peer to peer affine commitment using bitcoin
play

Peer-to-peer Affine Commitment using Bitcoin Karl Crary and Michael - PowerPoint PPT Presentation

Mar 01, 2023 •470 likes •1.02k views

Peer-to-peer Affine Commitment using Bitcoin Karl Crary and Michael J. Sullivan Carnegie Mellon University PLDI 15, Portland June 17, 2015 Massively Multiplayer Online Linear Logic Karl Crary and Michael J. Sullivan Carnegie Mellon

  1. Peer-to-peer Affine Commitment using Bitcoin Karl Crary and Michael J. Sullivan Carnegie Mellon University PLDI ’15, Portland June 17, 2015

  2. Massively Multiplayer Online Linear Logic Karl Crary and Michael J. Sullivan Carnegie Mellon University PLDI ’15, Portland June 17, 2015

  3. Typecoin ◮ A general peer-to-peer commitment mechanism - using the language of linear logic ◮ Implemented on top of the Bitcoin network ◮ With applications for proof-carrying authorization

  4. Proof-carrying authorization ◮ Idea: represent authorization as logical propositions (Appel and Felten 1999)

  5. Proof-carrying authorization ◮ Idea: represent authorization as logical propositions (Appel and Felten 1999) ◮ ... in a logic with a notion of affirmation ◮ � K � A means “the principal K says A ”

  6. Proof-carrying authorization ◮ Alice wants to give access to a file, so affirms: ◮ � Alice � may-read ( Bob , file ) ◮ � Alice � may-read ( Charlie , file )

  7. Proof-carrying authorization ◮ Alice wants to give access to a file, so affirms: ◮ � Alice � may-read ( Bob , file ) ◮ � Alice � may-read ( Charlie , file ) � Alice � may-read ( Bob , file )

  8. Proof-carrying authorization ◮ Alice wants to give access to a file, so affirms: ◮ � Alice � may-read ( Bob , file ) ◮ � Alice � may-read ( Charlie , file ) � Alice � may-read ( Bob , file ) file contents

  9. Proof-carrying authorization - higher order use ◮ Much more flexible policies are possible: � Alice �∀ K . � Registrar � in-Alice’s-class ( K ) ⊃ may-read ( K , file )

  10. Proof-carrying authorization - higher order use ◮ Much more flexible policies are possible: � Alice �∀ K . � Registrar � in-Alice’s-class ( K ) ⊃ may-read ( K , file ) ◮ Then can derive: ∀ K . � Registrar � in-Alice’s-class ( K ) ⊃ � Alice � may-read ( K , file )

  11. Implementing proof-carrying authorization ◮ Straightforward to make work even in a decentralized/peer-to-peer system ◮ Proofs are self-contained ◮ Digital signatures used for affirmation

  12. Consumable credentials What if we want one time use authorization?

  13. Linear logic ◮ Garg et al. 2006; linear proof-carrying authorization ◮ Linear logic treats hypotheses as scarce resources that must be used once For logicians Linear logic allows exchange , but not weakening or contraction

  14. Linear logic ◮ Garg et al. 2006; linear proof-carrying authorization ◮ Linear logic treats hypotheses as scarce resources that must be used once ◮ Good for modeling state change: bread ⊗ ham ⊸ ham sandwich ∀ i . counter ( i ) ⊸ counter ( i + 1) For logicians Linear logic allows exchange , but not weakening or contraction

  15. Linear authorization � Alice � may-take ( Bob , MilkDuds )

  16. Linear authorization � Alice � may-take ( Bob , MilkDuds ) � Alice � may-take ( Bob , MilkDuds ) ◮ How to ensure that a resource isn’t used multiple times? ◮ Need a mechanism to irreversibly commit to a state change

  17. Bitcoin ◮ On a completely different note: consider designing a decentralized digital currency

  18. Bitcoin ◮ On a completely different note: consider designing a decentralized digital currency ◮ A coin is a chain of digital certificates ◮ A coin is spent by signing it over to somebody else 1’s pubkey 0’s signature

