Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Demystifying the Blockchain Hype

David Evans
October 25, 2016

Demystifying the Blockchain Hype

Talk at #hashtagzero meetup
Willow Tree Apps, Charlottesville
25 October 2016

David Evans

October 25, 2016
Tweet

More Decks by David Evans

Other Decks in Technology

Transcript

  1. Demystifying the
    Blockchain Hype
    Blockchain Meetup
    Willow Tree Apps
    25 October 2016
    David Evans
    University of Virginia
    www.cs.virginia.edu/evans
    bitcoin-class.org

    View Slide

  2. 1
    Blockchain Hype!

    View Slide

  3. 2
    Google Trends
    Renminbi
    Bitcoin
    Dec 2013

    View Slide

  4. 3
    Bitcoin “Hype”
    Bitcoin
    Market
    Price (US$)

    View Slide

  5. Plan
    Tutorial Introduction to Bitcoin
    Hype vs. Reality in Bitcoin Today
    Promise of Future Blockchains
    4

    View Slide

  6. What is money?
    5

    View Slide

  7. 6
    For thousands of years, philosophers, thinkers and
    prophets have besmirched money and called it the
    root of all evil. Be that as it may, money is also the
    apogee of human tolerance. Money is more open-
    minded than language, state laws, cultural codes ,
    religious beliefs and social habits. Money is the only
    trust system created by humans that can bridge
    almost any cultural gap, and that does not
    discriminate on the basis of religion, gender, race,
    age or sexual orientation. Thanks to money, even
    people who don’t know each other and don’t trust
    each other can nevertheless cooperate effectively.

    View Slide

  8. Paradox of Money
    7
    Money works because people trust it.
    People trust money because it works.
    Need a starting point: where does that trust begin.

    View Slide

  9. Fiat Currency
    8

    View Slide

  10. 9
    With a strong enough army,
    anything can be a fiat currency

    View Slide

  11. Can bits be a currency?
    10

    View Slide

  12. Owning and Transferring a Coin
    11
    Alice: “I, Alice, give coin x to Bob.”
    Only Alice should be able to say this (if she owns coin x).
    Everyone should be able to trust it is valid.
    Bob should now own coin x.

    View Slide

  13. Asymmetry Required
    Need a function f that is:
    Easy to compute:
    given x, easy to compute f (x)
    Hard to invert:
    given f (x), hard to compute x
    Has a trap-door:
    given f (x) and t,
    easy to compute x
    12

    View Slide

  14. Using Asymmetric Crypto: Signatures
    13
    E D
    Verified
    Message
    Signed Message
    Message
    Insecure Channel
    KUB
    KRB
    Bob
    Generates key pair: KUB
    , KRB
    Publishes KUB
    Anyone
    Get KUB
    from
    trusted provider

    View Slide

  15. Transferring a Coin
    14
    Alice signs
    m1
    = “I, Alice (KUA
    ), give coin x, t to Bob (KUB
    ).”
    with her private signing key, KRA
    .
    How does Bob transfer x to Colleen (KUC
    )?

    View Slide

  16. Transferring a Coin
    15
    Bob signs m2
    = “I give coin x, given to me by m1
    to Colleen (KUC
    ).”
    with KRB
    .
    Alice signs m1
    = “I, Alice (KUA
    ), give coin x to Bob (KUB
    ).” with
    her private signing key, KRA
    .

    View Slide

  17. Transferring a Coin
    16
    Bob signs m2
    = “I give coin x, given to me by m1
    to Colleen (KUC
    ).”
    with KRB
    .
    Alice signs m1
    = “I, Alice (KUA
    ), give coin x to Bob (KUB
    ).” with
    her private signing key, KRA
    .
    Colleen signs m3
    = “I give coin x, given to me by m2
    to Dave (KUD
    ).”
    with KRC
    .
    This does not solve:
    how to create x
    how to prevent double spending
    ...

