slides/slides08.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 18 Nov 2014 23:04:36 +0000
changeset 317 0cdfa8ef4aa2
parent 316 edbd731e8bee
child 319 e6afcdabd3ea
permissions -rw-r--r--
updated

\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{../slides}
\usepackage{../graphics}
\usepackage{../langs}

\usetikzlibrary{shapes}

% beamer stuff 
\renewcommand{\slidecaption}{APP 08, King's College London}
\newcommand{\bl}[1]{\textcolor{blue}{#1}}

\newcommand{\DOWNarrow}[3]{%
\begin{textblock}{0}(#2,#3)%
\onslide<#1>{%
\begin{tikzpicture}%
\node at (0,0) [single arrow, shape border rotate=270, fill=red,text=red]{a};%
\end{tikzpicture}}%
\end{textblock}}
\newcommand{\LEFTarrow}[3]{%
\begin{textblock}{0}(#2,#3)%
\onslide<#1>{%
\begin{tikzpicture}%
\node at (0,0) [single arrow, shape border rotate=180, fill=red,text=red]{a};%
\end{tikzpicture}}%
\end{textblock}}


\begin{document}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \\
  \LARGE Access Control and \\[-3mm] 
  \LARGE Privacy Policies (8)\\[-6mm] 
  \end{tabular}}\bigskip\bigskip\bigskip

  \normalsize
  \begin{center}
  \begin{tabular}{ll}Ch
  Email:  & christian.urban at kcl.ac.uk\\
  Office: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS (also homework is there)\\
  \end{tabular}
  \end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Interlock Protocol}

invented by  Ron Rivest and Adi Shamir (198X?)

\begin{center}
\begin{tabular}{ll@{\hspace{2mm}}l}
1. & $A \to B :$ & $K^{pub}_A$\smallskip\\
2. & $B \to A :$ & $K^{pub}_B$\smallskip\\
3. & & $\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$\\
   & & $\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$\\
4. & $A \to B :$ & $H_1$\smallskip\\
5. & $B \to A :$ & $\{H_1, M_1\}_{K^{pub}_A}$\smallskip\\
6. & $A \to B :$ & $\{H_2, M_1\}_{K^{pub}_B}$\smallskip\\
7. & $B \to A :$ & $M_2$
\end{tabular}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Car \& Transponder}

\begin{enumerate}
\item $C$ generates a random number $N$
\item $C$ calculates $\{N\}_K \mapsto F,G$
\item $C \to T$: $N, F$
\item $T$ calculates $\{N\}_K \mapsto F',G'$
\item $T$ checks that $F = F'$
\item $T \to C$: $N, G'$
\item $C$ checks that $G = G'$
\end{enumerate}

Does the car authenticate the transponder? Does the
transponder authenticate the car?

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% student prticipation
%\begin{frame}
%\frametitle{Bitcoins}
%
%P2P, 21 Mio, $10^-8$, Mt~Gox, value decreased?, anonymity, 
%Silk Road, verification incentive, puzzle, SHA-256, slow 
%transactions, 
%
%\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Bitcoins from 10,000m}

\begin{itemize}
\item a crypto ``currency'' by Satoshi Nakamoto (likely a pen name)
\item a digital resource designed to be scarce 
  (max 21 Mio bitcoins---deflationary currency) 
\item mined by solving special puzzles involving hashes
\item transaction history (ledger/blockchain) is P2P distributed (12 GB)
\item two ``mining pools'' produce\\ currently more than 50\% 
  of bitcoins 
\item can be stolen and also lost
\item anonymous?\pause
\item surely a ponzi scheme!
\end{itemize}

\begin{textblock}{7}(11.5,10)
\includegraphics[scale=0.21]{../pics/bitcoin_ledgers.png}
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Bitcoins}

\begin{itemize}
\item you create a public-private key pair
\item you have a `wallet' which can be
\begin{itemize}
\item electronic (on your computer, passwords)
\item cloud-based (passwords)
\item paper-based
\end{itemize}
and contains only the public-private key

\item Bitcoins can be stolen and lost
\item Mt.~Gox: hacked $\Rightarrow$ insolvent
\item no form of dispute resolution (against current
consumer laws)
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Underlying Ideas}

