FinTech Lecture 6 : The World of Apps (2)

Transcript

1. Financial technology in the living room. Generated by Stable Diffusion

   XL Beta FinTech — Financial Innovation and the Internet 2023 Fall Lecture 6 : The World of Apps (2) Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.1/32

2. This class is recorded Using Zoom The recordings could be

   used for research on (online) learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.2/32

3. The lecture slides can be found at : https://speakerdeck.com/ks91 Trial

   automatic transcription for lectures will be posted at Discord Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.3/32

4. Schedule (provisional) Lecture 1 10/6 Overview of FinTech (1) •

   Lecture 2 10/13 Overview of FinTech (2) • Lecture 3 10/20 Internet Technology and Governance (1) • Lecture 4 10/27 Internet Technology and Governance (2) on-demand • Lecture 5 11/10 The World of Apps (1) • Lecture 6 11/17 The World of Apps (2) • Lecture 7 11/24 Blockchain (1) Lecture 8 12/1 Blockchain (2) Lecture 9 12/8 Smart Contracts (1) Lecture 10 12/15 Smart Contracts (2) Lecture 11 12/22 Smart Contracts (3) Lecture 12 1/12 Cyber-Physical Society and Future of Finance Lecture 13 1/19 FinTech Ideathon Lecture 14 1/26 Presentations and Conclusions Online presence is possible but not recommended for non-online lectures for interactivity reasons Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.4/32

5. Last Week, We Did. . . Assignment Review The World

   of the Web Web 1-2-3 Begins Beginning of the True Stories Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.5/32

6. Today’s Topics Web 1-2-3 True Stories API (Application Programming Interface)

   Web API (REST) in particular Discussion : Imagine API Basics of Cryptography May be continued to the next lecture Assignment Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.6/32

7. Web 1-2-3 True Stories Lecture 6 : The World of

   Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.7/32

8. History of Web 1-2-3 so-called Web1.0 Web2.0 WWW Orthodox History

   (Finance is irrelevant) Users themselves are “easily” the producers of the data A little off topic Quite off topic lift (Aufheben) 1989 Web3.0 ˠ web3 2014 1990 1995 2000 2005 2010 2015 2020 2005 2006 Web3.0 Get your data back in your hands! Don't let organizations control it Solve all problems by making everything a financial token! Berners-Lee’ s Berners-Lee’ s O’ Reilly’ s Wood’ s Bitcoin Ethereum Semantic Web (1998) “Web 2.0” first appearance (1999) Snowden Affair Bankruptcy of Lehman Brothers Internet Commercialization To Solid Project Is the data freely available for the users themselves and for the public good? How did this happen? Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.8/32

9. What’s Web3? (1/3) So-called Web 1.0 (Berners-Lee) : Read ×

   Write Publication medium for researchers → Everyone writes and reads papers, so it is two-way from the beginning “Users manage data, but publication is not easy” Web 2.0 (O’Reilly) : Read × Write ← Since Web 1.0 era “User has no control over data, but publication is easy” Web 3.0 (Berners-Lee) Aim to “make it easy for users to manage and publish their data” → Solid (Social linked data) Web 3.0 → Web3 (Wood) Make Ethereum available from the Web ← web3.js, web3.py Web3 (Dixon) : Read × Write × Own “Build financial assets, in the form of tokens, into the inner workings of almost anything you do online” (Bloomberg) You can own a token without relying on a trust to another, but you cannot own what the token points to or includes Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.9/32

10. What’s Web3? (2/3) Web 3.0 (Wood, 2014) → web3 :

    Get the data back to everyone The following 4 elements were assumed to allow you to manage your data yourself 1) Publishing system that cannot be censored (realized with Ethereum) 2) Messaging with pseudonyms (realized with Ethereum) · Not anonymous, but when identities and pseudonyms are linked, people know who you are 3) Consensus engine (?) (naïve understanding that this was achieved with Ethereum) · Haven’t created any mechanism for human beings to agree (What is being done is “replication” as part of 1)) 4) Browsers and user interfaces that integrate them (Ethereum to be available on the web) The {Javascript|Python} library to achieve 4) above is called web3.{js|py} (2014∼) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.10/32

