|
1 \documentclass[dvipsnames,14pt,t]{beamer} |
|
2 \usepackage{../slides} |
|
3 \usepackage{../graphics} |
|
4 \usepackage{../langs} |
|
5 \usepackage{../data} |
|
6 |
|
7 \usetikzlibrary{shapes} |
|
8 |
|
9 % beamer stuff |
|
10 \renewcommand{\slidecaption}{SEN 08, King's College London} |
|
11 \newcommand{\bl}[1]{\textcolor{blue}{#1}} |
|
12 |
|
13 \newcommand{\DOWNarrow}[3]{% |
|
14 \begin{textblock}{0}(#2,#3)% |
|
15 \onslide<#1>{% |
|
16 \begin{tikzpicture}% |
|
17 \node at (0,0) [single arrow, shape border rotate=270, fill=red,text=red]{a};% |
|
18 \end{tikzpicture}}% |
|
19 \end{textblock}} |
|
20 \newcommand{\LEFTarrow}[3]{% |
|
21 \begin{textblock}{0}(#2,#3)% |
|
22 \onslide<#1>{% |
|
23 \begin{tikzpicture}% |
|
24 \node at (0,0) [single arrow, shape border rotate=180, fill=red,text=red]{a};% |
|
25 \end{tikzpicture}}% |
|
26 \end{textblock}} |
|
27 |
|
28 |
|
29 \begin{document} |
|
30 |
|
31 |
|
32 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
33 \begin{frame}[t] |
|
34 \frametitle{% |
|
35 \begin{tabular}{@ {}c@ {}} |
|
36 \\ |
|
37 \LARGE Security Engineering\\[-3mm] |
|
38 \end{tabular}}\bigskip\bigskip\bigskip |
|
39 |
|
40 \normalsize |
|
41 \begin{center} |
|
42 \begin{tabular}{ll} |
|
43 Email: & christian.urban at kcl.ac.uk\\ |
|
44 Office: & S1.27 (1st floor Strand Building)\\ |
|
45 Slides: & KEATS (also homework is there)\\ |
|
46 \end{tabular} |
|
47 \end{center} |
|
48 |
|
49 \end{frame} |
|
50 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
51 |
|
52 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
53 % student prticipation |
|
54 %\begin{frame} |
|
55 %\frametitle{Bitcoins} |
|
56 % |
|
57 %P2P, 21 Mio, $10^-8$, Mt~Gox, value decreased?, anonymity, |
|
58 %Silk Road, verification incentive, puzzle, SHA-256, slow |
|
59 %transactions, |
|
60 % |
|
61 %\end{frame} |
|
62 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
63 |
|
64 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
65 \begin{frame}[t] |
|
66 \frametitle{Recall: Bitcoins} |
|
67 |
|
68 \begin{itemize} |
|
69 \item a crypto currency by Satoshi Nakamoto |
|
70 \item mined by solving special puzzles involving hashes |
|
71 \item transaction history (ledger/blockchain) is P2P distributed (12 GB) |
|
72 \item surely a scam/ponzi scheme! |
|
73 \end{itemize} |
|
74 |
|
75 \begin{textblock}{7}(6.5,8.5) |
|
76 \includegraphics[scale=0.26]{../pics/bitcoin_ledgers.png} |
|
77 \end{textblock} |
|
78 |
|
79 \end{frame} |
|
80 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
81 |
|
82 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
83 \begin{frame}[t] |
|
84 \frametitle{Bitcoin Keys} |
|
85 |
|
86 \begin{center} |
|
87 \includegraphics[scale=0.9]{../pics/bitcoin-keys.png} |
|
88 \end{center} |
|
89 |
|
90 \begin{itemize} |
|
91 \item \bl{k} private key: 256 bits (randomly chosen) |
|
92 \item \bl{K} public key: generated from \bl{k} |
|
93 \item \bl{A} bitcoin address: 160 Bit/20 Byte number: |
|
94 \[\bl{A \dn RIPEMD160(SHA256(K))}\] |
|
95 |
|
96 \footnotesize RIPEMD160, SHA256 are hash functions |
|
97 \end{itemize} |
|
98 |
|
99 |
|
100 \end{frame} |
|
101 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
102 |
|
103 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
104 \begin{frame}[t] |
|
105 \frametitle{Bitcoin Addresses} |
|
106 |
|
107 The ``human readable, checked version'' of \bl{A}: |
|
108 |
|
109 \begin{center} |
|
110 \begin{tikzpicture}[scale=1] |
|
111 \node (A) at (0,0) [draw=black, rectangle, |
|
