FinTech 7-8 : Blockchain

Transcript

1. Digital Economics — generated by Stable Diffusion XL v1.0 FinTech

   — Financial Innovation and the Internet 2024 Fall Lecture 7-8 : Blockchain Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.1/63

2. This class is recorded Using Zoom For your convenience in

   reviewing the lectures Recordings are shared via Dropbox and you can ask questions with time-stamped comments Of course, students are encouraged to ask questions in class The recordings could be used for research on (online) learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.2/63

3. The lecture slides can be found at : https://speakerdeck.com/ks91/collections/fintech-2024-fall Recording

   and chat text will be posted at Moodle and Discord Note, however, that chat messages are often unnoticed I have invited you all to the Discord server of the class (continued from the past years) Trial automatic transcription and summary for lectures will be posted at Discord Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.3/63

4. One important thing about your questions Questions are encouraged, of

   course, and It is encouraged that you ask them in front of everyone Like, in the classroom, in your report, or in non-private channels in Discord Why? Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.4/63

5. Schedule (provisional) Lecture 1 10/4 Overview of FinTech (1) •

   Lecture 2 10/4 Overview of FinTech (2) • Lecture 3 10/11 Internet Technology and Governance (1) • Lecture 4 10/11 Internet Technology and Governance (2) • Lecture 5 10/18 The World of Apps (1) • Lecture 6 10/18 The World of Apps (2) • Lecture 7 10/25 Blockchain (1) • Lecture 8 10/25 Blockchain (2) • Lecture 9 11/8 Smart Contracts and Decentralized Finance (1) Lecture 10 11/8 Smart Contracts and Decentralized Finance (2) Lecture 11 11/15 Cyber-Physical Society and Future of Finance (1) Lecture 12 11/15 Cyber-Physical Society and Future of Finance (2) Lecture 13 11/22 FinTech Ideathon Lecture 14 11/22 Presentations and Conclusions Online presence is possible but not recommended for non-online lectures for interactivity reasons Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.5/63

6. Last Week, We Did . . . Assignment Review The

   World of the Web Web 1-2-3 True Stories API (Application Programming Interface) Web API (REST) in particular Discussion : Imagine API Basics of Cryptography (may be continued to the next class) Assignment Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.6/63

7. Today’s Topics Discussion : Imagine API (brief reflection on API

   concept) Basics of Cryptography Cryptographic hash function / Public key cryptography / digital signature Zero-knowledge proof Assignment Review Understanding Blockchain Bitcoin’s “question” and “answer” / Beaker/Newspaper Model (physical model of Bitcoin) Applicability of Blockchain Impossibility and Challenges of Blockchain Brief Introduction to Upgrading and Governance of Blockchain Assignment — Science Fiction Prototyping Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.7/63

8. Little Discussion : Imagine API What APIs are useful in

   banking? Roughly design With CRUD (Create/Read/Update/Delete) in mind Have you considered an API to retrieve passbook data? How can you be sure that the data is genuine? Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.8/63

9. Basics of Cryptography Cryptographic hash function Public key cryptography and

   digital signature Zero-knowledge proof Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.9/63

10. Cryptographic Hash Function Input Set of any digital data (infinite

    elements) Output Set of numbers of fixed length, e.g. 256 bits (finite) Output values are also called ‘digests’ Assuming they are in order of increasing size Assuming they are in order of increasing size function such as SHA3-256 SHA : Secure Hash Algorithm Uniformly Distributed (property of hash functions) Unevenly distributed There appears to be no law in the mapping, which can be computed inexpensively in the  direction but not in the opposite direction (unidirectional) (property of cryptographic hash functions) Because of the mapping of the infinite to the finite, though it is very rare, different inputs may have the same output result (collision) --- cryptographic hash functions that have been found to collide are no longer considered secure Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.10/63

11. Examples SHA (Secure Hash Algorithm) series (NIST standards) SHA-1 (designed

    by NSA) Deprecated SHA-2 (designed by NSA) SHA-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2024 Fall” → 358f8d59197b3f417ab0a9560f3318b6b9a55edc759d4897cb9c4457ce589bce SHA-3 (selected through a public call for proposals) SHA3-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2024 Fall” → 9fb40b280a32d511be02addea513204bc82fd5c22b147e95b6e9e72b020a5725 Demo Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.11/63

12. Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017

    by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.12/63

13. Public Key Cryptography 5IF
    *OUFSOFU 
    %JTUSJCVUF
    QVCMJD
    LFZT
    JO
    BEWBODF 
    -PDLJOH
    BOE
    VOMPDLJOH
    LFZT
    BSF
    TFQBSBUF
    
    
    BTZNNFUSJD
    DSZQUPTZTUFN 4FOEFS LFZ
    QBJS

    3FDFJWFS QMBJO
    UFYU QVCMJD
    LFZ QSJWBUF
    LFZ 
    &ODSZQU
    X
    
    
    QVCMJD
    LFZ 
    %FDSZQU
    X
    
    
    QSJWBUF
    LFZ 
    4FOE
    FODSZQUFE
    UFYU It is extremely difficult to deduce the private key from a public key Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.13/63

14. Digital Signature private key key pair generated in advance keep

    it a secret May be given in advance The signature was created by someone who can use the private key corresponding to the public key (i.e. the signer), and the original data has not changed one bit after signing For this mechanism to work properly, there must be some proof that the public key received really belongs to the signer [Signature algorithm] Input : original data, private key Output : signature [Verification algorithm] Input: original data, signature, public key Output: OK or NG Signer Signature algorithm Verification algorithm OK or NG Internet Verifier original data original data signature signature public key public key Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.14/63

15. Public Key Certificate 
    5IFSF
    JT
    OP
    HVBSBOUFF
    UIBU
    UIF
    QVCMJD
    LFZ
    
    
    PCUBJOFE
    UISPVHI
    UIF
    *OUFSOFU
    JT
    HFOVJOF 
    8F
    EPOU
    LOPX
    JG
    UIF
    QVCMJD
    LFZ
    VTFE
    GPS
    TJHOJOH
    
    
    UIF
    DFSUJpDBUF
    JT
    HFOVJOF
    PS
    OPU
    FJUIFS "MJDF #PC $BSPMF
    

    DFSUJpFS # C " # 8IPTF $ 5IF
    *OUFSOFU TJHOBUVSF 
    4JHOBUVSF
    PO
    "T
    QVCMJD
    LFZ
    
    
    
    $FSUJpDBUF 
    #VU
    XF
    OFFE
    $T
    QVCMJD
    LFZ
    
    
    
    UP
    WFSJGZ
    UIF
    TJHOBUVSF .BMJTTB
    BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LF
    LF
    LFZ QSJWBUF
    LFZ QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LFZ QSJWBUF
    LFZ QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LFZ QSJWBUF
    LFZ Public key infrastructure is used in the Web and elsewhere It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.15/63

16. What is Zero-Knowledge Proof? 4PVSDF
    
    l;FSPLOPXMFEHF
    QSPPG
    z
    8JLJQFEJB Verifier remains to have

    no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.16/63

17. What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing

    zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.17/63

18. Assignment Review Lecture 7-8 : Blockchain — FinTech — Financial

    Innovation and the Internet 2024 Fall — 2024-10-25 – p.18/63

19. Assignment 3. “Blockchain” (1) Please give a specific example of

    financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit October 23, 2024 at 12:00 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.19/63

20. Trends and Measures Trends . . . of your reports

    Measures . . . how to improve the class 24 responses out of 25 students (pretty good, and always better late than never) Interesting ideas! Some think blockchain would enhance security → what do you mean? Students are rewarded for making incorrect guesses (generally speaking for this class) Because they give everyone clues to the correct understanding Making mistakes in situations where the correct explanation has not yet been given is encouraged Wait . . . what do you mean by correct or incorrect? The correct technology works as expected (if the expectation is correct) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.20/63

