SLIDE 1 CS 166: Information Security
San José State University
Crypto Currencies
SLIDE 2 What is currency?
- A means of exchange, so that we
don't have to carry around goats.
is valuable…
with guns tell us it is valuable?
SLIDE 3 History of currency
- 2000 BC – Receipts represented grain stored in
Sumerian temple granaries (representative money)
- 600-700 BC – Coins developed in Anatolia,
Greece, India, and China (commodity money)
– Value of these coins tied to metal content
- 900 AD – Jiaozi banknote developed in China
– fiat money– valuable because government says so
- 1971 – U.S. breaks away from the gold standard
SLIDE 4
So what is a digital currency?
SLIDE 5 Properties of an ideal digital currency
(Okamoto and Ohta)
– not dependent on any physical location – can be transferred through computer networks
– cannot be copied and reused
- 3. Privacy
- 4. Off-line Payment
– No need to be linked to a host to process payment
- 5. Transferability
- 6. Divisibility
SLIDE 6 DigiCash
- 1983 – David Chaum invents blinding
formula allowing anonymous, verifiable transactions
– Blinded signatures – akin to signing a slip of carbon paper through a sealed envelope
- Late 1980s – Chaum starts DigiCash
- 1998 – DigiCash goes bankrupt, in part
because of difficulty working with banks
- Today, opencoin builds on some of Chaum's
- ideas. http://opencoin.com/
SLIDE 7
Building a Cryptocurrency
SLIDE 8 Digital Currency – Take 1
Alice Bob
"I Alice agree to pay the bearer of this note $100"
Any issues with this approach?
SLIDE 9 Digital Currency 1 – Repudiation
Alice Bob
"I Alice agree to pay the bearer of this note $100"
I want my money.
I did not write that
paying.
SLIDE 10 Digital Currency – With Signatures
Alice Bob
"I agree to pay the bearer of this note $100"
SLIDE 11 Digital Currency with Signatures gives Nonrepudiation Alice Bob
I want my money.
I did not write that
paying.
"I agree to pay the bearer of this note $100"
It has your signature.
Oh… OK.
SLIDE 12 Double Spending
Bob Charlie
Take this IOU from Alice to square our debt. OK
"I agree to pay the bearer of this note $100"
SLIDE 13 Charlie
Double Spending
Alice
I'm here to collect my money.
But… I already paid.
"I agree to pay the bearer of this note $100"
SLIDE 14
A centralized authority could monitor all transactions…
SLIDE 15
Because everyone trusts banks
SLIDE 16 Centralized Cryptocurrencies
- A central authority can validate
transactions
–provides anonymity –is impossible to reverse –bank can still verify correct amount
- (From Schneier's "Applied
Cryptography")
SLIDE 17
- 1. Alice prepares 100 anon $1k money orders.
- 2. She places each money order in an envelope.
- 3. Bank opens 99 orders & verifies the amount.
- 4. The bank signs the last order and deducts $1k
from Alice's account.
- 5. Alice takes the anonymous money order out of
the envelope and spends it.
- 6. Merchant accepts money order after verifying
bank's signature.
- 7. Merchant takes money order to the bank.
- 8. Bank verifies signature and pays money.
SLIDE 18
The previous currency still does not address the double spending problem. The next version will solve that issue.
SLIDE 19
- 1. Alice prepares 100 anon $1k money orders and
places a random global identifier string on each.
- 2. She places each money order in an envelope.
- 3. Bank opens 99 orders & verifies the amount.
- 4. The bank signs the last order and deducts $1k from
Alice's account.
- 5. Alice takes the anonymous money order out of the
envelope and spends it.
- 6. Merchant accepts money order after verifying bank's
signature.
- 7. Merchant takes money order to the bank.
- 8. Bank verifies signature, checks that the identifier
has not been previously used, and pays money.
SLIDE 20 What's wrong with a centralized currency?
- A centralized institution might find
clever ways to monitor transactions.
- The protocol requires buy-in from
banks or other institutions.
–arguably part of the reason that DigiCash failed
- The centralized institution might
charge heavy transaction fees.
