Demystifying the Blockchain Hype

Transcript

1. Demystifying the Blockchain Hype Blockchain Meetup Willow Tree Apps 25

   October 2016 David Evans University of Virginia www.cs.virginia.edu/evans bitcoin-class.org

2. 1 Blockchain Hype!

3. 2 Google Trends Renminbi Bitcoin Dec 2013

4. 3 Bitcoin “Hype” Bitcoin Market Price (US$)

5. Plan Tutorial Introduction to Bitcoin Hype vs. Reality in Bitcoin

   Today Promise of Future Blockchains 4

6. What is money? 5

7. 6 For thousands of years, philosophers, thinkers and prophets have

   besmirched money and called it the root of all evil. Be that as it may, money is also the apogee of human tolerance. Money is more open- minded than language, state laws, cultural codes , religious beliefs and social habits. Money is the only trust system created by humans that can bridge almost any cultural gap, and that does not discriminate on the basis of religion, gender, race, age or sexual orientation. Thanks to money, even people who don’t know each other and don’t trust each other can nevertheless cooperate effectively.

8. Paradox of Money 7 Money works because people trust it.

   People trust money because it works. Need a starting point: where does that trust begin.

9. Fiat Currency 8

10. 9 With a strong enough army, anything can be a

    fiat currency

11. Can bits be a currency? 10

12. Owning and Transferring a Coin 11 Alice: “I, Alice, give

    coin x to Bob.” Only Alice should be able to say this (if she owns coin x). Everyone should be able to trust it is valid. Bob should now own coin x.

13. Asymmetry Required Need a function f that is: Easy to

    compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 12

14. Using Asymmetric Crypto: Signatures 13 E D Verified Message Signed

    Message Message Insecure Channel KUB KRB Bob Generates key pair: KUB , KRB Publishes KUB Anyone Get KUB from trusted provider

15. Transferring a Coin 14 Alice signs m1 = “I, Alice

    (KUA ), give coin x, t to Bob (KUB ).” with her private signing key, KRA . How does Bob transfer x to Colleen (KUC )?

16. Transferring a Coin 15 Bob signs m2 = “I give

    coin x, given to me by m1 to Colleen (KUC ).” with KRB . Alice signs m1 = “I, Alice (KUA ), give coin x to Bob (KUB ).” with her private signing key, KRA .

17. Transferring a Coin 16 Bob signs m2 = “I give

    coin x, given to me by m1 to Colleen (KUC ).” with KRB . Alice signs m1 = “I, Alice (KUA ), give coin x to Bob (KUB ).” with her private signing key, KRA . Colleen signs m3 = “I give coin x, given to me by m2 to Dave (KUD ).” with KRC . This does not solve: how to create x how to prevent double spending ...

18. Centralized Digital Currency 17 Trusted Bank Account No. Owner’s Identify

    Value 3022493 Alice 2033.23 3022494 Bob 85733.03 3022495 Colleen 24331.77 3022496 Dave 0.01

19. 18 Communications of the ACM October 1985

20. 19 Communications of the ACM October 1985

21. First Wave Cryptocurrency 20 David Chaum

22. First Wave Cryptocurrency 21 David Chaum Bankrupt, 1998

23. Decentralized Currency Currency without Trust 22

24. Double Spending Challenge 23 M = transfer X to Bob

    SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob

25. Double Spending Challenge 24 M = transfer X to Bob

    SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb

26. 25 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc

27. 26 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc

28. 27 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc Node E Node D

29. Satoshi’s Solution 28

30. Blockchain 29 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2)

    Nonce Transactions Distributed ledger maintained by network of untrusted nodes Blocks added require proof-of-work Node’s agree to consensus: longest (most difficult) chain Incentives designed to encourage network nodes to: Validate and record transactions Spend effort on extending consensus chain

31. 30 Bitcoin Transaction Input 1: v1 , a1 Input 2:

    v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction)

32. Bitcoin Script 31 OP_DATA <public key> OP_CHECKSIG Locking Script OP_DATA

    <signature> Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script If Bitcoin Address were just public key Spender provides unlocking script, transaction is valid if stack ends with 1 on top

33. Bitcoin Script 32 OP_DUP OP_HASH160 OP_DATA <bitcoin address> OP_EQUALVERIFY OP_CHECKSIG

    Locking Script OP_DATA <signature> OP_DATA <public key> Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script Bitcoin Address = H(public key)

34. OP_RETURN (until July 2010) 33 https://github.com/bitcoin/bitcoin/blob/v0.1.5/script.cpp#L170 Universal Unlocking Script! OP_DATA

    1 OP_RETURN

35. 34 Example Transaction Fees are optional…

36. 35 Mt. Gox proof-of-assets transaction

37. 36 Exhibit B

38. 37 Bitcoin Transaction Input 1: v1 , a1 Input 2:

    v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction) How is new bitcoin created?

39. 38 Coinbase Transaction Output 1: x1 , d1 Output 2:

    x2 , d2 … sum(output values) ≤ sum(transaction fees) + mining reward mining reward = 50 BTC 2floor(block number / 210,000)

40. 39

41. Bitcoin’s Proof-of-Work 40 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions

    H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r || x)) < T/d r = header includes H(previous block) root of Merkle tree of transactions

42. 41 expected hashes ～ 1021 “number of grains of sand

    on earth”

43. Actual Bitcoin Block 42 https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers

44. Mining 43

45. (General-Purpose) Computers are Useless 44

46. 45 XOR two 32-bit values in CPU XOR two 32-bit

    values in ASIC 4 transistors XOR design

47. 46 https://en.bitcoin.it/wiki/Mining_hardware_comparison

48. 47

49. 48 AntMiner S9: 12 TH/s AntMiner S5+ [Oct 2015]: 7

    TH/s, 3436W

50. 49 Fire at mining facility in Thailand, 14 Oct 2014

    Photo credit: www.thairath.co.th

51. 50

52. 51

53. 52

54. 53 Entire bitcoin network: 1/10-1/5th Lake Anna Power Station

55. Reality Check 54 Bitcoin “Market Capitalization” = Number of Bitcoins

    ✕ Market Price = 15,940,740 ✕ $651.40 = $10.3B Daily transactions: ～$200M

56. How long does it take Apple to make $200M? 55

57. 56 Apple’s revenue ～$500M/day > 2x all bitcoin transactions Apple’s

    cash holdings ～$250B > 20x value of all Bitcoin

58. Scale Today 57 Block Size = 1MB Typical transaction size

    ～ 500 Bytes Maximum of ～2000 transactions per block / 10 minutes So, about 3-4 transactions per second

59. Block Size = 1MB Typical transaction size ～ 500 Bytes

    Maximum of ～2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 58 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ～ $8000 ～ $800/minute ～ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day =

60. Block Size = 1MB Typical transaction size ～ 500 Bytes

    Maximum of ～2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 59 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ～ $8000 ～ $800/minute ～ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day = Transactions per Day VISA: 300M Interbank: 100M

61. Block Size = 1MB Typical transaction size ～ 500 Bytes

    Maximum of ～2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 60 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ～ $8000 ～ $800/minute ～ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day = Transactions per Day VISA: 300M Interbank: 100M Cash: 20B?

62. Promise of Blockchains 61 Medical Records Global, decentralized, ledger that:

    everyone agrees on no one controls anyone can write into no one can erase

63. David Evans [email protected] www.cs.virginia.edu/evans bitcoin-class.org