Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FinTech Lecture 6 : The World of Apps (2)

FinTech Lecture 6 : The World of Apps (2)

Slides I used for FinTech - Financial Innovation and the Internet 2023 Fall at Graduate School of Business and Finance, Waseda University on November 17, 2023.

Kenji Saito

November 17, 2023
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Financial technology in the living room. Generated by Stable Diffusion XL Beta
    FinTech — Financial Innovation and the Internet 2023 Fall
    Lecture 6 : The World of Apps (2)
    Kenji Saito, Graduate School of Business and Finance, Waseda University
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.1/32

    View full-size slide

  2. This class is recorded
    Using Zoom
    The recordings could be used for research on (online) learning
    Transcribed for use and anonymized
    Will let you know when the necessity arises
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.2/32

    View full-size slide

  3. The lecture slides can be found at :
    https://speakerdeck.com/ks91
    Trial automatic transcription for lectures will be posted at Discord
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.3/32

    View full-size slide

  4. Schedule (provisional)
    Lecture 1 10/6 Overview of FinTech (1) •
    Lecture 2 10/13 Overview of FinTech (2) •
    Lecture 3 10/20 Internet Technology and Governance (1) •
    Lecture 4 10/27 Internet Technology and Governance (2) on-demand •
    Lecture 5 11/10 The World of Apps (1) •
    Lecture 6 11/17 The World of Apps (2) •
    Lecture 7 11/24 Blockchain (1)
    Lecture 8 12/1 Blockchain (2)
    Lecture 9 12/8 Smart Contracts (1)
    Lecture 10 12/15 Smart Contracts (2)
    Lecture 11 12/22 Smart Contracts (3)
    Lecture 12 1/12 Cyber-Physical Society and Future of Finance
    Lecture 13 1/19 FinTech Ideathon
    Lecture 14 1/26 Presentations and Conclusions
    Online presence is possible but not recommended for non-online lectures for interactivity reasons
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.4/32

    View full-size slide

  5. Last Week, We Did. . .
    Assignment Review
    The World of the Web
    Web 1-2-3 Begins
    Beginning of the True Stories
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.5/32

    View full-size slide

  6. Today’s Topics
    Web 1-2-3
    True Stories
    API (Application Programming Interface)
    Web API (REST) in particular
    Discussion : Imagine API
    Basics of Cryptography
    May be continued to the next lecture
    Assignment
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.6/32

    View full-size slide

  7. Web 1-2-3
    True Stories
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.7/32

    View full-size slide

  8. History of Web 1-2-3
    so-called
    Web1.0
    Web2.0
    WWW Orthodox
    History
    (Finance is irrelevant)
    Users themselves are “easily”
    the producers of the data
    A little
    off topic
    Quite
    off topic
    lift (Aufheben)
    1989
    Web3.0
    ˠ web3
    2014
    1990 1995 2000 2005 2010 2015 2020
    2005 2006
    Web3.0
    Get your data back
    in your hands!
    Don't let
    organizations
    control it
    Solve all problems
    by making
    everything
    a financial token!
    Berners-Lee’ s
    Berners-Lee’ s
    O’ Reilly’ s
    Wood’ s
    Bitcoin
    Ethereum
    Semantic Web
    (1998)
    “Web 2.0”
    first appearance
    (1999)
    Snowden Affair
    Bankruptcy of
    Lehman Brothers
    Internet Commercialization
    To Solid Project
    Is the data freely
    available for the
    users themselves
    and for the public
    good?
    How did this happen? Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.8/32

    View full-size slide

  9. What’s Web3? (1/3)
    So-called Web 1.0 (Berners-Lee) : Read × Write
    Publication medium for researchers → Everyone writes and reads papers, so it is two-way from the beginning
    “Users manage data, but publication is not easy”
    Web 2.0 (O’Reilly) : Read × Write ← Since Web 1.0 era
    “User has no control over data, but publication is easy”
    Web 3.0 (Berners-Lee)
    Aim to “make it easy for users to manage and publish their data” → Solid (Social linked data)
    Web 3.0 → Web3 (Wood)
    Make Ethereum available from the Web ← web3.js, web3.py
    Web3 (Dixon) : Read × Write × Own
    “Build financial assets, in the form of tokens, into the inner workings of almost anything you do online” (Bloomberg)
    You can own a token without relying on a trust to another, but you cannot own what the token points to or includes
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.9/32

