thirty years of digital currency from digicash to the
play

Thirty Years of Digital Currency: From DigiCash to the Blockchain - PowerPoint PPT Presentation

Jun 10, 2023 •215 likes •987 views

Thirty Years of Digital Currency: From DigiCash to the Blockchain Matthew Green Johns Hopkins University My background Prof. at Johns Hopkins University Mainly work in applied cryptography (TLS, messaging systems,

  1. Thirty Years of Digital Currency: From DigiCash to the Blockchain Matthew Green 
 Johns Hopkins University

  2. My background • Prof. at Johns Hopkins University • Mainly work in applied cryptography 
 (TLS, messaging systems, privacy-preserving protocols) • I write a blog • Co-founded a cryptocurrency (Zcash) 
 and boy was that weird

  3. Why talk about 
 cryptocurrency?

  6. • Whether you love it or hate it… • Cryptocurrencies are exerting 
 a massive influence on our field • The first major exposure to cryptography • That’s both a good thing and a bad thing • The good: we get to deploy some 
 really exciting new cryptography • The bad: if you stare into the abyss…

  7. This talk • A bit of history (payments & cryptocurrency) • Some of the exciting practical directions 
 being investigated today • Some of the most exciting research directions 
 (both in currency and outside of currency) • With an admitted focus on privacy problems • Postscript: Some random bad crypto in cryptocurrency

  8. 1980s-2007 (or: how we got PayPal )

  10. 1980s: Retail Payments • Goal: Digital payment system that • Allows payments between customers and merchants (c2m) • Or between individual customers (c2c) • Strong cryptographic security • Privacy

  11. Problems • Double spending • To capture double spending you need an online 
 (networked) party that must be trusted • They can attack the system or simply fail • Privacy • In many naive systems, the bank 
 sees every transaction you make • Origin • How is new currency created?

  12. e-Cash • Devised by Chaum, Chaum/Fiat/Naor, Brands, etc. • Move to a “cash” model, with added privacy • Individuals would carry redeemable tokens • Reduces the problem to detecting double spending 
 and user privacy

  13. Chaum (CRYPTO ’83) σ sk (Blind) signature pk Payer Bank Redeem/ 
 verify not previously 
 spent Merchant

  14. CHL (Eurocrypt ’05) K σ sk (Blind) signature pk Payer Bank SN = PRF ( K, i ) NIZK Π Redeem/ 
 verify not previously 
 For I = 1 to N spent Merchant

  15. e-Cash • Huge number of academic works / practical 
 improvements • Online schemes / offline schemes • (Offline required using tamper-resistant storage) • Main research problem continued to be privacy

  16. Why did centralized e-Cash fail? • Deploying e-Cash systems required a centralized bank • Required a trusted server with money issuing powers • In 1994, EU regulations made this more challenging • 9/11 and beyond saw closures of non-anonymous currencies (e-Gold and Liberty 
 Reserve)

  17. Why did e-Cash fail? (2) • Were these technical or policy failures? Maybe both. • The e-Cash model was centralized and relied on a vulnerable interface with the banking system • Privacy was (eventually) off the table for regulators • Any solution would 
 have to work around 
 those (manufactured) 
 technical problems

  18. 1996: SET • Developed by Visa and MasterCard • Cryptographic architecture based on certificates • Assurance, authenticity and confidentiality

  21. Why SET failed • Required end-user certificates • All the problems of key management PLUS 
 all of the problems of identity verification • Binding keys to user identities seems to trouble users

  22. Conclusions (1980s-2007) • Most cryptographic solutions too complex, or had “undesirable” features (privacy) • Commercial solutions (existing credit cards, SET) failed to support the case of person->person transfers • Web browsers didn’t support fancy crypto 
 anyway. • We got PayPal

  23. Conclusions (1980s-2007) • Most cryptographic solutions too complex, or had “undesirable” features (privacy) • Commercial solutions (existing credit cards, SET) failed to support the case of person->person transfers • Web browsers didn’t support fancy crypto 
 anyway. • We got PayPal

  24. Conclusions (1980s-2007) • Most cryptographic solutions were too complex, or had undesirable features (privacy) • Commercial solutions (existing credit cards, SET) failed to support the case of person->person transfers • Web browsers didn’t support fancy crypto 
 anyway. • We got PayPal

  25. Conclusions (1980s-2007) • Most cryptographic solutions were too complex, or had undesirable features (privacy) • Commercial solutions (existing credit cards, SET) failed to support the case of person->person transfers • Web browsers didn’t support fancy crypto 
 anyway. • We got PayPal

  26. The decentralized era 
 2008-2018

  27. Nakamoto, 2008 • Replace the server with a distributed ledger (blockchain) • Use a new consensus technique to construct the ledger

  28. Nakamoto, 2008 • Replace the server with a distributed ledger (blockchain) • Use a new consensus technique to construct the ledger • Use puzzles to handle consensus & generate funds 
 [Credit to Dai, (B-Cash) Back (HashCash) etc.]

