Demystifying the
Blockchain Hype
Blockchain Meetup
Willow Tree Apps
25 October 2016
David Evans
University of Virginia
www.cs.virginia.edu/evans
bitcoin-class.org
Slide 2
Slide 2 text
1
Blockchain Hype!
Slide 3
Slide 3 text
2
Google Trends
Renminbi
Bitcoin
Dec 2013
Slide 4
Slide 4 text
3
Bitcoin “Hype”
Bitcoin
Market
Price (US$)
Slide 5
Slide 5 text
Plan
Tutorial Introduction to Bitcoin
Hype vs. Reality in Bitcoin Today
Promise of Future Blockchains
4
Slide 6
Slide 6 text
What is money?
5
Slide 7
Slide 7 text
6
For thousands of years, philosophers, thinkers and
prophets have besmirched money and called it the
root of all evil. Be that as it may, money is also the
apogee of human tolerance. Money is more open-
minded than language, state laws, cultural codes ,
religious beliefs and social habits. Money is the only
trust system created by humans that can bridge
almost any cultural gap, and that does not
discriminate on the basis of religion, gender, race,
age or sexual orientation. Thanks to money, even
people who don’t know each other and don’t trust
each other can nevertheless cooperate effectively.
Slide 8
Slide 8 text
Paradox of Money
7
Money works because people trust it.
People trust money because it works.
Need a starting point: where does that trust begin.
Slide 9
Slide 9 text
Fiat Currency
8
Slide 10
Slide 10 text
9
With a strong enough army,
anything can be a fiat currency
Slide 11
Slide 11 text
Can bits be a currency?
10
Slide 12
Slide 12 text
Owning and Transferring a Coin
11
Alice: “I, Alice, give coin x to Bob.”
Only Alice should be able to say this (if she owns coin x).
Everyone should be able to trust it is valid.
Bob should now own coin x.
Slide 13
Slide 13 text
Asymmetry Required
Need a function f that is:
Easy to compute:
given x, easy to compute f (x)
Hard to invert:
given f (x), hard to compute x
Has a trap-door:
given f (x) and t,
easy to compute x
12
Slide 14
Slide 14 text
Using Asymmetric Crypto: Signatures
13
E D
Verified
Message
Signed Message
Message
Insecure Channel
KUB
KRB
Bob
Generates key pair: KUB
, KRB
Publishes KUB
Anyone
Get KUB
from
trusted provider
Slide 15
Slide 15 text
Transferring a Coin
14
Alice signs
m1
= “I, Alice (KUA
), give coin x, t to Bob (KUB
).”
with her private signing key, KRA
.
How does Bob transfer x to Colleen (KUC
)?
Slide 16
Slide 16 text
Transferring a Coin
15
Bob signs m2
= “I give coin x, given to me by m1
to Colleen (KUC
).”
with KRB
.
Alice signs m1
= “I, Alice (KUA
), give coin x to Bob (KUB
).” with
her private signing key, KRA
.
Slide 17
Slide 17 text
Transferring a Coin
16
Bob signs m2
= “I give coin x, given to me by m1
to Colleen (KUC
).”
with KRB
.
Alice signs m1
= “I, Alice (KUA
), give coin x to Bob (KUB
).” with
her private signing key, KRA
.
Colleen signs m3
= “I give coin x, given to me by m2
to Dave (KUD
).”
with KRC
.
This does not solve:
how to create x
how to prevent double spending
...