    View Slide

  18. Centralized Digital Currency
    17
    Trusted Bank
    Account No. Owner’s Identify Value
    3022493 Alice 2033.23
    3022494 Bob 85733.03
    3022495 Colleen 24331.77
    3022496 Dave 0.01

    View Slide

  19. 18
    Communications of the ACM
    October 1985

    View Slide

  20. 19
    Communications of the ACM
    October 1985

    View Slide

  21. First Wave Cryptocurrency
    20
    David Chaum

    View Slide

  22. First Wave Cryptocurrency
    21
    David Chaum
    Bankrupt, 1998

    View Slide

  23. Decentralized Currency
    Currency without Trust
    22

    View Slide

  24. Double Spending Challenge
    23
    M = transfer X to Bob SignKRA
    [H(M)]
    Bob wants to verify:
    1. Alice owns X
    2. Alice hasn’t transferred X
    3. The coin will be valuable for Bob

    View Slide

  25. Double Spending Challenge
    24
    M = transfer X to Bob SignKRA
    [H(M)]
    Bob wants to verify:
    1. Alice owns X
    2. Alice hasn’t transferred X
    3. The coin will be valuable for Bob
    Node C
    Node A Node B
    txb
    txb

    View Slide

  26. 25
    M = transfer X to Bob SignKRA
    [H(M)]
    Bob wants to verify:
    1. Alice owns X
    2. Alice hasn’t transferred X
    3. The coin will be valuable for Bob
    Node C
    Node A Node B
    txb
    txb
    M = transfer X to Coleen SignKRA
    [H(M)]
    txc

    View Slide

  27. 26
    M = transfer X to Bob SignKRA
    [H(M)]
    Bob wants to verify:
    1. Alice owns X
    2. Alice hasn’t transferred X
    3. The coin will be valuable for Bob
    Node C
    Node A Node B
    txb
    txb
    M = transfer X to Coleen SignKRA
    [H(M)]
    txc

    View Slide

  28. 27
    M = transfer X to Bob SignKRA
    [H(M)]
    Bob wants to verify:
    1. Alice owns X
    2. Alice hasn’t transferred X
    3. The coin will be valuable for Bob
    Node C
    Node A Node B
    txb
    txb
    M = transfer X to Coleen SignKRA
    [H(M)]
    txc
    Node E
    Node D

    View Slide

  29. Satoshi’s
    Solution
    28

    View Slide

  30. Blockchain
    29
    B0
    H(B0) Nonce
    Transactions
    H(B1) Nonce
    Transactions
    H(B2) Nonce
    Transactions
    Distributed ledger maintained by network of untrusted nodes
    Blocks added require proof-of-work
    Node’s agree to consensus: longest (most difficult) chain
    Incentives designed to encourage network nodes to:
    Validate and record transactions
    Spend effort on extending consensus chain

    View Slide

  31. 30
    Bitcoin
    Transaction
    Input 1: v1
    , a1
    Input 2: v2
    , a2

    Output 1: x1
    , d1
    Output 2: x2
    , d2

    transaction fees = sum(input values) – sum(output values)
    (must be non-negative for valid transaction)

    View Slide

  32. Bitcoin Script
    31
    OP_DATA
    OP_CHECKSIG
    Locking Script
    OP_DATA
    Unlocking Script
    Transaction
    a0b6ea…..
    Input 1:
    v1
    , a1
    Output 1:
    x1
    , d1
    Output 2:
    x2
    , d2

    Transaction
    d8730d…
    Locking Script
    Unlocking Script
    If Bitcoin Address were just public key
    Spender provides unlocking script,
    transaction is valid if stack ends with 1 on top

    View Slide

  33. Bitcoin Script
    32
    OP_DUP
    OP_HASH160
    OP_DATA
    OP_EQUALVERIFY
    OP_CHECKSIG
    Locking Script
    OP_DATA
    OP_DATA
    Unlocking Script
    Transaction
    a0b6ea…..
    Input 1:
    v1
    , a1
    Output 1:
    x1
    , d1
    Output 2:
    x2
    , d2

    Transaction
    d8730d…
    Locking Script
    Unlocking Script
    Bitcoin Address = H(public key)

    View Slide

  34. OP_RETURN (until July 2010)
    33
    https://github.com/bitcoin/bitcoin/blob/v0.1.5/script.cpp#L170
    Universal Unlocking Script!
    OP_DATA 1
    OP_RETURN

    View Slide

  35. 34
    Example Transaction
    Fees are optional…

    View Slide

  36. 35
    Mt. Gox proof-of-assets transaction

    View Slide

  37. 36
    Exhibit B

    View Slide

  38. 37
    Bitcoin
    Transaction
    Input 1: v1
    , a1
    Input 2: v2
    , a2

    Output 1: x1
    , d1
    Output 2: x2
    , d2

    transaction fees = sum(input values) – sum(output values)
    (must be non-negative for valid transaction)
    How is new bitcoin created?

