Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FinTech Lecture 7 : Basics of Cryptography and Blockchain

FinTech Lecture 7 : Basics of Cryptography and Blockchain

Slides I used for Lecture 7 of FinTech - Financial Innovation and the Internet 2021 Fall at Graduate School of Business and Finance, Waseda University on November 12, 2021.

Kenji Saito

November 12, 2021
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Changes in the economy and labor. FinTech — Financial Innovation

    and the Internet 2021 Fall Lecture 7 : Basics of Cryptography and Blockchain Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.1/35
  2. This class is recorded Camera ON is recommended, but not

    required Zoom names : change your names to whatever you want to be called Please link your Zoon names to your real names in your reports Zoom names are important, because if you choose to be called by your real names, still I don’t know whether I should call you by your given or family names You do need to speak often (we are going to have a lot of dialogue) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.2/35
  3. The lecture slides can be found at : https://speakerdeck.com/ks91 Recording

    and chat text will be posted at Moodle and Discord Trial automatic transcription will be posted at Discord Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.3/35
  4. Schedule (provisional) Lecture 1 9/24 Overview of FinTech (1) •

    Lecture 2 10/1 Overview of FinTech (2) • Lecture 3 10/8 Internet Technology and Governance (1) • Lecture 4 10/15 Internet Technology and Governance (2) • Lecture 5 10/22 Internet Governance and the World of Apps • Lecture 6 10/29 The World of Apps - continued • Lecture 7 11/12 Basics of Cryptography and Blockchain • Lecture 8 11/19 Blockchain Lecture 9 11/26 Blockchain and Smart Contracts Lecture 10 12/3 Smart Contracts Lecture 11 12/10 Cyber-Physical Society and Future of Finance (1) Lecture 12 12/17 Cyber-Physical Society and Future of Finance (2) Lecture 13 1/7 FinTech Ideathon (1) Lecture 14 1/14 FinTech Ideathon (2) Lecture 15 1/21 Presentations and Conclusions Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.4/35
  5. Last Week, We Did. . . The World of the

    Web Birth, technology and evolution of World Wide Web Consequences and problems of World Wide Web API (Application Programming Interface) Web API (REST (REpresentational State Transfer)) in particular Discussion : Imagine API (with CRUD (Create/Read/Update/Delete) in mind) Basics of Cryptography Just begun Assignment Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.5/35
  6. Today’s Topics Basics of Cryptography Cryptographic hash function Public key

    cryptography and digital signature Zero-knowledge proof Assignment Review Understanding Blockchain Bitcoin’s “question” and “answer” Beaker/Newspaper Model (physical model of Bitcoin) Validity/Existence/Uniqueness layers Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.6/35
  7. Basics of Cryptography Since bare blockchain does not use encryption,

    we will not go through detail of encryption/decryption techniques Cryptographic hash function Public key cryptography and digital signature Zero-knowledge proof Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.7/35
  8. Cryptographic Hash Function (not encryption)     

                   *OQVUUIBUHJWFTUIFTBNFEJHFTU $BO` UEFEVDF 'JYFEMFOHUIEFpOFECZ UIFGVODUJPO FYCJU *OQVU )BTIWBMVF EJHFTU *GJOQVUTBSFKVTU CJUEJ⒎FSFOU 5PUBMMZEJ⒎FSFOU PVUQVU $SZQUPHSBQIJDIBTIGVODUJPO 4)" 3*1&.% FUD $BO` UEFEVDF $BO`UEFEVDF *U` TJOGFBTJCMFUPDBMDVMBUFBO JOQVUUIBUQSPEVDFTBTQFDJpD EJHFTU When a file (e.g., an open-source app) needs to be authenticated, the provider may publish a fingerprint value (called a hash value or digest) of the file (typically in hexadecimal) The downloader can calculate the digest in the same way, and if it is the same value as the publicly available one, they have a real file It is considered extremely difficult to disguise a fake file so that it gives the same digest The digest is calculated using a cryptographic hash function There are various functions, such as the SHA (Secure Hash Algorithm) series A cryptographic hash function is a function that outputs a completely different value if the original data (preimage) is different by even 1 bit Unidirectional, and cannot get preimage from the digest So it is sometimes used to hide the original data Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.8/35
  9. More on Cryptographic Hash Function Let’s try some examples using