11. What’s Web3? (3/3) Then things got somewhat strange . .

    . “What makes Web3 different — and more than a little weird — is that it would build financial assets, in the form of tokens, into the inner workings of almost anything you do online” — Olga Kharif, “What You Need to Know About Web3, Crypto’s Attempt to Reinvent the Internet”, Bloomberg (2021) Why do they want to do it? (Do you want to do it?) Perhaps because, after all, only tokens can express “ownership” in the blockchain? (original development motivation) Tokens can be freely disposed of by their holders → realization of the modern concept of ownership But does that mean you own the data? Is “owning” a “better way” in the first place? Is it a belief (or assumption) that all of society’s problems can be solved by incentives? This may be a belief that we can’t solve our problems without using humans, Because the only party to whom assets can be exercised is human (nature does not accept money) What about the fear of being wiped out in some way as a result of diversity being compromised because everyone works with the same incentives? Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.11/32

12. Little Discussion What do you want to do with web3?

    Whatever you want to do, this class will always answer it with true stories Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.12/32

13. API API : Application Programming Interface Interface through which an

    application can make use of some features provided somewhere Web API : API by HTTP(S) requests In this case, features are provided by a (remote) web server Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.13/32

14. REST (Representational State Transfer) Stateless client/server protocol Well-defined set of

    methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) CRUD represents the basic set of operations against a database Uniquely identify resources by URI Some demonstrations later Often returns results in the form of JSON (JavaScript Object Notation) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.14/32

15. Demoed? — HTTPS Demo (reprise) $ openssl s_client -connect www.waseda.jp:443

    Then GET / Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.15/32

16. REST – contd. Hypermedia that can handle both application information

    and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) A stack is a last-in, first-out date store You can push data in, and pop data out A design would be like, POST to create a stack POST to push to the stack POST to pop from the stack GET to peek in the stack state PUT to update an item DELETE to delete the stack Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.16/32

17. Demonstration $ git clone https://github.com/ks91/sample-web-api.git This is a really simple

    sample API that provides stacks (requires Python3 and Flask) The stacks can be used as calculators Run the simple web API server $ python stack.py See README to discover how to try In this demo, we will try (5 − 2) × (3 + 4) Expressed as 5 2 − 3 4 + × (Reverse Polish Notation) Also two programs to add up 1 through 10 using the API Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.17/32

18. Meaning of the Demonstration No one wants to go to

    the trouble of using APIs to do something this simple We did it as a demonstration in which we can easily confirm that the API worked correctly If I were to point at the moon, you should be looking at the moon, not at my index finger ↑ If you are wondering why I suddenly started talking about the moon, you are surely looking at my index finger At the same time, the stack calculator is an important concept You can make a (virtual) computer out of this concept It is called a stack machine Bitcoin’s virtual computer for scripting is a stack machine Ethereum Virtual Machine (EVM) is also a stack machine Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.18/32

19. Little Discussion : Imagine API What APIs are useful in

    banking? Roughly design With CRUD (Create/Read/Update/Delete) in mind Have you considered an API to retrieve passbook data? How can you be sure that the data is genuine? Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.19/32

20. Basics of Cryptography Cryptographic hash function Public key cryptography and

    digital signature Zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.20/32

21. Cryptographic Hash Function       

                 *OQVU
    UIBU
    HJWFT
    UIF
    TBNF
    EJHFTU $BO` U
    EFEVDF 'JYFE
    MFOHUI
    EFpOFE
    CZ UIF
    GVODUJPO
    FY
    CJU *OQVU )BTI
    WBMVF
    EJHFTU *G
    JOQVUT
    BSF
    KVTU CJU
    EJ⒎FSFOU 5PUBMMZ
    EJ⒎FSFOU PVUQVU $SZQUPHSBQIJD
    IBTI
    GVODUJPO 4)"
    3*1&.%
    FUD $BO` U
    EFEVDF $BO`
    U
    EFEVDF *U` T
    JOGFBTJCMF
    UP
    DBMDVMBUF
    BO JOQVU
    UIBU
    QSPEVDFT
    B
    TQFDJpD EJHFTU When a file (e.g., an open-source app) needs to be authenticated, the provider may publish a fingerprint value (called a hash value or digest) of the file (typically in hexadecimal) The downloader can calculate the digest in the same way, and if it is the same value as the publicly available one, they have a real file It is considered extremely difficult to disguise a fake file so that it gives the same digest The digest is calculated using a cryptographic hash function There are various functions, such as the SHA (Secure Hash Algorithm) series A cryptographic hash function is a function that outputs a completely different value if the original data (preimage) is different by even 1 bit Unidirectional, and cannot get preimage from the digest So it is sometimes used to hide the original data Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.21/32

