Slides I used for FinTech - Financial Innovation and the Internet 2022 Fall at Graduate School of Business and Finance, Waseda University on November 25, 2022.
Innovation and the Internet 2022 Fall Lecture 8 : Blockchain Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.1/45
be online only. When online, Camera ON is recommended, but not required You do need to speak often anyway (we are going to have a lot of dialogue) We will use breakout rooms a lot, but those won’t be recorded unless you do it yourselves (need to be allowed) Keep your Zoom client updated! We might use latest features The recordings could be used for research on (online) learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.2/45
and chat text will be posted at Moodle and Discord Trial automatic transcriptions will be posted at Discord Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.3/45
hash function Public key cryptography and digital signature Zero-knowledge proof Assignment Review Understanding Blockchain Bitcoin’s “question” and “answer” Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.5/45
Validity/Existence/Uniqueness layers Applicability of Blockchain Impossibility and Challenges of Blockchain Brief Introduction to Upgrading and Governance of Blockchain Assignment — Science Fiction Prototyping Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.6/45
data m, We cannot compute m′ where m′ = m such that H(m) = H(m′) in a realistic time, and therefore We cannot compute m or m′ in a realistic time when H(m) is given H is not encryption because there is no hint (key) and it cannot be decrypted We call it a collision if we find m′ such that H(m) = H(m′) and m′ = m Finding a pair m, m′ such that H(m) = H(m′) is (relatively speaking) much easier Called birthday attack Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.8/45
Output : signature Verifying Input : <plain text, signature, public key> Output : OK (no change in plain text, and private key was used) or NG (otherwise) Whether the signature meets certain mathematical properties that can be tested using plain text and public key Private key cannot be inferred in the verification process Cryptographic hash functions and digital signatures are the two cryptographic techniques used in blockchain (no cipher ) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.9/45
using a digital signature instead of a handwritten one, you can be sure that the will is authentic without having to rely on witnesses But a will is an example that cannot be digitized using conventional thinking As you know, a digital signature is made using a private key Basic premise of digital signatures is that the signer keeps the private key secret Leakage of private key, compromise of signature algorithm, and expiration of public key certificate are the three major risks of digital signatures However, a will is used only after the death of the person who signed it If the person who keeps the private key secret is not present, it can be suspected that maybe one of the heirs who has access to the private key has tampered or fabricated it Timestamps can be easily rewritten or faked Even if a notary in the digital age takes care of your will, you have to be suspicious of the possibility of their collusion with your heirs Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.12/45
requirements It must be verifiable by the person and heirs that requirements ↓ are met (instead of believing) One can prove that they are the right person who writes or updates the will only with their own help (self-sovereignty) The will is always written or updated if the person wants it to happen (censorship resistance and fault tolerance) Once the will is written or updated, it is virtually irreversible – one cannot erase it, and one cannot go back in time and falsify it (tamper resistance) ⇒ Blockchain was designed to meet the above requirements For a will? Never heard of it explained that way? OK, replace “write or update a will” with “transfer bitcoins” Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.13/45
Nakamoto) Satoshi him or her or themselves called it “distributed time-stamp server” Not a good word for representing a concept (catchy, but manipulating the impression) Something implemented by Chain of ← actually, backward list of Blocks ← actually, sets of data For example, we don’t call TV “picture tube” today (or do we?) If you name a concept based on how it is implemented, it will quickly become outdated Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.14/45
money whenever we want, and never let anyone stop us”? Distrust of (central) bank money / Sending money → a state transition in a state machine Straightforward requirements (BP : Blockchain Properties) BP-1: A self-authorized user solely can cause a state transition that is allowed in the state machine (self-sovereignty) BP-2: Such a state transition always occurs if the authorized user wants it to happen (censorship resistance and fault tolerance) BP-3: Once a state transition occurs, it is virtually irreversible, and can never be denied (tamper resistance) Denying = rejection, deletion, alteration, fabrication ⇒ Censorship resistance in a broad sense (no control of the past either) Not really perfectly satisfied by blockchain Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.15/45