Slide 18
Slide 18 text
Centralized Digital Currency
17
Trusted Bank
Account No. Owner’s Identify Value
3022493 Alice 2033.23
3022494 Bob 85733.03
3022495 Colleen 24331.77
3022496 Dave 0.01
Slide 19
Slide 19 text
18
Communications of the ACM
October 1985
Slide 20
Slide 20 text
19
Communications of the ACM
October 1985
Slide 21
Slide 21 text
First Wave Cryptocurrency
20
David Chaum
Slide 22
Slide 22 text
First Wave Cryptocurrency
21
David Chaum
Bankrupt, 1998
Slide 23
Slide 23 text
Decentralized Currency
Currency without Trust
22
Slide 24
Slide 24 text
Double Spending Challenge
23
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice owns X
2. Alice hasn’t transferred X
3. The coin will be valuable for Bob
Slide 25
Slide 25 text
Double Spending Challenge
24
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice owns X
2. Alice hasn’t transferred X
3. The coin will be valuable for Bob
Node C
Node A Node B
txb
txb
Slide 26
Slide 26 text
25
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice owns X
2. Alice hasn’t transferred X
3. The coin will be valuable for Bob
Node C
Node A Node B
txb
txb
M = transfer X to Coleen SignKRA
[H(M)]
txc
Slide 27
Slide 27 text
26
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice owns X
2. Alice hasn’t transferred X
3. The coin will be valuable for Bob
Node C
Node A Node B
txb
txb
M = transfer X to Coleen SignKRA
[H(M)]
txc
Slide 28
Slide 28 text
27
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice owns X
2. Alice hasn’t transferred X
3. The coin will be valuable for Bob
Node C
Node A Node B
txb
txb
M = transfer X to Coleen SignKRA
[H(M)]
txc
Node E
Node D
Slide 29
Slide 29 text
Satoshi’s
Solution
28
Slide 30
Slide 30 text
Blockchain
29
B0
H(B0) Nonce
Transactions
H(B1) Nonce
Transactions
H(B2) Nonce
Transactions
Distributed ledger maintained by network of untrusted nodes
Blocks added require proof-of-work
Node’s agree to consensus: longest (most difficult) chain
Incentives designed to encourage network nodes to:
Validate and record transactions
Spend effort on extending consensus chain
Bitcoin’s Proof-of-Work
40
B0
H(B0) Nonce
Transactions
H(B1) Nonce
Transactions
H(B2) Nonce
Transactions
Find a nonce x such that:
SHA-256(SHA-256(r || x)) < T/d
r = header includes H(previous block)
root of Merkle tree of transactions
Slide 42
Slide 42 text
41
expected hashes ~ 1021
“number of grains of sand on earth”
Slide 43
Slide 43 text
Actual Bitcoin Block
42
https://en.bitcoin.it/wiki/Protocol_documentation#Block_Headers
Slide 44
Slide 44 text
Mining
43
Slide 45
Slide 45 text
(General-Purpose)
Computers are Useless
44
Slide 46
Slide 46 text
45
XOR two 32-bit values in CPU XOR two 32-bit values in ASIC
4 transistors XOR design
56
Apple’s revenue ~$500M/day > 2x all bitcoin transactions
Apple’s cash holdings ~$250B > 20x value of all Bitcoin
Slide 58
Slide 58 text
Scale Today
57
Block Size = 1MB
Typical transaction size ~ 500 Bytes
Maximum of ~2000 transactions per block / 10 minutes
So, about 3-4 transactions per second
Slide 59
Slide 59 text
Block Size = 1MB
Typical transaction size ~ 500 Bytes
Maximum of ~2000 transactions per block / 10 minutes
So, about 3-4 transactions per second
Scale Today
58
Cost to control bitcoin (assuming other miners are “rational”):
value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
to increase to $1B/day with current transaction rate:
$3472 fee per transaction (without losing transactions)
or 33 Billion transactions per day (with current $0.03 fee)
$1B / day =
Slide 60
Slide 60 text
Block Size = 1MB
Typical transaction size ~ 500 Bytes
Maximum of ~2000 transactions per block / 10 minutes
So, about 3-4 transactions per second
Scale Today
59
Cost to control bitcoin (assuming other miners are “rational”):
value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
to increase to $1B/day with current transaction rate:
$3472 fee per transaction (without losing transactions)
or 33 Billion transactions per day (with current $0.03 fee)
$1B / day =
Transactions per Day
VISA: 300M
Interbank: 100M
Slide 61
Slide 61 text
Block Size = 1MB
Typical transaction size ~ 500 Bytes
Maximum of ~2000 transactions per block / 10 minutes
So, about 3-4 transactions per second
Scale Today
60
Cost to control bitcoin (assuming other miners are “rational”):
value per block-minute ~ $8000 ~ $800/minute ~ $1M/day
to increase to $1B/day with current transaction rate:
$3472 fee per transaction (without losing transactions)
or 33 Billion transactions per day (with current $0.03 fee)
$1B / day =
Transactions per Day
VISA: 300M
Interbank: 100M
Cash: 20B?
Slide 62
Slide 62 text
Promise of Blockchains
61
Medical Records
Global, decentralized, ledger that:
everyone agrees on
no one controls
anyone can write into
no one can erase
Slide 63
Slide 63 text
David Evans
[email protected]
www.cs.virginia.edu/evans
bitcoin-class.org