Smart Contracts, Lecture 10 of FinTech

Transcript

1. Manifesto of Futurism. Lecture 10 : Smart Contracts FinTech —

   Financial Innovation and the Internet 2019 Fall Kenji Saito Professor, Graduate School of Business and Finance, Waseda University [email protected] Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.1/28

2. The lecture slides can be found at : https://speakerdeck.com/ks91 Lecture

   10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.2/28

3. Schedule (provisional) Lecture 1 9/27 Overview of FinTech (1) •

   Lecture 2 10/4 Overview of FinTech (2) • Lecture 3 10/11 Internet Technology and Governance (1) • Lecture 4 10/18 Internet Technology and Governance (2) • Lecture 5 10/25 The World of Apps (1) • Lecture 6 11/8 The World of Apps (2) • Lecture 7 11/15 Blockchain (1) • Lecture 8 11/22 Blockchain (2) • Lecture 9 11/29 Blockchain (3) and Smart Contracts • Lecture 10 12/6 Smart Contracts • Lecture 11 12/13 Other Ledger Technology and Applications (1) Lecture 12 12/20 Other Ledger Technology and Applications (2) Lecture 13 1/10 Cyber-Physical Society and Future of Finance Lecture 14 1/17 FinTech Ideathon Lecture 15 1/24 Presentations and Conclusions Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.3/28

4. Last Week, We Did Possibilities, Impossibilities and True Worth of

   Blockchain Problems of blockchain Blockchain’s true worth and the “last will test” Prove that data digitally signed at a cetain past point of time has not been tampered with since then Even after the private key is leaked Assignment Review Science fiction prototyping of smart contracts Smart Contracts and Ethereum Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.4/28

5. Today’s Topic Smart Contracts and Ethereum (revisited) Overview Smart Contract

   Programming Programming language Characteristics and challenges Blockchain and Smart Contract Example : automated escrow for purchasing a land Example : ADEPT and a washing machine Authenticity of contracts and how to disappear Assignment — a hard one ;) — how to disappear completely Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.5/28

6. Overview of Ethereum Blockchain and State Transition EVM (Ethereum Virtual

   Machine) Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.6/28

7. What is Ethereum? Vitalik Buterin, “Ethereum White Paper: A NEXT

   GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM” Applying blockchain technology Targeted average block interval : 15 seconds Put a programming language on it Turing complete = can emulate a universal Turing machine (well that’s almost a definition of a programming language) Foundation for DApps (applications that automate the center) An attempt to make the current financial and monetary system obsolete That’s what smart contracts are all about Automate digital asset transfers and their state transitions Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.7/28

8. Blockchain and State Transitions TUBUF FYUFSOBM
   BDUPST BDDPVOU &7.
   DPEF &UIFS
   ˠ
   HBT JOWPLF

   DPOUSBDU
   DPEF NFTTBHF
   PS
   B
   OFX
   BVUPOPNPVT
   PCKFDU EBUB
   FYDIBOHFE
   BNPOH
   BDDPVOUT
   PS
   &UIFS TUPSBHF TUBUF` TFU
   PG USBOTBDUJPOT EJHJUBM
   TJHOBUVSF &7. IVNBO GPS
   FYBNQMF Blockchain = Run of a state machine (state transition system) = Operation of a computer Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.8/28

9. Glossary Ether (ETH) Native currency of Ethereum (compensation for mining)

   External Actor A real person/entity who can digitally sign, having an account EOA : Externally-Owned Account Autonomous Object (internal actor) Operates autonomously within the system, and has an account That said, if you don’t send a message, it won’t work (and miners run them) Account Has an Ether balance, and can have storage (state) and EVM code EVM Code Smart contract program Smart contract = application program on Ethereum ̸= intelligent contract Contract ⇐ coherence of manifestation of intention between the parties Authenticity is ensured by being written in blockchain Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.9/28

10. EVM : Ethereum Virtual Machine TUBUF FYUFSOBM
    BDUPST BDDPVOU &7.
    DPEF &UIFS
    ˠ
    HBT

    JOWPLF DPOUSBDU
    DPEF NFTTBHF
    PS
    B
    OFX
    BVUPOPNPVT
    PCKFDU EBUB
    FYDIBOHFE
    BNPOH
    BDDPVOUT
    PS
    &UIFS TUPSBHF TUBUF` TFU
    PG USBOTBDUJPOT EJHJUBM
    TJHOBUVSF &7. IVNBO GPS
    FYBNQMF BVUPOPNPVT PCKFDU Triggered when an autonomous object receives a message, runs a contract code, and changes state Gas must be supplied for each execution step (to avoid an infinite loop and to compensate EVM executor = miner) Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.10/28