  19. Bitcoin ◮ On a completely different note: consider designing a decentralized digital currency ◮ A coin is a chain of digital certificates ◮ A coin is spent by signing it over to somebody else 1’s pubkey 2’s pubkey 0’s signature 1’s signature

  20. Bitcoin ◮ On a completely different note: consider designing a decentralized digital currency ◮ A coin is a chain of digital certificates ◮ A coin is spent by signing it over to somebody else 1’s pubkey 2’s pubkey 3’s pubkey 0’s signature 1’s signature 2’s signature

  21. Bitcoin - the catch 1’s pubkey 0’s signature ◮ But how do we prevent an owner from spending a coin multiple times?

  22. Bitcoin - the catch 2’s pubkey 1’s pubkey 1’s signature 0’s signature ◮ But how do we prevent an owner from spending a coin multiple times?

  23. Bitcoin - the catch 2’s pubkey 1’s pubkey 3’s pubkey 1’s signature 0’s signature 1’s signature ◮ But how do we prevent an owner from spending a coin multiple times?

  24. Bitcoin - the catch 2’s pubkey 1’s pubkey 3’s pubkey 1’s signature 0’s signature 1’s signature ◮ But how do we prevent an owner from spending a coin multiple times? ◮ Need a mechanism to irreversibly commit to a state change

  25. Bitcoin implementation ◮ Bitcoin (Nakamoto 2008) does this with a global ledger of all transactions - the “blockchain” ◮ Ledger maintained by distributed process called “mining”

  26. From Bitcoin to Typecoin 5 9 4

  27. From Bitcoin to Typecoin bread cook ham sandwich ham

  28. From Bitcoin to Typecoin - transactions a 1 b 1 I 1 O 1 . . . . . . I m a m O n b n ◮ a 1 + · · · + a m = b 1 + · · · + b n

  29. From Bitcoin to Typecoin - transactions A 1 B 1 I 1 O 1 . . . . . M . I m O n A m B n ◮ ⊢ M : ( A 1 ⊗ · · · ⊗ A m ) ⊸ ( B 1 ⊗ · · · ⊗ B n ) ◮ Carry linear logic 1 propositions instead of numbers 1 actually affine logic

  30. Authorization example

  31. Authorization example � Alice � may-take ( Bob , MilkDuds ) sign

  32. Authorization example � Alice � may-take ( Bob , MilkDuds ) ... sign � Alice � may-take ( Bob , MilkDuds )

  33. Authorization example � Alice � may-take ( Bob , MilkDuds ) ... sign � Alice � may-take ( Bob , MilkDuds )

  34. Authorization example � Alice �∀ K . may-take ( K , MilkDuds ) ... sign � Alice � may-take ( Bob , MilkDuds ) ◮ Quantification allows transferable permissions

  35. Authorization example � Alice �∀ K . may-take ( K , MilkDuds ) & may-take ( K , Hershey ′ s ) ... sign � Alice � may-take ( Bob , MilkDuds ) ◮ Quantification allows transferable permissions ◮ External choice (“with”) allows choice

  36. Declarations ◮ Where do may-take , MilkDuds , etc. come from?

  37. Declarations ◮ Where do may-take , MilkDuds , etc. come from? ◮ Transactions can declare types and propositions : principal → candy → prop may-take

  38. Building a new currency ◮ Can turn Typecoin back into a currency (S-coins) : nat → prop coin : ∀ N , M : nat . merge coin N ⊗ coin M ⊸ coin N + M : ∀ N , M , P : nat . split coin N + M ⊸ coin N ⊗ coin M

  39. Central banking ◮ Need some way to mint a new S-coin : nat → prop print : ∀ N :nat . � Janet � ( print N ) ⊸ coin N issue

  40. How to implement? ◮ We could build Typecoin in a standalone way ◮ Use adapted versions of the Bitcoin mining algorithms and protocol ◮ Could typecheck transactions before they enter the chain

  41. How to implement? ◮ How to incentivize people to mine on a Typecoin chain? ◮ Bitcoin already has a lot of mining power ◮ Typechecking transactions in the chain not an obvious win: proofs might be big or not public

