FinTech Lecture 12 : DeFi : Decentralized Finance

Transcript

1. Changes in the economy and labor. FinTech — Financial Innovation

   and the Internet 2021 Fall Lecture 12 : DeFi : Decentralized Finance Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.1/39

2. This class is recorded Camera ON is recommended, but not

   required Zoom names : change your names to whatever you want to be called Please link your Zoon names to your real names in your reports Zoom names are important, because if you choose to be called by your real names, still I don’t know whether I should call you by your given or family names You do need to speak often (we are going to have a lot of dialogues) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.2/39

3. The lecture slides can be found at : https://speakerdeck.com/ks91 Recording

   and chat text will be posted at Moodle and Discord Trial automatic transcription will be posted at Discord Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.3/39

4. Schedule (provisional) Lecture 1 9/24 Overview of FinTech (1) •

   Lecture 2 10/1 Overview of FinTech (2) • Lecture 3 10/8 Internet Technology and Governance (1) • Lecture 4 10/15 Internet Technology and Governance (2) • Lecture 5 10/22 Internet Governance and the World of Apps • Lecture 6 10/29 The World of Apps - continued • Lecture 7 11/12 Basics of Cryptography and Blockchain • Lecture 8 11/19 Blockchain • Lecture 9 11/26 Blockchain and Smart Contracts • Lecture 10 12/3 Smart Contracts • Lecture 11 12/10 Further Smart Contracts • Lecture 12 12/17 DeFi : Decentralized Finance • Lecture 13 1/7 Cyber-Physical Society and Future of Finance Lecture 14 1/14 FinTech Ideathon Lecture 15 1/21 Presentations and Conclusions Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.4/39

5. Last Week, We Did. . . Overview of Ethereum With

   demo Smart Contract Programming Understanding Applications of Blockchain Assignment Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.5/39

6. Today’s Topics Smart Contract Programming Demo Let’s sell and buy

   land rights with digital tokens Understanding Applications of Blockchain (revisited) Assignment Review — The DAO Attacked Discussion on the DAO Attack Blockchain and Anonymity — How to Disappear Assignment Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.6/39

7. Demonstration : Automated Escrow An attempt to automate real-estate brokerage,

   banking, and Legal Affairs Bureau (or judicial scrivener) Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.7/39

8. ex. Automated Escrow to Purchase Land (automation of centers) %FpOFE
   b"JS`

   SFUVSO
   MBOE 1VSDIBTF
   $POUSBDU -BOE
   "TTFU MBOE EFQPTJU USBOTGFS
   MBOE
   SJHIUT
   UP
   CVZFS USBOTGFS
   QBZNFOU
   UP
   TFMMFS QBZNFOU EFQPTJU %JHJUBM
   5PLFO DSFBUF
   BOE
   pY
   JO
   UIF
   BJS FJUIFS
   DBO
   EP
   UIJT DSFBUF
   BOE
   pY
   JO
   UIF
   BJS DBO
   GSFFMZ
   KPJO
   BOE
   MFBWF DBO
   GSFFMZ
   KPJO
   BOE
   MFBWF 4FMMFS #VZFS JOUFSOBM TUBUF SFUVSO
   NPOFZ TFUUMF USBOTGFS JOUFSOBM TUBUF USBOTGFS JOUFSOBM TUBUF     1. Purchase contract is fixed in the air to prevent taking away of land or money (both parties can verify the contract) 2. Deposit land rights and purchase money in the contract (if they change their minds, they can take them back) 3. When settled (anyone can do it if both right and money are deposited), the rights and money for the property are transferred simultaneously Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.8/39

9. Value of Automated Escrow From “My Father’s 100 Million Yen

   Debt Repayment Story” by Human Mao http://ningenmao.blog.jp/archives/6163807.html On the very day of repayment, they rented a place at a hotel and all the people involved gathered there There were more than 20 people in total, including real estate companies, bankers, and judicial scriveners Since the land was mortgaged by the bank, the mortgage had to be removed as soon as the money was repaid, and in order to make sure that this was done correctly, they got together and proceeded solemnly ↑ An example of non-automated version of the process Great human drama if you can read Japanese by the way Mao finds a photo of her father who went to India just three days after she was born, and learns that he had a debt of 100 million yen in the past, and that it was related to his trip to India Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.9/39

