cryptocurrencies
play

Cryptocurrencies Outline and Distributed Electronic payments - PowerPoint PPT Presentation

Cryptocurrencies and Distributed Consensus May 2019 Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions Secure execution: contracts PROF. DR. IR. BART PRENEEL COSIC KU LEUVEN, BELGIUM AND IMEC


  1. Cryptocurrencies and Distributed Consensus May 2019 Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions Secure execution: contracts PROF. DR. IR. BART PRENEEL COSIC KU LEUVEN, BELGIUM AND IMEC Adding privacy FIRSTNAME.LASTNAME@ESAT.KULEUVEN.BE Permissioned systems 9 MAY 2019 Do I need a blockchain? 1 2 Currencies = maintaining memory Payment instructions and currencies Payment Instruments: mechanism of how we transfer value ◦ cash ◦ letters of credit ◦ cheques ◦ bank transfer ◦ debit card Each payment instrument has a cost ◦ actual monetary cost ◦ handling cost Instruments have different security properties ◦ integrity/authenticity ◦ privacy: compare cash to bank or credit card payments Cuneiform, Sumeria, ca 2600 BC Susa, Iran, ca 3300 BC Slide inspired by George Danezis Slide credit: George Danezis 4 3 1

  2. Cryptocurrencies and Distributed Consensus May 2019 € /£ / $ Counterfeiting 1000000 3.5 billion £ notes in Cash > 22 billion € notes in circulation with value of 800000 circulation with value of £ 70 billion € 1.2 trillion 600000 bearer instrument 2016: fraudulent: 2018: fraudulent: 563,000 or 400000 347,000 or 1 in 10,000 off-line payments 1 in 39,000 200000 new 5/10/20 £ bill in new 5/10/20/50/100+200 € bill in ‘16/’17/’20 0 low and medium value May’13/Sep’14/Nov’15/Apr’17/May’19 # counterfeit Euro privacy, coins not traceable 2002 to 2018 notes 1995: $ 15.5 million (1% digitally produced) widely accepted 2005: $ 61 million (45% digitally produced) 2015: $ 147 million (61% digitally produced) bank: risk of forgery, cost of transport Fraudulent: 1 to 2 in 10,000 user: theft and loss, change, physical presence $1.2 trillion genuine in 2015 government: money laundering redesign: 1928, 1990, 1996-2003, 2003-2013 1999 to 2011 6 5 Common features e.g. $/ € Payment by instruction Financial Institutions pattern detected by scanners and (clearing and settlement) copiers Issuer Acquirer Communicate Authorization through account on-line/off-line Payment instruction (credit card slip, cheque) Merchant Customer 8 7 2

  3. Cryptocurrencies and Distributed Consensus May 2019 Payment by instruction Electronic cash [David Chaum] Convenient Financial Institutions Reduced risk (clearing and settlement) Identify users: manual signatures, magstripe cards, smart cards Issuer Acquirer Traceable Withdrawal Deposit or load on-line/off-line Verification expensive: ◦ credit/debit card: on-line, tamper resistant modules ◦ check: off-line, delay, processing cost Payment (cash transfer) Merchant Customer 9 10 Early examples: Electronic cash MojoNation (2000-2002) and BitTorrent 1990-1998 Convenient, no physical presence MojoNation Reduced risk ◦ Peer-to-peer file storage service paid with “Mojo” Cost effective for low value ◦ Employed Bram Cohen (BitTorrent) and Zooko ◦ Collapsed under hyperinflation Untraceable and unlinkable More expensive than traceable systems, new technology BitTorrent Verification inexpensive: ◦ Simplification of MojoNation ◦ on-line: no tamper resistant modules ◦ One can think of BitTorrent's tit-for-tat incentives as being time‐limited , ◦ off-line: reduced risk, doublespending file‐specific , and non‐transferrable bilateral accounting E-cash is not a new currency: real money (value) sits in the bank ◦ No need for “full” currency Slide credit: George Danezis 12 11 3

  4. Cryptocurrencies and Distributed Consensus May 2019 Early examples (2): e-gold (1996-2008) Bitcoin (2008): Satoshi Nakamoto 1 million user accounts by 2002 Everyone can produce money No central bank centralized ledger of transactions currency backed by real commodity, gold Everyone can verify transactions network of international e-gold resellers Becomes a crime magnet: difficult to identify customers yet easy to transfer internationally ◦ US Patriot Act (2001) requires money transmitters to be regulated ◦ In 2008 directors face charges of money laundering and operating without a license. They are found X guilty and get away with fines, and suspended sentence. Asserts liquidated: $90M in gold (more than the central banks of bottom 1/3 countries) ◦ California (2010) and other states: all digital value transfer systems are money transmitters Risk of centralized system out of control Slide credit: George Danezis 13 14 Hash functions (1975): one-way What is Bitcoin? (2008) easy to compute but hard to invert E‐currency with distributed generation and verification of money X RIPEMD-160 SHA-256 Transactions ◦ irreversible SHA-512 This is an input to a crypto- ◦ inexpensive SHA-3 graphic hash function. The ◦ over anonymous peer-to-peer network input is a very long string, that is reduced by the hash ◦ broadcast within seconds and verified within 10 to 60 minutes by inclusion in hash chain function to a string of fixed f ◦ double spending prevention using a public decentralized ledger (chaining mechanism) length. There are additional 1A3FD4128A198FB3CA345932 security conditions: it should Pseudonymous be very hard to find an input hashing to a given value (a ◦ Money is linked to public key – can generate arbitrary key pairs and move money around preimage) or to find two ◦ But in many cases identification is possible colliding inputs (a collision). https://www.youtube.com/watch?v=t5JGQXCTe3c 16 15 4