112 very thick, minimum height=10mm, minimum width=20mm] |
|
113 {\Large\bl{A}}; |
|
114 \node (B) at (0,-2) [draw=black, rectangle, |
|
115 very thick, minimum height=10mm, minimum width=20mm] |
|
116 {\Large\bl{A}}; |
|
117 \node (B2) at (-2,-2) [draw=black, rectangle, |
|
118 very thick, minimum height=10mm, minimum width=20mm] |
|
119 {\large\bl{Prefix}}; |
|
120 \node (B3) at (-4,-0.5) {1 for P2PKH}; |
|
121 \node (C) at (0,-4) [draw=black, rectangle, |
|
122 very thick, minimum height=10mm, minimum width=20mm] |
|
123 {\Large\bl{A}}; |
|
124 \node at (-2,-4) [draw=black, rectangle, |
|
125 very thick, minimum height=10mm, minimum width=20mm] |
|
126 {\large\bl{Prefix}}; |
|
127 \node (C2) at (3,-4) [draw=black, rectangle, |
|
128 very thick, minimum height=10mm, minimum width=40mm] |
|
129 {\large\bl{CheckSum}}; |
|
130 \node (D) at (0,-5.8) [draw=black, rectangle, |
|
131 very thick, minimum height=10mm, minimum width=20mm] |
|
132 {\large\bl{Base58Check(Prefix + A + CheckSum)}}; |
|
133 |
|
134 \draw[<-, line width=0.5mm] (B2.north west) -- (B3); |
|
135 \draw[->, line width=2mm] (A) -- (B); |
|
136 \draw[->, line width=2mm] (B) -- (C); |
|
137 \draw[->, line width=2mm] (C) -- (D); |
|
138 \path[->, line width=2mm] (B.east) edge[bend left] node[right] |
|
139 {\small{}\bl{\begin{tabular}{l}SHA256\\ |
|
140 SHA256\\ |
|
141 first 4bytes\\[6mm]\end{tabular}}} (C2); |
|
142 \end{tikzpicture} |
|
143 \end{center} |
|
144 |
|
145 \only<2->{ |
|
146 \begin{textblock}{2.5}(1,10) |
|
147 \begin{bubble}[10cm] |
|
148 Example address (Base58):\medskip |
|
149 |
|
150 \bl{1DSrfJdB2AnWaFNgSbv3MZC2m74996JafV}\bigskip |
|
151 |
|
152 \mbox{}\hfill\small{}(does not contain 0OlI) |
|
153 \end{bubble} |
|
154 \end{textblock}} |
|
155 \end{frame} |
|
156 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
157 |
|
158 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
159 \begin{frame}[t] |
|
160 \frametitle{Transaction Graph} |
|
161 |
|
162 \mbox{}\hspace{3cm}older \hspace{3cm} current |
|
163 |
|
164 \begin{center} |
|
165 \includegraphics[scale=0.52]{../pics/blockchain.png} |
|
166 \end{center} |
|
167 |
|
168 \end{frame} |
|
169 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
170 |
|
171 |
|
172 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
173 \begin{frame}[t] |
|
174 \frametitle{Types of Transactions} |
|
175 |
|
176 \begin{itemize} |
|
177 \item pay-to-public-key-hash (so far: Alice pays Bob)\pause |
|
178 \item pay-to-script-hash |
|
179 \[\bl{RIPEMD160(SHA256(script))}\]\pause |
|
180 |
|
181 \item Each transaction, including P2PKH, contains a |
|
182 \alert{locking} and an \alert{unlocking} script (locking |
|
183 from output; unlocking from input). |
|
184 \item The scripts are written in a Forth-like language (stack |
|
185 based). |
|
186 \item Running both scripts has to evaluate to True. |
|
187 \end{itemize} |
|
188 |
|
189 \end{frame} |
|
190 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
191 |
|
192 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
193 \begin{frame}[t] |
|
194 \frametitle{Pay-to-Public-Key-Hash} |
|
195 |
|
196 \begin{itemize} |
|
197 \item Alice pays Bob: |
|
198 |
|
199 \begin{center} |
|
200 \begin{tabular}{ll} |
|
201 \scode{<Bob's signature>} & {\small(unlocking script from input)}\\ |
|
202 \scode{<Bob's PKey>}\medskip\\ |
|
203 \scode{OP_DUP} & {\small(locking script from output)}\\ |
|
204 \scode{OP_HASH160}\\ |
|
205 \scode{<Bob's PKey Hash>}\\ |
|
206 \scode{OP_EQUALVERIFY}\\ |
|
207 \scode{OP_CHECKSIG} |