10. Sample Code and Demo git clone from GitHub $ git

    clone https://github.com/ks91/sample-smart-contracts.git Follow README 1. Setup a sample token project with brownie Brownie is a Python-based Ethereum programming and test environment Javascript-based one is called Truffle, and an Ethereum remote procedure call client is called Ganache See? Engineers are fun people to work with! 2. Copy the content of contracts, scripts and tests directories of this sample project into the corresponding directories of the token project 3. Compile 4. Test Today, I will demonstrate manually the test for automated escrow Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.10/39

11. settle() from OneTimeEscrow function settle() public returns (bool) { require(_token_.balanceOf(address(this))

    >= _price_); /* ’this’ means this contract */ require(_asset_.getOwner() == address(this)); _token_.transfer(_seller_ , _price_); _asset_.transfer(_buyer_); emit Settled(); /* event log */ return true; } Just to introduce the settle() part from the sample code Only if both the price and the asset are deposited with the contract, It transfers money to the seller and asset to the buyer Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.11/39

12. Open console and connect to Ropsten testnet Use brownie console

    >>> network.disconnect() # disconnect from the default, simulated environment of Ethereum >>> network.connect(’ropsten’) >>> len(accounts) 0 >>> accounts.add(paste the hexadecimal string of the private key here) <LocalAccount object ’hexadecimal string of the account’> >>> accounts[0].balace() Here is the ETH balance of the account We set up two accounts Once you have created multiple accounts, you can try to transfer ETH, for example as follows >>> accounts[0].transfer(accounts[1], "1 ether") But before that, you may want to feed the accounts with Ropsten ETH from some public faucet Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.12/39

13. Test Code (1) from brownie import * import pytest def

    test_deploy_and_settle(Token, IndivisibleAsset, OneTimeEscrow): asset = accounts[0].deploy(IndivisibleAsset, "5322 Endo", "mˆ2", 300) token = accounts[0].deploy(Token, "Test Token", "TEST", 18, "1000 ether") Deploying token and asset contracts The above is just the test code as it is, so in the console we will just type the inside of the function First, let’s do seller = accounts[0] and buyer = accounts[1] for readability Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.13/39

14. Test Code (2) token.transfer(accounts[1], 300, {’from’: accounts[0]}) escrow = accounts[0].deploy(OneTimeEscrow,

    token, accounts[1], asset, accounts[0], 300) Sending 300 coins from seller (accounts[0]) to buyer (accounts[1]) to prepare Because the buyer has to cast a transaction that pays 300 coins Deploying Escrow Contracts Buyer is accounts[1], seller is accounts[0], and the price is 300 coins Since we are using the sample arguments of the baked Token as they are, 300 coins is actually a very small unit, like wei in ETH Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.14/39

15. Test Code (3) token.transfer(escrow, 300, {’from’: accounts[1]}) asset.transfer(escrow, {’from’: accounts[0]})

    assert token.balanceOf(accounts[0]) == 999999999999999999700 assert token.balanceOf(accounts[1]) == 0 assert token.balanceOf(escrow) == 300 assert asset.getOwner() == escrow Buyer (accounts[1]) deposits 300 coins in escrow, and Seller (accounts[0]) deposits the asset in escrow assert tests a statement, and fails the test if it turns out to be false But we are in console (not doing an automated test), so we just see the values Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.15/39

16. Test Code (4) escrow.settle({’from’: accounts[0]}) assert token.balanceOf(accounts[0]) == 1000000000000000000000 assert

    token.balanceOf(accounts[1]) == 0 assert token.balanceOf(escrow) == 0 assert asset.getOwner() == accounts[1] Calling settle() and closing the transaction In this code, it is called by seller (accounts[0]), but it is OK to call from either side Let’s see some transactions on an Ethereum Ropsten testnet explorer Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.16/39

17. Understanding Applications of Blockchain In one single diagram Lecture 12

    : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.17/39

18. Understanding Applications of Blockchain Token Smart Contract Provenance Fungible Non-redeemable

    Fungible Redeemable Non-fungible Redeemable Non-fungible Non-redeemable Certifying Identifying payment ID card security token last will logistics insurance claim Tracking Sensing fiat money crypto-pet Proves you are the one since you can handle the private key? Transfers numerical representations of debt / asset? Maintains authenticity of registered code, data and resulted states? (Authority) issues certificates about some content? Updates records about sustained presences? Is data still valid even if the subject is gone? Many think we implement token and provenance apps with smart contracts, but. . . Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.18/39

