Slides I used for Lecture 12 of FinTech - Financial Innovation and the Internet 2021 Fall at Graduate School of Business and Finance, Waseda University on December 17, 2021.
and the Internet 2021 Fall Lecture 12 : DeFi : Decentralized Finance Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.1/39
required Zoom names : change your names to whatever you want to be called Please link your Zoon names to your real names in your reports Zoom names are important, because if you choose to be called by your real names, still I don’t know whether I should call you by your given or family names You do need to speak often (we are going to have a lot of dialogues) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.2/39
and chat text will be posted at Moodle and Discord Trial automatic transcription will be posted at Discord Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.3/39
land rights with digital tokens Understanding Applications of Blockchain (revisited) Assignment Review — The DAO Attacked Discussion on the DAO Attack Blockchain and Anonymity — How to Disappear Assignment Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.6/39
banking, and Legal Affairs Bureau (or judicial scrivener) Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.7/39
SFUVSOMBOE 1VSDIBTF$POUSBDU -BOE"TTFU MBOE EFQPTJU USBOTGFSMBOESJHIUTUPCVZFS USBOTGFSQBZNFOUUPTFMMFS QBZNFOU EFQPTJU %JHJUBM5PLFO DSFBUFBOEpYJOUIFBJS FJUIFSDBOEPUIJT DSFBUFBOEpYJOUIFBJS DBOGSFFMZKPJOBOEMFBWF DBOGSFFMZKPJOBOEMFBWF 4FMMFS #VZFS JOUFSOBM TUBUF SFUVSONPOFZ TFUUMF USBOTGFS JOUFSOBM TUBUF USBOTGFS JOUFSOBM TUBUF 1. Purchase contract is fixed in the air to prevent taking away of land or money (both parties can verify the contract) 2. Deposit land rights and purchase money in the contract (if they change their minds, they can take them back) 3. When settled (anyone can do it if both right and money are deposited), the rights and money for the property are transferred simultaneously Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.8/39
Debt Repayment Story” by Human Mao http://ningenmao.blog.jp/archives/6163807.html On the very day of repayment, they rented a place at a hotel and all the people involved gathered there There were more than 20 people in total, including real estate companies, bankers, and judicial scriveners Since the land was mortgaged by the bank, the mortgage had to be removed as soon as the money was repaid, and in order to make sure that this was done correctly, they got together and proceeded solemnly ↑ An example of non-automated version of the process Great human drama if you can read Japanese by the way Mao finds a photo of her father who went to India just three days after she was born, and learns that he had a debt of 100 million yen in the past, and that it was related to his trip to India Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.9/39
clone https://github.com/ks91/sample-smart-contracts.git Follow README 1. Setup a sample token project with brownie Brownie is a Python-based Ethereum programming and test environment Javascript-based one is called Truffle, and an Ethereum remote procedure call client is called Ganache See? Engineers are fun people to work with! 2. Copy the content of contracts, scripts and tests directories of this sample project into the corresponding directories of the token project 3. Compile 4. Test Today, I will demonstrate manually the test for automated escrow Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.10/39
>= _price_); /* ’this’ means this contract */ require(_asset_.getOwner() == address(this)); _token_.transfer(_seller_ , _price_); _asset_.transfer(_buyer_); emit Settled(); /* event log */ return true; } Just to introduce the settle() part from the sample code Only if both the price and the asset are deposited with the contract, It transfers money to the seller and asset to the buyer Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.11/39
>>> network.disconnect() # disconnect from the default, simulated environment of Ethereum >>> network.connect(’ropsten’) >>> len(accounts) 0 >>> accounts.add(paste the hexadecimal string of the private key here) <LocalAccount object ’hexadecimal string of the account’> >>> accounts[0].balace() Here is the ETH balance of the account We set up two accounts Once you have created multiple accounts, you can try to transfer ETH, for example as follows >>> accounts[0].transfer(accounts[1], "1 ether") But before that, you may want to feed the accounts with Ropsten ETH from some public faucet Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.12/39
test_deploy_and_settle(Token, IndivisibleAsset, OneTimeEscrow): asset = accounts[0].deploy(IndivisibleAsset, "5322 Endo", "mˆ2", 300) token = accounts[0].deploy(Token, "Test Token", "TEST", 18, "1000 ether") Deploying token and asset contracts The above is just the test code as it is, so in the console we will just type the inside of the function First, let’s do seller = accounts[0] and buyer = accounts[1] for readability Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.13/39
token, accounts[1], asset, accounts[0], 300) Sending 300 coins from seller (accounts[0]) to buyer (accounts[1]) to prepare Because the buyer has to cast a transaction that pays 300 coins Deploying Escrow Contracts Buyer is accounts[1], seller is accounts[0], and the price is 300 coins Since we are using the sample arguments of the baked Token as they are, 300 coins is actually a very small unit, like wei in ETH Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.14/39