“we send money whenever we want, and never let anyone stop us”? Distrust of (central) bank money Bitcoin’s “Answer” Cannot depend on any particular service provider ⇒ Exchange digital coins over the Internet by P2P (peer-to-peer) What if they deny that they sent a coin? ⇒ Use digital signatures (collateral for verifiability and non-repudiability of contents) But without public key certificates (that require certificate authorities) ⇒ Make public key digest the identifier of a user Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.16/45
by digital signatures alone Need to prevent double spending (want to ensure non-repudiation of existence → then it is the same problem as the case of a last will) ⇒ Put the evidence of the transaction in newspaper What if refused for publishing or service is discontinued? ⇒ Place evidence of a transaction in “newspaper” (as collective evidences of events) issued by a crowd (everyone has the exact same local copy of the newspaper) And thereby records are like locked up in the air · Anyone can leave, and when they join again, the records are still there Theft of coins based on this idea always follow the story made typical by the Mt.GOX or CoinCheck incident “Don’t let anyone stop us from spending our own money whenever we want to” ⇒ Has to prove that the user is oneself by their own → Zero-knowledge proof of possession of the private key → Anyone with the private key is the user oneself ⇒ Transaction is verifiable by all but irrevocable → Stolen coins can be tracked but not recovered Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.17/45
of liquid of no value to mankind Contained in a tank Individuals can hold as many beakers as they like, measuring down to 1 100 , 000 , 000 cm3 (it has a locked lid) Only “editor” selected every 10 minutes on average can pump now 6.25cm3 into their beaker Chosen by a special lottery The winning lottery is held in everyone’s box, and each person draws the lottery with all their strength → non-stoppable procedure Coordinate the proportion of winning lots so that someone is chosen every 10 minutes on average Volume pumped is reduced by half every about 4 years (every 210 thousand pages of “newspaper” described later) Started from 50cm3 in January 2009 Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.18/45
of fluid between beakers Recorded as “a signed article” by the pourer Post the article in the “newspaper” made by everyone Selected “Editor” verifies the articles and publishes them in the last page of newspaper (of which everyone has a local copy) Page carries the evidence of winning the lottery Editor also gets “overflow” of trades on the page If people publish a page with the same page number. . . Longer sequence of pages wins People sometimes lose the key of their beakers Create this digitally, and pretend that it’s a currency → Bitcoin There is no money or currency that does not need pretension Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.19/45
a digital signature of the party to which the referenced output is addressed Referenced output (= coin) is consumed → never double-spent (UTXO : Unspent transaction (TX) Output) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.20/45
number : n page number : n+1 page number : n+2 Cryptographic digest of the previous page (must be less than or equal to the target value) some extra number (Nonce : Number used Once) (random value to make the digest less than or equal to the target) Page digest (output by a cryptographic hash function) must be less than or equal to target We don’t know how to manipulate the original data to get the right digest This is the principle of the lottery, which requires the same amount of cost to fake the history Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.21/45
page number : n+1 page number : n+2 page number : n+3 page number : n+1 page number : n+2 page number : n+3 page number : n+4 This history is valid Sometimes page sequences are split when someone else wins the lottery at about the same time A history is the hardest to tamper with when the cumulative cost of lottery for the whole sequence is the highest Everyone agrees that such history is the official one (strict consensus is not achieved because it can be overturned) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.22/45
n+1 block_no : n+2 block_no : n+3 block_no : n+1 block_no : n+2 block_no : n+3 block_no : n+4 Histroy with the largest cost to record or modify (history the most difficult to alter) is chosen Cryptographic digest of the previous block Transactions are digitally signed To create a block, its cryptographic digest needs to be below some certain number (Proof of Work) or one needs to win by voting weighted by the stakes in cryptocurrency (Proof of Stake) [both costly] Creator of a block can record the reward in cryptocurrency in the block, which is effective only when the block is included in the chosen history Means are provided to confirm existence of transactions validity existence uniqueness In case of Proof of Work, the cost of power is balanced against the market value of the native currency Everyone confirms that records are not tampered with by the mechanism protected by the price of the native currency Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.23/45