  42. Overlaying on Bitcoin ◮ New plan: actually overlay on top of Bitcoin A 1 B 1 I 1 O 1 . . . . . M . I m O n A m B n

  43. Overlaying on Bitcoin ◮ New plan: actually overlay on top of Bitcoin   A 1 B 1 I 1 O 1 . . . . hash  . M .    I m O n A m B n a 1 b 1 I 1 O 1 . . . . . . a m I m O n b n ◮ Embed a hash in the metadata of the Bitcoin transaction ◮ Send the Typecoin transactions to interested parties

  44. Metadata in Bitcoin ◮ Bitcoin historically lacked a nice place to put metadata - on principle ◮ (Nodes would not forward transactions that used the straightforward methods) ◮ Paper describes a somewhat hacky workaround

  45. Metadata in Bitcoin ◮ Bitcoin historically lacked a nice place to put metadata - on principle ◮ (Nodes would not forward transactions that used the straightforward methods) ◮ Paper describes a somewhat hacky workaround ◮ But the Bitcoin developers have since caved

  46. Receipts ◮ Receipts that attest to outputs: receipt( A ։ addr ) � Alice � (receipt( coin (5) ։ Alice ) ⊸ ∀ K . may-take ( K , MilkDuds ))

  47. Expiration/revocation ◮ Conditional modality permits revocation and expiration: if(before(July 10)) , may-write ( Alice , POPL-paper ))

  48. Implementation ◮ Implemented in Standard ML ◮ With a new Bitcoin client, in SML

  49. Related Work ◮ Bowers et al. 2007; consumable credentials ◮ Rosenfeld 2013; colored coins ◮ Wood 2014; Ethereum

  50. Conclusion ◮ Typecoin is a flexible peer-to-peer logical commitment mechanism ◮ Based on generalizing Bitcoin to carry logical propositions ◮ Actually implemented on top of Bitcoin ◮ Details on the logic are in the paper

  51. Thank you!

  52. Why not linear? ◮ Typecoin sort of fundamentally affine - can always throw away an output ◮ Allowing rule declarations in signatures makes it trivial ◮ trash : ⊤ ⊸ 1

Recommend

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Pramod Viswanath Untraceable Bitcoin https://www.youtube.com/watch?v=k8LqlMzEe-I This is false. Blockchain sd93fjj2 Bitcoin Primer

284 views • 26 slides
Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System Paper review Bea Botyanszki The original bitcoin paper Published on The Cryptography Mailing list, in 2008 By Satoshi Nakamoto Identity unknown, but probably not a single person, but a

312 views • 9 slides
Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A

Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A

Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Bitcoin: A Peer-to-Peer Electronic Cash System By Dhruv Krishnan and Priya Holani Introduction Traditional Transaction Model Bob Bank Alice Problems with

910 views • 34 slides
Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti,

Anonymity in the Bitcoin Peer-to-Peer Network Shaileshh Bojja Venkatakrishnan, Giulia Fanti, Andrew Miller, Pramod Viswanath Why do People Use Cryptocurrencies? Technical Properties/ Currency Stability Investment Ideology Untraceable

692 views • 58 slides
Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking" Instructor: Dario Rossi

Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking" Instructor: Dario Rossi

Hakim Khalafi Fall 2013 Project Class: Peer -to-peer networking" Instructor: Dario Rossi Bitcoin becoming very popular! Most studies focus on either Bitcoin transaction graph (Harrigan et. al) Bitcoin mining weaknesses (Barber

404 views • 13 slides
A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital

A Technical Introduction to Bitcoin Niklas Fors, 2018-02-20 Bitcoin Decentralized digital currency Anyone can be part of the network Global distributed ledger called blockchain First Appearance Bitcoin: A Peer-to-Peer Electronic

4.02k views • 48 slides
Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol designed by Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf First Bitcoin client launched in 2009 Peer-to-peer no centralized

501 views • 31 slides
Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical

Peer-to-Peer Networks 09 Random Graphs for Peer-to-Peer-Networks Christian Ortolf Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networking Facts Hostile environment - Legal situation - Egoistic

