sen-material: comparison handouts/ho08.tex

equal deleted inserted replaced

-:7f0ac1355f0b
+:5a6e8b7d20f7
 you step on somebody else's shoes. Compare this with the
 email-addresses you wanted to register with, say
 Gmail, but which are always already taken.
 One major difference between Bitcoins and traditional banking
-is that you do not have a place, or places, that record the
+is that you do not have a place, or few places, that record the
 balance on your account. Traditional banking involves a
 central ledger which specifies the current balance in each
 account, for example
 \begin{center}
 The problem with such messages in a distributed system is that
 what happens if Bob receives 10, say, of these transactions?
 Did Alice intend to send him 10 Bitcoins, or did the message
 get duplicated by for example an attacker re-playing a sniffed
 message? What is needed is a kind of serial number for such
-transactions. This means transaction messages look more like
+transactions. This means transaction messages shoul look more like
 \begin{center}
 $\{\text{I, Alice, am giving Bob Bitcoin \#1234567.}\}_{K^{priv}_{Alice}}$
 \end{center}
 ``consolidate'' your funds: if it were only possible to split
 transactions, then the amounts would get smaller and smaller.
 In Bitcoins you have the ability to both combine incoming
 transactions, but also to split outgoing transactions to
-potentially more than one receiver. The latter is needed.
+potentially more than one receiver. The latter is also needed.
 Consider again the rightmost transactions in
 Figure~\ref{txngraph} and suppose Alice is a coffeeshop owner
 selling coffees for 1 Bitcoin. Charles received a transaction
 from Zack over 5 Bitcoins, say. How does Charles pay for the
 coffee? There is no explicit notion of \emph{change} in the
 on the network that she is still the rightful owner of the
 Bitcoin. After being outvoted, Bob would be a tad peeved.
 The reflex reaction to such a situation would be to make the
 process of validating a transaction as cheap as possible. The
-intention is that Bob will get enough peers to agree with him
+intention is that Bob will easily get enough peers to agree with him
 that he is the rightful owner. But such a solution has always
 the limitation of Alice setting up an even bigger network of
 puppy identities. The really cool idea of Bitcoin is to go
 into the other direction of making the process of transaction
 validation (artificially) as expensive as possible, but reward
 \begin{equation}
 \includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png}
 \label{unconfirmed}
 \end{equation}
-\noindent The puzzle is given as follows: There are some
+\noindent The puzzle is stated as follows: There are some
 unconfirmed transactions. Choosing some of them, the miner
 (i.e.~the person/computer that tries to solve a puzzle) will
 form a putative block to be added to the blockchain. This
 putative block will contain the transactions and the reference
 to the previous block. The serial number of such a block is
 The intention of the proof-of-work puzzle is that the
 blockchain is at every given moment linearly ordered, see the
 picture shown in \eqref{unconfirmed}. If we don’t have such a
 linear ordering at any given moment then it may not be clear
 who owns which Bitcoins. Assume a miner David is lucky and
-finds a suitable salt to confirm the transactions. Should he
+finds a suitable salt to confirm some transactions. Should he
 celebrate? Not yet. Typically the blockchain will look as
 follows
 \begin{center}
 \includegraphics[scale=0.65]{../pics/block_chain1.png}
 given time, miners only work to extend whichever fork is
 longest in their copy of the block chain. Why should miners
 work on the longest fork? Well their incentive is to mine
 Bitcoins. If somebody else already solved a puzzle, then it
 makes more sense to work on a new puzzle and obtain the
-Bitcoins for solving that puzzle, rather than wast efforts on
+Bitcoins for solving that puzzle, rather than waste efforts on
 a fork that is shorter and therefore less likely to be
 ``accepted''. Note that whoever solved a puzzle on the
 ``loosing'' fork will actually not get any Bitcoins as reward.
 Tough luck.
 before the rest of the world, but to be lucky many times is
 very unlikely. This principle of having to race against the
 rest of the world avoids the ploy of double spend.
 In order to raise the bar for Alice even further, merchants
-accepting Bitcoin use the following rule of thumb: A
+accepting Bitcoins use the following rule of thumb: A
 transaction is ``confirmed'' if
 \begin{itemize}
 \item[(1)] it is part of a block in the longest fork, and
 \item[(2)] at least 5 blocks follow it in the longest fork. In
-this case we say that the transaction has ``6
+this case we say that the transaction has 6
-confirmations''.
+confirmations.
 \end{itemize}
 \noindent A simple calculation shows that this amount of
 confirmations can take up to 1 hour and more. While this seems
 excessively long, from the merchant's point of view it is not
 that long at all. For this recall that ordinary creditcards
 can have their transactions been rolled-back for 6 months or
 so. The point however is that the odds for Alice being able to
 cheat are very low, unless she can muster more than 50\% of
-the world Bitcoin mining capacity.