21. How to Write a Good Abstract (reprise) The real first

    step is to give it a good title (probably 3 below is your title), then Abstract in 4 simple sentences, by Kent Beck: Sentence 1 : State the problem Sentence 2 : Why the problem is a problem Sentence 3 : A “startling” sentence Sentence 4 : Implications of the startling sentence Example: The rejection rate for OOPSLA papers is near 90% 1 Most papers are rejected not because of a lack of good ideas, but because they are poorly structured 2 Following four simple steps in writing a paper will dramatically increase your chances of acceptance 3 If everyone followed these steps, the amount of communication in the object community would increase, improving the rate of progress 4 cf. https://plg.uwaterloo.ca/∼migod/research/beckOOPSLA.html Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.21/63

22. A Sample Report in Kent Beck’s Abstract Style Title :

    Global Automatic Teller Machine Eliminates Banks (1) Cross-border fund transfer (2) Local and correspondent banks (3) (Kent Beck’s Abstract Style) Cross-border fund transfer is expensive and slow It is that way because the transfer needs to go through local and correspondent banks, each collecting a fee Global automatic teller machine with user-definable accounts will eliminate the needs for these banks People can transfer funds by simply depositing money and telling the other party the account through an encrypted channel (More detail if you want) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.22/63

23. M.N-san’s Idea (on microfinance for the needy) Traditional Microfinance relies

    on human intermediaries/ institutions (center) to approve loans This can be an extremely biased process for example someone could be a relative of mine and I would prioritize getting them the loan instead of prioritizing someone else who could be more deserving Automating the entire process through smart contracts can eliminate this issue providing instant unbiased loans purely on defined criteria basis With enough guardrails in place to prevent frauds, this could use algorithms to disburse loans to the deserving and help improve financial inclusion ⇒ In the past, I would have commented that human intervention would still be necessary But interventions do not have to be from humans Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.23/63

24. C-san’s Idea (on personal banking) Here’s how things would change:

    Trustless Transactions: Users would no longer need to trust a bank or intermediary Trust is built into the system through cryptography Peer-to-Peer (P2P) Services: Instead of interacting with a central institution, users would engage in P2P transactions Smart Contracts Automation: Smart contracts would automate all financial agreements, such as loans, insurance, or even mortgages Tokenized Assets and Currency: Users would hold cryptocurrency in a digital wallet instead of holding fiat currency in a traditional bank account Similarly, assets like property or stocks could be tokenized on the blockchain, allowing users to trade or leverage them without needing a centralized exchange or broker Global Accessibility and Inclusion: Decentralized systems could allow anyone with an internet connection to access financial services, without needing a bank account Lower Costs: Without centralized institutions taking fees, transaction costs could be lower ⇒ Good, but possibly some arguments on. . . Whether tokenized assets really unnecessitate authority or not Whether the costs could really be lower or not Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.24/63

25. C-san’s Idea (on personal banking) — contd. Challenges in a

    Decentralized Model: Security: While decentralization removes the risk of central failure, it introduces risks like hacking or vulnerabilities in smart contracts Lack of Regulation: Without a centralized body to oversee operations, there may be little recourse if something goes wrong (e.g., smart contract bugs or fraudulent schemes) User Responsibility: Users would have full control over their financial assets, but this also means they bear the risks, such as losing access to funds if they lose their private keys Good observations They are working on the problem of lost or compromised private keys → cf. social recovery wallet The solution requires a trusted third party, but you can choose whom to trust and they may not be central (polycentric?) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.25/63

26. B-san’s Idea (on ownership of REITs) Reitium is a blockchain

    platform that offers fractional ownership of Real Estate Investment Trusts (REITs) Investors buy tokens representing shares in real estate properties Here, the “end” is the investors, while the “center” is Reitium, which handles token issuance, property management, and payments If fully automated, smart contracts would replace Reitium’s role, managing everything from token issuance to payments This would reduce costs and improve efficiency but could make compliance with regulations harder ⇒ But who maintains the smart contracts? This will likely end up becoming a DAO, which is problematic anyway Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.26/63

27. M.N-san’s Question How to prevent crimes or money laundering as

    its based on anonymity If a political party in a country legalizes political funding exclusively through blockchain they could technically rule for life with unlimited money and power with nobody knowing where they get their money from ⇒ Let us see if it would happen (although money laundering IS a problem) Or whether blockchain really provides anonymity or not Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.27/63