SLIDE 21
An alternate approach is for everyone to track all transactions, and vote whenever a discrepancy arises.
SLIDE 22 Bitcoin
Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf
- First Bitcoin client launched in 2009
- Peer-to-peer – no centralized control
–Every client keeps track of the history
SLIDE 23
What is a cryptocoin worth? Some cryptocurrencies tie there value to another currency. Other cryptocurrencies (such as Bitcoin) are not tied to any other currency. We'll follow this model.
SLIDE 24 Digital Currency – Ledger
Alice
Bob "I am giving 10 cryptocoins to Bob" Charlie David
Alice: 20 Bob: 11 Charlie: 5 David: 34 Alice: 20 Bob: 11 Charlie: 5 David: 34 Alice: 20 Bob: 11 Charlie: 5 David: 34 Alice: 20 Bob: 11 Charlie: 5 David: 34
SLIDE 25 Digital Currency – Ledger
Alice
Bob "I am giving 15 cryptocoins to Charlie" Charlie David
Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34
SLIDE 26 Digital Currency – Ledger
Alice
Bob "I am giving 8 cryptocoins to David" Charlie David
Invalid transaction! Invalid transaction! Invalid transaction!
SLIDE 27
Bitcoin Miners
SLIDE 28
People are always tempted to cheat. How can we catch them in a peer-to- peer system?
SLIDE 29 Bitcoin Proof of Work
- The Bitcoin protocol uses proof of work
to verify block chains, which determine transaction history.
- This strategy prevents double spending,
where Alice tries to spend the same coin with both Bob and Charlie.
SLIDE 30 Mining
- Miners hash transaction details plus a
"proof" of spending computational resources
– Reward: some bitcoins are generated plus there can be transaction fees
- Cost to discover proof – 2N hashes
- Cost to verify proof – One hash
- The Bitcoin protocol is designed to make
mining more profitable than cheating
– https://bitcoin.org/bitcoin.pdf
SLIDE 31 Digital Currency – Proof of Work
Alice
Bob "I am giving 2 cryptocoins to Charlie" Charlie David
Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34 Alice: 5 Bob: 11 Charlie: 20 David: 34
SLIDE 32 Digital Currency – Proof of Work
Alice
Bob "I am giving 2 cryptocoins to Charlie" Charlie David
Alice: 3 Bob: 11+1 Charlie: 22 David: 34 Alice: 3 Bob: 11 Charlie: 22+1 David: 34 Alice: 3+1 Bob: 11 Charlie: 22 David: 34 Searching for proof of work… Searching for proof of work… Alice: 3 Bob: 11 Charlie: 22 David: 34 +1 Searching for proof
Searching for proof
SLIDE 33 Digital Currency – Proof of Work
Alice
Bob "I am giving 2 cryptocoins to Charlie" Charlie David
Found proof!
SLIDE 34 Digital Currency – Proof of Work
Alice
Bob "I am giving 2 cryptocoins to Charlie" Charlie David
Alice: 3 Bob: 11 Charlie: 22 David: 35 Alice: 3 Bob: 11 Charlie: 22 David: 35 Alice: 3 Bob: 11 Charlie: 22 David: 35 Alice: 3 Bob: 11 Charlie: 22 David: 35
SLIDE 35
Handling Discrepancies
Discrepancies between ledgers are resolved in favor of the chain with the greatest amount of work used in its creation. Generally, this means that we take the longest blockchain.
SLIDE 36 Challenges in cryptocurrencies
–roughly an hour with Bitcoin
–Bitcoin uses about 1/3 of the energy that homes in San Jose use
- Challenges updating protocol
–hard forks
SLIDE 37 Interesting cryptocurrencies
–Arbitrary programming contracts –Uses "gas"
–distributed cloud storage –proof-of-storage –proof-of-replication
SLIDE 38
Lab: Proof of Work protocol
Download Miner.java from the course website. Implement the findProof method to: 1) Add one extra coin to the miner's account 2) Convert the new ledger to a String 3) Search for a "proof" where the result of hash(ledgerStr + proof) has NUM_ZEROES leading zeroes.