    Online Tools https://emn178.github.io/online-tools/sha256.html For a cryptographic hash function H and data m, We cannot compute m′ where m′ = m such that H(m) = H(m′) in a realistic time, and therefore We cannot compute m or m′ in a realistic time when H(m) is given H is not encryption because there is no hint (key) and it cannot be decrypted We call it a collision if we find m′ such that H(m) = H(m′) and m′ = m Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.9/35
  10. Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017

    by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.10/35
  11. Public Key Cryptography (encryption is not used in bare blockchain)

    5IF*OUFSOFU %JTUSJCVUFQVCMJDLFZTJOBEWBODF -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF  BTZNNFUSJDDSZQUPTZTUFN 4FOEFS LFZQBJS 3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Why don’t we use the same key for locking and unlocking? (Actually, we usually do, but we need ↑ to do so) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.11/35
  12. Digital Signature (RSA) (uncommon in bare blockchain) 5IF*OUFSOFU &ODSZQUXQVCMJDLFZ 

    BTJGJU`TBEFDSZQUFEEBUB 4FOEQMBJOUFYUX TJHOBUVSF %PFTUIFFODSZQUFETJHOBUVSF NBUDIUIFEJHFTU DPNQVUFEGSPNUIFQMBJOUFYU %FDSZQUXQSJWBUFLFZ  BTJGJU`TBOFODSZQUFEEBUB 3FDFJWFS 4FOEFS QMBJOUFYU QMBJOUFYU TJHOBUVSF TJHOBUVSF %JTUSJCVUFQVCMJDLFZTJOBEWBODF LFZQBJS EJHFTU QVCMJDLFZ QSJWBUFLFZ EJHFTU Can prove that it was sent by the very person and has not been altered This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman) ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.12/35
  13. Generalized Digital Signature (just remember this!) Signing Input : <plain

    text, private key> Output : signature Verifying Input : <plain text, signature, public key> Output : OK (no change in plain text, and private key was used) or NG (otherwise) Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Cryptographic hash functions and digital signatures are the two cryptographic techniques used in blockchain (no cipher ) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.13/35
  14. Public Key Certificate (not used in bare blockchain) 5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF

    8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS "MJDF #PC $BSPMF DFSUJpFS # C " # 8IPTF $ 5IF*OUFSOFU TJHOBUVSF 4JHOBUVSFPO"TQVCMJDLFZ  $FSUJpDBUF #VUXFOFFE$TQVCMJDLFZ UPWFSJGZUIFTJHOBUVSF .BMJTTB BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJDLFZ LFZQBJS QVCMJDLF LF LF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ Public key infrastructure is used in the Web and elsewhere (in blockchain, rather, a public key digest identifies a user ) It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.14/35
  15. What is Zero-Knowledge Proof? 4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB Verifier remains to have

    no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.15/35
  16. What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing

    zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.16/35
  17. Assignment Review Lecture 7 : Basics of Cryptography and Blockchain

    — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.17/35
  18. Assignment 3. “Blockchain” (1) Please give a specific example of

    financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit November 9, 2021 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.18/35
  19. Trends and Measures Trends . . . of your reports

    Measures . . . how to improve the class 28 out of 29+α students submitted (pretty good, and always better late than never) To be automated : cross-border fund transfer (5) / loans (3) / trading, market place (2) / e-wallet (2) / insurance (2) / wealth management (2) / NFT (1) / reward plan (1) / real estate (1) / lease payment (1) / securitization (1) / stocks (1) / donation (1) / retirement plan (1) / credit card (1) / mutual fund (1) / ANT Financial (1) / Bitcoin (1) Very interesting! Some of you seem to have failed at being concise There are some aspects of blockchain that you are only dreaming about Hopefully, we will gain a high-resolution understanding of blockchain technology later Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.19/35
  20. How to Write a Good Abstract (reprise) The real first

    step is to give it a good title (probably 3 below is your title), then Abstract in 4 simple sentences, by Kent Beck: Sentence 1 : State the problem Sentence 2 : Why the problem is a problem Sentence 3 : A “startling” sentence Sentence 4 : Implications of the startling sentence Example: The rejection rate for OOPSLA papers is near 90% 1 Most papers are rejected not because of a lack of good ideas, but because they are poorly structured 2 Following four simple steps in writing a paper will dramatically increase your chances of acceptance 3 If everyone followed these steps, the amount of communication in the object community would increase, improving the rate of progress 4 cf. https://plg.uwaterloo.ca/∼migod/research/beckOOPSLA.html Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.20/35
  21. A Sample Report in Kent Beck’s Abstract Style Title :