28. Before Going into Blockchain, a Thought Experiment on how to

    digitize a last will Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.28/63

29. Regarding a Digital Last Will (1) You may think that

    using a digital signature instead of a handwritten one, you can be sure that the will is authentic without having to rely on witnesses But a will is an example that cannot be digitized using conventional thinking As you know, a digital signature is made using a private key Basic premise of digital signatures is that the signer keeps the private key secret Leakage of private key, compromise of signature algorithm, and expiration of public key certificate are the three major risks of digital signatures However, a will is used only after the death of the person who signed it If the person who keeps the private key secret is not present, it can be suspected that maybe one of the heirs who has access to the private key has tampered or fabricated it Timestamps can be easily rewritten or faked Even if a notary in the digital age takes care of your will, you have to be suspicious of the possibility of their collusion with your heirs Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.29/63

30. Regarding a Digital Last Will (2) Let’s sort out the

    requirements It must be verifiable by the person and heirs that requirements ↓ are met (instead of believing) One can prove that they are the right person who writes or updates the will only with their own help (self-sovereignty) The will is always written or updated if the person wants it to happen (censorship resistance and fault tolerance) Once the will is written or updated, it is virtually irreversible – one cannot erase it, and one cannot go back in time and falsify it (tamper resistance) ⇒ Blockchain was designed to meet the above requirements For a will? Never heard of it explained that way? OK, replace “write or update a will” with “transfer bitcoins” Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.30/63

31. Understanding Blockchain Blockchain is a substitute for newspaper (by Satoshi

    Nakamoto) Satoshi him or her or themselves called it “distributed time-stamp server” Not a good word for representing a concept (catchy, but manipulating the impression) Something implemented by Chain of ← actually, backward list of Blocks ← actually, sets of data For example, we don’t call TV “picture tube” today (or do we?) If you name a concept based on how it is implemented, it will quickly become outdated Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.31/63

32. What Is Blockchain About? Bitcoin’s “Question” How do “we send

    money whenever we want, and never let anyone stop us”? Distrust of (central) bank money / Sending money → a state transition in a state machine Straightforward requirements (BP : Blockchain Properties) BP-1: A self-authorized user solely can cause a state transition that is allowed in the state machine (self-sovereignty) BP-2: Such a state transition always occurs if the authorized user wants it to happen (censorship resistance and fault tolerance) BP-3: Once a state transition occurs, it is virtually irreversible, and can never be denied (tamper resistance) Denying = rejection, deletion, alteration, fabrication ⇒ Censorship resistance in the broadest sense (no control of the past either) Not really perfectly satisfied by blockchain (like any tech, works under certain conditions) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.32/63

33. Bitcoin’s “Question” and “Answer” (1) Bitcoin’s “Question” again How do

    “we send money whenever we want, and never let anyone stop us”? Distrust of (central) bank money Bitcoin’s “Answer” Cannot depend on any particular service provider ⇒ Exchange digital coins over the Internet by P2P (peer-to-peer) What if they deny that they sent a coin? ⇒ Use digital signatures (collateral for verifiability and non-repudiability of contents) But without public key certificates (that require certificate authorities) ⇒ Make public key digest the identifier of a user Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.33/63

34. Bitcoin’s “Question” and “Answer” (2) Problems that cannot be solved

    by digital signatures alone Need to prevent double spending (want to ensure non-repudiation of existence → then it is the same problem as the case of a last will) ⇒ Put the evidence of the transaction in newspaper What if refused for publishing or service is discontinued? ⇒ Place evidence of a transaction in “newspaper” (as collective evidences of events) issued by a crowd (everyone has the exact same local copy of the newspaper) And thereby records are like locked up in the air · Anyone can leave, and when they join again, the records are still there Theft of coins based on this idea always follow the story made typical by the Mt.GOX or CoinCheck incident “Don’t let anyone stop us from spending our own money whenever we want to” ⇒ Has to prove that the user is oneself by their own → Zero-knowledge proof of possession of the private key → Anyone with the private key is the user oneself ⇒ Transaction is verifiable by all but irrevocable → Stolen coins can be tracked but not recovered Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.34/63