11. Smart Contract Programming Programming language Characteristics and challenges Lecture 10

    : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.11/28

12. Programming Language EVM interprets bytecode (instruction set for virtual machines

    or interpreters) Programmers don’t usually program in bytecode or machine languages — although some do ;) Requires compilers for other, high-level languages High-level language : human-readable/writable language On the other hand, languages close to machines are called low-level languages . . . We may be scolded by artificial intelligence in the near future ;) Examples : Solidity — JavaScript-like language Current primary language Vyper — Python-like language LLL — Lisp-like language Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.12/28

13. Solidity Sample Code (this is a high-level language!) pragma solidity

    >=0.4.18 <0.6.0; contract IndivisibleAsset { /* transfer ownership of non-divisible assets */ string public _name; string public _symbol; uint256 public _quantity; address public _owner; constructor(string name, string symbol, uint256 quantity) public { _name = name; _symbol = symbol; _quantity = quantity; _owner = msg.sender; } function transfer(address to) public returns (bool) { require (_owner == msg.sender); _owner = to; return true; } } Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.13/28

14. Another Solidity Sample Code (snippet) . . . function transfer(address

    to, uint256 value) public returns (bool) { balances[msg.sender] = balances[msg.sender] - value; balances[to] = balances[to] + value; return true; } . . . This can be the core of a (not-so-secure) token contract Without considering overflow/underflow A token contract typically manages the balances of all users Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.14/28

15. Features of Programming Language Solidity JavaScript-like Object-oriented Describe a contract

    as a template (type or class) Constructor is called during deployment Deploy here means to deploy the contract to the blockchain Decides what parameters to pass to the constructor upon deployment Conforms to Ethereum programming model Deployed contract is a specific entity (instance) Has an account (identified by the address, just like a human user) Has storage and ETH balance Can send messages to other contracts Model where deployed contracts are manipulated by sending messages On the assumption that the authenticity of the code that responds to the message is guaranteed Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.15/28

16. Characteristics and Challenges Characteristics Execute the program during the block

    validation process, and reflect the results in the “world state” Redundant verifiers Closed within the state of blockchain (maintained by the verifiers) This design is consistent in the Ethereum system Challenges I/O commands cannot be issued from within the program Not affected by the outside world other than external actors who send signed messages ⇒ ex. Data from sensors cannot be read directly Not able to directly affect the outside world ⇒ ex. Cannot send commands to the motor to turn it on/off Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.16/28

17. Blockchain and Smart Contracts Example : automated escrow to purchase

    a land Example : ADEPT and a washing machine Meaning of smart contracts in the narrow sense Authenticity of contracts How to hide the content of transactions Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.17/28

18. Promise Fixation Device in the Air (no matter if it’s

    made of a chain of blocks) %FpOFE
    b"JS` HMPCBM
    qBU
    TQBDF
    GPS
    B
    QVCMJD
    CMPDLDIBJO PQ
    *' QSPNJTF
    PS
    BTTFU DSFBUF
    BOE
    pY
    JO
    UIF
    BJS USBOTGFS
    SJHIU DBO
    GSFFMZ
    KPJO
    BOE
    MFBWF DBO
    GSFFMZ
    KPJO
    BOE
    MFBWF PQFSBCMF SFRVJSFT EJHJUBM
    TJHOBUVSF DBO
    SFGFS
    GSPN XJUIJO
    UIF
    TBNF
    TQBDF QBSUJDJQBOU QBSUJDJQBOU QBSUJDJQBOU QBSUJDJQBOU QBSUJDJQBOU JOUFSOBM
    TUBUF PQ
    *' PQ
    *' SFG
    *' The defined air is maintained solely by the participants (no specific administrator) Promises/assets can only be manipulated by authorized participants Promises/assets can survive as long as the defined air survives, since they are not maintained by any particular party Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.18/28

19. ex. Automated Escrow to Purchase Land (automation of centers) %FpOFE
    b"JS`

    SFUVSO
    MBOE 1VSDIBTF
    $POUSBDU -BOE
    "TTFU MBOE EFQPTJU USBOTGFS
    MBOE
    SJHIUT
    UP
    CVZFS USBOTGFS
    QBZNFOU
    UP
    TFMMFS QBZNFOU EFQPTJU %JHJUBM
    5PLFO DSFBUF
    BOE
    pY
    JO
    UIF
    BJS FJUIFS
    DBO
    EP
    UIJT DSFBUF
    BOE
    pY
    JO
    UIF
    BJS DBO
    GSFFMZ
    KPJO
    BOE
    MFBWF DBO
    GSFFMZ
    KPJO
    BOE
    MFBWF 4FMMFS #VZFS JOUFSOBM TUBUF SFUVSO
    NPOFZ TFUUMF USBOTGFS JOUFSOBM TUBUF USBOTGFS JOUFSOBM TUBUF     1. Purchase contract is fixed in the air to prevent taking away of land or money (both parties can verify the contract) 2. Deposit land rights and purchase money in the contract (if they change their minds, they can take them back) 3. When settled (anyone can do it if both right and money are deposited), the rights and money for the property are transferred simultaneously Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.19/28

