Slide 1

Slide 1 text

Digital Economics — generated by Stable Diffusion XL v1.0 FinTech — Financial Innovation and the Internet 2024 Fall Lecture 5-6 : The World of Apps Kenji Saito, Graduate School of Business and Finance, Waseda University Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.1/54

Slide 2

Slide 2 text

This class is recorded Using Zoom For your convenience in reviewing the lectures Recordings are shared via Dropbox and you can ask questions with time-stamped comments Of course, students are encouraged to ask questions in class The recordings could be used for research on (online) learning Transcribed for use and anonymized Will let you know when the necessity arises Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.2/54

Slide 3

Slide 3 text

The lecture slides can be found at : https://speakerdeck.com/ks91/collections/fintech-2024-fall Recording and chat text will be posted at Moodle and Discord Note, however, that chat messages are often unnoticed I have invited you all to the Discord server of the class (continued from the past years) Trial automatic transcription and summary for lectures will be posted at Discord Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.3/54

Slide 4

Slide 4 text

Schedule (provisional) Lecture 1 10/4 Overview of FinTech (1) • Lecture 2 10/4 Overview of FinTech (2) • Lecture 3 10/11 Internet Technology and Governance (1) • Lecture 4 10/11 Internet Technology and Governance (2) • Lecture 5 10/18 The World of Apps (1) • Lecture 6 10/18 The World of Apps (2) • Lecture 7 10/25 Blockchain (1) Lecture 8 10/25 Blockchain (2) Lecture 9 11/8 Smart Contracts and Decentralized Finance (1) Lecture 10 11/8 Smart Contracts and Decentralized Finance (2) Lecture 11 11/15 Cyber-Physical Society and Future of Finance (1) Lecture 12 11/15 Cyber-Physical Society and Future of Finance (2) Lecture 13 11/22 FinTech Ideathon Lecture 14 11/22 Presentations and Conclusions Online presence is possible but not recommended for non-online lectures for interactivity reasons Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.4/54

Slide 5

Slide 5 text

Last Week, We Did . . . Tetrad : A Tool for Analyzing Media (reprise) Future of Monetary-Financial System? Assignment Review Internet Technology Internet Govenance Discussion “Commons” in Finance Assignment Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.5/54

Slide 6

Slide 6 text

Today’s Topics Assignment Review The World of the Web Web 1-2-3 True Stories API (Application Programming Interface) Web API (REST) in particular Discussion : Imagine API Basics of Cryptography (may be continued to the next class) Assignment Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.6/54

Slide 7

Slide 7 text

Assignment Review Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.7/54

Slide 8

Slide 8 text

Assignment 2. “Bank/Payment API” Given that banks and xxPay will publish APIs (Application Programming Interface), think of a new and unusual example application, and describe it briefly Deadline and how to submit October 15, 2024 at 17:59 JST From Moodle (Q&A Forum) (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, please You may always add your comments or questions about the class Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.8/54

Slide 9

Slide 9 text

Trends and Measures Trends . . . of your reports Measures . . . how to improve the class 23 replies out of 25 students submitted (as of Wed. morning) (always better late than never) Applications : (P2P) micro finance (2) / impulsive-expenditure-control pay / managing consents given by customers regarding their financial data / general personal financial assistant (3) / local loyalty program / in-game transactions / spending and investing depending on weather / forecast for investments / proactive credit score analysis / expansion of individual surveillance / advise you whether the current price is fair or suggest a better alternative / health-wealth wallet, smart nutrition & insurance rewards / retirement planning assistant / eco-impact tracker & rewards (2) / more targeted marketing efforts (2) Very interesting! Most answers were straight to the point, but a few had lengthy preambles Write the most important points first, so that if readers stop reading in the middle, they can still get the important information Probably you have learned the elevator pitch Example from how to write an abstract for a scientific paper I know you are business-oriented, but since this is also academia Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.9/54

