Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FinTech Lecture 7 : Basics of Cryptography and Blockchain

FinTech Lecture 7 : Basics of Cryptography and Blockchain

Slides I used for FinTech - Financial Innovation and the Internet 2023 Fall at Graduate School of Business and Finance, Waseda University on November 24, 2023.

Kenji Saito

November 23, 2023
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Financial technology in the living room. Generated by Stable Diffusion XL Beta
    FinTech — Financial Innovation and the Internet 2023 Fall
    Lecture 7 : Basics of Cryptography and Blockchain
    Kenji Saito, Graduate School of Business and Finance, Waseda University
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.1/40

    View full-size slide

  2. This class is recorded
    Using Zoom
    The recordings could be used for research on (online) learning
    Transcribed for use and anonymized
    Will let you know when the necessity arises
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.2/40

    View full-size slide

  3. The lecture slides can be found at :
    https://speakerdeck.com/ks91
    Trial automatic transcription for lectures will be posted at Discord
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.3/40

    View full-size slide

  4. Schedule (provisional)
    Lecture 1 10/6 Overview of FinTech (1) •
    Lecture 2 10/13 Overview of FinTech (2) •
    Lecture 3 10/20 Internet Technology and Governance (1) •
    Lecture 4 10/27 Internet Technology and Governance (2) on-demand •
    Lecture 5 11/10 The World of Apps (1) •
    Lecture 6 11/17 The World of Apps (2) •
    Lecture 7 11/24 Basics of Cryptography and Blockchain •
    Lecture 8 12/1 Blockchain
    Lecture 9 12/8 Smart Contracts (1)
    Lecture 10 12/15 Smart Contracts (2)
    Lecture 11 12/22 Smart Contracts (3)
    Lecture 12 1/12 Cyber-Physical Society and Future of Finance
    Lecture 13 1/19 FinTech Ideathon
    Lecture 14 1/26 Presentations and Conclusions
    Online presence is possible but not recommended for non-online lectures for interactivity reasons
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.4/40

    View full-size slide

  5. Last Week, We Did. . .
    Web 1-2-3
    True Stories
    API (Application Programming Interface)
    Web API (REST) in particular
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.5/40

    View full-size slide

  6. Today’s Topics
    Discussion : Imagine API (brief reflection on API concept)
    Basics of Cryptography
    Cryptographic hash function
    Public key cryptography and digital signature
    Zero-knowledge proof
    Assignment Review
    Understanding Blockchain
    Bitcoin’s “question” and “answer”
    Beaker/Newspaper Model (physical model of Bitcoin)
    Validity/Existence/Uniqueness layers
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.6/40

    View full-size slide

  7. Little Discussion : Imagine API
    What APIs are useful in banking?
    API : Interface through which an application can make use of some features provided somewhere
    Roughly design
    With CRUD (Create/Read/Update/Delete) in mind
    Have you considered an API to retrieve passbook data?
    How can you be sure that the data is genuine?
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.7/40

    View full-size slide

  8. Basics of Cryptography
    Since bare blockchain does not use encryption, we will not go through detail of
    encryption/decryption techniques
    Cryptographic hash function
    Public key cryptography and digital signature
    Zero-knowledge proof
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.8/40