|
208 \end{tabular} |
|
209 \end{center} |
|
210 \end{itemize} |
|
211 |
|
212 \end{frame} |
|
213 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
214 |
|
215 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
216 \begin{frame}[c] |
|
217 \frametitle{A Transaction Msg} |
|
218 \small |
|
219 \lstinputlisting[language=Scala, |
|
220 numbers=none, |
|
221 xleftmargin=-6mm]{msg} |
|
222 |
|
223 \only<2->{ |
|
224 \begin{textblock}{2.5}(4.8,2) |
|
225 \begin{bubble}[8cm] |
|
226 Question: Sender and receiver are the same; same amount |
|
227 (no time stamps).\medskip |
|
228 |
|
229 Can 2 transactions be exactly the same? |
|
230 \end{bubble} |
|
231 \end{textblock}} |
|
232 \end{frame} |
|
233 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
234 |
|
235 |
|
236 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
237 \begin{frame}[c] |
|
238 \frametitle{Pay-to-Script-Hash} |
|
239 |
|
240 Bob wants to implement a multi-key/signature scheme in his |
|
241 company: |
|
242 |
|
243 \begin{itemize} |
|
244 \item Bob tells Alice the hash of a locking script: |
|
245 \item Alice sends the payment to this ``hash address''\bigskip |
|
246 \item Bob has to supply the locking script matching this hash, |
|
247 and the unlocking script\pause\bigskip |
|
248 \item Bob can use this payment to implement 2-out-of-3 |
|
249 signature procedures |
|
250 \end{itemize} |
|
251 |
|
252 \end{frame} |
|
253 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
254 |
|
255 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
256 \begin{frame}[t] |
|
257 \frametitle{Blockchain (Public Ledger)} |
|
258 |
|
259 \begin{center} |
|
260 \includegraphics[scale=0.5]{../pics/bitcoinblockchain0.png} |
|
261 \end{center} |
|
262 |
|
263 \begin{itemize} |
|
264 \item each block is hashed and contains a reference to |
|
265 the earlier block; ``validates'' potentially more than one |
|
266 transaction |
|
267 \end{itemize} |
|
268 |
|
269 \end{frame} |
|
270 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
271 |
|
272 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
273 \begin{frame}[t] |
|
274 \frametitle{Proof-of-Work} |
|
275 |
|
276 The idea is counterintuitive and involves a combination of two |
|
277 ideas: |
|
278 |
|
279 \begin{bubble}[10cm] |
|
280 \begin{itemize} |
|
281 |
|
282 \item to (artificially) make it computationally costly for |
|
283 network users to validate transactions, and |
|
284 |
|
285 \item to reward them for trying to help validate transactions |
|
286 \end{itemize} |
|
287 \end{bubble}\pause |
|
288 |
|
289 \small |
|
290 this is called mining: whoever validates a transaction will be awarded with |
|
291 50 bitcoins --- this halves every 210,000 transactions or |
|
292 roughly every 4 years (currently 25 BC); no new bitcoins after 2140 -- then only |
|
293 transaction fees |
|
294 \end{frame} |
|
295 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
296 |
|
297 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
298 \begin{frame}[t] |
|
299 \frametitle{Solving Puzzles} |
|
300 |
|
301 Given a string, say \code{"Hello, world!"}, what is the |
|
302 \alert{salt} so the hash starts with a long run of |
|
303 zeros?\bigskip |
|
304 |
|
305 \begin{bubble}[10cm] |
|
306 \footnotesize\code{h("Hello, world!0") =}\\ |
|
307 \;\;\scriptsize\pcode{1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64}\\ |
|
308 \pause |
|
309 \footnotesize\code{h("Hello, world!1") =}\\ |
|
310 \;\;\scriptsize\pcode{e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8}\\ |
