Crypto Currencies Prof. Tom Austin San Jos State University What - PowerPoint PPT Presentation

CS 166: Information Security Crypto Currencies Prof. Tom Austin San José State University

What is currency? • A means of exchange, so that we don't have to carry around goats. • Something we all agree is valuable… • …maybe because people with guns tell us it is valuable?

History of currency • 2000 BC – Receipts represented grain stored in Sumerian temple granaries (representative money) • 600-700 BC – Coins developed in Anatolia, Greece, India, and China (commodity money) – Value of these coins tied to metal content • 900 AD – Jiaozi banknote developed in China – fiat money– valuable because government says so • 1971 – U.S. breaks away from the gold standard

So what is a digital currency?

Properties of an ideal digital currency (Okamoto and Ohta) 1. Independence – not dependent on any physical location – can be transferred through computer networks 2. Security – cannot be copied and reused 3. Privacy 4. Off-line Payment – No need to be linked to a host to process payment 5. Transferability 6. Divisibility

DigiCash • 1983 – David Chaum invents blinding formula allowing anonymous, verifiable transactions – Blinded signatures – akin to signing a slip of carbon paper through a sealed envelope • Late 1980s – Chaum starts DigiCash • 1998 – DigiCash goes bankrupt, in part because of difficulty working with banks • Today, opencoin builds on some of Chaum's ideas. http://opencoin.com/

Building a Cryptocurrency

Digital Currency – Take 1 "I Alice agree to pay the bearer of this note $100" Alice Bob Any issues with this approach?

Digital Currency 1 – Repudiation I want my money. I did not write that note. I'm not paying. Alice Bob "I Alice agree to pay the bearer of this note $100"

Digital Currency – With Signatures "I agree to pay the bearer of this note $100" Alice Bob

Digital Currency with Signatures gives Nonrepudiation I want my money. I did not write that note. I'm not paying. It has your signature. Oh… OK. Alice Bob "I agree to pay the bearer of this note $100"

Double Spending Take this IOU from Alice to square our debt. OK "I agree to pay the bearer of Charlie Bob this note $100"

Double Spending I'm here to collect my money. But… I already paid. Alice Charlie "I agree to pay the bearer of this note $100"

A centralized authority could monitor all transactions…

Because everyone trusts banks

Centralized Cryptocurrencies • A central authority can validate transactions • Our initial version: – provides anonymity – is impossible to reverse – bank can still verify correct amount • (From Schneier's "Applied Cryptography")

1. Alice prepares 100 anon $1k money orders. 2. She places each money order in an envelope. 3. Bank opens 99 orders & verifies the amount. 4. The bank signs the last order and deducts $1k from Alice's account. 5. Alice takes the anonymous money order out of the envelope and spends it. 6. Merchant accepts money order after verifying bank's signature. 7. Merchant takes money order to the bank. 8. Bank verifies signature and pays money.

The previous currency still does not address the double spending problem. The next version will solve that issue.

1. Alice prepares 100 anon $1k money orders and places a random global identifier string on each . 2. She places each money order in an envelope. 3. Bank opens 99 orders & verifies the amount. 4. The bank signs the last order and deducts $1k from Alice's account. 5. Alice takes the anonymous money order out of the envelope and spends it. 6. Merchant accepts money order after verifying bank's signature. 7. Merchant takes money order to the bank. 8. Bank verifies signature, checks that the identifier has not been previously used, and pays money.

What's wrong with a centralized currency? • A centralized institution might find clever ways to monitor transactions. • The protocol requires buy-in from banks or other institutions. – arguably part of the reason that DigiCash failed • The centralized institution might charge heavy transaction fees.

An alternate approach is for everyone to track all transactions, and vote whenever a discrepancy arises.

Bitcoin • Protocol designed by Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf • First Bitcoin client launched in 2009 • Peer-to-peer – no centralized control – Every client keeps track of the history of all bitcoins

What is a cryptocoin worth? Some cryptocurrencies tie there value to another currency. Other cryptocurrencies (such as Bitcoin) are not tied to any other currency. We'll follow this model.

