SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Willy Susilo

Blockchain and
its applications
Willy Susilo
Institute of Cybersecurity and
Cryptology, School of
Computing and IT, UOW
wsusilo@uow.edu.au

Content
• Introduction
• Tools and Mechanisms
• Blockchain applications
• On-going Research
Document title2

Document title3
1. Introduction

Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin

Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin
Remove the
central party

Bitcoin
Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash system."
(2008): 28.

Bitcoins revisited
• Bitcoin is a cryptocurrency, existing purely in
the digital realm – first deployed in 2009.
• Cryptocurrency: a currency built upon computer
science, cryptography and economics.
• Born out of the Cypherpunk movement – a
libertarian fight for privacy and self-governance.
• The inspiration for the invention of the
blockchain.
• Created by Satoshi Nakamoto (anonymous ID)

What is Blockchain?
• A chain of blocks
• Public ledger/database
• Records all transactions across P2P network
• Shared between participants

Public
Decentr
alized
Distribu
ted
Immuta
ble
Publicly accessable
No central party
Approved by most peers
Can not be tampered
Main
features

Components
Record payer ,
payee,
transaction
amounts, etc…
Transaction Block Blockchain
A chain of blocks
A list of
transactions

Components
trans: H( )
prev: H( )
trans: H( )
prev: H( )
trans: H( )
prev: H( )
H( ) H( )
H( ) H( ) H( ) H( )
transaction transaction transaction transaction
transaction
Block
Blockchain

Four elements characterize Blockchain

*********
Traditional blockchain protocols were
designed with script language

Document title16
make a protocols like this
Blockchain 2.0 ---- Ethereum
or

Document title17
2. Tools & Mechnisms

Ingredient #1: Hashes
• A hash function (like SHA-256) takes a block
of data in, and produces an effectively random
fixed size integer.
• Any change to the input randomizes it
SHA-256
“The quick brown fox did some crypto”
410312395834291203…
SHA-256
“The quick brown Fox did some crypto”
983249120432492340…

Hash property 1: Collision-free
• Nobody can find x and y such that
• x != y and H(x)=H(y)
x
y
H(x) = H(y)

• Collisions do exist ...
• … but can anyone find them?
possible inputs
possible outputs

Hash property 2: Hiding
• Hiding property:
• If r is chosen from a probability
distribution that has high min-entropy,
then given H(r | x), it is infeasible to
find x.
• High min-entropy means that the
distribution is “very spread out”, so
that no particular value is chosen with
more than negligible probability.

Hash property 3: Puzzle-friendly
• Puzzle-friendly:
• For every possible output value y,
• if k is chosen from a distribution
with high min-entropy,
• then it is infeasible to find x such
that H(k | x) = y.

Application: Search puzzle
• Given a “puzzle ID” id (from high min-entropy
distrib.),
• and a target set Y:
• Try to find a “solution” x such that
• H(id | x) ∈ Y.
• Puzzle-friendly property implies that no solving
strategy is much better than trying random
values of x.

SHA-256 hash function
256 bits 256 bits
512 bits
Theorem: If c is collision-free, then SHA-256 is
collision-free.
Padding (10* | length)
IV
Message
(block 1)
Message
(block 2)
Message
(block n)
Hash
c c c

Consensus--Hash-based Proof of Work
• To find a hash with N zeros at the start of the input,
requires 2N computations…proves computational work
• If we hash an incrementing “nonce” as the hash input,
we can go looking for zeros:
in 3e-05 seconds, nonce = 0 yielded 0 zeros. value =
4c8f1205f49e70248939df9c7b704ace62c2245aba9e81641edf…
in 0.000138 seconds, nonce = 12 yielded 1 zeros. value =
05017256be77ad2985b36e75e486af325a620a9f29c54…
00ae7e0956382f55567d0ed9311cfd41dd2cf5f0a7137…
000b5a6cfc0f076cd81ed3a60682063887cf055e47b…
0000af058b74703b55e27437b89b1ebcc46f45ce55d6….
00000e55bd0d2027f3024c378e0cc511548c94fbeed0e….
00000077a77854ee39dc0dc996dea72dad8852afbde6….

PoW property 1: difficult to compute
~about 1020 hashes/block
Only some nodes bother to compete —
miners

PoW property 2: parameterizable cost
Nodes automatically re-calculate the target every
two weeks
Goal: average time between blocks = 10 minutes
Prob (Alice wins next block) =
fraction of global hash power she controls

Key security assumption
Attacks infeasible if majority of miners
weighted by hash power follow the protocol

PoW property 3: trivial to verify
Nonce must be published as part of block
Other miners simply verify that
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target

Block #0
Winner nobody
Parent_hash 0
Nonce 0
Block #1
Winner Player 23
Parent_hash 000D45698
Nonce 3459
SHA-256
Block #2
Winner Player 16
Parent_hash 000F67839
Nonce 974329
SHA-256