It establishing trust in a completely 
untrusted environment\medskip

\begin{itemize}
\item public-private key encryption\medskip
\item digital signatures\medskip
\item cryptographic hashing (SHA-256)
\end{itemize}

\begin{center}
If Alice sends you: \bl{$msg, \{msg\}_{K^{priv}_{Alice}}$}
\ldots ?
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Lets Start with Infocoins}

\begin{center}
\bl{$\{\text{I, Alice, am giving Bob one infocoin.}\}_{K^{priv}_{Alice}}$}
\end{center}\bigskip

\begin{itemize}
\item no-one else could have created that message
\item Alice cannot deny the ``intend'' of sending Bob money\pause\bigskip
\item forgery possible only after Alice created the string
\item Q: What is money?\\ 
  A: Well a string like above
  (or later messages like that)
\end{itemize}



\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Double Spend}

\begin{center}
\bl{$\{\text{I, Alice, am giving Bob one infocoin.}\}_{K^{priv}_{Alice}}$}
\end{center}

\begin{itemize}
\item Alice could keep sending Bob this message over and over
      again (did she mean to send 10 ICs?)\pause
\item we need to have a serial number
\begin{center}
\bl{$\{\text{I, Alice, am giving Bob infocoin \#1234567.}\}_{K^{priv}_{Alice}}$}
\end{center}\pause\medskip

\item but then we need a trusted source of serial numbers 
  (e.g.~a bank)
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{No Banks Please}

With banks we could implement:

\begin{itemize}
\item Bob asks the bank whether the infocoin with that serial
      number belongs to Alice and
\item Alice hasn’t already spent this infocoin.\bigskip 
\item If yes, then Bob tells the bank he accepts the infocoin.
\item The bank updates the records to show that the infocoin
      with that serial number is now in Bob’s possession and
      no longer belongs to Alice.
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Blockchain}

The solution for double spend: 

\begin{itemize}
\item make everybody the bank, everybody has the entire
      transaction history --- will be called
      \alert{blockchain}\medskip
\item Bob checks whether infocoin belongs to Alice and then
      broadcasts the message to anybody else 
\end{itemize}

\begin{center}
\includegraphics[scale=0.21]{../pics/bitcoin_ledgers.png}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Blockchain}

\begin{center}
\includegraphics[scale=0.5]{../pics/bitcoinblockchain0.png}
\end{center}

\begin{itemize}
\item each block is hashed and contains a reference to
the earlier block; ``validates'' potentially more than one
transaction
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Transaction Graph}

\mbox{}\hspace{3cm}older \hspace{3cm} current

\begin{center}
\includegraphics[scale=0.5]{../pics/blockchain.png}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Double Spend Again}

\begin{bubble}[10cm]\addtolength{\leftmargini}{5mm}
\begin{itemize}
\item I , Alice, am giving Bob one infocoin, with serial
      number 1234567.
\item I, Alice, am giving \alt<2->{\alert{Alice}}{Charlie} 
      one infocoin.
\end{itemize}
\end{bubble}\bigskip

How should other people update their blockchain (public
register)?\pause


\begin{center}
\includegraphics[scale=0.3]{../pics/bitcoindisagreement.png}
\end{center}


Once enough people have broadcast that message, everyone
updates their block chain to show that infocoin 1234567 now
belongs to Bob, and the transaction is complete.

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Creating Agreement}

\begin{bubble}[10cm]
Once \alert{enough} people have broadcast that message, 
everyone updates their block chain to show that infocoin 
1234567 now belongs to Bob, and the transaction is accepted.
\end{bubble}\bigskip\bigskip
\pause

\small
But what if Alice sets up a large number of separate
identities, let’s say a billion, on the Infocoin network. When
Bob asks the network to validate the transaction, Alice’s
puppet identities say ``Yes his transaction is validated'',
while actually the rest network says Alice's transaction 
is OK?
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{!! Proof-of-Work !!}

The idea is counterintuitive and involves a combination of two
ideas:\bigskip

\begin{bubble}[10cm]
\addtolength{\leftmargini}{5mm}
\begin{itemize}

\item to (artificially) make it computationally costly for
      network users to validate transactions, and

\item to reward them for trying to help validate transactions
\end{itemize}
\end{bubble}\pause\bigskip