35. World of Beaker / Newspaper Model (1) 21,000,000 cm3 (cc)

    of liquid of no value to mankind Contained in a tank Individuals can hold as many beakers as they like, measuring down to 1 100 , 000 , 000 cm3 (it has a locked lid) Only “editor” selected every 10 minutes on average can pump now 3.125cm3 into their beaker Chosen by a special lottery The winning lottery is held in everyone’s box, and each person draws the lottery with all their strength → non-stoppable procedure Coordinate the proportion of winning lots so that someone is chosen every 10 minutes on average Volume pumped is reduced by half every about 4 years (every 210 thousand pages of “newspaper” described later) Started from 50cm3 in January 2009 Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.35/63

36. World of Beaker / Newspaper Model (2) Relatively free flow

    of fluid between beakers Recorded as “a signed article” by the pourer Post the article in the “newspaper” made by everyone Selected “Editor” verifies the articles and publishes them in the last page of newspaper (of which everyone has a local copy) Page carries the evidence of winning the lottery Editor also gets “overflow” of trades on the page If people publish a page with the same page number. . . Longer sequence of pages wins People sometimes lose the key of their beakers Create this digitally, and pretend that it’s a currency → Bitcoin There is no money or currency that does not need pretension Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.36/63

37. Guarantee of Validity ∼ (so-called) UTXO Structure An input requires

    a digital signature of the party to which the referenced output is addressed Referenced output (= coin) is consumed → never double-spent (UTXO : Unspent transaction (TX) Output) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.37/63

38. Proof of Existence ∼ Hash-chain w/ Proof of Work page

    number : n page number : n+1 page number : n+2 Cryptographic digest of the previous page (must be less than or equal to the target value) some extra number (Nonce : Number used Once) (random value to make the digest less than or equal to the target) Page digest (output by a cryptographic hash function) must be less than or equal to target We don’t know how to manipulate the original data to get the right digest This is the principle of the lottery, which requires the same amount of cost to fake the history Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.38/63

39. Consent of Uniqueness ∼ Nakamoto Consensus page number : n

    page number : n+1 page number : n+2 page number : n+3 page number : n+1 page number : n+2 page number : n+3 page number : n+4 This history is valid Sometimes page sequences are split when someone else wins the lottery at about the same time A history is the hardest to tamper with when the cumulative cost of lottery for the whole sequence is the highest Everyone agrees that such history is the official one (strict consensus is not achieved because it can be overturned) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.39/63

40. Abstract (narrow-sense) Blockchain (getting obsolete) block_no : n block_no :

    n+1 block_no : n+2 block_no : n+3 block_no : n+1 block_no : n+2 block_no : n+3 block_no : n+4 Histroy with the largest cost to record or modify (history the most difficult to alter) is chosen Cryptographic digest of the previous block Transactions are digitally signed To create a block, its cryptographic digest needs to be below some certain number (Proof of Work) or one needs to win by voting weighted by the stakes in cryptocurrency (Proof of Stake) [both costly] Creator of a block can record the reward in cryptocurrency in the block, which is effective only when the block is included in the chosen history Means are provided to confirm existence of transactions validity existence uniqueness In case of Proof of Work, the cost of power is balanced against the market value of the native currency Everyone confirms that records are not tampered with by the mechanism protected by the price of the native currency Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.40/63

41. Proof and/or Message Embedded in block 0 You can embed

    data unrelated to Bitcoin in the free space of transaction (TX) data Text string embedded in the 1st TX of the 1st block “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks” Anyone can verify this Specify 0 in the search field of https://www.blockchain.com/explorer , proceed to BTC Block See the input for the only TX in the block that came up Use “Hex to ASCII Text Converter” for example What is the intention? Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.41/63