    View full-size slide

  9. Cryptographic Hash Function (not encryption)




















    *OQVUUIBUHJWFTUIFTBNFEJHFTU
    $BO` UEFEVDF
    'JYFEMFOHUIEFpOFECZ
    UIFGVODUJPO FYCJU

    *OQVU )BTIWBMVF EJHFTU

    *GJOQVUTBSFKVTU
    CJUEJ⒎FSFOU
    5PUBMMZEJ⒎FSFOU
    PVUQVU
    $SZQUPHSBQIJDIBTIGVODUJPO
    4)" 3*1&.% FUD

    $BO` UEFEVDF
    $BO`UEFEVDF
    *U` TJOGFBTJCMFUPDBMDVMBUFBO
    JOQVUUIBUQSPEVDFTBTQFDJpD
    EJHFTU
    When a file (e.g., an open-source app) needs to be
    authenticated, the provider may publish a fingerprint value (called
    a hash value or digest) of the file (typically in hexadecimal)
    The downloader can calculate the digest in the same way,
    and if it is the same value as the publicly available one, they
    have a real file
    It is considered extremely difficult to disguise a fake file so
    that it gives the same digest
    The digest is calculated using a cryptographic hash function
    There are various functions, such as the SHA (Secure
    Hash Algorithm) series
    A cryptographic hash function is a function that outputs a
    completely different value if the original data (preimage) is
    different by even 1 bit
    Unidirectional, and cannot get preimage from the digest
    So it is sometimes used to hide the original data
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.9/40

    View full-size slide

  10. Examples (let’s try them at https://emn178.github.io/online-tools/)
    SHA (Secure Hash Algorithm) series (NIST standards)
    SHA-1 (designed by NSA)
    Deprecated
    SHA-2 (designed by NSA)
    SHA-256 produces 256-bit digests
    “FinTech - Financial Innovation and the Internet 2022 Fall” →
    051a807b12513f8b402b23e337806a06ea221696611724be4d510329aa0076d6
    SHA-3 (selected through a public call for proposals)
    SHA3-256 produces 256-bit digests
    “FinTech - Financial Innovation and the Internet 2022 Fall” →
    794cbcb155f2b152c72c2cb4a37909129319cf9dd6576d0b7005f6491a5d8d8e
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.10/40

    View full-size slide

  11. More on Cryptographic Hash Function
    For a cryptographic hash function H and data m,
    We cannot compute m′ where m′ = m such that H(m) = H(m′)
    in a realistic time, and therefore
    We cannot compute m or m′ in a realistic time when H(m) is given
    H is not encryption because there is no hint (key) and it cannot be decrypted
    We call it a collision if we find m′ such that H(m) = H(m′) and m′ = m
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.11/40

    View full-size slide

  12. Actually Found Collisions for SHA-1
    https://shattered.it
    Announced in February 2017 by
    Google and the National Research
    Institute for Mathematics and
    Computer Science (CWI),
    Netherlands
    As an alert
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.12/40

    View full-size slide

  13. Public Key Cryptography (encryption is not used in bare blockchain)
    5IF*OUFSOFU
    %JTUSJCVUFQVCMJDLFZTJOBEWBODF
    -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF
    BTZNNFUSJDDSZQUPTZTUFN

    4FOEFS
    LFZQBJS
    3FDFJWFS
    QMBJOUFYU
    QVCMJDLFZ
    QSJWBUFLFZ
    &ODSZQUX
    QVCMJDLFZ
    %FDSZQUX
    QSJWBUFLFZ
    4FOEFODSZQUFEUFYU
    It is extremely difficult to deduce the private key from a public key
    Why don’t we use the same key for locking and unlocking?
    → Actually, we usually do, but we need a clever way to share the key, and the above is one of such ways
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.13/40

    View full-size slide

  14. Digital Signature (RSA) (uncommon in bare blockchain)
    5IF*OUFSOFU
    &ODSZQUXQVCMJDLFZ
    BTJGJU`TBEFDSZQUFEEBUB

    4FOEQMBJOUFYUX
    TJHOBUVSF
    %PFTUIFFODSZQUFETJHOBUVSF
    NBUDIUIFEJHFTU
    DPNQVUFEGSPNUIFQMBJOUFYU
    %FDSZQUXQSJWBUFLFZ
    BTJGJU`TBOFODSZQUFEEBUB