access (no need for mediation), agreed real-time settlements, business rule descriptions, and confidentiality Corporate behavior (automating corporate management, especially in financial matters) Real-time execution and confidentiality control of share splits, capital reductions and consolidations, share transfers and exchanges, mergers, third-party allocation of new shares, etc. Supply Chain Traceback of materials, and record and search from production, storage to sales (beware of linkage problem) Master Data Management Only authorized personnel can update and designated reviewers approve it Sharing Economy and IoT Smart cities/towns, transportation, healthcare/fitness, retail, architecture, education, etc. (implicitly real-time and on a large scale) where trust is not necessarily established Red letters denote parts that blockchains are not good at Within the problems we want to solve, there are sub-problems that have not been solved yet Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.25/45
. . Remittances that bypass banking networks That’s a huge impact Proof of Existence Ex. Proof of Existence, Everledger (in the past), . . . Embed arbitrary digests in a blockchain (piggybacking hack) There is also a method of embedding a single digest of a large number of records Proof that a record has existed and has not been tampered with Origin Certification (traceability, tracking and accounting) This is the originally intended application category of blockchain (an alternative to “newspaper”) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.26/45
of trial and error In fact, a lot of new designs are being tested If we do not have governance for (or if we do not know how to accommodate) technological changes, we cannot use it in society Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.28/45
participants gain half of the hash rate, blockchain cannot be guaranteed to work correctly Risky in principle if the hashrate is doubled quickly → It has happened On the other hand, what if it doesn’t double rapidly? → Dilemma of providing room for malicious participants What if it suddenly halves? → Very risky in principle, and it also happened Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.29/45
a new business on the beach: If a customer pays in bitcoin, a drone flying overhead will drop them a can of juice When should the drone drop the can? Reality that goes in real-time and blockchain’s behavior are very different But as a business decision, a risk taker can drop the canned juice the moment they detect a payment As long as they are in a position to use social infrastructure, they can act disruptively Not because it is a perfect technology But because it is a fairly cheap platform (cost is paid by the miners) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.30/45
decentralized investment fund built on Ethereum Split (fund split) was recursively called, and 360,000 ETH (5 to 6 billion yen) was stolen (2016/6/17) Choices Do nothing Soft fork (maintains compatibility → freezes the address of the thief) Funds are not returned Hard fork (No compatibility → rewrites history; who controls the present controls the past) Worst occurrence of “Oneness Trap” (described later) in a sense Community chose “hard fork” ! (executed on 2016/7/20) “Most interesting. Gravity’s silhouette remains, but the star and all its planets have disappeared. How can this be?” “Because someone erased it from the archive memory.” — from Star Wars: Episode II – Attack of the Clones So the incident never happened Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.31/45
10 people in line Sorry if you are in an advanced environment, and you don’t know what we are talking about (or even wonder what an ATM is) ;) What happens to the number of people in the queue if we add one ATM? Other conditions remain the same cf. Daisuke Yamazaki, “Rethinking Scaling Out” (in Japanese) http://www.slideshare.net/yamaz2/ss-58813038 Performance problems can be solved by adding a server ⇒ The system scales out Blockchain does not scale out in its bare form (because everyone makes and maintains a replica) Improvement is possible if you see it as a KVS (Key-Value Store) Because of the distributed KVS technology But you might lose autonomy Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.32/45
the cost of maintaining data structures rises linearly as transactions increase It does not scale out Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.33/45
nodes does not solve or mitigate performance challenges Must be “the world is one” to work System does not work correctly if the network is partitioned by a large-scale disasters or political change Difficulty of governance to advance technology You cannot “try something different partially, and if it works, apply it to the whole” Impossibility of governance : Agreement by the “whole” must be maintained, but the “whole” cannot be defined ⇒ Powered few changes the technology instead ⇒ Those are disadvantages of non-decentralized nature of blockchain Conversely, there are great expectations and potential for truly decentralized “record fixation device in the air” Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.34/45