  5. Cryptocurrencies and Distributed Consensus May 2019 Digital signatures (1975): “equivalent” to manual signature Merkle tree (1979) Using a hash function f to authenticate a set of Donald agrees to Public key messages through a pay to Hillary 100 x 12 logarithmic number of values Bitcoins on Feb. x 5678 22 2017 Private key Applications: digital signatures, revocation… root 17 18 Timestamping: Surety Technologies (  1994) Timestamping (1990) http://www.surety.com/ Collect documents and hash them with a Merkle tree Chain these trees together with a hash chain Publish intermediate values on a regular basis hash https://www.belspo.be/belspo/organisation/Publ/pub_ostc/NO/rNOb007_en.pdf f f f chain Belgian TIMESEC project (1996-1998) 0 t1 t2 t3 Estonia: Cybernetica 20 19 5

  6. Cryptocurrencies and Distributed Consensus May 2019 Byzantine generals problem Paying with Bitcoin (can deal with at most 1/3 traitors if permissioned) Hillary Donald Block chain naam bedrag 1BxgB4tjcoDnz1LC7bRqyybbE8YNigUQn5 70,00 19EULTY5DMyvDM6krKtcuvcUoHT4T3QmQL 80,02 5,00 1CMMwinpNduzooWeJ4sK9u7Lkp4YAyK2Lw 16PVjaawyWqWnzyttJTAyv7hTcPNmRnVzY 2,50 +1,00 16LNAxwBQupD7yDC8RUSRhyb62BFAZtgae 0,17 12tQUEb8zzdQSXkgt1553z7zS6Fm1cMQZB 10,00 -1,00 2,30 16VTrwYYCLUNgzB8Xs8fYtWWxHR4wdyHm5 21 22 Paying with Bitcoin Paying with Bitcoin Hillary Public key Donald Donald agrees to Block chain pay to Hillary 12tQUEb8zzdQSXkgt15 53z7zS6Fm1cMQZB naam bedrag 1 Bitcoin. 1BxgB4tjcoDnz1LC7bRqyybbE8YNigUQn5 70,00 March 15, 2018 19EULTY5DMyvDM6krKtcuvcUoHT4T3QmQL 80,02 Private 5,00 1CMMwinpNduzooWeJ4sK9u7Lkp4YAyK2Lw key 16PVjaawyWqWnzyttJTAyv7hTcPNmRnVzY 3,50 16LNAxwBQupD7yDC8RUSRhyb62BFAZtgae 0,17 12tQUEb8zzdQSXkgt1553z7zS6Fm1cMQZB 9,00 2,30 16VTrwYYCLUNgzB8Xs8fYtWWxHR4wdyHm5 23 24 6

  7. Cryptocurrencies and Distributed Consensus May 2019 Paying with Bitcoin Managing the blockchain Anyone can verify a digital signature Miners all over the world follow up all the Anyone can verify whether the “account” of Donald contains enough money transactions But due to communication errors or fraud there are multiple versions 25 26 Voting? Sybil attack Puzzles (a lottery) – [Dwork-Naor’92][Hashcash] 27 28 7

  8. Cryptocurrencies and Distributed Consensus May 2019 Why does Bitcoin have value? Market price in USD (market cap  105 B$) 1 Bitcoin  $6,000 2019-05-09 China + Korea ban Mount Gox The worth of a thing 2011 bubble Cyprus crisis is the price it will bring 29 30 Market price in USD (market cap  105 B$) How do I get Bitcoin? 1 Bitcoin  $6,000 2019-05-09 Coinbase has grown from 5.5M to ATM exchange mine at home 20+M clients since Jan. 2017 Yet another hack China + Korea ban Only in theory in 2019 31 32 8

  9. Cryptocurrencies and Distributed Consensus May 2019 Bitcoin Transaction: send money from one Block Chain: a public decentralized ledger public key (address) to another one Bitcoin transactions Transaction A Transaction C 50 BTC 8 BTC In Out Block 1 Block 2 Block 3 In Out 10 BTC Out 42 BTC Out 7 BTC In block chain Transaction B Out 6 BTC 10 BTC (216 In Out 15 BTC nonce2 nonce3 nonce1 f f f Gbyte) “small” “small” “small” 0 5 BTC In t1 t2 t3 Also include in every block timestamp and difficulty level of puzzle Slide credit: F. Vercauteren 33 34 Block #572932 Mining rewards first transaction in a block is a Total number of Bitcoins is limited to coinbase transaction: 21 million, each transfers reward + all divided in 8 decimal transaction fees to the miner places leading to 21×10 14 units Figure by Chris Pacia 35 36 9

  10. Cryptocurrencies and Distributed Consensus May 2019 Exa Peta Mining difficulty level Mining hash rate of Bitcoin network Tera Giga 50 EH/s = 50 ExaHash per second = 50 . 10 18 hash/second = 2 65.4 hash/second (2 82 hash/day) Target: mining 1 block should take roughly 10 minutes Mega mining computing power changes over time; update level every 2016 blocks Kilo 37 38 Miners revenue (per day): 10 M$ Mining has become industrial Slide credit: Joseph Bonneau 40 39 10

Recommend


More recommend