19. Assignment Review Lecture 12 : DeFi : Decentralized Finance —

    FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.19/39

20. Assignment 5. “The DAO Attacked” In 2016, an autonomous decentralized

    investment fund “The DAO” leaked 3.5M ETH in an attack that exploited a bug in a smart contract, but this incident was made to look like it never happened, by the hard fork of Ethereum (1) Choose between A) public policy position (of a country with many victims), or B) management position at The DAO (2) Discuss briefly what would have been the best thing to do from your position Deadline and how to submit December 14, 2021 at 17:59 JST From Moodle (mandatory) — this time, we are using a Q&A forum So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.20/39

21. Trends and Measures Trends . . . of your reports

    Measures . . . how to improve the class 21 out of 29+α students submitted (always better late than never) Your choices of positions : public policy position : 12; business management position : 9 Your opinions on the hard fork : positive : 9; negative : 4; neither : 8 I think your opinions were well thought out from each standpoint Many of you could have written your answers a little shorter Try to use bullet points or other ways to make it easier for the reader to read and get your point across I will let you discuss with your thoughts Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.21/39

22. Discussion cf. “The History of the DAO and Lessons Learned”

    https://blog.slock.it/the-history-of-the-dao-and-lessons-learned-d06740f8cfa5 This is still a one-sided view, but it is useful to know the details of the incident and response We will breakout and use miro mind map Connect your thoughts to the node of your breakout room Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.22/39

23. How to Disappear Blockchain and Anonymity Lecture 12 : DeFi

    : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.23/39

24. ZoE (Zcash on Ethereum) In Ethereum, too, an “address” is

    a public key digest In Ethereum, which manages account status (balance, etc.) rather than UTXO (coin with destination), it’s difficult to adopt the Bitcoin-like method of changing the receiver’s address from transaction to transaction Which is not a perfect way to hide themselves anyway zk-SNARKs, zero-knowledge proof algorithm used in Zcash, has also been implemented for Ethereum Can conceal transactions (Who sent it to whom ← not straightforward, and) how much? Deployed with Byzantium hard fork in 2017 Gas (transaction cost) is expensive Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.24/39

25. zk-SNARKs Zero Knowledge - Succinct (compact) Non-interactive ARgument of Knowledge

    3 parts G is Generator : G(λ, C) → (pk, vk) where C is a circuit, λ is a secret Circuit (or function) C returns true or false; pk is the prover key, vk is the verifier key P is Prover : P(pk, x, w) → π where x is the public input of C, w (witness) is the secret input of C π is the proof V is Verifier : V (vk, x, π) = true ⇒ ∃w : C(x, w) = true Can perform in Ethereum by executing V inside smart contracts G and P (knows secret) are executed “off-chain” so to speak Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.25/39

26. C’s (circuits) to Conceal Balances and Remittances Use the cryptographic

    hash function H The contract manages H(a’s balance) for all accounts a C s (x, w) for sender : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Confirm pre-tx balance ≥ remittance Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance − remittance) C r (x, w) for receiver : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance + remittance) Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.26/39

27. Contract to Conceal Balances and Remittances Accepts the following as

    arguments (sender address is self-evident as the caller of the contract) Receiver address, H(remittance), H(post-tx balance s ), H(post-tx balance r ) π s , π r obtained by applying P in advance Verifies sending by V (vk s , [H(balances ), H(post-tx balances ), H(remittance)], π s ) Verifies receiving by V (vk r , [H(balancer ), H(post-tx balancer ), H(remittance)], π r ) Replaces both H(balance) with their H(post-tx balance) Sender and receiver need to communicate off-chain They cannot tell how much each other had and has now Others cannot tell, in addition to the above, how much was sent But they can tell who sent money to whom Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.27/39

28. In One Picture Fact that Alice sent some money to

    Bob is known To avoid preimage at- tacks, balances and re- mittances should contain many digits below deci- mal point Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.28/39

29. How to Disappear Completely Let’s think of a method of

    remittance using zk-SNARKs that conceals the following Who sends money? ← NEW! To whom? ← NEW! How much? How much were the balances of those before remittance, and how much afterward? Is our solution perfect? What problems are there? ↑ This was an assignment for the class for the past couple of years Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.29/39

30. Kenji’s Solution (second receiver as sender agent) (may be a

    known solution) H′ can be any arbitrary function, but linkability remains a problem Balance’s digits below decimal point is like a private key, protected by H Carole can run verifiers prior to issuing a trans- action to verify if she can really receive the fee Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.30/39