  29. Nakamoto, 2008 • Replace the server with a distributed ledger (blockchain) • Use a new consensus technique to construct the ledger • Use puzzles to handle consensus & generate funds • Eliminate the need for explicit key/identity bindings

  30. Nakamoto, 2008 • Replace the server with a distributed ledger (blockchain) • Use a new consensus technique to construct the ledger • Use puzzles to handle consensus & generate funds • Eliminate the need for explicit key/identity bindings • Everything else is straightforward crypto and 
 excellent engineering

  31. Credit for Bitcoin • With much credit due: • Wei Dai, B-cash laid out many ideas • Adam Back, HashCash • Ledgers used in e-Cash (Sander and Ta-Shma) • Years of existing consensus 
 systems (mostly ignored)

  32. Lessons of Bitcoin • Getting the consensus algorithm right makes all the difference

  33. Lessons of Bitcoin • Getting the consensus algorithm right makes all the difference [B]lockchain-style consensus indeed achieves certain robustness properties in the presence of sporadic participation and node churn that none of the classical style protocols can attain. - Pass, Shi 2018 (also ‘16, ’17, Daian, Pass, Shi ’16)

  34. Lessons of Bitcoin • Using the right consensus algorithm really makes a difference • Eliminating the need for key/identity management 
 significantly simplifies the currency problem

  35. Lessons of Bitcoin • Using the right consensus algorithm really makes a difference • Eliminating the need for key/identity management 
 significantly simplifies the currency problem • Human beings are weird

  36. Lessons of Bitcoin • Using the right consensus algorithm really makes a difference This is simultaneously trivial and the most unexpected lesson of the entire cryptocurrency • Eliminating the need for key/identity management 
 experiment: significantly simplifies the currency problem • Human beings are weird People will assign significant value to meaningless electronic tokens — if you convince them that the tokens are secure and have a predictable supply.

  37. Limitations of Bitcoin • Privacy limitations • Functionality limitations • Scalability & Sustainability limitations

  38. Bitcoin & Privacy Source: MPJLMVS13

  39. 🐶🚁

  40. Zerocoin/Zcash

  41. From payments to state • Of course once you have a ledger… • Each Bitcoin transaction can be considered a function f() consuming some previous state and producing a state update • Obviously this generalizes nicely to more complex programs and stored data

  42. The future: 2018-

  43. What interests me • Scaling (channels) • Replacing PoW • Conditioning (trustworthy) computation on ledgers

  44. Scaling • Current Bitcoin/Ethereum transaction rate is ~7TX/s • Compare with Visa at 10,000-40,000+ TX.s globally • This gets worse as transaction complexity increases • Problems are storage/throughput/validation bandwidth

  45. L2 (Channels) 1 0 Open 0.9 0.1 Update Update 0.8 0.2 … Close result on blockchain …

  46. L2 (Channels)

  47. L2 (Channels)

  48. Bitcoin / Lightning Network Privacy • No real privacy between peers on a single payment channel • Only way to achieve privacy is to use longer paths • Requires a complex “Onion Routing” style protocol A → I 1 → I 2 → I 3 → B

  49. Channel problems: privacy • However, this arrangement doesn’t really work well. Aside from cost, it falls to even limited collusion • Reason: transactions in each channel must share a structure called a “hash lock” that is common between all peers H H H H A → I 1 → I 2 → I 3 → B

  50. Channel problems: privacy • In principle this can be fixed using Chaumian e-cash ideas • Treat one endpoint of the channel as a Chaumian bank, 
 withdraw coins and spend them back. • Use channel to ensure fair exchange • E.g., TumbleBit (Heilman et al, 2016), Bolt (Miers, Green, 2016) σ

  51. Channel problems: privacy • This works fairly well for channels of length 1 • Can be made to work for channels of length 2 “bank”

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

https://xkcd.com/1323/ Cryptocurrencies & Security on the Blockchain Digicash, Part 1:

https://xkcd.com/1323/ Cryptocurrencies & Security on the Blockchain Digicash, Part 1:

https://xkcd.com/1323/ Cryptocurrencies & Security on the Blockchain Digicash, Part 1: Blinded Signatures Prof. Tom Austin San Jos State University Lab 3 Review DigiCash Created by David Chaum A centralized cryptocurrency