    View full-size slide

  10. What’s Web3? (2/3)
    Web 3.0 (Wood, 2014) → web3 : Get the data back to everyone
    The following 4 elements were assumed to allow you to manage your data
    yourself
    1) Publishing system that cannot be censored (realized with Ethereum)
    2) Messaging with pseudonyms (realized with Ethereum)
    · Not anonymous, but when identities and pseudonyms are linked, people know who you are
    3) Consensus engine (?) (naïve understanding that this was achieved with Ethereum)
    · Haven’t created any mechanism for human beings to agree (What is being done is “replication” as part of 1))
    4) Browsers and user interfaces that integrate them (Ethereum to be available on the web)
    The {Javascript|Python} library to achieve 4) above is called web3.{js|py}
    (2014∼)
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.10/32

    View full-size slide

  11. What’s Web3? (3/3)
    Then things got somewhat strange
    . . .
    “What makes Web3 different — and more than a little weird — is that it would build financial
    assets, in the form of tokens, into the inner workings of almost anything you do online”
    — Olga Kharif, “What You Need to Know About Web3, Crypto’s Attempt to Reinvent the Internet”, Bloomberg (2021)
    Why do they want to do it? (Do you want to do it?)
    Perhaps because, after all, only tokens can express “ownership” in the blockchain?
    (original development motivation)
    Tokens can be freely disposed of by their holders → realization of the modern concept of ownership
    But does that mean you own the data? Is “owning” a “better way” in the first place?
    Is it a belief (or assumption) that all of society’s problems can be solved by incentives?
    This may be a belief that we can’t solve our problems without using humans,
    Because the only party to whom assets can be exercised is human
    (nature does not accept money)
    What about the fear of being wiped out in some way as a result of diversity being compromised because everyone works
    with the same incentives?
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.11/32

    View full-size slide

  12. Little Discussion
    What do you want to do with web3?
    Whatever you want to do, this class will always answer it with true stories
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.12/32

    View full-size slide

  13. API
    API : Application Programming Interface
    Interface through which an application can make use of some features
    provided somewhere
    Web API : API by HTTP(S) requests
    In this case, features are provided by a (remote) web server
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.13/32

    View full-size slide

  14. REST (Representational State Transfer)
    Stateless client/server protocol
    Well-defined set of methods
    POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete)
    CRUD represents the basic set of operations against a database
    Uniquely identify resources by URI
    Some demonstrations later
    Often returns results in the form of JSON (JavaScript Object Notation)
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.14/32

    View full-size slide

  15. Demoed? — HTTPS Demo (reprise)
    $ openssl s_client -connect www.waseda.jp:443
    Then
    GET /
    Install openssl in your environment and try it out
    You may want to try www.google.com:443 and GET /search?q=refrigerator instead
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.15/32

    View full-size slide

  16. REST – contd.
    Hypermedia that can handle both application information and state transitions
    An example of state transitions (state machines)
    (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons)
    A stack is a last-in, first-out
    date store
    You can push data in, and
    pop data out
    A design would be like,
    POST to create a stack
    POST to push to the stack
    POST to pop from the stack
    GET to peek in the stack state
    PUT to update an item
    DELETE to delete the stack
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.16/32

    View full-size slide

  17. Demonstration
    $ git clone https://github.com/ks91/sample-web-api.git
    This is a really simple sample API that provides stacks (requires Python3 and Flask)
    The stacks can be used as calculators
    Run the simple web API server
    $ python stack.py
    See README to discover how to try
    In this demo, we will try (5 − 2) × (3 + 4)
    Expressed as 5 2 − 3 4 + × (Reverse Polish Notation)
    Also two programs to add up 1 through 10 using the API
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.17/32