31. Tor (The Onion Router) What is Onion Routing? → technology

    for anonymity Build a circuit that runs through multiple nodes from the user to the terminating node The user shares a shared key with each node that appears on the circuit (the user does not tell who they are) Data encryption is applied for the terminating node, and then for each node appearing in the circuit in reverse order, and finally the data is sent The relay peels off the encryption at each hop, as if it were an onion, and sends it to the next node The relay has no way of knowing what content is being sent from whom to whom Reference Tor : https://www.torproject.org There are concerns about its application to crimes, but it is also a tool for protecting citizens’ privacy and enforcing human rights Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.31/39

32. More on Anonymity This may be a disturbing story, but.

    . . How do we share and transfer a request to Golgo 13 (assassin) while hiding his and the client’s identities. . . From each other and third parties? Of course, we want to keep secret the contents of the request and the amount of money in question What impact would this have on law enforcement? Is it good for society that this is possible? Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.32/39

33. Bitcoin and Anonymity — Pseudonymity “Address” is the digest of

    a public key Must equal the digest derived from the public key presented by the certifier, and Digital signature by the certifier must be verified with the public key ⇒ Has corresponding private key ⇒ authorized user Existence of an entity can be inferred if the same “address” is used more than once However, it is not known which specific individual the subject is (no linkability) Once it is linked somewhere, anonymity is stripped Ex : tied to a bank account at an exchange Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.33/39

34. Bitcoin and Anonymity — Linkability Just one-time use of the

    same “address” is encouraged They try to minimize the extent to which they are identified when an address is linked to some identity. . . Since “address” is actually referred to as TX input, a series of addresses can be clustered to estimate the existence of a subject by analyzing the appearance distribution Ex : D.Ron and A.Shamir, “Quantitative Analysis of the Full Bitcoin Transaction Graph” https://eprint.iacr.org/2012/584.pdf Ex : S.Meiklejohn et al., “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names” http://conferences.sigcomm.org/imc/2013/papers/ imc182-meiklejohnA.pdf Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.34/39

35. Mixing (Concealing Recipients) " # 4IBSFE
    8BMMFU BEESFTT
     BEESFTT
     BEESFTT
     BEESFTT
    

    
    #5$ 
    #5$ 
    #5$ 
    #5$ "DDPSEJOH
    UP
    UIF
    VTFST`
    JOTUSVDUJPOT UIF
    NPOFZ
    JT
    USBOTGFSSFE
    GSPN
    "
    UP
    # $
    UP
    %
    BOE
    
    DPNNJTTJPO
    JT
    DIBSHFE CVU
    UIF
    SFMBUJPOTIJQT
    CFUXFFO
    "
    BOE
    # $
    BOE
    %
    BSF
    VOLOPXO
    GSPN
    UIF
    UY
    IJTUPSZ % $ Mixing operators know the secret . . . is there any possibility of undercover investigations in which law enforcement is in fact in charge of mixing? Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.35/39

36. TumbleBit Eliminates trust in mixing in Bitcoin Assumes “tumbler” for

    mixing (but you can’t trust them) Protocol to send 1 BTC from Alice to Bob (1) Tumbler makes time-limited deposit of 1 BTC on blockchain (upon Bob’s request) Bob’s signature and the solution of a puzzle will release this 1 BTC (2) Bob blindfolds (like multiplies by a random number) the puzzle (that tumbler can still solve, but they don’t know for whom it was made), and sends it to Alice (3) Alice blindfolds the sent puzzle once again (tumbler can still solve it) (4) Alice makes a time-limited deposit of 1 BTC on blockchain This 1 BTC can be obtained with tumbler’s signature and the solution to the double-blindfolded puzzle (5) Tumbler gets the 1 BTC with signature and solution to the double-blindfolded puzzle This solution is a double-blindfolded version for the original puzzle, and cannot unlock the payment to Bob (6) Alice takes away one blindfold from the solution, and sends it to Bob (7) Bob takes away one more blindfold from the solution, gets the real solution to the original puzzle, and gets 1 BTC Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.36/39

37. Assignment Lecture 12 : DeFi : Decentralized Finance — FinTech

    — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.37/39

38. Assignment 6. “Cyber-Physical” Briefly describe your idea of combining self-driving

    cars with smart contracts A smart contract is the code and data stored and maintained on a censorship-resistant ledger (not necessarily a (legally valid) contract) Begin with 4 sentences (problem, why it is a problem, your startling sentence, its consequence) Deadline and how to submit Janurary 4, 2022 at 17:59 JST From Moodle (mandatory) — this time, we are using a Q&A forum So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.38/39

39. See You in 2022! Have a nice rest of 2021

    Chatting on Discord is always welcome! Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.39/39