Let's Build a Blockchain—A mini-cryptocurrency in Ruby

Transcript

1. Let's build a blockchain! A mini-cryptocurrency in Ruby I'm Haseeb.

   That's me.

2. I'm Haseeb Qureshi. I'm a software engineer. I'm working at

   a blockchain company called 21.co. Unless something terrible has happened, I'm the guy who's saying these words right now.

3. Here's the thing. "Blockchain" is a red herring. Blockchain is

   just one tiny component of why cryptocurrencies work.

4. In order to truly understand what makes cryptocurrencies hard, we

   have to start from first principles. So let's do that.

5. MONEY ON THE INTERNET MAKE $1500/day CLICK HERE ▻▻▻ http://45.gs/make-money-onlin-today

   1

6. It started with the cypherpunks.

7. The Cypherpunks (80s-90s) Mailing lists, e.g. [email protected] Libertarianism Cypherpunks deeply

   distrusted centralized institutions. They believed that people should be free from the tyranny of governments. Privacy Information is power. Ensuring privacy meant the individual was sovereign over their information. Cryptography Cryptography, the mathematics of encryption, was a cypherpunk's principal defense.
8. None

9. “ On privacy: "Privacy is necessary for an open society

   in the electronic age. We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy. We must defend our own privacy if we expect to have any." On code: "Cypherpunks write code. We know that someone has to write software to defend privacy, and we're going to write it." The Cypherpunk's Manifesto (1993, Eric Hughes)

10. So if you want to build a community free from

    the state, what do you need? The answer: digital money.

11. STEP 1: REPLACE MONEY. DUH. Let's write some code. $

12. Okay, so what was wrong here? ◦ Fill in here

13. The major problems were: ◦ Authentication ▫ Anyone can control

    anyone's account... ▫ We can solve this with passwords for now ◦ Availability / reliability ▫ If the server goes down, no more money for anyone! ▫ If a government shuts down our server, or we become insolvent, the currency dies. ◦ Security ▫ If anyone successfully infiltrates the server, they can take all the money. ▫ That includes us!

14. The cypherpunks knew... People SUCK.

15. CENTRALIZED SYSTEMS ARE NO GOOD.

16. How can we avoid a single point of failure? Simple.

    Kill the server.

17. DECENTRALIZED PROTOCOLS Knock knock, who's there? 2 No one! No

    one! No one! No one! No one! No one! No one! No one! No one! No one! No one! No one! No one! No one! No one! No one!

18. Server/client Gossip Go from this... to this.

19. Gossip Protocols Bootstrapping the network Each member of the protocol

    connects to other peers to learn about the current state of the network. Eventual consistency To send a transaction, we just gossip to our peers and trust that they'll relay it onward. Messages may take a while to propagate through the network. Leaderless Everyone in the protocol is equal and replaceable. This means if any individual goes offline, the network can still function.

20. Let's code up a gossip protocol.

21. Okay, so what was wrong here? ◦ Fill in here

22. Fault Tolerance ◦ We have achieved fault-tolerance. ▫ Any individual

    node can fail, and the system can stay up. ◦ But we want a stronger guarantee: ▫ Byzantine-fault tolerance (BFT) ▫ A Byzantine Fault is when an actor misbehaves by doing something arbitrary or malicious ▫ For a monetary system, we want everything to still work in spite of bad actors!

23. Authentication! ◦ A potential attack: pretending someone said something they

    didn't. ▫ Haseeb told me his state was: ["Transformer", 9999] ◦ How can we establish identity? ▫ Passwords no longer work. ▪ Everything is out in the open! ▫ IPs? ▪ It's not stable, it's easy to spoof, and multiple users can have the same IP ▫ So what then?

