Tweet
Tweet

Slide 1

Slide 1 text

MARKETS, MECHANISMS, MACHINES University of Virginia, Spring 2019 Class 27: Cryptocurrency 22 April 2019 cs4501/econ4559 Spring 2019 David Evans and Denis Nekipelov https://uvammm.github.io

Slide 2

Slide 2 text

Final Project Presentations Next Tuesday (April 30), in class up to min(5, ' + 3) minutes to present your project tell a story, don’t read a list motivate your project: why should we care? explain what you did: overview, and something interesting results: focus on getting most interesting result across demos are better than slides pictures are better than text (almost) anything is better than a bullet list 1

Slide 3

Slide 3 text

Final Project Presentations Next Tuesday (April 30), in class up to min(5, ' + 3) minutes to present your project tell a story, don’t read a list motivate your project: why should we care? explain what you did: overview, and something interesting results: focus on getting most interesting result across demos are better than slides pictures are better than text (almost) anything is better than a bullet list 2 Try not to have any slides as boring, text- heavy, and bullet-listy as this one was!

Slide 4

Slide 4 text

Final Project Presentations 3 Be creative! (tasty is good too...)

Slide 5

Slide 5 text

Final Project Reports Monday, 6 May (4:59pm): this is a strict deadline, unless you pre- arrange an extension Default: web site that describes your project - permanently hosted (e.g., github pages) - text/image description of your project - code and data Alternatives: video, academic-style paper, song, etc. - if you are doing something unconventional, ask for advice first 4

Slide 6

Slide 6 text

Cryptocurrency and Blockchain 5

Slide 7

Slide 7 text

What is money? 6

Slide 8

Slide 8 text

7 For thousands of years, philosophers, thinkers and prophets have besmirched money and called it the root of all evil. Be that as it may, money is also the apogee of human tolerance. Money is more open- minded than language, state laws, cultural codes , religious beliefs and social habits. Money is the only trust system created by humans that can bridge almost any cultural gap, and that does not discriminate on the basis of religion, gender, race, age or sexual orientation. Thanks to money, even people who don’t know each other and don’t trust each other can nevertheless cooperate effectively.

Slide 9

Slide 9 text

Paradox of Money Money works because people trust it. People trust money because it works. Need a starting point: where does that trust begin.

Slide 10

Slide 10 text

9 Aristotle’s Politics 350 BCE

Slide 11

Slide 11 text

Fiat Currency 10

Slide 12

Slide 12 text

11 With a strong enough army, anything can be a fiat currency

Slide 13

Slide 13 text

Can bits be a currency? 12

Slide 14

Slide 14 text

Owning and Transferring a Coin 13 Alice: “I, Alice, give coin x to Bob.” Only Alice should be able to say this (if she owns coin x). Everyone should be able to trust it is valid. Bob should now own coin x.

Slide 15

Slide 15 text

Asymmetry Required Need a function f that is: Easy to compute: given x, easy to compute f (x) Hard to invert: given f (x), hard to compute x Has a trap-door: given f (x) and t, easy to compute x 14

Slide 16

Slide 16 text

Using Asymmetric Crypto: Signatures 15 E D Verified Message Signed Message Message Insecure Channel KU B KR B Bob Generates key pair: KU B , KR B Publishes KU B Anyone Get KU B from trusted provider

Slide 17

Slide 17 text

Transferring a Coin 16 Alice signs m 1 = “I, Alice (KU A ), give coin x, t to Bob (KU B ).” with her private signing key, KR A . How does Bob transfer x to Colleen (KU C )?

Slide 18

Slide 18 text

Transferring a Coin 17 Bob signs m 2 = “I give coin x, given to me by m 1 to Colleen (KU C ).” with KR B . Alice signs m 1 = “I, Alice (KU A ), give coin x to Bob (KU B ).” with her private signing key, KR A .

Slide 19

Slide 19 text

Transferring a Coin 18 Bob signs m 2 = “I give coin x, given to me by m 1 to Colleen (KU C).” with KR B. Alice signs m 1 = “I, Alice (KU A), give coin x to Bob (KU B).” with her private signing key, KR A. Colleen signs m 3 = “I give coin x, given to me by m 2 to Dave (KU D).” with KR C. This does not solve: how to create x how to prevent double spending ...