ETH as a currency crashes and declines Supported by validators’ motivation to get ETH When the value of ETH drops, validators withdraw Can people who want to run apps (smart contracts) buy ETH to maintain the price? If ETH’s market participants are primarily app users, may be. . . (but they aren’t) The design of the raw Bitcoin is goal-consistent, but. . . In other words, “Bitcoin cannot survive if BTC declines” would be fine But as proof applications such as Proof of Existence advance, similar problems arise Either way, the future of the system depends on the interests of the miners/validators ⇒ Need to separate application platforms from currency systems That is where the recent ledger technology is going, hopefully (because many still aren’t) Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.35/45
the thing you can never do without blockchain? Ex1 : Digitizing the last will and testament (in a thought-experiment sense) After the death of the person, the private key used for the digital signature may no longer be a secret Can’t believe a notary saying, “it is as signed before the death” (possible collusion with malicious heir) Ex2 : Online banking passbook data as proof (for the liabilities of banks) If you download it as a CSV file, the data anyone can create is not considered as evidence Even with the digital signature of the bank, once the private key is leaked, the data can be created by anyone Prove “data digitally signed at cetain past date has not been tampered with” (instead of believing those who insist so) “The Last Will Test” is to ask them if they can do that with their blockchain A test to see if something that someone has been pitching as “it’s a blockchain” really makes sense An idea (hash-chain with proof of work) that may satisfy this true worth, combined with existing technologies around the idea is the Bitcoin blockchain Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.36/45
that can pass the “last will test”? Public blockchain may pass the test while the market value of the native currency is high Defense such that it would cost a lot to tamper with When the price of the native currency drops or crashes it becomes unreliable Private ledger systems in general only insist, so they do not pass the test Mostly, “blockchain made and operated by XXX Inc.” is meaningless ← please be careful We are building new technology to make it pass the test BBc-1 (Beyond Blockchain One; https://github.com/beyond-blockchain) (just an example) There is an inherent challenge of linkage between records and entities Includes areas that cannot be solved by engineering alone (does the public key really belong to the person?) Including the openness of the source code, it is roughly the problem of. . . “How can we trust automated mechanisms?” Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.37/45
not left untouched, but continue to be improved But governance issues remain Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.38/45
fork) Interpret transaction data in a specific way so that quantities independent from BTC can be defined and used Bug fix – Segregated Witness (SegWit) (soft fork) Signatures are separated from the transaction body Better privacy and conciseness – Taproot (and Schnorr signatures) (soft fork) Scripts can be partially disclosed by expressing them in Merklized Abstract Syntax Trees (kind of Merkle trees) Quickness – Payment channels (no fork) Only write to the blockchain when the channel is opened and closed, and in between you can make fast payments Conceptually, connected payment channels form a Lightning Network How do we upgrade? Soft fork : miners vote by setting a bit in a block header Wait, voting? Is it an Internet way? Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.39/45
UP"# UP# UP" UP" MPDLUJNF QBZUSBOTBDUJPOGFFUPNJOFS PQFODIBOOFM pOBMQBZNFOUDMPTFDIBOOFM QBZ QBZ QBZUSBOTBDUJPOGFFUPNJOFS UP# UP" UP# UP" MPDLUJNF Alice pays fast by sending Bob transactions to pay, which are cut out of the deposit addressed to Alice and Bob Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.40/45
on or disguised as the thoughts and ideas of science and technology The world with existing science and technology is the real world Ex1 : Medical drama Ex2 : Economic novels The world with science and technology unknown to the real world → Fiction Ex1 : Medical drama with nano-machines Ex2 : Drama with digital currency that depreciates (my book “NEO in Wonderland”) Designing new media and putting it into society = living science fiction To work out plans for that = to write science fiction Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.42/45
of the word “smart contract” to fantasize a specific application example, and state the application briefly That is, go ahead and write a very short science fiction Deadline and how to submit November 29, 2022 at 17:59 JST From Moodle (mandatory) (Q&A forum) So that your classmates can read your report, refer to it, and comment on it Optionally, you can also post to #assignments channel at Discord So that anyone in our Discord can read your report, refer to it, and comment on it Just plain text, and be concise, please You may want to apply Kent Beck style for abstracts (4 sentences) (problem) (why it is a problem) (startling sentence) (consequences) of a story Lecture 8 : Blockchain — FinTech — Financial Innovation and the Internet 2022 Fall — 2022-11-25 – p.44/45