466 views • 27 slides
Chronicle Accelerate Building a Digital Currency Peter Lawrey CEO 19 Apr 2018 Peter Lawrey

Chronicle Accelerate Building a Digital Currency Peter Lawrey CEO 19 Apr 2018 Peter Lawrey

Chronicle Accelerate Building a Digital Currency Peter Lawrey CEO 19 Apr 2018 Peter Lawrey Java Developer / Consultant for investment banks and hedge funds. 25 years in IT. CEO for 5 years Major Banks use Chronicles framework to

923 views • 44 slides
Cellular structure for a digital fiat currency Robleh Ali MIT Media Lab Digital Currency

Cellular structure for a digital fiat currency Robleh Ali MIT Media Lab Digital Currency

Cellular structure for a digital fiat currency Robleh Ali MIT Media Lab Digital Currency Initiative Cellular structure for a digital fiat currency (DFC) Goals Cellular structure Rationale for cellular structure Cellular

444 views • 19 slides
Cryptocurrencies and Blockchain Hello! I am Ignas Lapienis I am here to give intro to Crypto

Cryptocurrencies and Blockchain Hello! I am Ignas Lapienis I am here to give intro to Crypto

Cryptocurrencies and Blockchain Hello! I am Ignas Lapienis I am here to give intro to Crypto ecosystem :-) 1. What is Digital Currency? Digital Currency, Blockchain, DLT A Cryptocurrency is a Digital Asset/Currency designed to work as

447 views • 28 slides
Section #9: Bitcoins What are Bitcoins? Digital currency

Section #9: Bitcoins What are Bitcoins? Digital currency

Section #9: Bitcoins What are Bitcoins? Digital currency Unique string of bits Use cryptography for security and privacy Not tied to names:

567 views • 10 slides
Aimee Bernsteins Keynote Speeches and Presentations Over the last thirty-five years Aimee

Aimee Bernsteins Keynote Speeches and Presentations Over the last thirty-five years Aimee

Aimee Bernsteins Keynote Speeches and Presentations Over the last thirty-five years Aimee Bernstein has delivered speeches to thousands of people in corporations, non- profit organizations, womens conference s, and professional associations.

42 views • 3 slides
both seller and buyer clients..and a track record thats the envy of newer agencies!

both seller and buyer clients..and a track record thats the envy of newer agencies!

REAL ESTATE DRUM & DRUM REAL ESTATE CELEBRATING THIRTY YEARS Thirty years serving Midcoast Maine..ten bro- kers...over $500 million in sales...a long list of both seller and buyer clients..and a track record thats

211 views • 10 slides
TRUST @ANDY_PAVLO Thirty Years Ago 2 I NTERACTIVE T RANSACTIONS S MALL # OF CPU C ORES S MALL

TRUST @ANDY_PAVLO Thirty Years Ago 2 I NTERACTIVE T RANSACTIONS S MALL # OF CPU C ORES S MALL

MY DATABASE SYSTEM IS THE ONLY THING I CAN TRUST @ANDY_PAVLO Thirty Years Ago 2 I NTERACTIVE T RANSACTIONS S MALL # OF CPU C ORES S MALL M EMORY S IZES TPC-C BENCHMARK APPLICATION NewOrder Transaction 4 TPC-C BENCHMARK 20,000 MySQL

1.12k views • 63 slides
Australian Digital Currency Commerce Association ACAMS PRES ENTATION 30 S eptember 2014 1

Australian Digital Currency Commerce Association ACAMS PRES ENTATION 30 S eptember 2014 1

Australian Digital Currency Commerce Association ACAMS PRES ENTATION 30 S eptember 2014 1 Agenda 1. What is Bit coin? 2. How are Bit coins Used? 3. The Growing Digit al Currency Indust ry 4. Taxing Digit al Currencies 5. Bit coin as a

633 views • 50 slides
Thirty Years of Virtual Substitution Foundations, Techniques, Applications Thomas Sturm, CNRS,

Thirty Years of Virtual Substitution Foundations, Techniques, Applications Thomas Sturm, CNRS,

Thirty Years of Virtual Substitution Foundations, Techniques, Applications Thomas Sturm, CNRS, France ISSAC 2018, New York, NY, July 19, 2018 Real Quantifier Elimination (QE) = x 2 + xy + b and q = x + ay 2 + b Z [ a , b , x , y ] Let p

789 views • 30 slides
Thirty years ago...

Thirty years ago...

Thirty years ago...