Slide 10

Slide 10 text

How to Write a Good Abstract The real first step is to give it a good title (probably 3 below is your title), then Abstract in 4 simple sentences, by Kent Beck: Sentence 1 : Statement of the problem Sentence 2 : Why the problem is a problem Sentence 3 : A “startling” sentence Sentence 4 : Implications of the startling sentence Example: The rejection rate for OOPSLA papers is near 90% 1 Most papers are rejected not because of a lack of good ideas, but because they are poorly structured 2 Following four simple steps in writing a paper will dramatically increase your chances of acceptance 3 If everyone followed these steps, the amount of communication in the object community would increase, improving the rate of progress 4 cf. https://plg.uwaterloo.ca/∼migod/research/beckOOPSLA.html Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.10/54

Slide 11

Slide 11 text

B-san’s App My app serves as a micro-transaction platform tailored to local community and neighborhood This app caters to two distinct needs: it enables individuals with dreams – like local artists and chefs – to access micro-funding directly from their community, helping them launch their first products or culinary ventures by collecting small contributions from familiar faces and maybe in exchange for small products or services related to their dreams, e.g donate for my restaurants and I will cook a meal for your family Simultaneously, it serves more established local entities such as restaurants, boutiques, and shops, allowing them to sponsor themselves and strengthen bonds within the community through small contributions, discounts, or subscription-based plans For instance, loyal customers can receive the status of loyal by subscribing to the plan offered by the shop in exchange for benefits like guaranteed seating, weekly free meals, or gifts from local businesses, all facilitated through app-based micro-transactions ⇒ Good idea to support community’s self-reliance Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.11/54

Slide 12

Slide 12 text

B-san’s App An idea would be to rethink traditional spending habits and investing, taking external circumstances into account and making them depend on those One example of an external factor could be the weather Two options are coming to my mind about this form of conditional investment: (1) Spendings regarding personal activities dependant on past weather conditions as well as on forecasts (2) Investments into shares etc. based on weather conditions ⇒ Our economy is surely affected by the climate, but it is interesting to do that on an individual level Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.12/54

Slide 13

Slide 13 text

L-san’s App APIs allow different applications, such as websites, mobile apps, and other systems to communicate between each other By integrating external APIs with your bank or xxPay payment system, the app could analyze the prices of items you’re purchasing in real-time and cross-reference them with market data or competitor prices This way, it could advise you whether the current price is fair or suggest a better alternative For example, if someone buys an item at a supermarket, the app could notify them if the same product is available at a cheaper price in a nearby store or online, by accessing the user’s transaction history This APIs application would empower users to make smarter financial decisions and ultimately save money on their everyday purchases ⇒ This is like an automated kakaku.com ! Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.13/54

Slide 14

Slide 14 text

M-san’s Question Security risks associated with Open APIs: With the rise of open banking APIs, how do you predict the changes in challenges related to maintaining security and data privacy, particularly as more third-party developers are granted access to sensitive financial information? ⇒ This matter is also on today’s agenda Basically, the question is how to implement the golden rules of security: Authentication, Authorization, and Audit, And how individuals can have control over their privacy Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.14/54

Slide 15

Slide 15 text

The World of the Web Applications of the Internet Birth, technology and evolution of World Wide Web Consequences and problems of World Wide Web Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.15/54

Slide 16

Slide 16 text

Applications and Port Numbers 3BJMT 5P[BJ-JOF 8BTFEB4U &YJU 8BTFEB6OJW 8BTFEB 3BJMT .JUB-JOF .JUB4U ̖&YJU ,FJP6OJW .JUB 3BJMT ɹ0UFNBDIJ4U .JUB-JOFc5P[BJ-JOF "QQMJDBUJPO 8BTFEB6OJWFSTJUZ JTMJTUFOJOHPO BTQFDJpDQPSU *1 BEESFTT 1PSUOVNCFS * * 5 5 Like many web servers used to be listening mainly on port 80 (when HTTP was OK) Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.16/54

Slide 17

Slide 17 text

Client-Server Model 5IF*OUFSOFU (JWFNFTPNFUIJOH )FSFZPVBSF $MJFOU $MJFOU 4FSWFS 4FSWFS4PGUXBSF "QQMJDBUJPOMJTUFOJOH GPSSFRVFTUTGSPN DMJFOUTPOBTQFDJpD QPSU $MJFOU4PGUXBSF "QQMJDBUJPOUIBU DPNNVOJDBUFTXJUI TFSWFSTPGUXBSF TFOEJOHSFRVFTUT XIFOOFFEFE One of the basic models of communication on the Internet Two types of computers Servers: computers providing services Clients: computers to be serviced Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.17/54