assert token.balanceOf(accounts[0]) == 999999999999999999700 assert token.balanceOf(accounts[1]) == 0 assert token.balanceOf(escrow) == 300 assert asset.getOwner() == escrow Buyer (accounts[1]) deposits 300 coins in escrow, and Seller (accounts[0]) deposits the asset in escrow assert tests a statement, and fails the test if it turns out to be false But we are in console (not doing an automated test), so we just see the values Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.15/39
token.balanceOf(accounts[1]) == 0 assert token.balanceOf(escrow) == 0 assert asset.getOwner() == accounts[1] Calling settle() and closing the transaction In this code, it is called by seller (accounts[0]), but it is OK to call from either side Let’s see some transactions on an Ethereum Ropsten testnet explorer Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.16/39
Fungible Redeemable Non-fungible Redeemable Non-fungible Non-redeemable Certifying Identifying payment ID card security token last will logistics insurance claim Tracking Sensing fiat money crypto-pet Proves you are the one since you can handle the private key? Transfers numerical representations of debt / asset? Maintains authenticity of registered code, data and resulted states? (Authority) issues certificates about some content? Updates records about sustained presences? Is data still valid even if the subject is gone? Many think we implement token and provenance apps with smart contracts, but. . . Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.18/39
investment fund “The DAO” leaked 3.5M ETH in an attack that exploited a bug in a smart contract, but this incident was made to look like it never happened, by the hard fork of Ethereum (1) Choose between A) public policy position (of a country with many victims), or B) management position at The DAO (2) Discuss briefly what would have been the best thing to do from your position Deadline and how to submit December 14, 2021 at 17:59 JST From Moodle (mandatory) — this time, we are using a Q&A forum So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.20/39
Measures . . . how to improve the class 21 out of 29+α students submitted (always better late than never) Your choices of positions : public policy position : 12; business management position : 9 Your opinions on the hard fork : positive : 9; negative : 4; neither : 8 I think your opinions were well thought out from each standpoint Many of you could have written your answers a little shorter Try to use bullet points or other ways to make it easier for the reader to read and get your point across I will let you discuss with your thoughts Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.21/39
https://blog.slock.it/the-history-of-the-dao-and-lessons-learned-d06740f8cfa5 This is still a one-sided view, but it is useful to know the details of the incident and response We will breakout and use miro mind map Connect your thoughts to the node of your breakout room Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.22/39
a public key digest In Ethereum, which manages account status (balance, etc.) rather than UTXO (coin with destination), it’s difficult to adopt the Bitcoin-like method of changing the receiver’s address from transaction to transaction Which is not a perfect way to hide themselves anyway zk-SNARKs, zero-knowledge proof algorithm used in Zcash, has also been implemented for Ethereum Can conceal transactions (Who sent it to whom ← not straightforward, and) how much? Deployed with Byzantium hard fork in 2017 Gas (transaction cost) is expensive Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.24/39
3 parts G is Generator : G(λ, C) → (pk, vk) where C is a circuit, λ is a secret Circuit (or function) C returns true or false; pk is the prover key, vk is the verifier key P is Prover : P(pk, x, w) → π where x is the public input of C, w (witness) is the secret input of C π is the proof V is Verifier : V (vk, x, π) = true ⇒ ∃w : C(x, w) = true Can perform in Ethereum by executing V inside smart contracts G and P (knows secret) are executed “off-chain” so to speak Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.25/39
hash function H The contract manages H(a’s balance) for all accounts a C s (x, w) for sender : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Confirm pre-tx balance ≥ remittance Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance − remittance) C r (x, w) for receiver : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance + remittance) Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.26/39
arguments (sender address is self-evident as the caller of the contract) Receiver address, H(remittance), H(post-tx balance s ), H(post-tx balance r ) π s , π r obtained by applying P in advance Verifies sending by V (vk s , [H(balances ), H(post-tx balances ), H(remittance)], π s ) Verifies receiving by V (vk r , [H(balancer ), H(post-tx balancer ), H(remittance)], π r ) Replaces both H(balance) with their H(post-tx balance) Sender and receiver need to communicate off-chain They cannot tell how much each other had and has now Others cannot tell, in addition to the above, how much was sent But they can tell who sent money to whom Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.27/39
Bob is known To avoid preimage at- tacks, balances and re- mittances should contain many digits below deci- mal point Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.28/39
remittance using zk-SNARKs that conceals the following Who sends money? ← NEW! To whom? ← NEW! How much? How much were the balances of those before remittance, and how much afterward? Is our solution perfect? What problems are there? ↑ This was an assignment for the class for the past couple of years Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.29/39
known solution) H′ can be any arbitrary function, but linkability remains a problem Balance’s digits below decimal point is like a private key, protected by H Carole can run verifiers prior to issuing a trans- action to verify if she can really receive the fee Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.30/39
for anonymity Build a circuit that runs through multiple nodes from the user to the terminating node The user shares a shared key with each node that appears on the circuit (the user does not tell who they are) Data encryption is applied for the terminating node, and then for each node appearing in the circuit in reverse order, and finally the data is sent The relay peels off the encryption at each hop, as if it were an onion, and sends it to the next node The relay has no way of knowing what content is being sent from whom to whom Reference Tor : https://www.torproject.org There are concerns about its application to crimes, but it is also a tool for protecting citizens’ privacy and enforcing human rights Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.31/39
. . How do we share and transfer a request to Golgo 13 (assassin) while hiding his and the client’s identities. . . From each other and third parties? Of course, we want to keep secret the contents of the request and the amount of money in question What impact would this have on law enforcement? Is it good for society that this is possible? Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.32/39
a public key Must equal the digest derived from the public key presented by the certifier, and Digital signature by the certifier must be verified with the public key ⇒ Has corresponding private key ⇒ authorized user Existence of an entity can be inferred if the same “address” is used more than once However, it is not known which specific individual the subject is (no linkability) Once it is linked somewhere, anonymity is stripped Ex : tied to a bank account at an exchange Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.33/39
same “address” is encouraged They try to minimize the extent to which they are identified when an address is linked to some identity. . . Since “address” is actually referred to as TX input, a series of addresses can be clustered to estimate the existence of a subject by analyzing the appearance distribution Ex : D.Ron and A.Shamir, “Quantitative Analysis of the Full Bitcoin Transaction Graph” https://eprint.iacr.org/2012/584.pdf Ex : S.Meiklejohn et al., “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names” http://conferences.sigcomm.org/imc/2013/papers/ imc182-meiklejohnA.pdf Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.34/39
#5$ #5$ #5$ #5$ "DDPSEJOHUPUIFVTFST`JOTUSVDUJPOT UIFNPOFZJTUSBOTGFSSFEGSPN"UP# $UP% BOEDPNNJTTJPOJTDIBSHFE CVUUIFSFMBUJPOTIJQTCFUXFFO"BOE# $BOE%BSFVOLOPXOGSPNUIFUYIJTUPSZ % $ Mixing operators know the secret . . . is there any possibility of undercover investigations in which law enforcement is in fact in charge of mixing? Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.35/39
mixing (but you can’t trust them) Protocol to send 1 BTC from Alice to Bob (1) Tumbler makes time-limited deposit of 1 BTC on blockchain (upon Bob’s request) Bob’s signature and the solution of a puzzle will release this 1 BTC (2) Bob blindfolds (like multiplies by a random number) the puzzle (that tumbler can still solve, but they don’t know for whom it was made), and sends it to Alice (3) Alice blindfolds the sent puzzle once again (tumbler can still solve it) (4) Alice makes a time-limited deposit of 1 BTC on blockchain This 1 BTC can be obtained with tumbler’s signature and the solution to the double-blindfolded puzzle (5) Tumbler gets the 1 BTC with signature and solution to the double-blindfolded puzzle This solution is a double-blindfolded version for the original puzzle, and cannot unlock the payment to Bob (6) Alice takes away one blindfold from the solution, and sends it to Bob (7) Bob takes away one more blindfold from the solution, gets the real solution to the original puzzle, and gets 1 BTC Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.36/39
cars with smart contracts A smart contract is the code and data stored and maintained on a censorship-resistant ledger (not necessarily a (legally valid) contract) Begin with 4 sentences (problem, why it is a problem, your startling sentence, its consequence) Deadline and how to submit Janurary 4, 2022 at 17:59 JST From Moodle (mandatory) — this time, we are using a Q&A forum So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.38/39
Chatting on Discord is always welcome! Lecture 12 : DeFi : Decentralized Finance — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-12-10 – p.39/39