\small
this is called mining: whoever validates a transaction will be awarded with
50 bitcoins --- this halves every 210,000 transactions or
roughly every 4 years (currently 25 BC); no new bitcoins after 2140 -- then only 
transaction fees
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Solving Puzzles}

Given a string, say \code{"Hello, world!"}, what is the 
\alert{salt} so the hash starts with a long run of 
zeros?\bigskip

\begin{bubble}[10cm]
\begin{tabular}{l}
\footnotesize\code{h("Hello, world!0") =}\\
\;\;\scriptsize\code{1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64}\\
\pause
\footnotesize\code{h("Hello, world!1") =}\\ 
\;\;\scriptsize\code{e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8}\\
\pause
\ldots\\
\footnotesize\code{h("Hello, world!4250") =}\\ 
\;\;\scriptsize\code{0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9}
\end{tabular}
\end{bubble}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Hardness}

If we want the output hash value to begin with 10 zeroes,
say, then we will need, on average, to try $16^{10} \approx
10^{12}$ different salts before we find a suitable nonce. 

Hardness can be controlled by setting a \alert{target} (maximum
number).

\begin{center}
\includegraphics[scale=0.37]{../pics/blockchainsolving.png}
\end{center}

\begin{textblock}{7}(7,10)
10 mins
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Order of Transactions}

If we don’t have such an ordering at any given moment 
then it may not be clear who owns which infocoins.

\begin{center}
\includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png}
\end{center}

\small
Say, miner David is lucky and finds a suitable salt
to confirm the transactions. Celebration!\pause \hspace{5mm}??

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Forks}

Typically the blockchain will look as follows

\begin{center}
\includegraphics[scale=0.65]{../pics/block_chain1.png}
\end{center}

\pause
But every so often there is a fork

\begin{center}
\includegraphics[scale=0.65]{../pics/block_chain_fork.png}
\end{center}

\small
\ldots{}bugger this is exactly what we are trying to avoid
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]

The tie is broken if another block is solved

\begin{center}
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_branches.png}
\end{center}

\small
The rule is: if a fork occurs, people on the network keep
track of all forks. But at any given time, miners only work
to extend whichever fork is longest in their copy of the block
chain.

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Double Spending Again}

So if Alice wants to fake it, she needs to produce
a longer chain:

\begin{center}
\includegraphics[scale=0.4]{../pics/bitcoin_blockchain_double_spend.png}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Racing Against the World}

\begin{columns}
\begin{column}{4.5cm}
\includegraphics[scale=0.3]{../pics/bitcoin_doublespend_blockchain_race.png}
\end{column}
\begin{column}{5.5cm}
\includegraphics[scale=0.3]{../pics/bitcoin_transaction_order_race.png}
\end{column}
\end{columns}\bigskip\bigskip\pause

\small
A transaction is ``confirmed'' if:\smallskip

(1) it is part of a block in the longest fork, and (2) at
least 5 blocks follow it in the longest fork. In this case we
say that the transaction has ``6 confirmations''.\bigskip

\footnotesize (might take 1h+\ldots but for creditcards you have 
6 months chargeback)
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Mining Pools}

\begin{bubble}[10cm]
On average, it would take several years for a typical computer
to solve a block, so an individual’s chance of ever solving
one before the rest of the network, which typically takes 10
minutes, is negligibly low.
\end{bubble}\bigskip\pause

\small
Many people join groups called mining pools that collectively
work to solve blocks, and distribute rewards based on work
contributed. These act somewhat like lottery pools among
co-workers, except that some of these pools are quite large,
and comprise more than 20\% of all the computers in the
network.\medskip

\footnotesize
BTC, the largest mining pool, has limited its members to 
not solve more than 6 blocks in a row.

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Bitcoins for Real}

\begin{itemize}
\item you need a public-private key (the hash of the 
public key to determines your bitcoin address) 

\item if you want to receive bitcoins, you publicise 
this address

\item there are $2^{160}$ possibilities\\ 
(no check for duplicates)
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{A Transaction Msg}
\small
\lstinputlisting[language=Scala,
                 numbersep=3pt, 
                 xleftmargin=-6mm]{msg}