Slide 18

Slide 18 text

Before Web What the Internet was used for (everything is still out there) Window system (X window) Mail (SMTP/POP) (POP → IMAP after Web) Netnews (NNTP) There were already “flaming” File transfer (FTP) Below came around the same time as Web Chat (IRC) Information retrieval (gopher) Now little used Now actually sounds more like an iconic mascot of the Go project Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.18/54

Slide 19

Slide 19 text

To Web Changes in the way information is shared File storage and sharing services Save file on server (upload) Users access the server to download files (Files at the time were often scientific papers and program code) ⇓ WWW : World Wide Web Embed “Relation” links in the file → Hypertext (by Ted Nelson, 1963, 1974) The way files around the world link to one another is referred to as “Cobweb (web)”, and is named “World-Wide Web” Birth of a digital information infrastructure in which various data are organically linked Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.19/54

Slide 20

Slide 20 text

World Wide Web #SPXTFS #SPXTFS XXXBNB[PODPKQ MJOLT TFSWFST EBUBTUSVDUVSF BDDFTT MJOLT MJOLT CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF CSPXTF XXXHPPHMFDPKQ XXXZBIPPDPKQ A browser fetches a page, and if a user clicks on (or touches) a link, fetches another page Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.20/54

Slide 21

Slide 21 text

Birth, Technology and Evolution of World Wide Web The Great Meeting of Hypertext and the Internet Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.21/54

Slide 22

Slide 22 text

History of World Wide Web In 1989 Draft proposal by Tim Berners-Lee at CERN Adopts the concept of hypertext In 1990 WWW server and browser implemented on NeXT, HTML 1.0 Draft In 1991 Released WWW system (server, browser, library), started to be used by universities and laboratories In 1993 Mark Andreessen et al. developed the Mosaic browser, which made WWW widely spread In 1994 Tim Berners-Lee founded the W3C (World Wide Web Consortium) In 1995 Published HTML 2.0 In 2014 HTML5 In 2021 HTML Living Standard Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.22/54

Slide 23

Slide 23 text

Element Technologies of the World Wide Web HTTP/HTTPS HyperText Transfer Protocol (Secure) Protocol used for transferring HTML files HTML Hyper Text Markup Language Markup language for describing web pages Designed and recommended by the W3C → WHATWG URI Uniform Resource Identifier Identifier of an information resource on the Internet (not necessarily on WWW) URL (Uniform Resource Locator) is one way to implement URI Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.23/54

Slide 24

Slide 24 text

Format of URL (Uniform Resource Locator) In case of https scheme Scheme https://www . google . com Host name : Port # 443/search Path ? Search string q = refrigerator Port number, path, and search string are optional For https scheme, the port number defaults to 443 Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.24/54

Slide 25

Slide 25 text

HTTPS Demo $ openssl s_client -connect www.waseda.jp:443 Then GET / Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.25/54

Slide 26

Slide 26 text

Characteristics of HTTP/HTTPS You can get 1 resource (file) per request Each request is independent (state-less) It was enough to achieve its original purpose Original purpose → easy access to documents such as scientific papers But then there appeared a lot of applications for which this is inadequate . . . Want to treat a series of requests as a session Shopping, logging into membership site, etc. Art of maintaining states for that purpose Unique URL generation including a representation of the state HTTP cookies (like shared magic numbers) Access tokens Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.26/54

Slide 27

Slide 27 text

Generalized Access Token 8FC4FSWFS SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF TFBSDI SFHJTUFS HFOFSBUFTUPLFO EBUBQSPUFDUFECZBDDFTTSJHIU %BUBCBTF #SPXTFS 5JNF JOEFQFOEFOUDPOOFDUJPO JOEFQFOEFOUDPOOFDUJPO IFBEFS SFTPVSDF IFBEFS IFBEFS SFTPVSDF 9Z;X 9Z;X 9Z;X EBUBQSPUFDUFE CZBDDFTTSJHIU Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.27/54

Slide 28

Slide 28 text

Consequences and problems of World Wide Web Changes in how people use the Internet Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.28/54

