John Feminella on Bitcoin: A Peer-to-Peer Electronic Cash System

Transcript

let’s build a blockchain an overview of Satoshi Nakamoto’s paper,

“Bitcoin: A Peer-to-Peer Electronic Cash System” by: John Feminella at: Papers We Love NYC in: Two Sigma, New York, NY on: July 10, 2018

questions? ★ email: [email protected] Twitter: @jxxf http://jxf.me · @jxxf

JOHN FEMINELLA Pivotal http://pivotal.io http://jxf.me · @jxxf

in the beginning http://jxf.me · @jxxf

http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."

http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

before money http://jxf.me · @jxxf 0

http://jxf.me · @jxxf $

a transaction http://jxf.me · @jxxf

http://jxf.me · @jxxf Alice

http://jxf.me · @jxxf ⋯

http://jxf.me · @jxxf ? Bob

http://jxf.me · @jxxf ? ⌚?

http://jxf.me · @jxxf ✓

a failed transaction http://jxf.me · @jxxf

http://jxf.me · @jxxf ? ⌚?

http://jxf.me · @jxxf ? ⌚? ✗

fixing a failed transaction http://jxf.me · @jxxf

http://jxf.me · @jxxf ? ⌚? ?

http://jxf.me · @jxxf

“double coincidence of wants” http://jxf.me · @jxxf

http://jxf.me · @jxxf ?

http://jxf.me · @jxxf ? ✗ ✗ ✗ ✓

money http://jxf.me · @jxxf 1

what’s not money? http://jxf.me · @jxxf

http://jxf.me · @jxxf

http://jxf.me · @jxxf { ? }

http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

http://jxf.me · @jxxf poor disintermediation poor fungibility low resiliency not

easily measurable not a debt instrument

can we do better? http://jxf.me · @jxxf

fiat currency advocates think so http://jxf.me · @jxxf

http://jxf.me · @jxxf fiat: “it shall be”

http://jxf.me · @jxxf

http://jxf.me · @jxxf disintermediation! fungibility! resiliency! measurable! debt instrument!

transactions with money http://jxf.me · @jxxf

http://jxf.me · @jxxf ? ⌚/$?

http://jxf.me · @jxxf ✓

but money requires trust http://jxf.me · @jxxf

http://jxf.me · @jxxf

http://jxf.me · @jxxf ?

a recipe for money http://jxf.me · @jxxf

http://jxf.me · @jxxf trust rules history

making fiat currency http://jxf.me · @jxxf

http://jxf.me · @jxxf trust rules history

http://jxf.me · @jxxf trust rules + + history

http://jxf.me · @jxxf these details are abstracted from users

can we do better? http://jxf.me · @jxxf

http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

would allow online payments to be sent directly from one party to another without going through a financial institution."

cryptocurrency advocates think so http://jxf.me · @jxxf

http://jxf.me · @jxxf trust rules history

http://jxf.me · @jxxf trust rules history ≡ ⋯

http://jxf.me · @jxxf ≡ ⋯ 0101 0010 1010 1110 0110

0101 1000 0011 trust rules history

http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

0011 ≡ ⋯ trust rules history

http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

0011 trust rules history + + ≡ ⋯

http://jxf.me · @jxxf these details are abstracted from users (?)

http://jxf.me · @jxxf each currency’s rules and history make it

unique 0101 0010 1010 1110 0110 0101 1000 0011 rules history +

a very different kind of money http://jxf.me · @jxxf

http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

0011 trust rules history ≡ ⋯

a very different kind of money http://jxf.me · @jxxf is

it really money at all?