+the world Bitcoin mining capacity. In this case she could
+out-race the rest of the world. The point is however that
+amassing such an amount of computing power is practically
+impossible for a single person or even a moderately large
+group.
 Connected with the 6-confirmation rule is an interesting
-phenomenon. On average, it would take several years for a
+phenomenon. On average, it would take several years for a typical
-typical computer to solve a proof-of-work puzzle, so an
+computer to solve a proof-of-work puzzle, so an individual’s chance of
-individual’s chance of ever solving one before the rest of the
+ever solving one before the rest of the world, which typically takes
-world, which typically takes only 10 minutes, is negligibly
+only 10 minutes, is negligibly low. Therefore many people join groups
-low. Therefore many people join groups called \emph{mining
+called \emph{mining pools} that collectively work to solve blocks, and
-pools} that collectively work to solve blocks, and distribute
+distribute rewards based on work contributed. These mining pools act
-rewards based on work contributed. These mining pools act
+somewhat like lottery pools among co-workers, except that some of
-somewhat like lottery pools among co-workers, except that some
+these pools are quite large, and comprise more than 20\% of all the
-of these pools are quite large, and comprise more than 20\% of
+computers in the network. It is said that BTC, a large mining pool,
-all the computers in the network. It is said that BTC, a large
+has limited its number of members in order to not solve more than 6
-mining pool, has limited its members to not solve more than 6
+blocks in a row. Otherwise this would undermine the trust in Bitcoins,
-blocks in a row. Otherwise this would undermine the trust in
+which is also not in the interest of BTC, I guess.  Some statistics on
-Bitcoins, which is also not in the interest of BTC, I guess.
+mining pools can be seen at
-Some statistics on mining pools can be seen at
 \begin{center}
 \url{https://blockchain.info/pools}
 \end{center}
 \subsubsection*{Bitcoins for Real}
-Let us now turn to the nitty gritty details. As a user you
+Let us now turn to the nitty gritty details. As a participant in the
-need to generate and store a public-private key pair. The
+Bitcoin networ you need to generate and store a public-private key
-public key you need to advertise in order to receive payments
+pair. The public key you need to advertise in order to receive
-(transactions). The private key needs to be securely stored.
+payments (transactions). The private key needs to be securely stored.
 For this there seem to be three possibilities
 \begin{itemize}
 \item an electronic wallet on your computer
-\item a cloud-based storage (offered by some Bitcoin service)
+\item a cloud-based storage (offered by some Bitcoin services)
 \item paper-based
 \end{itemize}
-\noindent The first two options of course offer convenience
+\noindent The first two options of course offer convenience for making
-for making and receiving transactions. But given the nature of
+and receiving transactions. But given the nature of the private keys
-the private key and how much security relies on them (recall
+and how much security relies on them (recall if somebody gets hold of
-if somebody gets hold of it, your Bitcoins are quickly lost
+it, your Bitcoins are quickly lost forever) I would opt for the third
-forever) I would opt for the third option for anything except
+option for anything except for trivial amounts of Bitcoins. As we have
-for trivial amounts of Bitcoins. As we have seen securing a
+seen earlier in the course, securing a computer system that it can
-computer system that it can withstand a breakin is still very
+withstand a breakin is still very much an unsolved problem.
-much an unsolved problem.
 An interesting fact with Bitcoin keys is that there is no
 check for duplicate addresses. This means when generating a
 public-private key, you should really start with a carefully
 chosen random number such that there is really no chance to
 possibilities. Again if you share an address with somebody
 else, he or she has access to all your unspend transactions.
 The absence of such a check is easily explained: How would one
 do this in a distributed system? The answer you can't. It is
 possible to do some sanity check of addresses that are already
-used in the black chain, but this is not a fail-proof method.
+used in the blockchain, but this is not a fail-proof method.
 One really has to trust on the enormity of the $2^{160}$
-number.
+space for addresses.
-Let us now look at the data that is stored in an transaction
+Let us now look at the concrete data that is stored in an transaction
 message:
 \lstinputlisting[language=Scala]{../slides/msg}
 \noindent The hash in Line 1 is the hash of all the data that
 \begin{center}
 \url{http://bitcoinmagazine.com/13774/government-bans-professor-mining-bitcoin-supercomputer/}
 \end{center}
+\noindent
-\subsubsection*{Anonymity and Government Meddling}
+Bitcoin mining nowadays is only competitive, or profitable,
+if you get the energy for free, or use special purpose
+computing devices.
+\subsubsection*{Anonymity with Bitcoins}
 One question one often hears is how anonymous is it actually
 to pay with Bitcoins? Paying with paper money used to be a
 quite anonymous act (unlike paying with creditcards, for
 example). But this has changed nowadays: You cannot come to a
 the great majority of Bitcoin users are not identified with
 relatively high confidence and ease in the near future.''