Slide 29

Slide 29 text

What World Wide Web Brought Information distribution Information now contains links and information is organically linked across distributed servers Information providers create information (data) with links in mind Information users follow links to obtain new information (data) Finding information (data) Need some way to find a server that stores information (data) Large numbers of servers and distributed volumes of information (data) Search engine is important How information (data) is collected Distributed across the Internet, servers with popular information (data) are being accessed intensively as the number of users increases Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.29/54

Slide 30

Slide 30 text

Web 1-2-3 True Stories Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.30/54

Slide 31

Slide 31 text

History of Web 1-2-3 so-called Web1.0 Web2.0 WWW Orthodox History (Finance is irrelevant) Users themselves are “easily” the producers of the data A little off topic Quite off topic lift (Aufheben) 1989 Web3.0 ˠ web3 2014 1990 1995 2000 2005 2010 2015 2020 2005 2006 Web3.0 Get your data back in your hands! Don't let organizations control it Solve all problems by making everything a financial token! Berners-Lee’ s Berners-Lee’ s O’ Reilly’ s Wood’ s Bitcoin Ethereum Semantic Web (1998) “Web 2.0” first appearance (1999) Snowden Affair Bankruptcy of Lehman Brothers Internet Commercialization To Solid Project Is the data freely available for the users themselves and for the public good? How did this happen? Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.31/54

Slide 32

Slide 32 text

What’s Web3? (1/3) So-called Web 1.0 (Berners-Lee) : Read × Write Publication medium for researchers → Everyone writes and reads papers, so it is two-way from the beginning “Users manage data, but publication is not easy” Web 2.0 (O’Reilly) : Read × Write ← Since Web 1.0 era “User has no control over data, but publication is easy” Web 3.0 (Berners-Lee) Aim to “make it easy for users to manage and publish their data” → Solid (Social linked data) Web 3.0 → Web3 (Wood) Make Ethereum available from the Web ← web3.js, web3.py Web3 (Dixon) : Read × Write × Own “Build financial assets, in the form of tokens, into the inner workings of almost anything you do online” (Bloomberg) You can own a token without relying on a trust to another, but you cannot own what the token points to or includes Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.32/54

Slide 33

Slide 33 text

What’s Web3? (2/3) Web 3.0 (Wood, 2014) → web3 : Get the data back to everyone The following 4 elements were assumed to allow you to manage your data yourself 1) Publishing system that cannot be censored (realized with Ethereum) 2) Messaging with pseudonyms (realized with Ethereum) · Not anonymous, but when identities and pseudonyms are linked, people know who you are 3) Consensus engine (?) (naïve understanding that this was achieved with Ethereum) · Haven’t created any mechanism for human beings to agree (What is being done is “replication” as part of 1)) 4) Browsers and user interfaces that integrate them (Ethereum to be available on the web) The {Javascript|Python} library to achieve 4) above is called web3.{js|py} (2014∼) Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.33/54

Slide 34

Slide 34 text

What’s Web3? (3/3) Then things got somewhat strange . . . “What makes Web3 different — and more than a little weird — is that it would build financial assets, in the form of tokens, into the inner workings of almost anything you do online” — Olga Kharif, “What You Need to Know About Web3, Crypto’s Attempt to Reinvent the Internet”, Bloomberg (2021) Why do they want to do it? (Do you want to do it?) Perhaps because, after all, only tokens can express “ownership” in the blockchain? (original development motivation) Tokens can be freely disposed of by their holders → realization of the modern concept of ownership But does that mean you own the data? Is “owning” a “better way” in the first place? Is it a belief (or assumption) that all of society’s problems can be solved by incentives? This may be a belief that we can’t solve our problems without using humans, Because the only party to whom assets can be exercised is human (nature does not accept money) What about the fear of being wiped out in some way as a result of diversity being compromised because everyone works with the same incentives? Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.34/54

Slide 35

Slide 35 text

Little Discussion What do you want to do with web3? Whatever you want to do, this class will always answer it with true stories Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.35/54

Slide 36

Slide 36 text

API API : Application Programming Interface Interface through which an application can make use of some features provided somewhere Web API : API by HTTP(S) requests In this case, features are provided by a (remote) web server Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.36/54

