Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Demystifying the Blockchain Hype

40e37c08199ed4d3866ce6e1ff0be06d?s=47 David Evans
October 25, 2016

Demystifying the Blockchain Hype

Talk at #hashtagzero meetup
Willow Tree Apps, Charlottesville
25 October 2016

40e37c08199ed4d3866ce6e1ff0be06d?s=128

David Evans

October 25, 2016
Tweet

Transcript

  1. Demystifying the Blockchain Hype Blockchain Meetup Willow Tree Apps 25

    October 2016 David Evans University of Virginia www.cs.virginia.edu/evans bitcoin-class.org
  2. 1 Blockchain Hype!

  3. 2 Google Trends Renminbi Bitcoin Dec 2013

  4. 3 Bitcoin “Hype” Bitcoin Market Price (US$)

  5. Plan Tutorial Introduction to Bitcoin Hype vs. Reality in Bitcoin

    Today Promise of Future Blockchains 4
  6. What is money? 5

  7. 6 For thousands of years, philosophers, thinkers and prophets have

    besmirched money and called it the root of all evil. Be that as it may, money is also the apogee of human tolerance. Money is more open- minded than language, state laws, cultural codes , religious beliefs and social habits. Money is the only trust system created by humans that can bridge almost any cultural gap, and that does not discriminate on the basis of religion, gender, race, age or sexual orientation. Thanks to money, even people who don’t know each other and don’t trust each other can nevertheless cooperate effectively.
  8. Paradox of Money 7 Money works because people trust it.

    People trust money because it works. Need a starting point: where does that trust begin.
  9. Fiat Currency 8

  10. 9 With a strong enough army, anything can be a

    fiat currency
  11. Can bits be a currency? 10

  12. Owning and Transferring a Coin 11 Alice: “I, Alice, give

    coin x to Bob.” Only Alice should be able to say this (if she owns coin x). Everyone should be able to trust it is valid. Bob should now own coin x.
  13. Asymmetry Required Need a function f that is: Easy to

    compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 12
  14. Using Asymmetric Crypto: Signatures 13 E D Verified Message Signed

    Message Message Insecure Channel KUB KRB Bob Generates key pair: KUB , KRB Publishes KUB Anyone Get KUB from trusted provider
  15. Transferring a Coin 14 Alice signs m1 = “I, Alice

    (KUA ), give coin x, t to Bob (KUB ).” with her private signing key, KRA . How does Bob transfer x to Colleen (KUC )?
  16. Transferring a Coin 15 Bob signs m2 = “I give

    coin x, given to me by m1 to Colleen (KUC ).” with KRB . Alice signs m1 = “I, Alice (KUA ), give coin x to Bob (KUB ).” with her private signing key, KRA .
  17. Transferring a Coin 16 Bob signs m2 = “I give

    coin x, given to me by m1 to Colleen (KUC ).” with KRB . Alice signs m1 = “I, Alice (KUA ), give coin x to Bob (KUB ).” with her private signing key, KRA . Colleen signs m3 = “I give coin x, given to me by m2 to Dave (KUD ).” with KRC . This does not solve: how to create x how to prevent double spending ...
  18. Centralized Digital Currency 17 Trusted Bank Account No. Owner’s Identify

    Value 3022493 Alice 2033.23 3022494 Bob 85733.03 3022495 Colleen 24331.77 3022496 Dave 0.01
  19. 18 Communications of the ACM October 1985

  20. 19 Communications of the ACM October 1985

  21. First Wave Cryptocurrency 20 David Chaum

  22. First Wave Cryptocurrency 21 David Chaum Bankrupt, 1998

  23. Decentralized Currency Currency without Trust 22

  24. Double Spending Challenge 23 M = transfer X to Bob

    SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob
  25. Double Spending Challenge 24 M = transfer X to Bob

    SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb
  26. 25 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc
  27. 26 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc
  28. 27 M = transfer X to Bob SignKRA [H(M)] Bob

    wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B txb txb M = transfer X to Coleen SignKRA [H(M)] txc Node E Node D
  29. Satoshi’s Solution 28