24. CRYPTOGRAPHIC IDENTITIES Damn , back at it again with the

    white Vans! 3 mQGiBEkJ+qcRBADKDTcZlYDRtP1Q7/ShuzBJzUh9hoV Vowogf2W07U6G9BqKW24rpiOxYmErjMFfvNtozNk+33 cd/sq3gi05O1IMmZzg2rbF4ne5t3iplXnNuzNh+j+6VxxA16 GPhBRprvnng8r9GYALLUpo9Xk17KE429YYKFgVvtTPtE GUlpO1EwCg7FmWdBbRp4mn5GfxQNT1hzp9WgkD/3p Z0cB5m4enzfylOHXmRfJKBMF02ZDnsY1GqeHv/LjkhC usTp2qz4thLycYOFKGmAddpVnMsE/TYZLgpsxjrJsrEP NSdoXk3IgEStowmXjTfr9xNOrB20Qk0ZOO1mipOWMgs e4PmIu02X24OapWtyhdHsX3oBLcwDdke8aEgAh8A/sH lK7fL1Bi8rFzx6hb+2yIlD/fazMBVZUe0r2uo7ldqEz5+GeEi BFignd5HHhqjJw8rUJkfeZBoTKYlDKo7XDrTRxfyzNuZZ PxBLTj+keY8WgYhQ5MWsSC2MX7FZHaJddYa0pzUmF ZmQh0ydulVUQnLKzRSunsjGOnmxiWBZwb6bQjU2F0b 3NoaSBOYWthbW90byA8c2F0b3NoaW5AZ214LmNvbT 6IYAQTEQIAIAUCSQn6pwIbAwYLCQgHAwIEFQIIAwQW AgMBAh4BAheAAAoJEBjAnoZeyUihXGMAnjiWJ0fvmSg SM3o6Tu3qRME9GN7QAKCGrFw9SUD0e9/YDcqhX1aP MrYue7kCDQRJCfqnEAgA9OTCjLa6Sj7tdZcQxNufsDSC SB+yznIGzFGXXpJk7GgKmX3H9Zl4E6zJTQGXL2GAV4kl kSfNtvgsSGJKqCnebuZVwutyq1vXRNVFPQFvLVVo2jJC BHWjb03fmXmavIUtRCHoc8xgVJMQLrwvS943GgsqSb doKZWdTnfnEq+UaGo+Qfv66NpT3Yl0CXUiNBITZOJcJ djHDTBOXRqomX2WSguv+btYdhQGGQiaEx73XMftXNC xbOpqwsODQns7xTcl2ENru9BNIQMEI7L9FYBQUiKHm1k 6RrBy1as8XElS2jEos7GAmlfF1wShFUX+NF1VOPdbN3Zd FoWqsUjKk+QbrwADBQgA9DiD4+uuRhwk2B1TmtrXnw whcdkE7ZbLHjxBfCsLPAZiPh8cICfV3S418i4H1YCz2ItcnC 8KAPoS6mipyS28AU1B7zJYPODBn8E7aPSPzHJfudMKM qiCHljVJrE23xsKTC0sIhhSKcr2G+6ARoG5lwuoqJqEyDr blVQQFpVxBNPHSTquO5PoLXQc7PKgC5SyQuZbEALEk Itl2SL2yBRRGOlVJLnvZ6eaovkAlgsbGdlieOr0UwWuJC

25. Let's use cryptography. Specifically, we're going to use what's known

    as public-key cryptography (a.k.a. asymmetric encryption)

26. Public and private keys Derives its power from mathematical puzzles

    I.e., what's something easy to verify but hard to compute? RSA uses integer factoring. Other systems use discrete logarithms or elliptic curve relationships. Generate a pair of keys, public and private Your public key can be published out in the open. You must keep your private key secret. These keys become your identity. The private key can cryptographically "sign" statements Anyone who has your public key can use it to verify the authenticity of your signature. This is signature is intractable to forge.

27. Let's test it out.

28. Cryptographic identities ◦ Now you can't forge messages! ▫ We

    can trust all signed messages come from their claimed senders. ◦ So are we there yet? ▫ We're actually most of the way to a digital currency. We can do a lot with this. ▫ In fact, we're already (mostly) where David Chaum was when he created the first digital currency, DigiCash.