 \end{quote}
 \noindent The only thing I can add is that with Bitcoins we
-will have even more fun hearing confessions like the infamous
+will in the future have even more fun hearing confessions from
+famous or not-so famous people like the infamous
 ``I did not
 inhale''.\footnote{\url{www.youtube.com/watch?v=Bktd_Pi4YJw}}
 The whole point of the blockchain is that it public and will
 always be.
-There are some precautions that are suggested, like to use a
+There are some precautions one can take for ensuring anonymity, like
-new public-private key pair for every new transaction, and to
+to use a new public-private key pair for every new transaction, and to
-access Bitcoin only through the Tor network. But the
+access Bitcoin only through the Tor network. But the transactions in
-transactions in Bitcoins are designed such that they allow one
+Bitcoins are designed such that they allow one to combine incoming
-to combine incoming transactions. In such cases we know they
+transactions. In such cases we know they must have been made by the
-must have been made by the single person who new the
+single person who knew the corresponding private keys. So using
-corresponding private keys. So using different public-private
+different public-private keys for each transaction might not actually
-keys for each transaction might not actually make the
+make the de-anonymisation task much harder. And the point about
-de-anonymisation task much harder. And the point about
+de-ano\-nymising `anonymous' social networks is that the information
-de-ano\-nymising `anonymous' social networks is that the
+is embedded into the structure of the transition graph. And this
-information is embedded into the structure of the transition
+cannot be erased with Bitcoins.
-graph. And this cannot be erased with Bitcoins.
+One paper that has fun with spotting transactions to Silk Road (2.0)
+and to Wikileaks is
+\begin{center}
+\url{http://people.csail.mit.edu/spillai/data/papers/bitcoin-transaction-graph-analysis.pdf}
+\end{center}
+\noindent
+A paper that gathers some statistical data about the blockchain is
+\begin{center}
+\url{https://eprint.iacr.org/2012/584.pdf}
+\end{center}
+\subsubsection*{Government Meddling}
 Finally, what are the options for a typical western government
 to meddle with Bitcoins? This is of course one feature the
 proponents of Bitcoins also tout: namely that there aren't any
 options. In my opinion this is far too naive and far from the
 \begin{itemize}
 \item The government could compel ``mayor players'' to
 blacklist Bitcoins (for example at Bitcoin exchanges).
 This would impinge on what is called \emph{fungibility}
 of Bitcoins and make them much less attractive to
-baddies. Suddenly their hard-earned Bitcoin money cannot
+baddies. Suddenly their ``hard-earned'' Bitcoin money cannot
 be spent anymore.The attraction of this option is that
 this blacklisting can be easily done ``whole-sale'' and
 therefore be really be an attractive target for
 governments \& Co.
 \item The government could attempt to coerce the developer
 \hspace{3mm}
 \includegraphics[scale=0.031]{../pics/nsautah2.jpg}
 \end{center}
 this would not be such a high bar to jump over. Remember
-it ``only'' takes to temporarily be in control of 50\%+
+it ``only'' takes to be temporarily in control of 50\%+
 of the mining capacity in order to undermine the trust
 in the system. Given sophisticated stories like Stuxnet
 (where we still not know the precise details) maybe even
 such large facilities are not really needed. What
 happens, for example, if a government starts DoS attacks
 the trust is undermined, the Bitcoin system would need
 to be evolved to Bitcoins 2.0. But who says that Bitcoin
 2.0 will honour the Bitcoins from Version 1.0?
 \end{itemize}
-\noindent Finally, a government would potentially not really
+\noindent A government would potentially not really
 need to follow up with such threads. Just the rumour that it
 would, could be enough to get the Bitcoin-house-of-cards to
 tumble. Some governments have already such an ``impressive''
 trackrecord in this area, such a thread would be entirely
 credible. Because of all this, I would not have too much hope
-that Bitcoins are free from government \& Co interference when
+that Bitcoins are free from interference by government \& Co when
-it will stand in its way, despite what everybody else is
+it will stand in their way, despite what everybody else is
 saying. To sum up, the technical details behind Bitcoins are
 simply cool. But still the entire Bitcoin ecosystem is in my
 humble opinion rather fragile.
 \subsubsection*{Further Reading}
 achieve rather impressive results, what could we achieve if
 the UN, say, would find the money and incentivise people to,
 for example, solve protein folding
 puzzles?\footnote{\url{http://en.wikipedia.org/wiki/Protein_folding}}
 For this there are projects like
-Folding@home\footnote{\url{http://folding.stanford.edu}}.
+Folding@home.\footnote{\url{http://folding.stanford.edu}}
 This might help with curing diseases such as Alzheimer or
 diabetes. The same point is made in the article
 \begin{center}\small
 \url{http://gizmodo.com/the-worlds-most-powerful-computer-network-is-being-was-504503726}

changeset 346	5a6e8b7d20f7
parent 339	0e78c809b17f
child 347	efad8155513f