42. Applicability of Blockchain Possible applications and what you can actually

    do today Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.42/63

43. Possible Applications (as Hyperledger project sees them) Financial Assets Direct

    access (no need for mediation), agreed real-time settlements, business rule descriptions, and confidentiality Corporate behavior (automating corporate management, especially in financial matters) Real-time execution and confidentiality control of share splits, capital reductions and consolidations, share transfers and exchanges, mergers, third-party allocation of new shares, etc. Supply Chain Traceback of materials, and record and search from production, storage to sales (beware of linkage problem) Master Data Management Only authorized personnel can update and designated reviewers approve it Sharing Economy and IoT Smart cities/towns, transportation, healthcare/fitness, retail, architecture, education, etc. (implicitly real-time and on a large scale) where trust is not necessarily established Red letters denote parts that blockchains are not good at Within the problems we want to solve, there are sub-problems that have not been solved yet Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.43/63

44. Actual Applications to Date Currency and Remittance Ex. Bitcoin, .

    . . Remittances that bypass banking networks That’s a huge impact Proof of Existence Ex. Proof of Existence, Everledger (in the past), . . . Embed arbitrary digests in a blockchain (piggybacking hack) There is also a method of embedding a single digest of a large number of records Proof that a record has existed and has not been tampered with Origin Certification (traceability, tracking and accounting) This is the originally intended application category of blockchain (an alternative to “newspaper”) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.44/63

45. General Model of Existence and Certification EPD  EJHFTU EJHFTU

    EJHFTU EJHFTU EJHFTU EJHFTU EJHFTU EVQMJDBUF
    JO DBTF
    PG
    PEE OVNCFS
    6QPO
    SFDFJWJOH
    EPD
    
    "MJDF
    BMTP
    SFDFJWFT
    EJHFTUT
    TIPXO
    JO
    CMVF
    BOE
    XIFUIFS
    UIFZ
    BSF
    PO
    UIF
    MFGU
    PS
    SJHIU
    4UBSUJOH
    XJUI
    UIF
    EJHFTU
    PG
    EPD
    
    "MJDF
    XJMM
    LOPX
    UIF
    TFSJFT
    PG
    EJHFTUT
    UP
    CF
    DPODBUFOBUFE
    TP
    TIF
    DBO
    SFQSPEVDF
    UIF
    DBMDVMBUJPOT
    VQ
    UP
    
    UIF
    .BSLMF
    SPPU
    BOE
    DPOpSN
    UIBU
    UIF
    SFTVMUJOH
    .BSLMF
    SPPU
    NBUDIFT
    UIF
    WBMVF
    SFDPSEFE
    JO
    UIF
    CMPDLDIBJO
    "OZPOF
    DBO
    SFQSPEVDF
    UIF
    QSPDFTT
    BOE
    WFSJGZ
    UIF
    FYJTUFODF
    PG
    EPDT
    JG
    UIFZ
    VOEFSTUBOE
    UIF
    QSJODJQMF
    BOE
    IBWF
    OFDFTTBSZ
    JOGPSNBUJPO SFDPSE DBO
    SFUSJFWF
    JOGPSNBUJPO *OGPSNBUJPO
    EJTDMPTFE UP
    QBSUJFT
    SFRVJSJOH QSPPGT QVCMJD
    JOGPSNBUJPO .FSLMF
    SPPU .FSLMF
    USFF
    LFQU
    CZ
    UIF
    TFSWJDF
    BOE
    TFOU
    QBSUJBMMZ
    UP
    FBDI
    DMJFOU ʜʜ ʜʜ ʜʜ ʜʜ ʜʜ EJHFTU EJHFTU EJHFTU EJHFTU EJHFTU EJHFTU CMPDLDIBJO ʜ ʜ EPD  EPD  EPD  EPD O Merkle trees are also used within blocks in blockchain to record transactions or states Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.45/63

46. Impossibility and Challenges of Blockchain Transitional technology, in the process

    of trial and error In fact, a lot of new designs are being tested If we do not have governance for (or if we do not know how to accommodate) technological changes, we cannot use it in society Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.46/63

47. Hash Rate Transitions (Jan. 2009 - Oct. 2024) If malicious

    participants gain half of the hash rate, blockchain cannot be guaranteed to work correctly Risky in principle if the hashrate is doubled quickly → It has happened On the other hand, what if it doesn’t double rapidly? → Dilemma of providing room for malicious participants What if it suddenly halves? → Very risky in principle, and it also happened Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.47/63

