These slides were used in the lecture 6 of FinTech - Financial Innovation and the Internet 2020 Fall at the Graduate School of Business and Finance, Waseda University, on October 30, 2020.
Lecture 6 : The World of Apps (2) Kenji Saito Professor, Graduate School of Business and Finance, Waseda University Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.1/30
required You do need to speak often (we are going to have a lot of dialogue) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features The recordings could be used for research on online learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.2/30
and chat text will be posted at Moodle and Discord Trial automatic transcription of the lecturer’s part will be posted at Discord Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.3/30
Lecture 2 10/2 Overview of FinTech (2) • Lecture 3 10/9 Internet Technology and Governance (1) • Lecture 4 10/16 Internet Technology and Governance (2) • Lecture 5 10/23 The World of Apps (1) • Lecture 6 10/30 The World of Apps (2) • Lecture 7 11/13 Blockchain (1) Lecture 8 11/20 Blockchain (2) Lecture 9 11/27 Other Ledger Technology and Applications (1) Lecture 10 12/4 Other Ledger Technology and Applications (2) Lecture 11 12/11 Cyber-Physical Society and Future of Finance (1) Lecture 12 12/18 Cyber-Physical Society and Future of Finance (2) Lecture 13 1/8 FinTech Ideathon (1) Lecture 14 1/15 FinTech Ideathon (2) Lecture 15 1/22 Presentations and Conclusions Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.4/30
of the Web Birth and evolution of World Wide Web Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.5/30
particular Basics of cryptography Cryptographic hash function Public key cryptography and digital signature Zero-knowledge proof Discussion : Imagine API Assignment Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.6/30
MJOLT MJOLT CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF XXXHPPHMFDPKQ XXXZBIPPDPKQ A browser fetches a page, and if a user clicks on (or touches) a link, fetches another page Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.8/30
Protocol (Secure) Protocol used for transferring HTML files HTML Hyper Text Markup Language Markup language for describing web pages Designed and recommended by the W3C URI Uniform Resource Identifier Identifier of an information resource on the Internet (not necessarily on WWW) URL (Uniform Resource Locator) is one way to implement URI Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.9/30
scheme Scheme https://www.google.com Host name : Port # 443/search Path ? Search string q = refrigerator Port number, path, and search string are optional For https scheme, the port number defaults to 443 Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.10/30
Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.11/30
request Each request is independent (state-less) It was enough to achieve its original purpose Original purpose → easy access to documents such as scientific papers But then there appeared a lot of applications for which this is inadequate. . . Want to treat a series of requests as a session Shopping, logging into membership site, etc. Art of maintaining states for that purpose Unique URL generation including a representation of the state HTTP cookies (like shared magic numbers) Access tokens Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.12/30
application can make use of some features provided somewhere Web API : API by HTTP(S) requests In the case, features are provided by a web server Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.14/30
methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) CRUD represents the basic set of operations against a database Uniquely identify resources by URI Some demonstrations later Often returns results in the form of JSON (JavaScript Object Notation) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.15/30
and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) A stack is a last-in, fast-out date store You can push data in, and pop data out A design would be like, POST to create a stack POST to push to the stack POST to pop from the stack GET to peek in the stack state PUT to update an item DELETE to delete the stack Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.16/30
sample API that provides stacks (requires Python3 and Flask) Run the simple web API server $ python stack.py See README to discover how to try At the end of this demo, we will try (5 − 2) × (3 + 4) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.17/30
digital signature Zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.18/30
*OQVUUIBUHJWFTUIFTBNFEJHFTU $BO` UEFEVDF 'JYFEMFOHUIEFpOFECZ UIFGVODUJPO FYCJU *OQVU )BTIWBMVF EJHFTU *GJOQVUTBSFKVTU CJUEJ⒎FSFOU 5PUBMMZEJ⒎FSFOU PVUQVU $SZQUPHSBQIJDIBTIGVODUJPO 4)" 3*1&.% FUD $BO` UEFEVDF $BO`UEFEVDF *U` TJOGFBTJCMFUPDBMDVMBUFBO JOQVUUIBUQSPEVDFTBTQFDJpD EJHFTU When a file (e.g., an open-source app) needs to be authenticated, the provider may publish a fingerprint value (called a hash value or digest) of the file (typically in hexadecimal) The downloader can calculate the digest in the same way, and if it is the same value as the publicly available one, they have a real file It is considered extremely difficult to disguise a fake file so that it gives the same digest The digest is calculated using a cryptographic hash function There are various functions, such as the SHA (Secure Hash Algorithm) series A cryptographic hash function is a function that outputs a completely different value if the original data (preimage) is different by even 1 bit Unidirectional, and cannot get preimage from the digest So it is sometimes used to hide the original data Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.19/30
by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.20/30
3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.21/30
NBUDIUIFEJHFTU DPNQVUFEGSPNUIFQMBJOUFYU %FDSZQUXQSJWBUFLFZ BTJGJU`TBOFODSZQUFEEBUB 3FDFJWFS 4FOEFS QMBJOUFYU QMBJOUFYU TJHOBUVSF TJHOBUVSF %JTUSJCVUFQVCMJDLFZTJOBEWBODF LFZQBJS EJHFTU QVCMJDLFZ QSJWBUFLFZ EJHFTU Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.22/30
Output : signature Verifying Input : <plain text, signature, public key> Output : OK or NG Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.23/30
no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.25/30
zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.26/30
financial services (2) If a user is an “end (edge)”, what is the “center” operated by people in the example? (3) How will the service change if the center is automated? Deadline and how to submit November 10, 2019 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2020 Fall — 2020-10-30 – p.29/30