blockchain
play

Blockchain CS 240: Computing Systems and Concurrency Lecture 20 - PowerPoint PPT Presentation

Jan 21, 2023 •333 likes •786 views

Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Bitcoin: 10,000 foot view New bitcoins are created every ~10 min,

  1. Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material.

  2. Bitcoin: 10,000 foot view • New bitcoins are “created” every ~10 min, owned by “miner” (more on this later) • Thereafter, just keep record of transfers – e.g., Alice pays Bob 1 BTC • Basic protocol: – Alice signs transaction: txn = Sign Alice (BTC, PK Bob ) – Alice shows transaction to others… 2

  3. Problem: Equivocation! Can Alice “pay” both Bob and Charlie with same bitcoin ? ( Known as “double spending” ) 3

  4. How traditional e-cash handled problem Bank Alice Bob • When Alice pays Bob with a coin, Bob validates that coin hasn’t been spend with trusted third party • Introduced “blind signatures” and “zero-knowledge protocols” so bank can’t link withdrawals and deposits 4

  5. How traditional e-cash handled problem Bank Alice Bob • When Alice pays Bob with a coin, Bob validates that coin hasn’t been spend with trusted third party • Introduced “blind signatures” and “zero-knowledge protocols” Bank maintains linearizable log of transactions so bank can’t link withdrawals and deposits 5

  6. Problem: Equivocation! Goal: No double-spending in decentralized environment Approach: Make transaction log 1. public 2. append-only 3. strongly consistent 6

  7. Bitcoin: 10,000 foot view • Public – Transactions are signed: txn = Sign Alice (BTC, PK Bob ) – All transactions are sent to all network participants • No equivocation: Log append-only and consistent – All transactions part of a hash chain – Consensus on set/order of operations in hash chain 7

  8. Cryptographic hash function ( and their use in blockchain ) 8

  9. Cryptography Hash Functions I • Take message m of arbitrary length and produces fixed-size (short) number H(m) • One-way function – Efficient: Easy to compute H(m) – Hiding property: Hard to find an m , given H(m) • Assumes “m” has sufficient entropy, not just {“heads”, “tails”} – Random: Often assumes for output to “look” random 9

  10. Cryptography Hash Functions II • Collisions exist: | possible inputs | >> | possible outputs | … but hard to find • Collision resistance: – Strong resistance: Find any m != m’ such that H(m) == H(m’) – Weak resistance: Given m, find m’ such that H(m) == H(m’) – For 160-bit hash (SHA-1) • Finding any collision is birthday paradox: 2^{160/2} = 2^80 • Finding specific collision requires 2^160 10

  11. Hash Pointers h = H( ) (data) 11

  12. Hash chains H( ) prev: H( ) prev: H( ) prev: H( ) data data data Creates a “tamper-evident” log of data 12

  13. Hash chains H( ) prev: H( ) prev: H( ) prev: H( ) data data data If data changes, all subsequent hash pointers change Otherwise, found a hash collision! 13

  14. Blockchain Append-only hash chain 14

  15. Blockchain: Append-only hash chain prev: H( ) prev: H( ) prev: H( ) txn 5 txn 6 txn 7 • Hash chain creates “tamper-evident” log of txns • Security based on collision-resistance of hash function – Given m and h = hash(m), difficult to find m’ such that h = hash(m’) and m != m’ 15

  16. Blockchain: Append-only hash chain 16

  17. Problem remains: forking prev: H( ) prev: H( ) prev: H( ) txn 5 txn 6 txn 7 prev: H( ) prev: H( ) txn 6’ txn 7’ 17

  18. Goal: Consensus • Recall Byzantine fault-tolerant protocols to achieve consensus of replicated log – Requires: n >= 3f + 1 nodes, at most f faulty • Problem – Communication complexity is n 2 – Requires view of network participants 18

  19. Consensus susceptible to Sybils • All consensus protocols based on membership… – … assume independent failures … – … which implies strong notion of identity • “Sybil attack” (P2P literature ~2002) – Idea: one entity can create many “identities” in system – Typical defense: 1 IP address = 1 identity – Problem: IP addresses aren’t difficult / expensive to get, esp. in world of botnets & cloud services 19

  20. Consensus based on “work” • Rather than “count” IP addresses, bitcoin “counts” the amount of CPU time / electricity that is expended “The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.” - Satoshi Nakamoto • Proof-of-work: Cryptographic “proof” that certain amount of CPU work was performed 20

