Presented at the IndicThreads.com Software Development Conference 2016 held in Pune, India. More at http://www.IndicThreads.com and http://Pune16.IndicThreads.com
--
3. Overview
What does Bitcoin do
How does it work
Why does it work that way
Blockchain (going beyond just currency)
- Ethereum (automated contracts)
- The DAO (“pvt. ltd.” in the cloud)
Which to spend time on?
6. Important Requirements
Authentication: Amit & Navin's signature
matched with ID Proof
Non-Repudiation: Neither can claim that
transaction never happened
Integrity: Transaction can't be modified
later (?)
7. Improvement #1
Problem: Signatures are easily forged
Solution: Get agreement notarized by third
party
Suhas authenticates Navin & Amit and
witnesses the agreement; notarizes and
signs each page
– Authentication, Non-Repudiation, Integrity improved.
8. Improvement #2
Problem: How do I know Navin owns the
land?
Solution: Centralized registry (“Registrar's
Office”) of all land transactions
“Title search” to find last transaction involving
Plot #167 Aundh
– Note: Suhas's services no longer needed. Registrar handles
authentication, non-repudiation, integrity
9. Can we decentralize it?
We all hate the Regisrar's office, don't we?
Need a different way to re-create:
– Authentication
– Non-repudiation
– Integrity
10. Digression #1: PKI
Public Key Cryptography
Asymmetric Encryption
Two keys: Public (pk), Private/Secret (sk)
Encrypt(msg, pk): sk necessary to decrypt
Encrypt(msg, sk): pk necessary to decrpty
11. PKI Characteristics #1
Very easy to to create pk-sk pair
Given message + key, encryption is easy
Given crypt + xkey, decryption is easy
Without key, decryption is very expensive
12. PKI Characteristics #2
Each participant widely publicizes pk
Keeps sk hidden
One participant can create multiple pk-sk
pairs
13. PKI Use Cases
Encryption:
– Encrypt(msg, Navin(pk)): can only be read by Navin
– Encrypt(msg, Navin(sk)): can only be sent by Navin
Signature
– Publish plaintext document
– And checksum encrypted using Navin's sk
– Guarantee: Navin approves document
– Any document modification causes checksum mismatch
14. Digression #2
One-way Hash
– e.g. MD5, SHA1
Given a document, compute a hash-function
– Easy to compute hash
– Easy to verify that a hash matches document
– Difficult to create document matching hash
• Impossible if number of bits is large enough
15. Removing the Registrar
Navin creates document indicating that Plot
#167 sold to Amit
Signs using his private key
Stored at Suhas's server
– Signed with Suhas's private key
– Note: Authentication, Non-Repudiation, Integrity
– Note: this is still centralized
16. Decentralization
Create multiple copies of Suhas
– How to get consistency
– 2PC doesn't work. Paxos Doesn't work.
Other Requirements:
– Partition Tolerance
– Availability
Now we run into CAP theorem.
17. Solution – Part 1
Allow temporary inconsistency
All Suhases vote
Now worry about Sybil Attack
– How to prevent new copies of Suhas being created
18. Solution Part 2
Suhas creation should be expensive
Real life:
– Government issued IDs
In this solution:
– Proof-of-Work
19. Proof of Work
pk-sk pair is easy to create
Force new Suhas to solve a hard
mathematical problem
e.g. create a new document with given hash
20. How to handle conflicts
Each transaction embeds ID of previous
transaction
Form an unbroken chain of transactions
In case of conflicts, server with longer chain
wins
Over time, consensus of servers is formed
24. Bitcoin Advanced
A transaction isn't a simple bitcoin transfer
– It's a script in Bitcoin Scripting Language
– Transaction valid if script returns true
– Default script:
if verify_signature(transaction.signature,
transaction.input.public_key):
return True
else
return False
25. Bitcoin Scripting
Smart Transactions possible
– Low-overhead escrow using 2-of-3 multisig
– Micropayments using double-spending
– Protected micropayments using “lock-time”
– Green addresses: instant payment using trusted third party
• Also: offline payment
26. Pay-to-script-hash
Allow payer to pay using a non-standard script
– Output script needs to be inserted by payer
– Seller wants to receive money using complex script
• e.g. 2-non-trusting partners want to receive on a 2-of-2
multisig
– Normally, non-technical payer will not insert complex third-
party script – risky
– Hence: pay to a hash of a script
• Bitcoin protocol ensures that it can only be redeemed
by someone who produces the right script to match
the hash, and execution of that script returns True
27. Proof-of-Burn
Send money to a script that can never be
redeemed
Use OP_RETURN
Money gone forever
Can put extra content in script after
OP_RETURN
– Use bitcoin to store non-repudiable information
31. Examples
Blockchain based DNS
– Remember Wikileaks
Blockchain based internet!!
– Remember Snowden
Many more
– e.g. our Land Records example! (being considered in
Honduras)
33. The DAO
Distribute Autonomous Organization
Venture Capital Company
Exists Entirely on Ethereum
Anonymous shareholders!
Voting based decisions
Ethereum scripts control all working of org
34. The DAO - 2
Shareholders:
– All those who bought tokens on Ethereum by May 28
– Can be traded on Ethereum
Working capital: money paid by shareholders
– Money paid by shareholders: $168M
Funds startups
– Proposal in ethereum
– If majority vote yes, money transfered automatically
35. Impact
Top VCs pumping 100s of millions of dollars in
blockchain companies
Visionaries on Wallstreet investing in, and
joining blockchain companies
– Includes Vikram Pandit, NASDAQ
Top banks doing PoC
– Includes Barclays, Deutsche Bank, Credit Suisse