22. Examples SHA (Secure Hash Algorithm) series (NIST standards) SHA-1 (designed

    by NSA) Deprecated SHA-2 (designed by NSA) SHA-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2022 Fall” → 051a807b12513f8b402b23e337806a06ea221696611724be4d510329aa0076d6 SHA-3 (selected through a public call for proposals) SHA3-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2022 Fall” → 794cbcb155f2b152c72c2cb4a37909129319cf9dd6576d0b7005f6491a5d8d8e Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.22/32

23. Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017

    by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.23/32

24. Public Key Cryptography 5IF
    *OUFSOFU 
    %JTUSJCVUF
    QVCMJD
    LFZT
    JO
    BEWBODF 
    -PDLJOH
    BOE
    VOMPDLJOH
    LFZT
    BSF
    TFQBSBUF
    
    
    BTZNNFUSJD
    DSZQUPTZTUFN 4FOEFS LFZ
    QBJS

    3FDFJWFS QMBJO
    UFYU QVCMJD
    LFZ QSJWBUF
    LFZ 
    &ODSZQU
    X
    
    
    QVCMJD
    LFZ 
    %FDSZQU
    X
    
    
    QSJWBUF
    LFZ 
    4FOE
    FODSZQUFE
    UFYU It is extremely difficult to deduce the private key from a public key Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.24/32

25. Digital Signature (RSA) 5IF
    *OUFSOFU 
    &ODSZQU
    X
    QVCMJD
    LFZ
    
    BT
    JG
    JU`T
    B
    EFDSZQUFE
    EBUB 
    4FOE
    QMBJO
    UFYU
    X
    
    
    
    TJHOBUVSF 
    %PFT
    UIF
    FODSZQUFE
    TJHOBUVSF

    
    
    
    NBUDI
    UIF
    EJHFTU
    
    
    DPNQVUFE
    GSPN
    UIF
    QMBJO
    UFYU 
    %FDSZQU
    X
    QSJWBUF
    LFZ
    
    BT
    JG
    JU`T
    BO
    FODSZQUFE
    EBUB 3FDFJWFS 4FOEFS QMBJO
    UFYU QMBJO
    UFYU TJHOBUVSF TJHOBUVSF 
    %JTUSJCVUF
    QVCMJD
    LFZT
    JO
    BEWBODF LFZ
    QBJS EJHFTU QVCMJD
    LFZ QSJWBUF
    LFZ EJHFTU Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.25/32

26. Generalized Digital Signature Signing Input : <plain text, private key>

    Output : signature Verifying Input : <plain text, signature, public key> Output : OK (no change in plain text, and private key was used) or NG (otherwise) Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.26/32

27. Public Key Certificate 
    5IFSF
    JT
    OP
    HVBSBOUFF
    UIBU
    UIF
    QVCMJD
    LFZ
    
    
    PCUBJOFE
    UISPVHI
    UIF
    *OUFSOFU
    JT
    HFOVJOF 
    8F
    EPOU
    LOPX
    JG
    UIF
    QVCMJD
    LFZ
    VTFE
    GPS
    TJHOJOH
    
    
    UIF
    DFSUJpDBUF
    JT
    HFOVJOF
    PS
    OPU
    FJUIFS "MJDF #PC $BSPMF
    

    DFSUJpFS # C " # 8IPTF $ 5IF
    *OUFSOFU TJHOBUVSF 
    4JHOBUVSF
    PO
    "T
    QVCMJD
    LFZ
    
    
    
    $FSUJpDBUF 
    #VU
    XF
    OFFE
    $T
    QVCMJD
    LFZ
    
    
    
    UP
    WFSJGZ
    UIF
    TJHOBUVSF .BMJTTB
    BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LF
    LF
    LFZ QSJWBUF
    LFZ QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LFZ QSJWBUF
    LFZ QVCMJD
    LFZ LFZ
    QBJS QVCMJD
    LF
    LF
    LFZ QSJWBUF
    LFZ Public key infrastructure is used in the Web and elsewhere It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.27/32

28. What is Zero-Knowledge Proof? 4PVSDF
    
    l;FSPLOPXMFEHF
    QSPPG
    z
    8JLJQFEJB Verifier remains to have

    no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.28/32

29. What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing

    zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.29/32

30. Assignment Lecture 6 : The World of Apps (2) —

    FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.30/32

31. Assignment 3. “Blockchain” (1) Please give a specific example of

    financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit November 21, 2022 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.31/32

32. Have a Nice Weekend and See You Next Week! Lecture

    6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.32/32