    Global Automatic Teller Machine Eliminates Banks (1) Cross-border fund transfer (2) Local and correspondent banks (3) (Kent Beck’s Abstract Style) Cross-border fund transfer is expensive and slow It is that way because the transfer needs to go through local and correspondent banks, each collecting a fee Global automatic teller machine with user-definable accounts will eliminate the needs for these banks People can transfer funds by simply depositing money and telling the other party the account through an encrypted channel (More detail if you want) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.21/35
  22. R-san’s Automation Blockchain technology can be used to improve the

    transparency of the flow of donated funds for the benefit of the donator and the benefactor by providing a digital receipt on donations While the donations individually may join a common pool, blockchain technology can aggregate donations and track how they flow out of a non-profit organization ⇒ This is an often-talked-about benefit of blockchain We can start small by non-profits self-forcing digitization of receipts for both flowing in and out of the organizations Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.22/35
  23. T-san’s Question In your view, what is more important to

    the creation of a fin-tech product, technology novelty, or user’s pain point? ⇒ In my view, between the two, user’s pain point Most users do not choose services based on the technology being used So we need to be close to our users However, it is possible that the problem to be solved may not be apparent as a pain to them (e.g. Nobody needed Facebook before it appeared) So it is often useful to start from technology novelty, and consider what it would mean to users Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.23/35
  24. K-san’s Automation In the world of NFT, there is no

    center role Because all NFTs are irreplaceable and exist on the Ethereum blockchain ⇒ I’m afraid that any NFT requires some centric role An NFT is unique only within a domain (math. set of possible values) (e.g. within a deployed smart contract on a blockchain ← we will see what this exactly means later in this course) Someone needs to define that domain (anyone can, so you could call it poly-centric ) Asymmetrical role that needs to be trusted (with possible betrayal) A movie ticket as an NFT would be useful because a theater defines the domain Likewise, for a digital art NFT, the domain (and the ID, considering the existence of other compressed data of the art that are indistinguishable to humans) need to be defined and at least publicized by the artist or the gallery Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.24/35
  25. Understanding Blockchain Blockchain is a substitute for newspaper (by Satoshi

    Nakamoto) Satoshi him or her or themselves called it “distributed time-stamp server” Not a good word for representing a concept (catchy, but manipulating the impression) Something implemented by Chain of ← actually, backward list of Blocks ← actually, sets of data For example, we don’t call TV “picture tube” today (or do we?) If you name a concept based on how it is implemented, it will quickly become outdated Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.25/35
  26. What Is Blockchain About? Bitcoin’s “Question” How do “we send

    money whenever we want, and never let anyone stop us”? Distrust of (central) bank money / Sending money → a state transition in a state machine Straightforward requirements (BP : Blockchain Properties) BP-1: A self-authorized user solely can cause a state transition that is allowed in the state machine (self-sovereignty) BP-2: Such a state transition always occurs if the authorized user wants it to happen (censorship resistance and fault tolerance) BP-3: Once a state transition occurs, it is virtually irreversible, and can never be denied (tamper resistance) Denying = rejection, deletion, alteration, fabrication ⇒ Censorship resistance in a broad sense (no control of the past either) Not really perfectly satisfied by blockchain Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.26/35
  27. Bitcoin’s “Question” and “Answer” (1) Bitcoin’s “Question” again How do