  21. Key idea: Chain length requires work prev: H( ) prev: H( ) prev: H( ) prev: H( ) prev: H( ) txn 8 txn 9 txn 5 txn 6 txn 7 prev: H( ) txn 6’ • Generating a new block requires “proof of work” • “Correct” nodes accept longest chain • Creating fork requires rate of malicious work >> rate of correct – So, the older the block, the “safer” it is from being deleted 21

  22. Use hashing to determine work! • Hash functions are one-way / collision resistant – Given h , hard to find m such that h = hash(m) • But what about finding partial collision? – m whose hash has most significant bit = 0? – m whose hash has most significant bit = 00? – Assuming output is randomly distributed, complexity grows exponentially with # bits to match 22

  23. Bitcoin proof of work Find nonce such that hash ( nonce || prev_hash || block data) < target i.e., hash has certain number of leading 0’s What about changes in total system hashing rate? • Target is recalculated every 2 weeks • Goal: One new block every 10 minutes 23

  24. Historical hash rate trends of bitcoin Currently: 8.2 Exahash/s 2 x 10 18 Tech: CPU → GPU → FPGA → ASICs 24

  25. Historical hash rate trends of bitcoin Currently (Nov ’17): 11 Exahash/s 2 x 10 18 Tech: CPU → GPU → FPGA → ASICs https://bitcoinwisdom.com/bitcoin/difficulty 25

  26. Why consume all this energy? • Creating a new block creates bitcoin! – Initially 50 BTC, decreases over time, currently 12.5 – New bitcoin assigned to party named in new block – Called “mining” as you search for gold/coins 26

  27. Incentivizing correct behavior? • Race to find nonce and claim block reward, at which time race starts again for next block hash ( nonce || prev_hash || block data) – As solution has prev_hash, corresponds to particular chain • Correct behavior is to accept longest chain – “Length” determined by aggregate work, not # blocks – So miners incentivized only to work on longest chain, as otherwise solution not accepted – Remember blocks on other forks still “create” bitcoin, but only matters if chain in collective conscious (majority) 27

  28. Form of randomized leader election • Each time a nonce is found: – New leader elected for past epoch (~10 min) – Leader elected randomly, probability of selection proportional to leader’s % of global hashing power – Leader decides which transactions comprise block 28

  29. One block = many transactions • Each miner picks a set of transactions for block • Builds “block header”: prevhash, version, timestamp, txns, … • Until hash < target OR another node wins: – Pick nonce for header, compute hash = SHA256(SHA256(header)) 29

  30. Transactions are delayed • At some time T , block header constructed • Those transactions had been received [ T – 10 min, T] • Block will be generated at time T + 10 min (on average) • So transactions are from 10 - 20 min before block creation • Can be much longer if “backlog” of transactions are long 30

  31. Commitments further delayed • When do you trust a transaction? – After we know it is “stable” on the hash chain – Recall that the longer the chain, the hard to “revert” • Common practice: transaction “committed” when 6 blocks deep – i.e., Takes another ~1 hour for txn to become committed 31

  32. Transaction format: strawman Create 12.5 coins, credit to Alice Transfer 3 coins from Alice to Bob SIGNED(Alice) Transfer 8 coins from Bob to Carol SIGNED(Bob) Transfer 1 coins from Carol to Alice SIGNED(Carol) Transfer 5 coins from Alice to David SIGNED(Alice) How do you determine if Alice has balance? Scan backwards to time 0 ! 32

  33. Transaction format Inputs: Ø // Coinbase reward Outputs: 25.0→PK_Alice Inputs: H (prevtxn, 0) // 25 BTC from Alice Outputs: 25.0→PK_Bob SIGNED(Alice) change address Inputs: H (prevtxn, 0) // 25 BTC From Alice Outputs: 5.0→PK_Bob, 20.0 →PK_Alice2 SIGNED(Alice) Inputs: H (prevtxn1, 1), H (prevtxn2, 0) // 10+5 BTC Outputs: 14.9→PK_Bob SIGNED(Alice) • Transaction typically has 1+ inputs, 1+ outputs • Making change: 1 st output payee, 2 nd output self • Output can appear in single later input (avoids scan back) 33

  34. Transaction format Inputs: Ø // Coinbase reward Outputs: 25.0→PK_Alice Inputs: H (prevtxn, 0) // 25 BTC from Alice Outputs: 25.0→PK_Bob SIGNED(Alice) Inputs: H (prevtxn, 0) // 25 BTC From Alice Outputs: 5.0→PK_Bob, 20.0 →PK_Alice SIGNED(Alice) Inputs: H (prevtxn1, 1), H (prevtxn2, 0) // 10+5 BTC Outputs: 14.9→PK_Bob SIGNED(Alice) • Unspent portion of inputs is “transaction fee” to miner • In fact, “outputs” are stack-based scripts • 1 Block = 1MB max 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es