20. ADEPT and a Washing Machine ADEPT : IoT (Internet of

    Things) research project by IBM ADEPT stands for Autonomous Decentralised Peer-to-Peer Telemetry An example of a washing machine connected with blockchain What for? Blockchain cannot control motors Each miner is processing by their own timing → I/O commands cannot be issued from within the blockchain ⇒ Designed behavior to match the “narrow sense” Order detergent! A system for automatically transferring and transitioning digitally represented assets according to predetermined rules Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.20/28

21. Authenticity of Contracts Anyone can participate in block validation and

    contract execution as a verifier ⇒ Everyone has access to the contract code It is in principle verifiable that the correct contract is being executed I/O is outside blockchain → this is possible without revealing the entirety of the agreement True worth of smart contract is that everyone can confirm that “the correct contract was executed”? Program code and its execution results as “record whose contents and existence cannot be denied by anyone” But Ethereum’s method should not be the only one There are many issues including how to manage the contracts’ life cycles We have already talked about The DAO Incident Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.21/28

22. ZoE (Zcash on Ethereum) In Ethereum, too, an “address” is

    a public key digest In Ethereum, which manages account status (balance, etc.) rather than UTXO (coin with destination), it’s difficult to adopt the Bitcoin-like method of changing the receiver’s address from transaction to transaction Which is not a perfect way to hide themselves anyway zk-SNARKs, zero-knowledge proof algorithm used in Zcash, has also been implemented for Ethereum Can conceal transactions (Who sent it to whom ← not straightforward, and) how much? Deployed with Byzantium hardfork in 2017 Gas (transaction cost) is expensive Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.22/28

23. zk-SNARKs Zero Knowledge - Succinct (compact) Non-interactive ARgument of Knowledge

    3 parts G is Generator : G(λ, C) → (pk, vk) where C is a circuit, λ is a secret Circuit C returns true or false; pk is the prover key, vk is the verifier key P is Prover : P(pk, x, w) → π where x is the public input of C, w (witness) is the secret input of C π is the proof V is Verifier : V (vk, x, π) = true ⇒ ∃w : C(x, w) = true Can perform in Ethereum by executing V inside smart contracts G and P are executed “off-chain” so to speak Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.23/28

24. C’s (circuits) to Conceal Balances and Remittances Use the cryptographic

    hash function H The contract manages H(a’s balance) for all accounts a Cs (x, w) for sender : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Confirm pre-tx balance ≥ remittance Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance − remittance) Cr (x, w) for receiver : x is [H(pre-tx balance), H(post-tx balance), H(remittance)], w is [pre-tx balance, remittance] Apply H to w to verify that H(pre-tx balance) and H(remittance) in x are correct Verifies that H(post-tx balance) in x equals H(pre-tx balance + remittance) Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.24/28

25. Contract to Conceal Balances and Remittances Accepts the following as

    arguments (sender address is self-evident as the caller of the contract) Receiver address, H(remittance), H(post-tx balance s ), H(post-tx balance r ) πs , πr obtained by applying P in advance Verifies sending by V (vks , [H(balance s ), H(post-tx balance s ), H(remittance)], πs ) Verifies receiving by V (vkr , [H(balance r ), H(post-tx balance r ), H(remittance)], πr ) Replaces both H(balance) with their H(post-tx balance) Sender and receiver need to communicate off-chain They cannot tell how much each other had and has now Others cannot tell, in addition to the above, how much was sent But they can tell who sent money to whom Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.25/28

26. Assignment Lecture 10 : Smart Contracts — FinTech — Financial

    Innovation and the Internet 2019 Fall — 2019-12-06 – p.26/28

27. Exercise 5. “How to Disappear Completely” Please think of a

    method of remittance using zk-SNARKs that conceals the following, and write the algorithm briefly (in English) Who sends money? To whom? How much? How much were the balances of those before remittance, and how much afterward? Is your solution perfect? What problems are there? Deadline and how to submit December 11, 2019 at 17:59 JST From Course N@vi Lecture 10 : Smart Contracts — FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.27/28

28. See You Next Week! Lecture 10 : Smart Contracts —

    FinTech — Financial Innovation and the Internet 2019 Fall — 2019-12-06 – p.28/28