48. Reality vs. Blockchain A thought experiment You want to start

    a new business on the beach: If a customer pays in bitcoin, a drone flying overhead will drop them a can of juice When should the drone drop the can? Reality that goes in real-time and blockchain’s behavior are very different But as a business decision, a risk taker can drop the canned juice the moment they detect a payment As long as they are in a position to use social infrastructure, they can act disruptively Not because it is a perfect technology But because it is a fairly cheap platform (cost is paid by the miners) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.48/63

49. The DAO Incident (uncovered governance challenges) The DAO, an autonomous

    decentralized investment fund built on Ethereum Split (fund split) was recursively called, and 360,000 ETH (5 to 6 billion yen) was stolen (2016/6/17) Choices Do nothing Soft fork (maintains compatibility → freezes the address of the thief) Funds are not returned Hard fork (No compatibility → rewrites history; who controls the present controls the past) Worst occurrence of “Oneness Trap” (described later) in a sense Community chose “hard fork” ! (executed on 2016/7/20) “Most interesting. Gravity’s silhouette remains, but the star and all its planets have disappeared. How can this be?” “Because someone erased it from the archive memory.” — from Star Wars: Episode II – Attack of the Clones So the incident never happened Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.49/63

50. Scaling Out Question There is one ATM that always has

    10 people in line Sorry if you are in an advanced environment, and you don’t know what we are talking about (or even wonder what an ATM is) ;) What happens to the number of people in the queue if we add one ATM? Other conditions remain the same cf. Daisuke Yamazaki, “Rethinking Scaling Out” (in Japanese) http://www.slideshare.net/yamaz2/ss-58813038 Performance problems can be solved by adding a server ⇒ The system scales out Blockchain does not scale out in its bare form (because everyone makes and maintains a replica) Improvement is possible if you see it as a KVS (Key-Value Store) Because of the distributed KVS technology But you might lose autonomy Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.50/63

51. Scaling Out and Blockchain 7PMVNF
    PG
    %BUB
    UP
    1SPDFTT -PBE
    QFS
    /PEF #MPDLDIBJO 1SPQFSMZ
    EFTJHOFE
    EJTUSJCVUFE
    TZTUFN In blockchain,

    the cost of maintaining data structures rises linearly as transactions increase It does not scale out Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.51/63

52. Blockchain’s “Oneness Trap” It does not scale out Adding more

    nodes does not solve or mitigate performance challenges Must be “the world is one” to work System does not work correctly if the network is partitioned by a large-scale disasters or political change Difficulty of governance to advance technology You cannot “try something different partially, and if it works, apply it to the whole” Impossibility of governance : Agreement by the “whole” must be maintained, but the “whole” cannot be defined ⇒ Powered few changes the technology instead ⇒ Those are disadvantages of non-decentralized nature of blockchain Conversely, there are great expectations and potential for truly decentralized “record fixation device in the air” Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.52/63

53. Incentive Mismatch Ethereum cannot survive as an application platform if

    ETH as a currency crashes and declines Supported by validators’ motivation to get ETH When the value of ETH drops, validators withdraw Can people who want to run apps (smart contracts) buy ETH to maintain the price? If ETH’s market participants are primarily app users, may be . . . (but they aren’t) The design of the raw Bitcoin is goal-consistent, but . . . In other words, “Bitcoin cannot survive if BTC declines” would be fine But as proof applications such as Proof of Existence advance, similar problems arise Either way, the future of the system depends on the interests of the miners/validators ⇒ Need to separate application platforms from currency systems That is where the recent ledger technology is going, hopefully (because many still aren’t) Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.53/63

54. What is the True Worth of Blockchain? Roughly speaking, what’s

    the thing you can never do without blockchain? Ex1 : Digitizing the last will and testament (in a thought-experiment sense) After the death of the person, the private key used for the digital signature may no longer be a secret Can’t believe a notary saying, “it is as signed before the death” (possible collusion with malicious heir) Ex2 : Online banking passbook data as proof (for the liabilities of banks) If you download it as a CSV file, the data anyone can create is not considered as evidence Even with the digital signature of the bank, once the private key is leaked, the data can be created by anyone Prove “data digitally signed at cetain past date has not been tampered with” (instead of believing those who insist so) “The Last Will Test” is to ask them if they can do that with their blockchain A test to see if something that someone has been pitching as “it’s a blockchain” really makes sense An idea (hash-chain with proof of work) that may satisfy this true worth, combined with existing technologies around the idea is the Bitcoin blockchain Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.54/63