\DOWNarrow{2}{3.5}{1.6}
\LEFTarrow{3}{3.5}{3}
\LEFTarrow{4}{4.7}{4}
\LEFTarrow{4}{5.4}{4.8}
\LEFTarrow{5}{5.4}{5.6}
\LEFTarrow{6}{5}{6.4}
\DOWNarrow{7}{6}{8.2}
\LEFTarrow{8}{5}{9.7}
\DOWNarrow{9}{7}{9.7}
\DOWNarrow{9}{10}{9.7}
\LEFTarrow{10}{9}{12}
\DOWNarrow{11}{12.5}{12}


\begin{textblock}{0}(7,3)%
\small
\onslide<2,4,7,8,9,10,11,12>{
\begin{bubble}[6cm]%
\only<2>{the hash of the msg that follows; kind of serial number}
\only<4>{the transaction has one inout and one output (could be more)}
\only<7>{the hash of the incoming transaction (incoming serial number)}
\only<8>{use the 0th output of the incoming transaction}
\only<9>{the public key and signature of the sender}
\only<10>{use $x$ amount of the incoming money}
\only<11>{public key of the receiver}
\only<12>{you do not need a central authority to issue serial numbers\bigskip\\
there are no ``coins'', just a long series of transactions}
\end{bubble}}
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{A Block in the Blockchain}

\begin{center}
\includegraphics[scale=0.38]{../pics/bitcoin_unconfirmed.png}
\end{center}

\begin{itemize}
\item each block is hashed and contains a reference to
the earlier block
\item contains the ``salt'' and address of whoever solved the 
puzzle
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Transaction History}

you can follow back the transaction history until
you reach either

\begin{itemize}
\item the genesis block (a transaction without input of
50 bitcoins)
\item coinbase transaction (this is the reward of the
miner who validated a block of transactions in the blockchain)

\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Lost Bitcoins?}

\begin{itemize}
\item somebody needs to be able to generate a key-pair
  for the signature (for this you need the private 
  key)\bigskip

\item somebody spends your bitcoins fraudulently
  (you cannot charge them back)\ldots{} bad luck

\item you can send bitcoins to a ``non-existing'' address
  (Mt.~Gox)
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Good Points}

An attacker can't:

\begin{itemize}
\item reverse other people's transactions
\item change the number of coins generated per block
\item create coins out of thin air
\item send coins that never belonged to an attacker
\item you cannot meddle with the ``history''
\end{itemize}\bigskip

The system can be scaled to all world transactions. 

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{But I did not Inhale\ldots}

\begin{center}
\includegraphics[scale=0.4]{../pics/bitcointornetwork.png}
\end{center}

\only<1>{
ledger is public ``forever''; everybody can inspect
how money was transferred from which address to
which address; maybe not ideal for money laundering}
\only<2>{
You should use a new pp-pair for \alert{every} transaction;
but few do (merchants). A design flaw(?): combining transactions.}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Anonymity}
\small

``How anonymous is Bitcoin? Many people claim that Bitcoin can
be used anonymously. This claim has led to the formation of
marketplaces such as Silk Road (and various successors), which
specialize in illegal goods. However, the claim that Bitcoin
is anonymous is a \underline{myth}. The block chain is public,
meaning that it’s possible for anyone to see every Bitcoin
transaction ever. Although Bitcoin addresses aren’t
immediately associated to real-world identities, computer
scientists have done a great deal of work figuring out how to
de-anonymize `anonymous' social networks. The block chain is a
marvellous target for these techniques.''

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Bitcoin vs Gov}

Purported absence of potential government interference?
\pause 
Far from it:
  
\begin{itemize}
  \item government could compel ``mayor players'' to blacklist
     bitcoins (exchanges)
  \item coerce developer community (e.g.~Lavabit)
  \item put pressure on mining pools, or be big a miner 
  itself
\end{itemize} 

\begin{center}
\includegraphics[scale=0.04]{../pics/nsautah1.jpg}
\hspace{3mm}
\includegraphics[scale=0.031]{../pics/nsautah2.jpg}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Take Home Points}


\begin{itemize}
  \item Don't gamble! I am not a first mover in such things.
  \item Cool idea, but I am sure there will be a Bitcoin~2.0.
  \item It still depends on a lot of old-fashioned security 
  (e.g.~keeping private-keys secret)\bigskip

  \item Having now the knowledge how it works, go back
  and listen to what people/media make of it. 
\end{itemize} 

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 



\end{document}

%%% Local Variables:  
%%% mode: latex
%%% TeX-master: t
%%% End: