Slides I used for FinTech - Financial Innovation and the Internet 2022 Fall at Graduate School of Business and Finance, Waseda University on November 11, 2022.
Sending money — generated by Stable Diffusion. FinTech — Financial Innovation and the Internet 2022 Fall Lecture 6 : The World of Apps (2) Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.1/26
This class is recorded 7 out of 15 lectures will be online only. When online, Camera ON is recommended, but not required You do need to speak often anyway (we are going to have a lot of dialogue) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features The recordings could be used for research on (online) learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.2/26
The lecture slides can be found at : https://speakerdeck.com/ks91 Recording and chat text will be posted at Moodle and Discord Trial automatic transcriptions will be posted at Discord Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.3/26
Last Time, We Did. . . Assignment Review The World of the Web Web 1-2-3 Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.5/26
Today’s Topics API (Application Programming Interface) Web API (REST) in particular Discussion : Imagine API Basics of Cryptography May be continued to the next lecture Assignment Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.6/26
API API : Application Programming Interface Interface through which an application can make use of some features provided somewhere Web API : API by HTTP(S) requests In this case, features are provided by a (remote) web server Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.7/26
REST (Representational State Transfer) Stateless client/server protocol Well-defined set of methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) CRUD represents the basic set of operations against a database Uniquely identify resources by URI Some demonstrations later Often returns results in the form of JSON (JavaScript Object Notation) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.8/26
Demoed? — HTTPS Demo (reprise) $ openssl s_client -connect www.waseda.jp:443 Then GET / Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.9/26
REST – contd. Hypermedia that can handle both application information and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) A stack is a last-in, fast-out date store You can push data in, and pop data out A design would be like, POST to create a stack POST to push to the stack POST to pop from the stack GET to peek in the stack state PUT to update an item DELETE to delete the stack Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.10/26
Demonstration $ git clone https://github.com/ks91/sample-web-api.git This is a really simple sample API that provides stacks (requires Python3 and Flask) The stacks can be used as calculators Run the simple web API server $ python stack.py See README to discover how to try In this demo, we will try (5 − 2) × (3 + 4) Expressed as 5 2 − 3 4 + × (Reverse Polish Notation) Also two programs to add up 1 through 10 using the API Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.11/26
Meaning of the Demonstration No one wants to go to the trouble of using APIs to do something this simple We did it as a demonstration in which we can easily confirm that the API worked correctly If I were to point at the moon, you should be looking at the moon, not at my index finger ↑ If you are wondering why I suddenly started talking about the moon, you are surely looking at my index finger At the same time, the stack calculator is an important concept You can make a (virtual) computer out of this concept It is called a stack machine Bitcoin’s virtual computer for scripting is a stack machine Ethereum Virtual Machine (EVM) is also a stack machine Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.12/26
Discussion : Imagine API What APIs are useful in banking? Roughly design With CRUD (Create/Read/Update/Delete) in mind Have you considered an API to retrieve passbook data? How can you be sure that the data is genuine? Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.13/26
Basics of Cryptography Cryptographic hash function Public key cryptography and digital signature Zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.14/26
*GJOQVUTBSFKVTU CJUEJ⒎FSFOU 5PUBMMZEJ⒎FSFOU PVUQVU $SZQUPHSBQIJDIBTIGVODUJPO 4)"
3*1&.%
FUD
$BO` UEFEVDF $BO`UEFEVDF *U` TJOGFBTJCMFUPDBMDVMBUFBO JOQVUUIBUQSPEVDFTBTQFDJpD EJHFTU When a file (e.g., an open-source app) needs to be authenticated, the provider may publish a fingerprint value (called a hash value or digest) of the file (typically in hexadecimal) The downloader can calculate the digest in the same way, and if it is the same value as the publicly available one, they have a real file It is considered extremely difficult to disguise a fake file so that it gives the same digest The digest is calculated using a cryptographic hash function There are various functions, such as the SHA (Secure Hash Algorithm) series A cryptographic hash function is a function that outputs a completely different value if the original data (preimage) is different by even 1 bit Unidirectional, and cannot get preimage from the digest So it is sometimes used to hide the original data Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.15/26
Examples SHA (Secure Hash Algorithm) series (NIST standards) SHA-1 (designed by NSA) Deprecated SHA-2 (designed by NSA) SHA-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2022 Fall” → 051a807b12513f8b402b23e337806a06ea221696611724be4d510329aa0076d6 SHA-3 (selected through a public call for proposals) SHA3-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2022 Fall” → 794cbcb155f2b152c72c2cb4a37909129319cf9dd6576d0b7005f6491a5d8d8e Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.16/26
Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017 by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.17/26
Public Key Cryptography 5IF*OUFSOFU %JTUSJCVUFQVCMJDLFZTJOBEWBODF -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF BTZNNFUSJDDSZQUPTZTUFN
4FOEFS LFZQBJS 3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.18/26
3FDFJWFS 4FOEFS QMBJOUFYU QMBJOUFYU TJHOBUVSF TJHOBUVSF %JTUSJCVUFQVCMJDLFZTJOBEWBODF LFZQBJS EJHFTU QVCMJDLFZ QSJWBUFLFZ EJHFTU Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.19/26
Generalized Digital Signature Signing Input : Output : signature Verifying Input : Output : OK (no change in plain text, and private key was used) or NG (otherwise) Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.20/26
What is Zero-Knowledge Proof? 4PVSDFl;FSPLOPXMFEHFQSPPGz
8JLJQFEJB Verifier remains to have no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.22/26
What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.23/26
Assignment 3. “Blockchain” (1) Please give a specific example of financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit November 15, 2022 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.25/26
See You Next Week Online Yet Again! Have a nice weekend! Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-11 – p.26/26
ks91
revcomm_inc
chumajin
na0x2c6
keiko713
orimanabu
lmi
sugawani
kzykmyzw
peisuke
is_ryo
sansan_randd
kc_nakanishi
jonrohan
cromwellryan
danielanewman
csswizardry
addyosmani
jacobian
tammyeverts
malarkey
jmmastey
jeffersonlam
jennybc
hannesfritz