An Overview of Blockchain Technologies and Uses (Day 2) Andy Dolan - PowerPoint PPT Presentation

An Overview of Blockchain Technologies and Uses (Day 2) Andy Dolan • Computer Science Department • Colorado State University

Last Time we Covered ● An Introduction to Bitcoin ● The Core Features: What is a Blockchain? ● Distributed Consensus Image: Jay’s Brick Blog

Outline ● Identity in blockchain and anonymization ● Smart contracts ● Attacks against blockchain ● Interesting (non-cryptocurrency) blockchain use cases Image: Jay’s Brick Blog

Identity in Blockchain How do we manage who’s who?

Identity in Public Blockchain ● Public key, associated private key ○ If you have the private key, you have the associated transactions ● Beyond that, what identity exists? ○ Do you register for a Bitcoin account? ○ Where might your information be revealed?

Is Blockchain Anonymous? ● Cryptocurrencies can be traced back through the ledger ● At some point, there is an exchange to a product/service/currency ○ These might require some identity information ● Is this a privacy risk? ○ Or is this an advantage? ● Either way, users will want to make their tokens anonymous

Token Tumbling ● Also called mixing, blending, cleaning ● Third-party services that will “clean” your “tainted” tokens for you ● Put your tokens in a tumbler/mixer ○ This is still just a transaction ○ Is there a risk in doing this? ● Get some other tokens out that aren’t linked to you ● Only misdirection, not true “cleaning”

Other Anonymization Efforts ● Use of zero-knowledge proofs to verify transactions ● Built into the protocol of the particular chain ● Can end up being somewhat similar to mixing ○ Exchanging “real” coins for others ● Other implementations involve burning old coins and then minting new ones ○ Zcoin

Burning Tokens ● Some systems use the concept of “destroying” tokens ● Often dubbed “sending to an impossible/unspendable address” ● Control of currency supply ● Proof of burn ● Is there a risk here? ○ Is the address really unspendable?

Permissioned Blockchain ● Stronger concept of identity ○ Use of PKI ● Only certain participants can join ● Stronger trust model? ● Advantages, disadvantages ● Use cases ○ Supply chain in a particular market ○ Record keeping between key stakeholders ○ Public read-only, permissioned writes

Questions/Comments?

Introduction to Smart Contracts Automated trust, or millions of costly bugs?

Smart Contracts ● Distributed pieces of code associated with blockchain transactions ● Executions that define how a transaction is carried out ● “Smart” because the contract is automatically enforced by the system ● Usually simple, sometimes complex ● Now present in most blockchain implementations

A Simple Implementation: Bitcoin ● Every Bitcoin transaction has a script ○ Written in Script ● Super, super simple ● List of instructions for how the next person wanting to spend coins can gain access to them ○ If the script returns TRUE, you have access to the funds ● Can be just about anything

Typical Bitcoin Script ● Requires two things: ● Public key that hashes to destination address of transaction ○ The recipient of coins ● Signature to prove ownership of the private key corresponding to the public key ○ The recipient provides this ○ Only the owner of the right private key can get the coins

More Unique Bitcoin Scripts ● Freezing funds until a future date ● Creating a mini proof-of-work puzzle that anyone can solve ● Incentivized finding of SHA1 hash collisions ○ Created in 2013, donation based ○ Solved, reward claimed in February 2017 shortly after SHA1 was broken ○ A little over 2 bitcoin claimed

Ethereum and Smart Contracts ● Arguably the biggest smart contract platform ● Turing-complete smart contract language: Solidity ● Opens up lots of different possibilities for ○ Applications ○ Tokens (and how they operate) ● More complexity can be problematic

Where Smart Contracts go Wrong ● What problems can slip through with a more complex smart contract? ● The DAO attack ○ A bug in the code with huge consequences: hard fork ○ Creation of Ethereum Classic ● Updating a deployed contract can be… complicated

Questions/Comments?

Security Aspects of Blockchain Attacks against blockchain technologies

Additional Reading

Attacking Consensus ● Majority attacks ○ Proof of Work ○ Proof of Stake ● Compromised centralized “leader” in PBFT ● Consensus delays ● Selfish mining ○ Similar to majority attack ○ Try to trick the network by maintaining a parallel chain

Attacking the Network ● Traditional network attacks to mislead or disable nodes ● DDoS, DNS attacks, routing attacks ● Spam transactions, slow/limited propagation ● Limit availability

Questions/Comments?

Other Use Cases Less cryptocurrency-centric applications of blockchain

Supply Chain ● A ledger of how supply changes ownership throughout its lifecycle ● BeefChain ● Lettuce from Walmart ● What issues are solved by blockchain? ● How does this model differ from cryptocurrencies?

Blockchain for IoT ● Improving security of IoT devices with a blockchain platform ● IoT device identity ● IoT device and service permissions ● Storage on an immutable ledger

IoT for Blockchain ● IoTa: Ledger technologies built for IoT ● Attempting to make blockchain more efficient to be able to run on IoT devices at scale ● Consensus algorithms optimized for hardware ● Network architecture to accommodate for IoT capabilities

Storage?? ● Again, this is really just a database ● However, it’s append only ● What about use cases that require a lot of record changes? ● Does it scale? ○ Bitcoin: about 200 GB total ○ Ethereum: about 200 GB total

Voting, Elections

Other Questions?

Conclusion ● Blockchain is cool ● But needs to be used carefully ● Design is critical ● It really isn’t the answer for most problems

Thank you