|
311 \pause |
|
312 \ldots\\ |
|
313 \footnotesize\code{h("Hello, world!4250") =}\\ |
|
314 \;\;\scriptsize\pcode{0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9} |
|
315 \end{bubble} |
|
316 |
|
317 \end{frame} |
|
318 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
319 |
|
320 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
321 \begin{frame}[t] |
|
322 \frametitle{Hardness} |
|
323 |
|
324 If we want the output hash value to begin with 10 zeroes, |
|
325 say, then we will need, on average, to try $16^{10} \approx |
|
326 10^{12}$ different salts before we find a suitable nonce. |
|
327 |
|
328 Hardness can be controlled by setting a \alert{target} (maximum |
|
329 number). |
|
330 |
|
331 \begin{center} |
|
332 \includegraphics[scale=0.37]{../pics/blockchainsolving.png} |
|
333 \end{center} |
|
334 |
|
335 \end{frame} |
|
336 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337 |
|
338 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
339 \begin{frame}[t] |
|
340 \frametitle{How to Adjust the Target?} |
|
341 |
|
342 \begin{itemize} |
|
343 \item every 2016 blocks the hardness is adjusted\\ (app 2 weeks) |
|
344 \end{itemize} |
|
345 |
|
346 \begin{center} |
|
347 \includegraphics[scale=0.37]{../pics/blockchainsolving.png} |
|
348 \end{center} |
|
349 |
|
350 \small |
|
351 \[ |
|
352 \bl{\begin{array}{@{}l@{}}\text{New}\\ \text{Difficulty}\end{array} \dn |
|
353 \begin{array}{@{}l@{}}\text{Old}\\ \text{Difficulty}\end{array} |
|
354 * \frac{\text{Actual time for the last 2016 blocks}}{20160}} |
|
355 \] |
|
356 |
|
357 \end{frame} |
|
358 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
359 |
|
360 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
361 \begin{frame}[t] |
|
362 \frametitle{Hardness} |
|
363 |
|
364 \begin{itemize} |
|
365 \item for example block \#277,316 has the hardness |
|
366 |
|
367 \[\scode{0x1903a30c}\] |
|
368 \end{itemize} |
|
369 |
|
370 where \scode{19} is the exponent and \scode{03a30c} is the |
|
371 coefficient. |
|
372 |
|
373 \[ |
|
374 \bl{target \dn coeffcient * 2^{8 * (exponent - 3)}} |
|
375 \] |
|
376 |
|
377 in this example the hash has to be smaller that |
|
378 |
|
379 \footnotesize |
|
380 \[ |
|
381 \begin{array}{l} |
|
382 \scode{0x0000000000000003A30C000000000000}\\ |
|
383 \qquad\qquad\scode{00000000000000000000000000000000} |
|
384 \end{array} |
|
385 \]\pause |
|
386 |
|
387 It is fun to see that nowadays mining equipment is so |
|
388 efficient that the hardness is closely related to the |
|
389 cost of electricity. |
|
390 \end{frame} |
|
391 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
392 |
|
393 |
|
394 |
|
395 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
396 \begin{frame}[t] |
|
397 \frametitle{Bitcoin Schedule} |
|
398 |
|
399 \begin{itemize} |
|
400 \item every 210000 blocks the amount of bitcoins to be |
|
401 mined halves (``reward era'') |
|
402 \end{itemize} |
|
403 |
|
404 \begin{center} |
|
405 \begin{tikzpicture} |
|
406 \begin{axis}[ |
|
407 xlabel={\footnotesize year}, |
|
408 ylabel={\footnotesize \% of total bitcoins}, |
|
409 ylabel style={yshift=0.0em}, |
|
410 enlargelimits=false, |
|
411 xtick={2009,2011,...,2025}, |
|
412 xmin=2009, |
|
413 xmax=2026, |
|
414 ymax=105, |
|
415 ymin=0, |
|
416 ytick={0,20,...,100}, |
|
417 scaled ticks=false, |
|
418 axis lines=left, |
|
419 width=9cm, |
|
420 height=6cm, |
|
421 legend entries={\footnotesize plan,\footnotesize in reality 2\% ahead}, |