Slide 20

Slide 20 text

Centralized Digital Currency 19 Trusted Bank Account No. Owner’s Identity Value 3022493 Alice 2033.23 3022494 Bob 8733.03 3022495 Colleen 24331.77 3022496 Dave 0.01 3022497 Denis 5823392.23

Slide 21

Slide 21 text

20 Communications of the ACM October 1985

Slide 22

Slide 22 text

21 Communications of the ACM October 1985

Slide 23

Slide 23 text

First Wave Cryptocurrency 22 David Chaum

Slide 24

Slide 24 text

First Wave Cryptocurrency 23 David Chaum Bankrupt, 1998

Slide 25

Slide 25 text

Decentralized Currency Currency without trust 24

Slide 26

Slide 26 text

Double Spending Challenge 25 M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob

Slide 27

Slide 27 text

Double Spending Challenge 26 M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B tx b tx b

Slide 28

Slide 28 text

27 M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B tx b tx b M = transfer X to Coleen SignKRA [H(M)] tx c

Slide 29

Slide 29 text

28 M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B tx b tx b M = transfer X to Coleen SignKRA [H(M)] tx c

Slide 30

Slide 30 text

29 M = transfer X to Bob SignKRA [H(M)] Bob wants to verify: 1. Alice owns X 2. Alice hasn’t transferred X 3. The coin will be valuable for Bob Node C Node A Node B tx b tx b M = transfer X to Coleen SignKRA [H(M)] tx c Node E Node D

Slide 31

Slide 31 text

30 Node A Node B Node C M = transfer X to Colleen EKRA [H(M)] tc tc tc tc BAD! t Transactions 1 tb (X->Bob) Transactions 1 t b (X->Bob) Transactions 1 tc (X->Cathy)

Slide 32

Slide 32 text

Scaling the Network 31 Node A Node B Node C t a t b t b Node D Node E Node F Node G

Slide 33

Slide 33 text

Voting on the Consensus Ledger 32

Slide 34

Slide 34 text

Inconsistent Blockchains 33 Node A Node B Node C Node D Node E Node F Node G How do we know which blockchain is “correct”?

Slide 35

Slide 35 text

34 CRYPTO 1992 Cynthia Dwork (now at Harvard) Moni Naor (Weizmann Institute)

Slide 36

Slide 36 text

35

Slide 37

Slide 37 text

Idea: Proof-of-Work Pricing Function: (f) - moderately easy to compute - cannot be amortized computing f(m1 ),…, f(ml ) costs l times as much as computing f(mi ). - easily verified: given x, y easy to check y = f(x) 36

Slide 38

Slide 38 text

Hashcash Adam Back 1997 37

Slide 39

Slide 39 text

Interactive Hashcash 38 mail sender mail recipient’s server Hello Challenge: r r ç random nonce Everyone agrees on one-way function f

Slide 40

Slide 40 text

Interactive Hashcash 39 mail sender mail recipient’s server Hello Challenge: r r ç random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail)

Slide 41

Slide 41 text

Interactive Hashcash 40 mail sender mail recipient’s server Hello Challenge: r r ç random nonce search for x such that f(x) = r Everyone agrees on one-way function f (x, Mail) Verify f(x) = r

Slide 42

Slide 42 text

Satoshi’s Solution 41

Slide 43

Slide 43 text

Blockchain 42 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Distributed ledger maintained by network of untrusted nodes Blocks added require proof-of-work Node’s agree to consensus: longest (most difficult) chain Incentives designed to encourage network nodes to: Validate and record transactions Spend effort on extending consensus chain

Slide 44

Slide 44 text

Bitcoin’s Proof-of-Work 43 B0 H(B0) Nonce Transactions H(B1) Nonce Transactions H(B2) Nonce Transactions Find a nonce x such that: SHA-256(SHA-256(r || x)) < T/d r = header includes H(previous block) root of Merkle tree of transactions

Slide 45

Slide 45 text

44 Expected hashes to find block: = " # 2%&~ 2.7 # 10&& 27 sextillion 286 quintillion 58 quadrillion 498 trillion 500 billion 453 million 203 thousand 968