    3FDFJWFS 4FOEFS
    QMBJOUFYU
    QMBJOUFYU
    TJHOBUVSF TJHOBUVSF
    %JTUSJCVUFQVCMJDLFZTJOBEWBODF
    LFZQBJS
    EJHFTU
    QVCMJDLFZ
    QSJWBUFLFZ
    EJHFTU
    Can prove that it was sent by the very person and has not been altered
    This illustration shows how it works with RSA (RSA : Rivest, Shamir, Adleman)
    ECDSA is used in Bitcoin, etc., instead (Elliptic Curve Digital Signature Algorithm), in which we don’t encrypt/decrypt
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.14/40

    View full-size slide

  15. Generalized Digital Signature (just remember this!)
    Signing
    Input :
    Output : signature
    Verifying
    Input :
    Output : OK (no change in plain text, and private key was used) or NG (otherwise)
    Whether the signature meets certain mathematical properties that can
    be tested using plain text and public key
    Private key cannot be inferred in the verification process
    Cryptographic hash functions and digital signatures are the two cryptographic techniques used in
    blockchain (no cipher )
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.15/40

    View full-size slide

  16. Public Key Certificate (not used in bare blockchain)
    5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ
    PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF
    8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH
    UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS
    "MJDF #PC
    $BSPMF DFSUJpFS

    # C
    " #
    8IPTF
    $
    5IF*OUFSOFU
    TJHOBUVSF
    4JHOBUVSFPO"TQVCMJDLFZ
    $FSUJpDBUF

    #VUXFOFFE$TQVCMJDLFZ
    UPWFSJGZUIFTJHOBUVSF
    .BMJTTB BUUBDLFS

    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    .
    "
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LF
    LF
    LFZ
    QSJWBUFLFZ
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LFZ
    QSJWBUFLFZ
    QVCMJDLFZ
    LFZQBJS
    QVCMJDLF
    LF
    LFZ
    QSJWBUFLFZ
    Public key infrastructure is used in the Web and elsewhere (in blockchain, rather, a public key digest identifies a user )
    It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.16/40

    View full-size slide

  17. What is Zero-Knowledge Proof?
    4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB
    Verifier remains to have no knowledge other than what
    prover wants to prove
    Example: “I know a secret spell to open the door”
    ↑ Prove this without revealing the spell itself
    For example, repeat “coming out from the way she is told” for 20 times
    Completeness
    Verifier accepts with high probability if the proposition is true
    Soundness
    Verifier has little chance of accepting if the proposition is false
    Zero-knowledge
    Can imitate dialogue without having to be a prover (without knowledge)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.17/40

    View full-size slide

  18. What’s Non-Interactive Zero-Knowledge Proof?
    No dialogue is required for performing zero-knowledge proof
    Example: proving “my test score is the same as yours”
    Only one person can enter the room at a time
    Room has numbered and locked voting boxes for every possible score
    (for example, 101 boxes for 0∼100 points)
    You have a key bundle, but leave only the key of your score box, and throw away the rest
    I enter the room and vote for my score box and × for the rest
    You go into the room and unlock your score box to see if it’s voted
    Digital signature (can prove that the private key is there without revealing it) is an example
    of non-interactive zero-knowledge proof
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.18/40

    View full-size slide

  19. Assignment Review
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.19/40

    View full-size slide

  20. Assignment 3. “Blockchain”
    (1) Please give a specific example of financial services
    (2) If a user is an “end (edge)”, what is the “center” operated by people or
    an organization in the example?
    (3) How will the service change if that center is automated, without an
    organization?
    Deadline and how to submit
    November 21, 2022 at 17:59 JST
    From Moodle (mandatory)
    Optionally, you can also post to #assignments channel at Discord
    So that your classmates can read your report, refer to it, and comment on it
    Just plain text, and be concise, please
    (and please remember Kent Beck on How to Get a Paper Accepted)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.20/40