269 views • 3 slides
Digital Currency (DC) Design principles supportive of a shift from bankmoney to DC Conference

Digital Currency (DC) Design principles supportive of a shift from bankmoney to DC Conference

Digital Currency (DC) Design principles supportive of a shift from bankmoney to DC Conference Future of Money, org. by Monetative e.V., IMMR and Frankfurt School for Finance & Management Blockchain Center - Frankfurt 24 Nov 2018 by Joseph

486 views • 13 slides
The five-minute rule thirty years later Raja Appuswamy, Renata Borovica-Gajic, Goetz Graefe, and

The five-minute rule thirty years later Raja Appuswamy, Renata Borovica-Gajic, Goetz Graefe, and

The five-minute rule thirty years later Raja Appuswamy, Renata Borovica-Gajic, Goetz Graefe, and Anastasia Ailamaki The five-minute rule in 1987 Storage hardware: Two-tier hierarchy 1MB RAM: $5,000 ~ $5,000/MB 180MB HDD: $30,000 ~

301 views • 29 slides
The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com www.hotmail.com and other free email sites Why is the best software designed in the US, will this continue to be the case? 1992, The

462 views • 8 slides
ancient Greece War Between the Greeks MEETING 10 The Undeclared War The Thirty Years

ancient Greece War Between the Greeks MEETING 10 The Undeclared War The Thirty Years

11/8/19 H I S T O R Y O F ancient Greece War Between the Greeks MEETING 10 The Undeclared War The Thirty Years Peace The Peloponnesian War 1 THE UNDECLARED WAR 2 Timeline: Peloponnesian Wars 3 1 11/8/19 The Undeclared War

296 views • 14 slides
Introduction to Bitcoin and Distributed Systems Prof. Tom Austin San Jos State University

Introduction to Bitcoin and Distributed Systems Prof. Tom Austin San Jos State University

Cryptocurrencies & Security on the Blockchain Introduction to Bitcoin and Distributed Systems Prof. Tom Austin San Jos State University Review Lab HW1: DigiCash Lite (DCL) So why did DigiCash fail? Poor business decisions?

572 views • 17 slides
Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn /

Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn /

Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn / Georgia Institute of Technology What is the nature of privacy and security threats posed by the Internet of Things in the context of meaningful

671 views • 65 slides
Using Multilingual, Audio-Assisted Web & Mobile Evidence-Based Needs Assessments to Plan,

Using Multilingual, Audio-Assisted Web & Mobile Evidence-Based Needs Assessments to Plan,

Using Multilingual, Audio-Assisted Web & Mobile Evidence-Based Needs Assessments to Plan, Fund and Actuate Care Services Michael McNeill, Health Care Analyst/Administrative Services Coordinator, Wake County NC Human Services Katie Herting,

1.26k views • 98 slides
Overview Websites Literature Final Remarks Jrg Cassens SoSe 2018 Contextualized Computing

Overview Websites Literature Final Remarks Jrg Cassens SoSe 2018 Contextualized Computing

Welcome Rules & Regulations Overview Websites Literature Final Remarks Jrg Cassens SoSe 2018 Contextualized Computing and Ambient Intelligent Systems SoSe 2018 Jrg Cassens Overview 1 / 40 Outline Welcome Rules &

1.51k views • 47 slides
Assessment and the New BC Curriculum: An Exploration Webinar #2 February 13, 2019 Tom Schimmer

Assessment and the New BC Curriculum: An Exploration Webinar #2 February 13, 2019 Tom Schimmer

www.tomschimmer.com tschimmer@live.ca Assessment and the New BC Curriculum: An Exploration Webinar #2 February 13, 2019 Tom Schimmer www.allthingsassessment.info @TomSchimmer Learning Progressions vs Progressions of Quality Learning

623 views • 9 slides
Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Cryptocurrency Technologies Cryptography and Cryptocurrencies Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public

489 views • 27 slides
Digital Currencies Chris Head Digital Monetary Trust Trusted central authority

Digital Currencies Chris Head Digital Monetary Trust Trusted central authority

Digital Currencies Chris Head Digital Monetary Trust Trusted central authority Tamper-resistant cryptographic coprocessor Anonymity of account holders' identities Deposits backed by investments into securities Closed 2005

375 views • 14 slides
Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website

Bitcoin Proof of Work Require a unit of work to do a task Send email Access a website Process a Bitcoin transaction Why? Prevent spam Prevent denial of service attacks Rate-limit the network HashCash Find a partial

636 views • 32 slides
Central bank digital currency: What is it and is it useful? Antoine Martin Federal Reserve Bank

Central bank digital currency: What is it and is it useful? Antoine Martin Federal Reserve Bank

Central bank digital currency: What is it and is it useful? Antoine Martin Federal Reserve Bank of New York The views expressed herein are my own and may not reflect the views of the Federal Reserve Bank of New York or the Federal Reserve

210 views • 5 slides

More recommend