29. double-spend It's called the double-spend problem. You see, digital currency

    has a big problem which wasn't an issue for us with movies.

30. I hereby grant you, Alice, sole ownership of this coin.

    I hereby grant you, Bob, sole ownership of this coin.

31. Hehehe...

32. DigiCash solved the double-spend problem by being centralized. Every transaction

    had to check in with a central bank (centralized server) to ensure there were no double-spends.

33. DigiCash went bankrupt in 1998. And with that, all of

    the DigiCash anyone owned disappeared.

34. WANT BIG IMPACT? Use big image. Centralization is no good.

    The cypherpunks knew: for a digital currency to be stable and trustworthy, it must be decentralized.

35. But in a peer-to-peer network, how can you track and

    prevent double-spends?

36. ENTER THE BLOCKCHAIN FUCKING FINALLY, AM I RIGHT GUYS 4

37. In October 2008, a pseudonymous cypherpunk by the name of

    Satoshi Nakamoto published a white paper, in which he described a new protocol for a decentralized digital currency. He called this protocol:

38. What was Satoshi's key insight?

39. Double spends are problematic because we can't agree on timing

    In order to prevent double-spends, people need to coordinate. If Alice and Bob could stop, talk to each other, and verify the double spend before completing the deal, we'd be fine. But we can't coordinate until we slow things down! In a distributed system, there's no global ordering of all events. Alice thinks her spend happened first, Bob Ross thinks his happened first. How do we decide between them? There's no canonical timekeeper. People can lie about when things happened. If we just rely on people to report their own timestamps, bad actors will claim that their events happened first. There's no way to prove a timestamp!

40. To prevent double-spends, we want to slow things down, order

    all events, and make it hard to change that ordering. In other words, we want to build a decentralized timestamping server.

41. Proof of Work (a.k.a. Nakamoto Consensus) Satoshi achieved these properties

    through cryptographic puzzles. You can't just send a message and have it be accepted. The message has to be backed up with computational work in the form of solving a puzzle. This puzzle is hard, and you can't fake a solution. The solutions to these puzzles are known as proof of work. You have to prove you've done some work if you want to send a message! The next person who can find a solution to this puzzle gets to send their message.

42. Satoshi used SHA-2 hashes as his puzzle (inspired by HashCash)

43. Specifically: The puzzle is to find a nonce, which combined

    with your message, produces a hash with some number of leading 0s.

44. Let's see it in action.

45. Satoshi called this "mining." The tool you use to mine

    is your CPU!

46. Okay, so mining puzzles are hard. But if I have

    a solution to a puzzle, can't I just show it to two people and still double-spend?

47. Okay, those puzzles are hard. But if I have a

    solution to a puzzle, can't I just show it to two people and still double-spend? YES.

48. We have slowed things down... But we still have no

    global ordering. For that, we'll need...

49. A Blockchain! (for real this time) A blockchain is a

    sequence of these puzzle solutions. The key is that each input to each puzzle includes the hash of the PREVIOUS block. Block 42 Previous block hash: 675d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 Message: "Gladiator" Hash: 0000040d087977a769de2 Block 43 Previous block hash: 0000040d087977a769de2 Nonce: ded12545992abf582c444 Message: "Goodfellas" Hash: 0000069da4fedee9b1ce5 Block 44 Previous block hash: 0000069da4fedee9b1ce5 Nonce: 9cdd1c84b5636087d12da Message: "Fight Club" Hash: 00000d5340078d338c4c8

50. Basically, the solutions are chained together in blocks that depend

    on each other. Hence the name "blockchain." This forces an ordering on each message! Block 42 Previous block hash: 675d06647ee3a54d66f20 Nonce: a317b3a7b234dc0149c62 Message: "Gladiator" Hash: 0000040d087977a769de2 Block 43 Previous block hash: 0000040d087977a769de2 Nonce: ded12545992abf582c444 Message: "Goodfellas" Hash: 0000069da4fedee9b1ce5 Block 44 Previous block hash: 0000069da4fedee9b1ce5 Nonce: 9cdd1c84b5636087d12da Message: "Fight Club" Hash: 00000d5340078d338c4c8