    View full-size slide

  21. Trends and Measures
    Trends . . . of your reports Measures . . . how to improve the class
    23 out of 26 students submitted (pretty good, and always better late than never)
    Interesting ideas!
    There are concerns on no human interaction → really?
    Some think blockchain would enhance security → what do you mean?
    Students are rewarded for making incorrect guesses
    Because they give everyone clues to the correct understanding
    Making mistakes in situations where the correct explanation has not yet been given is
    encouraged
    Wait. . . what do you mean by correct or incorrect?
    The correct technology works as expected (if the expectation is correct)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.21/40

    View full-size slide

  22. How to Write a Good Abstract (reprise)
    The real first step is to give it a good title (probably 3 below is your title), then
    Abstract in 4 simple sentences, by Kent Beck:
    Sentence 1 : State the problem
    Sentence 2 : Why the problem is a problem
    Sentence 3 : A “startling” sentence
    Sentence 4 : Implications of the startling sentence
    Example:
    The rejection rate for OOPSLA papers is near 90% 1
    Most papers are rejected not because of a lack of good ideas, but because they are poorly structured 2
    Following four simple steps in writing a paper will dramatically increase your chances of acceptance 3
    If everyone followed these steps, the amount of communication in the object community would increase, improving
    the rate of progress 4
    cf. https://plg.uwaterloo.ca/∼migod/research/beckOOPSLA.html
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.22/40

    View full-size slide

  23. A Sample Report in Kent Beck’s Abstract Style
    Title : Global Automatic Teller Machine Eliminates Banks
    (1) Cross-border fund transfer
    (2) Local and correspondent banks
    (3) (Kent Beck’s Abstract Style)
    Cross-border fund transfer is expensive and slow
    It is that way because the transfer needs to go through local and
    correspondent banks, each collecting a fee
    Global automatic teller machine with user-definable accounts will eliminate
    the needs for these banks
    People can transfer funds by simply depositing money and telling the other
    party the account through an encrypted channel
    (More detail if you want)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.23/40

    View full-size slide

  24. T-san’s and V-san’s Ideas
    Regulatory Compliance Challenges: Ensuring that automated systems comply
    with evolving financial regulations would be crucial yet challenging, requiring
    sophisticated programming and regular updates
    However, this is not a perfectly adoptable idea because issues may arise in
    terms of regulatory compliance and dispute resolution, both of which are
    important to a financial service
    ⇒ Important issue
    As we will see later in the course, updating smart contracts creates complications in terms of
    autonomy
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.24/40

    View full-size slide

  25. T-san’s Idea
    Aave is a DAO that provides financial services [snip]
    The center would be the developers of the protocol but also the users because
    they contribute to the governance of the protocol by voting on changes [snip]
    If that center is automated, the protocol wouldn’t need developers to maintain
    it and it would be truly decentralized [snip]
    ⇒ Further beyond the current automation!
    Originally, a DAO is an automated system employing human beings, but in the current DAOs,
    self-selected human beings are manipulating the automated system (not quite autonomous)
    This idea can be said to address that problem
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.25/40

    View full-size slide

  26. D-san’s Idea
    An example of financial service are Crowdfunding Platforms [snip]
    The funds are blocked until some conditions are reached and then distributed
    ⇒ Depending on how you specifically design it, this cannot be done
    Unless triggered by an external entity, funds do not move on their own just because
    conditions are met
    At least that is how it works for Ethereum smart contracts
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.26/40

    View full-size slide

  27. X-san’s Idea
    For these questions, I will take a common financial service such as company
    loan releasing as an example [snip]
    It has the potential to improve the loan evaluation process by its decentralized
    system that records transactions on a public ledger, which can reduce the risk
    of fraud and improve the accuracy of credit scoring, such as preventing
    double-spending and identity theft
    ⇒ Why do you think identity theft can be prevented?
    Thefts of crypto assets in public ledgers have essentially been occurring by impersonating
    authorized persons
    By somehow accessing their private keys
    By actually stealing the keys, or
    By exploiting vulnerabilities in web services
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.27/40