Slide 46

Slide 46 text

45 Adjusted by protocol every 2016 blocks (~ 2 weeks at expected 10 minutes per block rate)

Slide 47

Slide 47 text

Actual Bitcoin Block 46 https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers

Slide 48

Slide 48 text

47 Bitcoin Transaction Input 1: v1 , a1 Input 2: v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction)

Slide 49

Slide 49 text

Bitcoin Script 48 OP_DATA OP_CHECKSIG Locking Script OP_DATA Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script If Bitcoin Address were just public key Spender provides unlocking script, transaction is valid if stack ends with 1 on top

Slide 50

Slide 50 text

Bitcoin Script 49 OP_DUP OP_HASH160 OP_DATA OP_EQUALVERIFY OP_CHECKSIG Locking Script OP_DATA OP_DATA Unlocking Script Transaction a0b6ea….. Input 1: v1 , a1 Output 1: x1 , d1 Output 2: x2 , d2 … Transaction d8730d… Locking Script Unlocking Script Bitcoin Address = H(public key)

Slide 51

Slide 51 text

OP_RETURN (until July 2010) 50 https://github.com/bitcoin/bitcoin/blob/v0.1.5/script.cpp#L170 Universal Unlocking Script! OP_DATA 1 OP_RETURN

Slide 52

Slide 52 text

51 Example Transaction Fees are optional…

Slide 53

Slide 53 text

52 Mt. Gox proof-of-assets transaction

Slide 54

Slide 54 text

53 Exhibit B

Slide 55

Slide 55 text

54 Bitcoin Transaction Input 1: v1 , a1 Input 2: v2 , a2 … Output 1: x1 , d1 Output 2: x2 , d2 … transaction fees = sum(input values) – sum(output values) (must be non-negative for valid transaction) How is new bitcoin created?

Slide 56

Slide 56 text

55 Coinbase Transaction Output 1: x1 , d1 Output 2: x2 , d2 … sum(output values) ≤ sum(transaction fees) + mining reward mining reward = 50 BTC 2floor(block number / 210,000)

Slide 57

Slide 57 text

56

Slide 58

Slide 58 text

Mining 57

Slide 59

Slide 59 text

(General-Purpose) Computers are Useless 58

Slide 60

Slide 60 text

59 XOR two 32-bit values in CPU XOR two 32-bit values in ASIC 4 transistors XOR design

Slide 61

Slide 61 text

60 https://en.bitcoin.it/wiki/Mining_hardware_comparison

Slide 62

Slide 62 text

61

Slide 63

Slide 63 text

62 AntMiner S9: 12 TH/s AntMiner S5+ [Oct 2015]: 7 TH/s, 3436W

Slide 64

Slide 64 text

63

Slide 65

Slide 65 text

64 Fire at mining facility in Thailand, 14 Oct 2014 Photo credit: www.thairath.co.th

Slide 66

Slide 66 text

65

Slide 67

Slide 67 text

66

Slide 68

Slide 68 text

67

Slide 69

Slide 69 text

68 Entire bitcoin network: 1/10-1/5th Lake Anna Power Station

Slide 70

Slide 70 text

69 Blockchain Hype!

Slide 71

Slide 71 text

70 Google Trends Renminbi Bitcoin Dec 2013

Slide 72

Slide 72 text

71 Bitcoin “Hype” Bitcoin Market Price (US$)

Slide 73

Slide 73 text

72 $5K today $20K in Dec 2017

Slide 74

Slide 74 text

73 $5K today $20K in Dec 2017

Slide 75

Slide 75 text

74 Bitcoin “Market Capitalization” = Number of Bitcoins ✕ Market Price = 17.66M ✕ $5387.90 ≈ $95B

Slide 76

Slide 76 text

Estimated $US Daily Transaction Value 75

Slide 77

Slide 77 text

How long does it take Apple to make $628M? 76

Slide 78

Slide 78 text

How long does it take Apple to make $628M? 77 Apple’s 2018 revenue $266B $728M/day

Slide 79

Slide 79 text

Charge Project Presentations in One Week! 78