|
422 legend pos=south east, |
|
423 legend cell align=left, |
|
424 y tick label style={font=\footnotesize}, |
|
425 x tick label style={font=\footnotesize,/pgf/number format/1000 sep={}} |
|
426 ] |
|
427 \addplot |
|
428 table {bitcoinestimate.data}; |
|
429 \only<2>{\addplot[red] |
|
430 table {bitcoinactual.data};} |
|
431 \end{axis} |
|
432 \end{tikzpicture} |
|
433 \end{center} |
|
434 |
|
435 \end{frame} |
|
436 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
437 |
|
438 |
|
439 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
440 \begin{frame}[t] |
|
441 \frametitle{Order of Transactions} |
|
442 |
|
443 If we don’t have such an ordering at any given moment |
|
444 then it may not be clear who owns which Bitcoins. |
|
445 |
|
446 \begin{center} |
|
447 \includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png} |
|
448 \end{center} |
|
449 |
|
450 \small |
|
451 Say, miner David is lucky and finds a suitable salt |
|
452 to confirm the transactions. Celebration!\pause \hspace{5mm}?? |
|
453 |
|
454 \end{frame} |
|
455 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
456 |
|
457 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
458 \begin{frame}[t] |
|
459 \frametitle{Forks} |
|
460 |
|
461 Typically the blockchain will look as follows |
|
462 |
|
463 \begin{center} |
|
464 \includegraphics[scale=0.65]{../pics/block_chain1.png} |
|
465 \end{center} |
|
466 |
|
467 \pause |
|
468 But every so often there is a fork |
|
469 |
|
470 \begin{center} |
|
471 \includegraphics[scale=0.65]{../pics/block_chain_fork.png} |
|
472 \end{center} |
|
473 |
|
474 \small |
|
475 \ldots{}bugger this is exactly what we are trying to avoid |
|
476 \end{frame} |
|
477 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
478 |
|
479 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
480 \begin{frame}[t] |
|
481 |
|
482 The tie is broken if another block is solved |
|
483 |
|
484 \begin{center} |
|
485 \includegraphics[scale=0.4]{../pics/bitcoin_blockchain_branches.png} |
|
486 \end{center} |
|
487 |
|
488 \small |
|
489 The rule is: if a fork occurs, people on the network keep |
|
490 track of all forks. But at any given time, miners only work |
|
491 to extend whichever fork is longest in their copy of the block |
|
492 chain. |
|
493 |
|
494 \end{frame} |
|
495 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
496 |
|
497 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
498 \begin{frame}[t] |
|
499 \frametitle{Double Spending} |
|
500 |
|
501 So if Alice wants to fake it, she needs to produce |
|
502 a longer chain: |
|
503 |
|
504 \begin{center} |
|
505 \includegraphics[scale=0.4]{../pics/bitcoin_blockchain_double_spend.png} |
|
506 \end{center} |
|
507 |
|
508 \end{frame} |
|
509 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
510 |
|
511 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
512 \begin{frame} |
|
513 \frametitle{Racing Against the World} |
|
514 |
|
515 \begin{columns} |
|
516 \begin{column}{4.5cm} |
|
517 \includegraphics[scale=0.3]{../pics/bitcoin_doublespend_blockchain_race.png} |
|
518 \end{column} |
|
519 \begin{column}{5.5cm} |
|
520 \includegraphics[scale=0.3]{../pics/bitcoin_transaction_order_race.png} |
|
521 \end{column} |
|
522 \end{columns}\bigskip\bigskip\pause |
|
523 |
|
524 \small |
|
525 A transaction is ``confirmed'' if:\smallskip |
|
526 |
|
527 (1) it is part of a block in the longest fork, and (2) at |
|
528 least 5 blocks follow it in the longest fork. In this case we |
|