    View full-size slide

  28. M-san’s Idea
    Also, personal default can be reported to the blockchain if the chain has not
    received the transfer proof from the borrower on the due date
    If someone with a default record on the chain wants to borrow money from
    others, the alarm will be triggered when their friends check the credibility on
    the chain
    ⇒ What about privacy?
    If you keep it pseudonymous, then how do you prevent or detect whitewashing?
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.28/40

    View full-size slide

  29. T-san’s Idea
    ESG Scoring
    By automating the scoring process and making the system a public domain,
    we could transform the ESG scoring into open-source software
    This can remove both subjectivity and transparency issues from the ESG
    scoring process
    Financial Aid
    By having an automated organization where they hand out the money only
    based on pre-determined criteria, we could totally eliminate human biases
    from the financial aid process
    ⇒ Sensing can be an issue
    How to prevent or detect falsification or fabrication of sensor information
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.29/40

    View full-size slide

  30. Understanding Blockchain
    Blockchain is a substitute for newspaper (by Satoshi Nakamoto)
    Satoshi him or her or themselves called it “distributed time-stamp server”
    Not a good word for representing a concept (catchy, but manipulating the impression)
    Something implemented by
    Chain of ← actually, backward list of
    Blocks ← actually, sets of data
    For example, we don’t call TV “picture tube” today (or do we?)
    If you name a concept based on how it is implemented, it will quickly become outdated
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.30/40

    View full-size slide

  31. What Is Blockchain About?
    Bitcoin’s “Question”
    How do “we send money whenever we want, and
    never let anyone stop us”?
    Distrust of (central) bank money / Sending money → a state transition in a state machine
    Straightforward requirements (BP : Blockchain Properties)
    BP-1: A self-authorized user solely can cause a state transition that is
    allowed in the state machine (self-sovereignty)
    BP-2: Such a state transition always occurs if the authorized user wants it
    to happen (censorship resistance and fault tolerance)
    BP-3: Once a state transition occurs, it is virtually irreversible, and can
    never be denied (tamper resistance)
    Denying = rejection, deletion, alteration, fabrication
    ⇒ Censorship resistance in the broadest sense (no control of the past either)
    Not really perfectly satisfied by blockchain
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.31/40

    View full-size slide

  32. Bitcoin’s “Question” and “Answer” (1)
    Bitcoin’s “Question” again
    How do “we send money whenever we want, and
    never let anyone stop us”?
    Distrust of (central) bank money
    Bitcoin’s “Answer”
    Cannot depend on any particular service provider
    ⇒ Exchange digital coins over the Internet by P2P (peer-to-peer)
    What if they deny that they sent a coin?
    ⇒ Use digital signatures (collateral for verifiability and non-repudiability of contents)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.32/40

    View full-size slide

  33. Bitcoin’s “Question” and “Answer” (2)
    Problems that cannot be solved by digital signatures alone
    Need to prevent double spending (want to ensure non-repudiation of existence)
    ⇒ Put the evidence of the transaction in newspaper
    What if refused for publishing or service is discontinued?
    ⇒ Place evidence of a transaction in “newspaper” (as collective evidences of events)
    issued by a crowd (everyone has the exact same local copy of the newspaper)
    And thereby records are like locked up in the air
    · Anyone can leave, and when they join again, the records are still there
    Theft of coins based on this idea always follow the story made typical by the
    Mt.GOX or CoinCheck incident
    “Don’t let anyone stop us from spending our own money whenever we want to”
    ⇒ Has to prove that the user is oneself by their own → Zero-knowledge proof of possession of the private key
    → Anyone with the private key is the user oneself
    ⇒ Transaction is verifiable by all but irrevocable → Stolen coins can be tracked but not recovered
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.33/40