State of Blockchain at LF Christopher Ferris, CTO Open Technology, IBM Blockchain and Distributed Ledgers Blockchain allows mul/ple compe/ng par/es to securely interact with the same universal

567 views • 31 slides
Blockchain &amp; Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain &amp; Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who

Blockchain &amp; Banking Ahmed A. Mansour MBA, PMP, ITIL, TOGAF, FL23, Blockchain Expert Who thinks blockchain is the future of banking? Who can explain what blockchain is? Blockchain in Banking 2 Blockchain Key Elements Smart Ledger

517 views • 20 slides
Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center

Bitcoin, Blockchain and the Internet of Value Veronika Ktt Frankfurt School Blockchain Center E-Mail: veronika.kuett@fs-blockchain.de Internet: www.fs-blockchain.de About FSBC Our Portfolio Research 1 Foster understanding of blockchain

688 views • 24 slides
Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain

Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain

Welcome to the Government Blockchain Association (GBA) Meet Up May 15 th , 2017 Blockchain for Homeland Security, Defense and Law Enforcement Agenda Brief Review What is blockchain and why is it important? What are the defining

795 views • 31 slides
Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain?

Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain?

Blockchain and Accounting By: Jamie Freiman Rutgers University Overview What is Blockchain? How does it work? Types of Blockchain systems. Impacts of the Blockchain on business and accounting. Integration with Smart

879 views • 22 slides
TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh, Blockchain Consultant I have built technology products for Fortune 500 companies like MasterCard, MetLife and Adobe. I have also

925 views • 28 slides
The Blockchain #HypetoReality 23 rd May 2017 What is the beginning? Dubai Government Blockchain

The Blockchain #HypetoReality 23 rd May 2017 What is the beginning? Dubai Government Blockchain

The Blockchain #HypetoReality 23 rd May 2017 What is the beginning? Dubai Government Blockchain Strategy 100% of Government documents to be on the Blockchain by 2020 Emirates NBD Branch of the future Two use case were chosen for Pilot

484 views • 23 slides
K&amp;L Gates Blockchain Energizer Vol. 1 A bi-weekly update on applications of blockchain

K&amp;L Gates Blockchain Energizer Vol. 1 A bi-weekly update on applications of blockchain

K&amp;L Gates Blockchain Energizer Vol. 1 A bi-weekly update on applications of blockchain technology in the April 6, 2017 energy industry Molly Suda and Benjamin L. Tejblum In this issue: There is a lot of buzz around blockchain technology and

255 views • 4 slides
CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA

CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA

BLOCKCHAIN IN CYBERSECURITY: USAGE AND Abdullah Hamdan CHALLENGES 02/04/2020 OUTLINE : Introduction Blockchain in Cyber security Blockchain and CIA Blockchain Security applications Blockchain Security challenges Conclusion 2 INTRODUCTION

413 views • 12 slides
An Overview of Blockchain and Delawares Blockchain Initiative Matthew J. OToole September

An Overview of Blockchain and Delawares Blockchain Initiative Matthew J. OToole September

Sponsored By: An Overview of Blockchain and Delawares Blockchain Initiative Matthew J. OToole September 29, 2018 National Public Records Research Association Annual Conference Overview of Blockchain/DLT Broad/high-level overview

217 views • 9 slides
Blockchain At Your Fingertips INTRODUCTION WE ARE RAPIDS! BLOCKCHAIN AT YOUR FINGERTIPS We are a

Blockchain At Your Fingertips INTRODUCTION WE ARE RAPIDS! BLOCKCHAIN AT YOUR FINGERTIPS We are a

Blockchain At Your Fingertips INTRODUCTION WE ARE RAPIDS! BLOCKCHAIN AT YOUR FINGERTIPS We are a creative agency with a passion for innovation and the design of beautiful creations. We have all envisioned certain aspects of past cryptocurrency

441 views • 26 slides
Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics

Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics

Blockchain and Crypto By David and Lukas Blockchain and Crypto By David and Lukas Topics Overview What is Bitcoin? What is a Blockchain? Blockchain and Bitcoin In-Depth Transactions New Blocks Forks Nakamotos Forerunners Smart

