
can be
randomized
algorithms
35. Requirements for signatures
• “valid signatures verify”
• verify(pk, message, sign(sk, message)) == true
• “can’t forge signatures”
• adversary who:
• knows pk
• gets to see signatures on messages of his choice
• can’t produce a verifiable signature on another message
36. • Bitcoin uses ECDSA standard
• Elliptic Curve Digital Signature Algorithm
• relies on hairy math
• will skip the details here --- look it up
if you care
37. Incentive 1: block reward
Creator of block gets to
• include special coin-creation transaction in the block
• choose recipient address of this transaction
Value is fixed: currently 12.5 BTC, halves every 4 years
Block creator gets to “collect” the reward only if the
block ends up on long-term consensus branch!
Mechanism: Incentive
38. Incentive 2: transaction fees
Creator of transaction can choose to make
output value less than input value
Remainder is a transaction fee and goes to
block creator
Purely voluntary, like a tip
39. Where are the rules?
• The laws of Bitcoin (or any blockchain)
are in the miner nodes
– Whatever 51% of the miners are running will
win
• The source to the node are the law
• How do you change rules?
• What happens if:
– The crypto breaks?
– We want to add more coins?
– We want to change the block format?
40. Attacks
• What happens if the majority of
the players defect?
– 51% attacks – can extend bad blocks
• How large a body needs to defect?
– Depending on network, can be 30% or
less
– Sybil attacks
48. 4848
Existing methods to trace
Based on transaction analysis
• Clustering algorithms, graph theory and
data analysis
Based on a central party
• RScoin and Solidus
Based on cryptographic tools
• Accountable DAP and our proposal
64. Before
After, with Bitcoin
You Your money
at the bank intermediaries
Fees, slow, closed
Their bank
Other people
and business
You
The Bitcoin networks
Open, peer-to-peer, instant, free
Other people
and business
65. You Your money
at the bank
intermediaries
Fees, slow, closed
Their
bank Other
people and
business
The Bitcoin networks
Open, peer-to-peer, instant, free
intermediaries
Fees, slow, closed