  30. Blockchain 29 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2)

    Nonce Transactions Distributed ledger maintained by network of untrusted nodes Blocks added require proof-of-work Node’s agree to consensus: longest (most difficult) chain Incentives designed to encourage network nodes to: Validate and record transactions Spend effort on extending consensus chain
  31. 30 Bitcoin Transaction Input 1: v1 , a1 Input 2:

    v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction)
  32. Bitcoin Script 31 OP_DATA <public key> OP_CHECKSIG Locking Script OP_DATA

    <signature> Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script If Bitcoin Address were just public key Spender provides unlocking script, transaction is valid if stack ends with 1 on top
  33. Bitcoin Script 32 OP_DUP OP_HASH160 OP_DATA <bitcoin address> OP_EQUALVERIFY OP_CHECKSIG

    Locking Script OP_DATA <signature> OP_DATA <public key> Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script Bitcoin Address = H(public key)
  34. OP_RETURN (until July 2010) 33 https://github.com/bitcoin/bitcoin/blob/v0.1.5/script.cpp#L170 Universal Unlocking Script! OP_DATA

    1 OP_RETURN
  35. 34 Example Transaction Fees are optional…

  36. 35 Mt. Gox proof-of-assets transaction

  37. 36 Exhibit B

  38. 37 Bitcoin Transaction Input 1: v1 , a1 Input 2:

    v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction) How is new bitcoin created?
  39. 38 Coinbase Transaction Output 1: x1 , d1 Output 2:

    x2 , d2 … sum(output values) ≤ sum(transaction fees) + mining reward mining reward = 50 BTC 2floor(block number / 210,000)
  40. 39

  41. Bitcoin’s Proof-of-Work 40 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions

    H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r || x)) < T/d r = header includes H(previous block) root of Merkle tree of transactions
  42. 41 expected hashes ~ 1021 “number of grains of sand

    on earth”
  43. Actual Bitcoin Block 42 https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers

  44. Mining 43

  45. (General-Purpose) Computers are Useless 44

  46. 45 XOR two 32-bit values in CPU XOR two 32-bit

    values in ASIC 4 transistors XOR design
  47. 46 https://en.bitcoin.it/wiki/Mining_hardware_comparison

  48. 47

  49. 48 AntMiner S9: 12 TH/s AntMiner S5+ [Oct 2015]: 7

    TH/s, 3436W
  50. 49 Fire at mining facility in Thailand, 14 Oct 2014

    Photo credit: www.thairath.co.th
  51. 50

  52. 51

  53. 52

  54. 53 Entire bitcoin network: 1/10-1/5th Lake Anna Power Station

  55. Reality Check 54 Bitcoin “Market Capitalization” = Number of Bitcoins

    ✕ Market Price = 15,940,740 ✕ $651.40 = $10.3B Daily transactions: ~$200M
  56. How long does it take Apple to make $200M? 55

  57. 56 Apple’s revenue ~$500M/day > 2x all bitcoin transactions Apple’s

    cash holdings ~$250B > 20x value of all Bitcoin
  58. Scale Today 57 Block Size = 1MB Typical transaction size

    ~ 500 Bytes Maximum of ~2000 transactions per block / 10 minutes So, about 3-4 transactions per second
  59. Block Size = 1MB Typical transaction size ~ 500 Bytes

    Maximum of ~2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 58 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ~ $8000 ~ $800/minute ~ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day =
  60. Block Size = 1MB Typical transaction size ~ 500 Bytes

    Maximum of ~2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 59 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ~ $8000 ~ $800/minute ~ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day = Transactions per Day VISA: 300M Interbank: 100M
  61. Block Size = 1MB Typical transaction size ~ 500 Bytes

    Maximum of ~2000 transactions per block / 10 minutes So, about 3-4 transactions per second Scale Today 60 Cost to control bitcoin (assuming other miners are “rational”): value per block-minute ~ $8000 ~ $800/minute ~ $1M/day to increase to $1B/day with current transaction rate: $3472 fee per transaction (without losing transactions) or 33 Billion transactions per day (with current $0.03 fee) $1B / day = Transactions per Day VISA: 300M Interbank: 100M Cash: 20B?
  62. Promise of Blockchains 61 Medical Records Global, decentralized, ledger that:

    everyone agrees on no one controls anyone can write into no one can erase
  63. David Evans evans@virginia.edu www.cs.virginia.edu/evans bitcoin-class.org