    View full-size slide

  18. Meaning of the Demonstration
    No one wants to go to the trouble of using APIs to do something this simple
    We did it as a demonstration in which we can easily confirm that the API
    worked correctly
    If I were to point at the moon, you should be looking at the moon, not at my
    index finger
    ↑ If you are wondering why I suddenly started talking about the moon, you are surely looking at my index finger
    At the same time, the stack calculator is an important concept
    You can make a (virtual) computer out of this concept
    It is called a stack machine
    Bitcoin’s virtual computer for scripting is a stack machine
    Ethereum Virtual Machine (EVM) is also a stack machine
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.18/32

    View full-size slide

  19. Little Discussion : Imagine API
    What APIs are useful in banking?
    Roughly design
    With CRUD (Create/Read/Update/Delete) in mind
    Have you considered an API to retrieve passbook data?
    How can you be sure that the data is genuine?
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.19/32

    View full-size slide

  20. Basics of Cryptography
    Cryptographic hash function
    Public key cryptography and digital signature
    Zero-knowledge proof
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.20/32

    View full-size slide

  21. Cryptographic Hash Function




















    *OQVUUIBUHJWFTUIFTBNFEJHFTU
    $BO` UEFEVDF
    'JYFEMFOHUIEFpOFECZ
    UIFGVODUJPO FYCJU

    *OQVU )BTIWBMVF EJHFTU

    *GJOQVUTBSFKVTU
    CJUEJ⒎FSFOU
    5PUBMMZEJ⒎FSFOU
    PVUQVU
    $SZQUPHSBQIJDIBTIGVODUJPO
    4)" 3*1&.% FUD

    $BO` UEFEVDF
    $BO`UEFEVDF
    *U` TJOGFBTJCMFUPDBMDVMBUFBO
    JOQVUUIBUQSPEVDFTBTQFDJpD
    EJHFTU
    When a file (e.g., an open-source app) needs to be
    authenticated, the provider may publish a fingerprint value (called
    a hash value or digest) of the file (typically in hexadecimal)
    The downloader can calculate the digest in the same way,
    and if it is the same value as the publicly available one, they
    have a real file
    It is considered extremely difficult to disguise a fake file so
    that it gives the same digest
    The digest is calculated using a cryptographic hash function
    There are various functions, such as the SHA (Secure
    Hash Algorithm) series
    A cryptographic hash function is a function that outputs a
    completely different value if the original data (preimage) is
    different by even 1 bit
    Unidirectional, and cannot get preimage from the digest
    So it is sometimes used to hide the original data
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.21/32

    View full-size slide

  22. Examples
    SHA (Secure Hash Algorithm) series (NIST standards)
    SHA-1 (designed by NSA)
    Deprecated
    SHA-2 (designed by NSA)
    SHA-256 produces 256-bit digests
    “FinTech - Financial Innovation and the Internet 2022 Fall” →
    051a807b12513f8b402b23e337806a06ea221696611724be4d510329aa0076d6
    SHA-3 (selected through a public call for proposals)
    SHA3-256 produces 256-bit digests
    “FinTech - Financial Innovation and the Internet 2022 Fall” →
    794cbcb155f2b152c72c2cb4a37909129319cf9dd6576d0b7005f6491a5d8d8e
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.22/32

    View full-size slide

  23. Actually Found Collisions for SHA-1
    https://shattered.it
    Announced in February 2017 by
    Google and the National Research
    Institute for Mathematics and
    Computer Science (CWI),
    Netherlands
    As an alert
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.23/32

    View full-size slide

  24. Public Key Cryptography
    5IF*OUFSOFU
    %JTUSJCVUFQVCMJDLFZTJOBEWBODF
    -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF
    BTZNNFUSJDDSZQUPTZTUFN

    4FOEFS
    LFZQBJS
    3FDFJWFS
    QMBJOUFYU
    QVCMJDLFZ
    QSJWBUFLFZ
    &ODSZQUX
    QVCMJDLFZ
    %FDSZQUX
    QSJWBUFLFZ
    4FOEFODSZQUFEUFYU
    It is extremely difficult to deduce the private key from a public key
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.24/32