882 views • 57 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
PEER UNIVERSITY COMPARISON All subcommittees were engaged in reviewing peer & exemplary

PEER UNIVERSITY COMPARISON All subcommittees were engaged in reviewing peer & exemplary

PEER UNIVERSITY COMPARISON All subcommittees were engaged in reviewing peer & exemplary universities in their areas CLIMATE ACTION COMMITMENT UPDATE PROCESS SPRING 2020 PURPOSE & FOCUS Review climate actions of peer and exemplary

343 views • 6 slides
A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi

A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi

IEEE Symposium on Security and Privacy ( IEEE S&P ) 2020 https://erebus-attack.comp.nus.edu.sg/ A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network Muoi Tran , Inho Choi, Gi Jun Moon, Anh V. Vu, Min Suk Kang May 2020

814 views • 18 slides
THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK

THE PEER-TO-PEER NETWORK JOHN NEWBERY @jfnewbery github.com/jnewbery THE PEER-TO-PEER NETWORK Introduction Types of nodes Message format Control messages Transaction propagation Block propagation THE PEER TO PEER

767 views • 38 slides
Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A

Blockchain 2.0 Opportunities and Risks Patrick Valduriez The Hype 2 Bitcoin Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto (pseudo), Oct. 31, 2008 (Halloween) Cryptocurrency and payment system Blockchain is the

551 views • 44 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan

On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan

On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients Arthur Gervais, Ghassan O. Karame, Damian Gruber, Srdjan apkun ETH Zurich, NEC Research ACSAC 2014 Bitcoin Bitcoin Peer-to-peer decentralized currency

1.06k views • 74 slides
SMART CITIES Conference What is Bitcoin and how does it work? Matej Petkovi Abelium

SMART CITIES Conference What is Bitcoin and how does it work? Matej Petkovi Abelium

SMART CITIES Conference What is Bitcoin and how does it work? Matej Petkovi Abelium Introduction Bitcoin is a cryptocurrency Advantages: Aanonymity No provisions Peer-to-peer system Disadvantages: High volatility

233 views • 11 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction

NSYNC Network Synchronization for Low-latency Peer-to-Peer Streaming Overlay Construction Shudong Jin Case Western Reserve University NEONet Workshop, March 1, 2006 Peer-to-Peer Streaming Peer-to-peer systems versus client/server systems

292 views • 15 slides
THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In

THE POLITICS OF BLOCKCHAIN From Primus Inter Pares to Peer-to-Peer HOW BLOCKCHAIN WORKS In peer-to-peer networks, all the operations Peer-to-peer networks Proof-of-work equally rely on each node in the system. Digital signature Registry

328 views • 18 slides
Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin?

Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin?

Bitcoin Blockchain: Fast and Secure Transactions Presenter: Dae Kwang Lee Adviser: Matthew Anderson What is Bitcoin? B C Decentralized peer-to-peer electronic payment system A Each node stores a copy of the public transaction history

263 views • 15 slides
Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford

Economics of Peer-to-Peer Markets Jonathan Levin Stanford University Lear Conference July 25, 2015 1 Internet Marketplaces 2 On-Demand Services 3 Introduction Peer-to-peer

1.02k views • 25 slides
BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS

BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS

BITCOIN: THE INTERNET OF MONEY CAMERON WINKLEVOSS @WINKLEVOSS TYLER WINKLEVOSS @TYLERWINKLEVOSS WHAT IS BITCOIN? Math- based asset Decentralized cryptocurrency Peer- to-peer network Internet of money WHO CREATED BITCOIN? PHILOSOPHY

523 views • 25 slides
Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a

Introduction Peer-to-Peer Computing Peer-to-Peer (P2P) employ distributed resources to perform function in a decentralized manner Resource can be: computing, storage, bandwidth Function can be: computing, data sharing, D.

625 views • 6 slides
5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a

5th Grade Peer Ambassadors Parkway Elementary What is a Peer Ambassador? A Peer Ambassador is a good role model! She or he proudly represents the 6 pillars of character: Trustworthiness, Respect, Responsibility, Fairness, Caring, Citizenship A

258 views • 7 slides

More recommend