    View Slide

  39. 38
    Coinbase
    Transaction
    Output 1: x1
    , d1
    Output 2: x2
    , d2

    sum(output values) ≤ sum(transaction fees) + mining reward
    mining reward = 50 BTC
    2floor(block number / 210,000)

    View Slide

  40. 39

    View Slide

  41. Bitcoin’s Proof-of-Work
    40
    B0
    H(B0) Nonce
    Transactions
    H(B1) Nonce
    Transactions
    H(B2) Nonce
    Transactions
    Find a nonce x such that:
    SHA-256(SHA-256(r || x)) < T/d
    r = header includes H(previous block)
    root of Merkle tree of transactions

    View Slide

  42. 41
    expected hashes ~ 1021
    “number of grains of sand on earth”

    View Slide

  43. Actual Bitcoin Block
    42
    https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers

    View Slide

  44. Mining
    43

    View Slide

  45. (General-Purpose)
    Computers are Useless
    44

    View Slide

  46. 45
    XOR two 32-bit values in CPU XOR two 32-bit values in ASIC
    4 transistors XOR design

    View Slide

  47. 46
    https://en.bitcoin.it/wiki/Mining_hardware_comparison

    View Slide

  48. 47

    View Slide

  49. 48
    AntMiner S9: 12 TH/s
    AntMiner S5+ [Oct 2015]: 7 TH/s, 3436W

    View Slide

  50. 49
    Fire at mining facility in Thailand, 14 Oct 2014
    Photo credit: www.thairath.co.th

    View Slide

  51. 50

    View Slide

  52. 51

    View Slide

  53. 52

    View Slide

  54. 53
    Entire bitcoin network: 1/10-1/5th Lake Anna Power Station

    View Slide

  55. Reality Check
    54
    Bitcoin “Market Capitalization” = Number of Bitcoins ✕ Market Price
    = 15,940,740 ✕ $651.40 = $10.3B
    Daily transactions:
    ~$200M

    View Slide

  56. How long does it take Apple to
    make $200M?
    55

    View Slide

  57. 56
    Apple’s revenue ~$500M/day > 2x all bitcoin transactions
    Apple’s cash holdings ~$250B > 20x value of all Bitcoin

    View Slide

  58. Scale Today
    57
    Block Size = 1MB
    Typical transaction size ~ 500 Bytes
    Maximum of ~2000 transactions per block / 10 minutes
    So, about 3-4 transactions per second

    View Slide

  59. Block Size = 1MB
    Typical transaction size ~ 500 Bytes
    Maximum of ~2000 transactions per block / 10 minutes
    So, about 3-4 transactions per second
    Scale Today
    58
    Cost to control bitcoin (assuming other miners are “rational”):
    value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
    to increase to $1B/day with current transaction rate:
    $3472 fee per transaction (without losing transactions)
    or 33 Billion transactions per day (with current $0.03 fee)
    $1B / day =

    View Slide

  60. Block Size = 1MB
    Typical transaction size ~ 500 Bytes
    Maximum of ~2000 transactions per block / 10 minutes
    So, about 3-4 transactions per second
    Scale Today
    59
    Cost to control bitcoin (assuming other miners are “rational”):
    value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
    to increase to $1B/day with current transaction rate:
    $3472 fee per transaction (without losing transactions)
    or 33 Billion transactions per day (with current $0.03 fee)
    $1B / day =
    Transactions per Day
    VISA: 300M
    Interbank: 100M

    View Slide

  61. Block Size = 1MB
    Typical transaction size ~ 500 Bytes
    Maximum of ~2000 transactions per block / 10 minutes
    So, about 3-4 transactions per second
    Scale Today
    60
    Cost to control bitcoin (assuming other miners are “rational”):
    value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
    to increase to $1B/day with current transaction rate:
    $3472 fee per transaction (without losing transactions)
    or 33 Billion transactions per day (with current $0.03 fee)
    $1B / day =
    Transactions per Day
    VISA: 300M
    Interbank: 100M
    Cash: 20B?

    View Slide

  62. Promise of Blockchains
    61
    Medical Records
    Global, decentralized, ledger that:
    everyone agrees on
    no one controls
    anyone can write into
    no one can erase

    View Slide

  63. David Evans
    [email protected]
    www.cs.virginia.edu/evans
    bitcoin-class.org

    View Slide