    View full-size slide

  25. Digital Signature (RSA)
    5IF*OUFSOFU
    &ODSZQUXQVCMJDLFZ
    BTJGJU`TBEFDSZQUFEEBUB

    4FOEQMBJOUFYUX
    TJHOBUVSF
    %PFTUIFFODSZQUFETJHOBUVSF
    NBUDIUIFEJHFTU
    DPNQVUFEGSPNUIFQMBJOUFYU
    %FDSZQUXQSJWBUFLFZ
    BTJGJU`TBOFODSZQUFEEBUB

    3FDFJWFS 4FOEFS
    QMBJOUFYU
    QMBJOUFYU
    TJHOBUVSF TJHOBUVSF
    %JTUSJCVUFQVCMJDLFZTJOBEWBODF
    LFZQBJS
    EJHFTU
    QVCMJDLFZ
    QSJWBUFLFZ
    EJHFTU
    Can prove that it was sent by the very person and has not been altered
    This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman)
    ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.25/32

    View full-size slide

  26. Generalized Digital Signature
    Signing
    Input :
    Output : signature
    Verifying
    Input :
    Output : OK (no change in plain text, and private key was used) or NG (otherwise)
    Whether the signature meets certain mathematical properties that can
    be tested using plain text and public key
    Private key cannot be inferred in the verification process
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.26/32

    View full-size slide

  27. Public Key Certificate
    5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ
    PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF
    8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH
    UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS
    "MJDF #PC
    $BSPMF DFSUJpFS

    # C
    " #
    8IPTF
    $
    5IF*OUFSOFU
    TJHOBUVSF
    4JHOBUVSFPO"TQVCMJDLFZ
    $FSUJpDBUF

    #VUXFOFFE$TQVCMJDLFZ
    UPWFSJGZUIFTJHOBUVSF
    .BMJTTB BUUBDLFS

    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    .
    "
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LF
    LF
    LFZ
    QSJWBUFLFZ
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LFZ
    QSJWBUFLFZ
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LFZ
    QSJWBUFLFZ
    Public key infrastructure is used in the Web and elsewhere
    It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.27/32

    View full-size slide

  28. What is Zero-Knowledge Proof?
    4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB
    Verifier remains to have no knowledge other than what
    prover wants to prove
    Example: “I know a secret spell to open the door”
    ↑ Prove this without revealing the spell itself
    For example, repeat “coming out from the way she is told” for 20 times
    Completeness
    Verifier accepts with high probability if the proposition is true
    Soundness
    Verifier has little chance of accepting if the proposition is false
    Zero-knowledge
    Can imitate dialogue without having to be a prover (without knowledge)
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.28/32

    View full-size slide

  29. What’s Non-Interactive Zero-Knowledge Proof?
    No dialogue is required for performing zero-knowledge proof
    Example: proving “my test score is the same as yours”
    Only one person can enter the room at a time
    Room has numbered and locked voting boxes for every possible score
    (for example, 101 boxes for 0∼100 points)
    You have a key bundle, but leave only the key of your score box, and throw away the rest
    I enter the room and vote for my score box and × for the rest
    You go into the room and unlock your score box to see if it’s voted
    Digital signature (can prove that the private key is there without revealing it) is an example
    of non-interactive zero-knowledge proof
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.29/32

    View full-size slide

  30. Assignment
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.30/32

    View full-size slide

  31. Assignment 3. “Blockchain”
    (1) Please give a specific example of financial services
    (2) If a user is an “end (edge)”, what is the “center” operated by people or
    an organization in the example?
    (3) How will the service change if that center is automated, without an
    organization?
    Deadline and how to submit
    November 21, 2022 at 17:59 JST
    From Moodle (mandatory)
    Optionally, you can also post to #assignments channel at Discord
    So that your classmates can read your report, refer to it, and comment on it
    Just plain text, and be concise, please
    (and please remember Kent Beck on How to Get a Paper Accepted)
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.31/32

    View full-size slide

  32. Have a Nice Weekend and See You Next Week!
    Lecture 6 : The World of Apps (2) — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-17 – p.32/32

    View full-size slide