The Nonce / Hash Loop
• The algorithm to make a new block:
1. Verify the hashes of all the previous blocks
2. Build a new block with a random nonce
3. Hash the new block. Does it have N zeros?
– No? Go back to Step 2
– Yes? Send your new block to everyone!
• Note that as a result of step #1, you can find
out how many points anyone has by counting
how many blocks they have won

Ingredient #2: Signatures
Signing key
Public part 454F4D3E1..
Private part 56F23F2D..
Data
Signing
Algorithm
Signature
Private part
Signature
Verification
Algorithm
Yes/No
Public part
Data

What we want from signatures
• Only you can sign, but anyone can verify
• Signature is tied to a particular
document
• can’t be cut-and-pasted to another doc

API for digital signatures
• (sk, pk) := generateKeys(keysize)
• sk: secret signing key
• pk: public verification key
• sig := sign(sk, message)
• isValid := verify(pk, message, sig)
can be
randomized
algorithms

Requirements for signatures
• “valid signatures verify”
• verify(pk, message, sign(sk, message)) == true
• “can’t forge signatures”
• adversary who:
• knows pk
• gets to see signatures on messages of his choice
• can’t produce a verifiable signature on another message

• Bitcoin uses ECDSA standard
• Elliptic Curve Digital Signature Algorithm
• relies on hairy math
• will skip the details here --- look it up
if you care

Incentive 1: block reward
Creator of block gets to
• include special coin-creation transaction in the block
• choose recipient address of this transaction
Value is fixed: currently 12.5 BTC, halves every 4 years
Block creator gets to “collect” the reward only if the
block ends up on long-term consensus branch!
Mechanism: Incentive

Incentive 2: transaction fees
Creator of transaction can choose to make
output value less than input value
Remainder is a transaction fee and goes to
block creator
Purely voluntary, like a tip

Where are the rules?
• The laws of Bitcoin (or any blockchain)
are in the miner nodes
– Whatever 51% of the miners are running will
win
• The source to the node are the law
• How do you change rules?
• What happens if:
– The crypto breaks?
– We want to add more coins?
– We want to change the block format?

Attacks
• What happens if the majority of
the players defect?
– 51% attacks – can extend bad blocks
• How large a body needs to defect?
– Depending on network, can be 30% or
less
– Sybil attacks

Document title41
3. Blockchain Applications &
Ongoing Research

Blockchain
Cryptocurrency
Energy
Shipping
Healthcare
Trading
Voting
Government
Insurance
Finance
Key management
Manusfacturing
SmartContract
IoTTransportation Funding

Blockchain and Cryptocurrencies
• Thousands of cryptocurrencies are launched
• Various features and demands
• Top 2: Bitcoin & Ethereum

2014
2014
2014
2014
Dash
Zcoin
Zcash
Monero
Bitcoin provides only Pseudonymity
Privacy-enhancing techniques:

4848
Existing methods to trace
Based on transaction analysis
• Clustering algorithms, graph theory and
data analysis
Based on a central party
• RScoin and Solidus
Based on cryptographic tools
• Accountable DAP and our proposal

Traceable Monero
Transaction
Input
Output
...
Output Account
Tag
Tag*
Input Account
Payer Payee
pk1
pkn
Tag 1
Tag n
Tag*
.
.
.
R
P
Tracing
Authority
...
Transaction phase
Tracing phase
Tag + Ciphertext of
Input accounts
One-time
Public key
Long-term
Public key
Ciphertext C

50
Result
Traditional e-voting

Blockchain-based e-voting
• No central party
• Automatically compute the final results
(Self-tallying e-voting)
• Fairness issues
– Abortive issues: Recover (ignore)
– Adaptive issues: Timed encryption

Document title52
Block Block BlockBlockGenesis
Blockchain
Register Vote
Block
Voters

Post-quantum Blockchain
• Making Cryptocurrency post-quantum resistant
• Making Blockchain post-quantum resistant
Document title53

Document title54
What about AI?

Document title58
4. Blockchain in Practice

Document title62
What is the next killer
application?

Document title63
Myth vs Reality

Before
After, with Bitcoin
You Your money
at the bank intermediaries
Fees, slow, closed
Their bank
Other people
and business
You
The Bitcoin networks
Open, peer-to-peer, instant, free
Other people
and business

You Your money
at the bank
intermediaries
Fees, slow, closed
Their
bank Other
people and
business
The Bitcoin networks
Open, peer-to-peer, instant, free
intermediaries
Fees, slow, closed

Document title66
Final question: Centralized
or Decentralized?
Revisiting the design of EOS

Document title67
Thank you
for your attention!

SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Willy Susilo

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Willy Susilo

Semelhante a SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Willy Susilo (20)

Mais de SMART Infrastructure Facility

Mais de SMART Infrastructure Facility (20)

Último

Último (20)

SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Willy Susilo