Slide 37

Slide 37 text

REST (Representational State Transfer) Stateless client/server protocol Well-defined set of methods POST, GET (demoed), PUT, DELETE vs. CRUD (Create/Read/Update/Delete) CRUD represents the basic set of operations against a database Uniquely identify resources by URI Some demonstrations later Often returns results in the form of JSON (JavaScript Object Notation) Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.37/54

Slide 38

Slide 38 text

Demoed? — HTTPS Demo (reprise) $ openssl s_client -connect www.waseda.jp:443 Then GET / Install openssl in your environment and try it out You may want to try www.google.com:443 and GET /search?q=refrigerator instead Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.38/54

Slide 39

Slide 39 text

REST – contd. Hypermedia that can handle both application information and state transitions An example of state transitions (state machines) (For example, on the web, page = state, and the page presents possible operations in that state as a set of buttons) A stack is a last-in, first-out date store You can push data in, and pop data out A design would be like, POST to create a stack POST to push to the stack POST to pop from the stack GET to peek in the stack state PUT to update an item DELETE to delete the stack Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.39/54

Slide 40

Slide 40 text

Demonstration $ git clone https://github.com/ks91/sample-web-api.git This is a really simple sample API that provides stacks (requires Python3 and Flask) The stacks can be used as calculators Run the simple web API server $ python stack.py See README to discover how to try In this demo, we will try (5 − 2) × (3 + 4) Expressed as 5 2 − 3 4 + × (Reverse Polish Notation) Also two programs to add up 1 through 10 using the API Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.40/54

Slide 41

Slide 41 text

Meaning of the Demonstration No one wants to go to the trouble of using APIs to do something this simple We did it as a demonstration in which we can easily confirm that the API worked correctly If I were to point at the moon, you should be looking at the moon, not at my index finger ↑ If you are wondering why I suddenly started talking about the moon, you are surely looking at my index finger At the same time, the stack calculator is an important concept You can make a (virtual) computer out of this concept It is called a stack machine Bitcoin’s virtual computer for scripting is a stack machine Ethereum Virtual Machine (EVM) is also a stack machine Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.41/54

Slide 42

Slide 42 text

Little Discussion : Imagine API What APIs are useful in banking? Roughly design With CRUD (Create/Read/Update/Delete) in mind Have you considered an API to retrieve passbook data? How can you be sure that the data is genuine? Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.42/54

Slide 43

Slide 43 text

Basics of Cryptography Cryptographic hash function Public key cryptography and digital signature Zero-knowledge proof Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.43/54

Slide 44

Slide 44 text

Cryptographic Hash Function Input Set of any digital data (infinite elements) Output Set of numbers of fixed length, e.g. 256 bits (finite) Output values are also called ‘digests’ Assuming they are in order of increasing size Assuming they are in order of increasing size function such as SHA3-256 SHA : Secure Hash Algorithm Uniformly Distributed (property of hash functions) Unevenly distributed There appears to be no law in the mapping, which can be computed inexpensively in the direction but not in the opposite direction (unidirectional) (property of cryptographic hash functions) Because of the mapping of the infinite to the finite, though it is very rare, different inputs may have the same output result (collision) --- cryptographic hash functions that have been found to collide are no longer considered secure Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.44/54

Slide 45

Slide 45 text

Examples SHA (Secure Hash Algorithm) series (NIST standards) SHA-1 (designed by NSA) Deprecated SHA-2 (designed by NSA) SHA-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2024 Fall” → 358f8d59197b3f417ab0a9560f3318b6b9a55edc759d4897cb9c4457ce589bce SHA-3 (selected through a public call for proposals) SHA3-256 produces 256-bit digests “FinTech - Financial Innovation and the Internet 2024 Fall” → 9fb40b280a32d511be02addea513204bc82fd5c22b147e95b6e9e72b020a5725 Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.45/54

Slide 46

Slide 46 text

Actually Found Collisions for SHA-1 https://shattered.it Announced in February 2017 by Google and the National Research Institute for Mathematics and Computer Science (CWI), Netherlands As an alert Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.46/54