Digital Currency – Ledger Alice: 20 Alice: 20 Bob: 11 Bob: 11 Charlie: 5 Charlie: 5 David: 34 David: 34 Bob Alice: 20 Bob: 11 Alice Charlie: 5 Alice: 20 David: 34 "I am giving 10 Bob: 11 Charlie: 5 cryptocoins David: 34 to Bob" Charlie David

Digital Currency – Ledger Alice: 5 Alice: 5 Bob: 11 Bob: 11 Charlie: 20 Charlie: 20 David: 34 David: 34 Bob Alice: 5 Bob: 11 Alice Charlie: 20 Alice: 5 David: 34 "I am giving 15 Bob: 11 Charlie: 20 cryptocoins David: 34 to Charlie" Charlie David

Digital Currency – Ledger Invalid transaction! Invalid Bob transaction! Alice "I am giving 8 cryptocoins Invalid to David" transaction! Charlie David

Bitcoin Miners

People are always tempted to cheat. How can we catch them in a peer-to- peer system?

Bitcoin Proof of Work • The Bitcoin protocol uses proof of work to verify block chains , which determine transaction history. • This strategy prevents double spending , where Alice tries to spend the same coin with both Bob and Charlie.

Mining • Miners hash transaction details plus a "proof" of spending computational resources – Reward: some bitcoins are generated plus there can be transaction fees • Cost to discover proof – 2 N hashes • Cost to verify proof – One hash • The Bitcoin protocol is designed to make mining more profitable than cheating – https://bitcoin.org/bitcoin.pdf

Digital Currency – Proof of Work Alice: 5 Alice: 5 Bob: 11 Bob: 11 Charlie: 20 Charlie: 20 David: 34 David: 34 Bob Alice: 5 Bob: 11 Alice Charlie: 20 Alice: 5 David: 34 "I am giving 2 Bob: 11 Charlie: 20 cryptocoins David: 34 to Charlie" Charlie David

Digital Currency – Proof of Work Alice: 3 Alice: 3+1 Bob: 11+1 Searching Bob: 11 Charlie: 22 for proof of Charlie: 22 David: 34 work… David: 34 Searching for proof of Alice: 3 Bob work… Bob: 11 Charlie: 22 Alice David: 34 +1 Searching for proof "I am giving 2 of work… cryptocoins Alice: 3 Searching to Charlie" Bob: 11 for proof Charlie Charlie: 22+1 of work… David: 34 David

Digital Currency – Proof of Work Bob Found Alice proof! "I am giving 2 cryptocoins to Charlie" Charlie David

Digital Currency – Proof of Work Alice: 3 Alice: 3 Bob: 11 Bob: 11 Charlie: 22 Charlie: 22 David: 35 David: 35 Alice: 3 Bob Bob: 11 Charlie: 22 Alice David: 35 "I am giving 2 cryptocoins Alice: 3 to Charlie" Bob: 11 Charlie Charlie: 22 David: 35 David

Handling Discrepancies Discrepancies between ledgers are resolved in favor of the chain with the greatest amount of work used in its creation. Generally, this means that we take the longest blockchain.

Challenges in cryptocurrencies • Slow verification – roughly an hour with Bitcoin • "Useless" work – Bitcoin uses about 1/3 of the energy that homes in San Jose use • Challenges updating protocol – hard forks

Interesting cryptocurrencies • Ethereum – Arbitrary programming contracts – Uses "gas" • FileCoin – distributed cloud storage – proof-of-storage – proof-of-replication • Proof-of-stake protocols

Lab: Proof of Work protocol Download Miner.java from the course website. Implement the findProof method to: 1) Add one extra coin to the miner's account 2) Convert the new ledger to a String 3) Search for a "proof" where the result of hash(ledgerStr + proof) has NUM_ZEROES leading zeroes.