529 say that the transaction has ``6 confirmations''.\bigskip |
|
530 |
|
531 \footnotesize (might take 1h+\ldots but for creditcards you have |
|
532 6 months chargeback) |
|
533 \end{frame} |
|
534 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
535 |
|
536 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
537 \begin{frame}[c] |
|
538 \frametitle{Mining Pools} |
|
539 |
|
540 \begin{bubble}[10cm] |
|
541 On average, it would take several years for a typical computer |
|
542 to solve a block, so an individual’s chance of ever solving |
|
543 one before the rest of the network, which typically takes 10 |
|
544 minutes, is negligibly low. |
|
545 \end{bubble}\pause |
|
546 |
|
547 \small |
|
548 Many people join groups called mining pools that collectively |
|
549 work to solve blocks, and distribute rewards based on work |
|
550 contributed. These act somewhat like lottery pools among |
|
551 co-workers, except that some of these pools are quite large, |
|
552 and comprise more than 20\% of all the computers in the |
|
553 network.\medskip |
|
554 |
|
555 \footnotesize |
|
556 BTCC, the largest mining pool, has limited its members to |
|
557 not solve more than 6 blocks in a row. |
|
558 \hfill\url{https://blockchain.info/pools} |
|
559 |
|
560 \end{frame} |
|
561 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
562 |
|
563 |
|
564 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
565 \begin{frame}[t] |
|
566 \frametitle{Bitcoins for Real} |
|
567 |
|
568 \begin{itemize} |
|
569 \item you need a public-private key (the hash of the |
|
570 public key to determines your bitcoin address) |
|
571 |
|
572 \item if you want to receive bitcoins, you publicise |
|
573 this address |
|
574 |
|
575 \item there are $2^{160}$ possibilities\\ |
|
576 (no check for duplicates)\bigskip\pause |
|
577 |
|
578 \item transactions contain ``payment scripts'' |
|
579 (non-Turing-complete scripting language)\bigskip |
|
580 |
|
581 \small simplest script: pay-to-public-key |
|
582 \end{itemize} |
|
583 |
|
584 \end{frame} |
|
585 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
586 |
|
587 |
|
588 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
589 \begin{frame}[t] |
|
590 \frametitle{Multi-Signature Addresses} |
|
591 |
|
592 \begin{itemize} |
|
593 \item \ldots Bitcoin Improvement Proposal\bigskip\pause |
|
594 \item pay-to-public-key (explained so far) |
|
595 \item pay-to-script-hash (since 2012)\bigskip\pause |
|
596 |
|
597 can specify: requires \bl{M} out of \bl{N} signatures\medskip |
|
598 |
|
599 {\small for example\\ |
|
600 1-of-2: me and my wife, or\\ |
|
601 2-of-2 in banking/companies} |
|
602 |
|
603 \end{itemize} |
|
604 |
|
605 \end{frame} |
|
606 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
607 |
|
608 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
609 \begin{frame}[t] |
|
610 \frametitle{Dispute Mediation} |
|
611 |
|
612 \begin{itemize} |
|
613 \item say, client and (online) merchant do not trust |
|
614 each other\bigskip\pause |
|
615 |
|
616 \item 2-of-3: mutually trusted escrow service |
|
617 \begin{enumerate} |
|
618 \item client sends money to 2-of-3 transaction |
|
619 \item merchant sends out goods |
|
620 \item if goods are OK, client sends signed transaction |
|
621 to merchant, merchant can sign and receive the money |
|
622 (publish in blockchain) |
|
623 \item if goods are defective, merchant sends signed transaction |
|
624 to client, client can sign and receive the money back |
|