Slide 47

Slide 47 text

Public Key Cryptography 5IF*OUFSOFU %JTUSJCVUFQVCMJDLFZTJOBEWBODF -PDLJOHBOEVOMPDLJOHLFZTBSFTFQBSBUF BTZNNFUSJDDSZQUPTZTUFN 4FOEFS LFZQBJS 3FDFJWFS QMBJOUFYU QVCMJDLFZ QSJWBUFLFZ &ODSZQUX QVCMJDLFZ %FDSZQUX QSJWBUFLFZ 4FOEFODSZQUFEUFYU It is extremely difficult to deduce the private key from a public key Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.47/54

Slide 48

Slide 48 text

Digital Signature private key key pair generated in advance keep it a secret May be given in advance The signature was created by someone who can use the private key corresponding to the public key (i.e. the signer), and the original data has not changed one bit after signing For this mechanism to work properly, there must be some proof that the public key received really belongs to the signer [Signature algorithm] Input : original data, private key Output : signature [Verification algorithm] Input: original data, signature, public key Output: OK or NG Signer Signature algorithm Verification algorithm OK or NG Internet Verifier original data original data signature signature public key public key Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.48/54

Slide 49

Slide 49 text

Public Key Certificate 5IFSFJTOPHVBSBOUFFUIBUUIFQVCMJDLFZ PCUBJOFEUISPVHIUIF*OUFSOFUJTHFOVJOF 8FEPOULOPXJGUIFQVCMJDLFZVTFEGPSTJHOJOH UIFDFSUJpDBUFJTHFOVJOFPSOPUFJUIFS "MJDF #PC $BSPMF DFSUJpFS # C " # 8IPTF $ 5IF*OUFSOFU TJHOBUVSF 4JHOBUVSFPO"TQVCMJDLFZ $FSUJpDBUF #VUXFOFFE$TQVCMJDLFZ UPWFSJGZUIFTJHOBUVSF .BMJTTB BUUBDLFS & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " QVCMJDLFZ LFZQBJS QVCMJDLF LF LF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ QVCMJDLFZ LFZQBJS QVCMJDLF LF LFZ QSJWBUFLFZ Public key infrastructure is used in the Web and elsewhere It has a root ← need to trust someone unconditionally, and CA (Certificate Authority) is a (single) point of failure Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.49/54

Slide 50

Slide 50 text

What is Zero-Knowledge Proof? 4PVSDFl;FSPLOPXMFEHFQSPPGz 8JLJQFEJB Verifier remains to have no knowledge other than what prover wants to prove Example: “I know a secret spell to open the door” ↑ Prove this without revealing the spell itself For example, repeat “coming out from the way she is told” for 20 times Completeness Verifier accepts with high probability if the proposition is true Soundness Verifier has little chance of accepting if the proposition is false Zero-knowledge Can imitate dialogue without having to be a prover (without knowledge) Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.50/54

Slide 51

Slide 51 text

What’s Non-Interactive Zero-Knowledge Proof? No dialogue is required for performing zero-knowledge proof Example: proving “my test score is the same as yours” Only one person can enter the room at a time Room has numbered and locked voting boxes for every possible score (for example, 101 boxes for 0∼100 points) You have a key bundle, but leave only the key of your score box, and throw away the rest I enter the room and vote for my score box and × for the rest You go into the room and unlock your score box to see if it’s voted Digital signature (can prove that the private key is there without revealing it) is an example of non-interactive zero-knowledge proof Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.51/54

Slide 52

Slide 52 text

Assignment Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.52/54

Slide 53

Slide 53 text

Assignment 3. “Blockchain” (1) Please give a specific example of financial services (2) If a user is an “end (edge)”, what is the “center” operated by people or an organization in the example? (3) How will the service change if that center is automated, without an organization? Deadline and how to submit October 22, 2024 at 17:59 JST From Moodle (mandatory) Optionally, you can also post to #assignments channel at Discord So that your classmates can read your report, refer to it, and comment on it Just plain text, and be concise, please (and please remember Kent Beck on How to Get a Paper Accepted) Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.53/54

Slide 54

Slide 54 text

Have a Nice Weekend and See You Next Week! Lecture 5-6 : The World of Apps — FinTech — Financial Innovation and the Internet 2024 Fall — 2024-10-18 – p.54/54