55. How Well Is It Realized Today? Is there a technology

    that can pass the “last will test”? Public blockchain may pass the test while the market value of the native currency is high Defense such that it would cost a lot to tamper with When the price of the native currency drops or crashes it becomes unreliable Private ledger systems in general only insist, so they do not pass the test Mostly, “blockchain made and operated by XXX Inc.” is meaningless ← please be careful We are building new technology to make it pass the test BBc-1/BBc-2 (Beyond Blockchain One/Two; https://github.com/beyond-blockchain) (just an example) There is an inherent challenge of linkage between records and entities Includes areas that cannot be solved by engineering alone (does the public key really belong to the person?) Including the openness of the source code, it is roughly the problem of . . . “How can we trust automated mechanisms?” Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.55/63

56. Brief Introduction to Upgrading and Governance of Blockchain Weaknesses are

    not left untouched, but continue to be improved But governance issues remain Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.56/63

57. Enhancements to Bitcoin Blockchain Virtualization – Open Assets Protocol (no

    fork) Interpret transaction data in a specific way so that quantities independent from BTC can be defined and used Bug fix – Segregated Witness (SegWit) (soft fork) Signatures are separated from the transaction body Better privacy and conciseness – Taproot (and Schnorr signatures) (soft fork) Scripts can be partially disclosed by expressing them in Merklized Abstract Syntax Trees (kind of Merkle trees) Quickness – Payment channels (no fork) Only write to the blockchain when the channel is opened and closed, and in between you can make fast payments Conceptually, connected payment channels form a Lightning Network How do we upgrade? Soft fork : miners vote by setting a bit in a block header Wait, voting? Is it an Internet way? Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.57/63

58. Payment Channel (Bitcoin’s case) "MJDF
    " #PC
    # #MPDLDIBJO 

    UP
    "#  UP
    #  UP
    "  UP
    " MPDLUJNF QBZ
    USBOTBDUJPO
    GFF
    UP
    NJOFS PQFO
    DIBOOFM pOBM
    QBZNFOU
    
    DMPTF
    DIBOOFM QBZ
     QBZ
     QBZ
    USBOTBDUJPO
    GFF
    UP
    NJOFS  UP
    #  UP
    "   UP
    #  UP
    "        MPDLUJNF Alice pays fast by sending Bob transactions to pay, which are cut out of the deposit addressed to Alice and Bob Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.58/63

59. Science Fiction Prototyping What about it? Lecture 7-8 : Blockchain

    — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.59/63

60. Why Science Fiction Prototyping? What is Science Fiction? Fantasy based

    on or disguised as the thoughts and ideas of science and technology The world with existing science and technology is the real world Ex1 : Medical drama Ex2 : Economic novels The world with science and technology unknown to the real world → Fiction Ex1 : Medical drama with nano-machines Ex2 : Drama with digital currency that depreciates (my book “NEO in Wonderland”) Designing new media and putting it into society = living science fiction To work out plans for that = to write science fiction Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.60/63

61. Assignment Lecture 7-8 : Blockchain — FinTech — Financial Innovation

    and the Internet 2024 Fall — 2024-10-25 – p.61/63

62. Assignment 4. “Smart Contracts” Please think freely with the image

    of the word “smart contract” to fantasize a specific application example, and state the application briefly That is, go ahead and write a very short science fiction Deadline and how to submit November 5, 2024 at 17:59 JST From Moodle (mandatory) (Q&A forum) So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please You may want to apply Kent Beck style for abstracts (4 sentences) (problem) (why it is a problem) (startling sentence) (consequences) of a story Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.62/63

63. Have a Nice Weekend or Two, and See You in

    Two Weeks from Now! Lecture 7-8 : Blockchain — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-25 – p.63/63