625 \item if client and merchant disagree, then they ask escrow |
|
626 servive who signs a transaction and sends it to ``winning'' |
|
627 party |
|
628 \end{enumerate} |
|
629 \end{itemize} |
|
630 |
|
631 \end{frame} |
|
632 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
633 |
|
634 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
635 \begin{frame}[t] |
|
636 \frametitle{A Block in the Blockchain} |
|
637 |
|
638 \begin{center} |
|
639 \includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png} |
|
640 \end{center} |
|
641 |
|
642 \begin{itemize} |
|
643 \item each block is hashed and contains a reference to |
|
644 the earlier block |
|
645 \item contains the ``salt'' and address of whoever solved the |
|
646 puzzle |
|
647 \end{itemize} |
|
648 |
|
649 \end{frame} |
|
650 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
651 |
|
652 |
|
653 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
654 \begin{frame} |
|
655 \frametitle{Transaction History} |
|
656 |
|
657 you can follow back the transaction history until |
|
658 you reach either |
|
659 |
|
660 \begin{itemize} |
|
661 \item the genesis block (a transaction without input of |
|
662 50 bitcoins), or |
|
663 \item a coinbase transaction (this is the reward of the |
|
664 miner who validated a block of transactions in the blockchain) |
|
665 |
|
666 \end{itemize} |
|
667 |
|
668 \end{frame} |
|
669 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
670 |
|
671 |
|
672 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
673 \begin{frame}[t] |
|
674 \frametitle{Lost Bitcoins?} |
|
675 |
|
676 \begin{itemize} |
|
677 \item somebody needs to be able to generate a key-pair |
|
678 for the signature (for this you need the private |
|
679 key)\bigskip |
|
680 |
|
681 \item somebody spends your bitcoins fraudulently |
|
682 (you cannot charge them back)\ldots{} bad luck |
|
683 |
|
684 \item you can send bitcoins to a ``non-existing'' address |
|
685 (Mt.~Gox) |
|
686 \end{itemize} |
|
687 |
|
688 \end{frame} |
|
689 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
690 |
|
691 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
692 \begin{frame}[t] |
|
693 \frametitle{Good Points} |
|
694 |
|
695 An attacker can't: |
|
696 |
|
697 \begin{itemize} |
|
698 \item reverse other people's transactions |
|
699 \item change the number of coins generated per block |
|
700 \item create coins out of thin air |
|
701 \item send coins that never belonged to an attacker |
|
702 \item you cannot meddle with the ``history'' |
|
703 \end{itemize}\bigskip |
|
704 |
|
705 The system can be scaled to all world transactions. |
|
706 |
|
707 \end{frame} |
|
708 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
709 |
|
710 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
711 \begin{frame}[t] |
|
712 \frametitle{Take Home Points} |
|
713 |
|
714 |
|
715 \begin{itemize} |
|
716 \item Don't gamble! I am not a first mover in such things. |
|
717 \item Cool idea, but I am sure there will be a Bitcoin~2.0. |
|
718 \item It still depends on a lot of old-fashioned security |
|
719 (e.g.~keeping private-keys secret)\bigskip |
|
720 |
|
721 \item Having now the knowledge how it works, go back |
|
722 and listen to what people/media make of it. |
|
723 \end{itemize} |
|
724 |
|
725 \end{frame} |
|
726 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
727 |
|
728 |
|
729 \end{document} |
|
730 |
|
731 %%% Local Variables: |
|
732 %%% mode: latex |
|
733 %%% TeX-master: t |
|
734 %%% End: |
|
735 |