708 views • 48 slides
The State of Blockchain and Its Impact on Finance Profession What do Blockchain and

The State of Blockchain and Its Impact on Finance Profession What do Blockchain and

The State of Blockchain and Its Impact on Finance Profession What do Blockchain and cryptocurrency really mean and what are the opportunities? What about the risks that come with such wholesale change to business processes. Learn this and more

1.22k views • 32 slides
The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a

The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a

The Blockchain Josh Vorick Bitcoin is a currency. Blockchain is a technology. What is a blockchain? A decentralized database that anyone can add to and no one can delete from The Bitcoin blockchain Why You Should Care Bitcoin

1.02k views • 76 slides
Model checking Dr. Jarad Niemi STAT 544 - Iowa State University February 28, 2019 Jarad Niemi

Model checking Dr. Jarad Niemi STAT 544 - Iowa State University February 28, 2019 Jarad Niemi

Model checking Dr. Jarad Niemi STAT 544 - Iowa State University February 28, 2019 Jarad Niemi (STAT544@ISU) Model checking February 28, 2019 1 / 23 Outline We assume p ( y | ) and p ( ) , so it would be prudent to determine if these

742 views • 23 slides
Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr

Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr

Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr e MDOT SHA Offic e o f T ra nspo rta tio n Mo b ility &amp; Ope ra tio ns (OT MO) Dire c to r o f I nfo rma tio n Re se a rc h, AE M Co rpo ra

266 views • 16 slides
The Aerospace &amp; Defense Forum Arizona Chapter April 14, 2015 Southwest A&amp;D Forum

The Aerospace &amp; Defense Forum Arizona Chapter April 14, 2015 Southwest A&amp;D Forum

The Aerospace &amp; Defense Forum Arizona Chapter April 14, 2015 Southwest A&amp;D Forum Southwest A&amp;D Forum 14 April, 2015 14 April, 2015 1 An employee-owned technology solutions company ~80 years of R&amp;D, engineering, IT

489 views • 8 slides
Address Family Identifiers Assignment Policy Bill Fenner &lt;fenner@research.att.com&gt; Who

Address Family Identifiers Assignment Policy Bill Fenner &lt;fenner@research.att.com&gt; Who

Address Family Identifiers Assignment Policy Bill Fenner &lt;fenner@research.att.com&gt; Who uses AFI? Routing Who else? Sample AFI value that was not registered for routing: 16 DNS (Domain Name System) What should the policy

300 views • 3 slides
Design of the Mu2e Straw Tracker Detector New Perspectives 2017 Manolis Kargiantoulakis

Design of the Mu2e Straw Tracker Detector New Perspectives 2017 Manolis Kargiantoulakis

Design of the Mu2e Straw Tracker Detector New Perspectives 2017 Manolis Kargiantoulakis 06/06/2017 Mu2e in a Slide Production Transport Detector Solenoid Solenoid Solenoid Proton Calorimeter beam Tracker Stopping target Production

668 views • 19 slides
2 Notions and Concepts of Fuzzy Sets Fuzzy Systems Engineering Toward Human-Centric Computing

2 Notions and Concepts of Fuzzy Sets Fuzzy Systems Engineering Toward Human-Centric Computing

2 Notions and Concepts of Fuzzy Sets Fuzzy Systems Engineering Toward Human-Centric Computing Contents 2.1 Sets and fuzzy sets: A departure from the principle of dichotomy 2.2 Interpretation of fuzzy sets 2.3 Membership functions and their

437 views • 29 slides
1 GLOSTEN IS PEOPLE GLOSTEN IS PEOPLE Our Mission: Deliver excellence, Every project, Every

1 GLOSTEN IS PEOPLE GLOSTEN IS PEOPLE Our Mission: Deliver excellence, Every project, Every

1 GLOSTEN IS PEOPLE GLOSTEN IS PEOPLE Our Mission: Deliver excellence, Every project, Every time. GLOSTEN IS PEOPLE Our Mission: Deliver excellence, Every project, Every time. How: Listen, Engage, Explore, Collaborate. GLOSTEN IS

271 views • 7 slides
The Complexity of Equivariant Unfiication James Cheney, Cornell University ICALP July 15, 2004

The Complexity of Equivariant Unfiication James Cheney, Cornell University ICALP July 15, 2004

The Complexity of Equivariant Unfiication James Cheney, Cornell University ICALP July 15, 2004 1 Background Recently Gabbay and Pitts (LICS 1999) developed a new theory of names and binding. Names are an abstract data type with

623 views • 25 slides

More recommend