51. So let's build a goddamn blockchain.

52. We said we wanted three properties. 1. Slow things down

    2. Order all events 3. Make it hard to change that ordering. How do we get this?

53. Block 42 Previous block hash: 675d06647ee3a54 Message: "Gladiator" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44 Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 Let's say an attacker wanted to change history. Block 43 Previous block hash: 0000040d087977a Message: "Twilight" Hash: 00000636087d172

54. Block 42 Previous block hash: 675d06647ee3a54 Message: "Gladiator" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44 Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 How can we prevent this? Block 43 Previous block hash: 0000040d087977a Message: "Twilight" Hash: 00000636087d172

55. Satoshi had a simple idea. He called it the Choice

    rule.

56. Block 42 Previous block hash: 675d06647ee3a54 Message: "Gladiator" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44 Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 Whenever there's a fork in the blockchain, users should accept the fork with the most blocks. Block 43 Previous block hash: 0000040d087977a Message: "Twilight" Hash: 00000636087d172

57. Block 42 Previous block hash: 675d06647ee3a54 Message: "Gladiator" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44 Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 If the attacker has less computational power than everyone else, they won't catch up! Block 43 Previous block hash: 0000040d087977a Message: "Twilight" Hash: 00000636087d172 Block 44 Previous block hash: 00000636087d172 Message: "Mamma Mia" Hash: 000005291d7d172 Block Previous block 00000d5 Message: "Jaws" Hash: 00000c9

58. The network is literally secured by CPU power!

59. Block 42 Previous block hash: 675d06647ee3a54 Message: "Anastasia" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44? Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 Block 44? Previous block hash: 0000069da4fedee Message: "The Lion King" Hash: 00000ac9d363c81 Of course, the blockchain will sometimes split naturally.

60. Block 42 Previous block hash: 675d06647ee3a54 Message: "Anastasia" Hash: 0000040d087977a

    Block 43 Previous block hash: 0000040d087977a Message: "Goodfellas" Hash: 0000069da4fedee Block 44? Previous block hash: 0000069da4fedee Message: "Fight Club" Hash: 00000d5340078d3 Block 44? Previous block hash: 0000069da4fedee Message: "The Lion King" Hash: 00000ac9d363c81 In this case, we keep building on each chain, but one will eventually become longer.

61. Block 42 Previous block hash: 675d06647ee3a54 Message: Hash: 0000040d087977a Block

    43 Previous block hash: 0000040d087977a Message: Hash: 0000069da4fedee Block 44? Previous block hash: 0000069da4fedee Message: Hash: 00000d5340078d3 Block 44? Previous block hash: 0000069da4fedee Message: Hash: 00000ac9d363c81 Given any fork, you always have some risk of a double-spend!

62. Blockchains give you probabilistic guarantees. The longer you wait, the

    less risk of a double-spend. This is why in Bitcoin, it's recommended to wait 6 blocks before considering a transaction final.

63. We now have all the pieces. • Identity ◦ Public-private

    key cryptography • Networking ◦ A gossip protocol • Consensus ◦ Proof-of-work ◦ Longest chain rule ◦ Each node re-validates each block in the blockchain to ensure it's valid

64. Let's fulfill the cypherpunk dream.

65. And there you have it. We did skip a few

    things: • Economics (miners, block rewards) • Merkle trees, proofs • SPVs (light clients) • Replay protection (via nonces) • Ethereum (a virtual machine atop a blockchain) Read the Bitcoin white paper!

66. Thanks for listening! ANY QUESTIONS? You can find the code

    for this talk at my Github: @haseeb_qureshi You can find me on Twitter at: @hosseeb Or follow my blog at haseebq.com