    “we send money whenever we want, and never let anyone stop us”? Distrust of (central) bank money Bitcoin’s “Answer” Cannot depend on any particular service provider ⇒ Exchange digital coins over the Internet by P2P (peer-to-peer) What if they deny that they sent a coin? ⇒ Use digital signatures (collateral for verifiability and non-repudiability of contents) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.27/35
  28. Bitcoin’s “Question” and “Answer” (2) Problems that cannot be solved

    by digital signatures alone Need to prevent double spending (want to ensure non-repudiation of existence) ⇒ Put the evidence of the transaction in newspaper What if refused for publishing or service is discontinued? ⇒ Place evidence of a transaction in “newspaper” (as collective evidences of events) issued by a crowd (everyone has the exact same local copy of the newspaper) And thereby records are like locked up in the air · Anyone can leave, and when they join again, the records are still there Theft of coins based on this idea always follow the story made typical by the Mt.GOX or CoinCheck incident “Don’t let anyone stop us from spending our own money whenever we want to” ⇒ Has to prove that the user is oneself by their own → Zero-knowledge proof of possession of the private key → Anyone with the private key is the user oneself ⇒ Transaction is verifiable by all but irrevocable → Stolen coins can be tracked but not recovered Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.28/35
  29. World of Beaker / Newspaper Model (1) 21,000,000 cm3 (cc)

    of liquid of no value to mankind Contained in a tank Individuals can hold as many beakers as they like, measuring down to 1 100 , 000 , 000 cm3 (it has a locked lid) Only “editor” selected every 10 minutes on average can pump now 6.25cm3 into their beaker Chosen by a special lottery The winning lottery is held in everyone’s box, and each person draws the lottery with all their strength → non-stoppable procedure Coordinate the proportion of winning lots so that someone is chosen every 10 minutes on average Volume pumped is reduced by half every about 4 years (every 21 thousand pages of “newspaper” described later) Started from 50cm3 in January 2009 Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.29/35
  30. World of Beaker / Newspaper Model (2) Relatively free flow

    of fluid between beakers Recorded as “a signed article” by the pourer Post the article in the “newspaper” made by everyone Selected “Editor” verifies the articles and publishes them in the last page of newspaper (of which everyone has a local copy) Page carries the evidence of winning the lottery Editor also gets “overflow” of trades on the page If people publish a page with the same page number. . . Longer sequence of pages wins People sometimes lose the key of their beakers Create this digitally, and pretend that it’s a currency → Bitcoin There is no money or currency that does not need pretension Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.30/35
  31. Guarantee of Validity ∼ (so-called) UTXO Structure An input requires

    a digital signature of the party to which the referenced output is addressed Referenced output (= coin) is consumed → never double-spent (UTXO : Unspent transaction (TX) Output) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.31/35
  32. Proof of Existence ∼ Hash-chain w/ Proof of Work page

    number : n page number : n+1 page number : n+2 Cryptographic digest of the previous page (must be less than or equal to the target value) some extra number (Nonce : Number used Once) (random value to make the digest less than or equal to the target) Page digest (output by a cryptographic hash function) must be less than or equal to target We don’t know how to manipulate the original data to get the right digest This is the principle of the lottery, which requires the same amount of cost to fake the history Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.32/35
  33. Consent of Uniqueness ∼ Nakamoto Consensus page number : n

    page number : n+1 page number : n+2 page number : n+3 page number : n+1 page number : n+2 page number : n+3 page number : n+4 This history is valid Sometimes page sequences are split when someone else wins the lottery at about the same time A history is the hardest to tamper with when the cumulative cost of lottery for the whole sequence is the highest Everyone agrees that such history is the official one (strict consensus is not achieved because it can be overturned) Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.33/35
  34. Abstract (narrow-sense) Blockchain (getting obsolete) block_no : n block_no :

    n+1 block_no : n+2 block_no : n+3 block_no : n+1 block_no : n+2 block_no : n+3 block_no : n+4 Histroy with the largest cost to record or modify (history the most difficult to alter) is chosen Cryptographic digest of the previous block Transactions are digitally signed To create a block, its cryptographic digest needs to be below some certain number (Proof of Work) or one needs to win by voting weighted by the stakes in cryptocurrency (Proof of Stake) [both costly] Creator of a block can record the reward in cryptocurrency in the block, which is effective only when the block is included in the chosen history Means are provided to confirm existence of transactions validity existence uniqueness In case of Proof of Work, the cost of power is balanced against the market value of the native currency Everyone confirms that records are not tampered with by the mechanism protected by the price of the native currency Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.34/35
  35. See You Next Week! Have a nice weekend! Lecture 7

    : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2021 Fall — 2021-11-12 – p.35/35