    View full-size slide

  34. World of Beaker / Newspaper Model (1)
    21,000,000 cm3 (cc) of liquid of no value to mankind
    Contained in a tank
    Individuals can hold as many beakers as they like,
    measuring down to 1
    100
    ,
    000
    ,
    000 cm3 (it has a locked lid)
    Only “editor” selected every 10 minutes on average can
    pump now 6.25cm3 into their beaker
    Chosen by a special lottery
    The winning lottery is held in everyone’s box, and each
    person draws the lottery with all their strength
    → non-stoppable procedure
    Coordinate the proportion of winning lots so that
    someone is chosen every 10 minutes on average
    Volume pumped is reduced by half every about 4 years
    (every 21 thousand pages of “newspaper” described later)
    Started from 50cm3 in January 2009
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.34/40

    View full-size slide

  35. World of Beaker / Newspaper Model (2)
    Relatively free flow of fluid between beakers
    Recorded as “a signed article” by the pourer
    Post the article in the “newspaper” made by everyone
    Selected “Editor” verifies the articles and publishes them in
    the last page of newspaper (of which everyone has a local copy)
    Page carries the evidence of winning the lottery
    Editor also gets “overflow” of trades on the page
    If people publish a page with the same page number. . .
    Longer sequence of pages wins
    People sometimes lose the key of their beakers
    Create this digitally, and pretend that it’s a currency
    → Bitcoin
    There is no money or currency that does not need pretension
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.35/40

    View full-size slide

  36. Guarantee of Validity ∼ (so-called)
    UTXO Structure
    An input requires a digital signature of the party to which the referenced output is addressed
    Referenced output (= coin) is consumed → never double-spent (UTXO : Unspent transaction (TX) Output)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.36/40

    View full-size slide

  37. Proof of Existence ∼ Hash-chain w/ Proof of Work
    page number : n page number : n+1 page number : n+2
    Cryptographic digest of the previous page
    (must be less than or equal to the target value)
    some extra number (Nonce : Number used Once)
    (random value to make the digest less than or equal to the target)
    Page digest (output by a cryptographic hash function) must be less than or equal to target
    We don’t know how to manipulate the original data to get the right digest
    This is the principle of the lottery, which requires the same amount of cost to fake the history
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.37/40

    View full-size slide

  38. Consent of Uniqueness ∼ Nakamoto Consensus
    page number : n page number : n+1 page number : n+2 page number : n+3
    page number : n+1 page number : n+2 page number : n+3
    page number : n+4
    This history is valid
    Sometimes page sequences are split when someone else wins the lottery at about the same time
    A history is the hardest to tamper with when the cumulative cost of lottery for the whole sequence is the highest
    Everyone agrees that such history is the official one (strict consensus is not achieved because it can be overturned)
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.38/40

    View full-size slide

  39. Abstract (narrow-sense)
    Blockchain (getting obsolete)
    block_no : n block_no : n+1 block_no : n+2 block_no : n+3
    block_no : n+1 block_no : n+2 block_no : n+3
    block_no : n+4
    Histroy with the largest cost to record or modify (history the most difficult to alter) is chosen
    Cryptographic digest
    of the previous block
    Transactions are
    digitally signed
    To create a block, its cryptographic digest needs to be below some certain number (Proof of Work)
    or one needs to win by voting weighted by the stakes in cryptocurrency (Proof of Stake) [both costly]
    Creator of a block can record the reward
    in cryptocurrency in the block, which is
    effective only when the block is included
    in the chosen history
    Means are provided to confirm
    existence of transactions
    validity existence
    uniqueness
    In case of Proof of Work, the cost of power is balanced against the market value of the native currency
    Everyone confirms that records are not tampered with by the mechanism protected by the price of the native currency
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.39/40

    View full-size slide

  40. Have a Nice Weekend and See You Next Week!
    Lecture 7 : Basics of Cryptography and Blockchain — FinTech — Financial Innovation and the Internet 2023 Fall — 2023-11-24 – p.40/40

    View full-size slide