a very different kind of money http://jxf.me · @jxxf is

it really money at all? we’ll come back to this

let’s build a cryptocurrency http://jxf.me · @jxxf

ledgers http://jxf.me · @jxxf 2

http://jxf.me · @jxxf Alice Bob Carol

http://jxf.me · @jxxf A B C

http://jxf.me · @jxxf A B C Alice paid Carol $15

http://jxf.me · @jxxf A B C Bob paid Alice $20

Bob paid Carol $30

shuffling cash is cumbersome http://jxf.me · @jxxf

can we do better? http://jxf.me · @jxxf

http://jxf.me · @jxxf A B C

http://jxf.me · @jxxf A B C $

http://jxf.me · @jxxf A B C Ledger

http://jxf.me · @jxxf our ledger records our transactions Ledger

Ledger http://jxf.me · @jxxf our ledger doesn’t run out of

room

http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

gets $100 (...) Ledger

http://jxf.me · @jxxf A B C Alice paid Carol $15

http://jxf.me · @jxxf our protocol describes how we use the

ledger

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

gets $100 Alice paid Carol $15 (...) Ledger

http://jxf.me · @jxxf A B C Alice paid Carol $15

Ledger

http://jxf.me · @jxxf A B C Bob paid Alice $20

Bob paid Carol $30

http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

gets $100 Alice paid Carol $15 Bob paid Alice $20 Bob paid Carol $30

http://jxf.me · @jxxf A B C Bob paid Alice $20

Bob paid Carol $30 Ledger

what about big transactions? http://jxf.me · @jxxf

http://jxf.me · @jxxf A B C Alice paid Carol $1,500

Ledger

http://jxf.me · @jxxf A B C Ledger Alice paid Carol

$1,500 overspending!

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. settle up every week

http://jxf.me · @jxxf A B C $1,500?

http://jxf.me · @jxxf A B C ¯\_(ツ)_/¯

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. no overspending

ledger is now its own currency () http://jxf.me · @jxxf

http://jxf.me · @jxxf Ledger

http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

gets 100 Alice paid Carol 15 Bob paid Alice 20 Bob paid Carol 30 (...)

problem: malicious actors http://jxf.me · @jxxf

http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

gets 100 B

http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

gets 100 Carol paid Bob 100 B

problem: can’t trust the ledger forgery: actors can add lines

that aren’t valid erasure: actors can remove lines that are valid http://jxf.me · @jxxf

how do we stop forgery? http://jxf.me · @jxxf

securing the ledger http://jxf.me · @jxxf 3

http://jxf.me · @jxxf "Digital signatures provide part of the solution."

http://jxf.me · @jxxf Alice paid Carol 15 Bob paid Alice

20 Bob paid Carol 30

http://jxf.me · @jxxf Alice paid Carol 15 Alice Bob paid

Alice 20 Bob Bob paid Carol 30 Bob

physical signatures can be copied http://jxf.me · @jxxf

http://jxf.me · @jxxf Alice paid Carol 15 Alice Bob paid

Alice 20 Bob Bob paid Carol 30 Bob Alice paid Bob 50 Alice B

let’s use digital signatures instead http://jxf.me · @jxxf

http://jxf.me · @jxxf sign(⋯) sign lines to authorize transactions verify(⋯)

verify signed lines to ensure signature is valid

http://jxf.me · @jxxf A

http://jxf.me · @jxxf A public key (pk) secret key (sk)

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

key (sk) message (m) Alice paid Carol 15

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

key (sk) message (m) Alice paid Carol 15

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions signature

0101 1101 1110 1010 0001 0111 [⋯] =

http://jxf.me · @jxxf changes in m produce unpredictable signatures sign(m’,sk)

sign lines to authorize transactions signature 1010 1101 0010 0110 0111 0101 [⋯] =

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

sign lines to authorize transactions = signature 0101 1101 1110 1010 0001 0111 [⋯]

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions signature

0101 1101 1110 1010 0001 0111 [⋯] verify(m,s,pk) sign lines to authorize transactions = = validation {true, false}

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

signature 0101 1101 1110 1010 0001 0111 [⋯] virtually impossible very easy!

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

signature 0101 1101 1110 1010 0001 0111 [⋯] virtually impossible very easy!

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

signature 0101 1101 1110 1010 0001 0111 [⋯] computationally infeasible very easy!

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. no overspending 3. must sign lines to be valid

http://jxf.me · @jxxf Alice paid Bob 50 0111⋯ B

can no longer forge lines… http://jxf.me · @jxxf

http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ B

http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ Alice paid

Bob 50 1011⋯ B

http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ Alice paid

Bob 50 1011⋯ B

but can duplicate legitimate lines! http://jxf.me · @jxxf

http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

key (sk) 1 Alice paid Carol 15 message (m) add id to message

http://jxf.me · @jxxf 1 Alice paid Bob 50 1011⋯ 2

Alice paid Bob 50 1011⋯ B

http://jxf.me · @jxxf B 1 Alice paid Bob 50 1011⋯

2 Alice paid Bob 50 1011⋯

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers

problem: ledger is centralized http://jxf.me · @jxxf

http://jxf.me · @jxxf A B C Ledger

distributing the ledger http://jxf.me · @jxxf 4

http://jxf.me · @jxxf A B C Ledger Ledger Ledger

broadcast our ledger updates http://jxf.me · @jxxf

http://jxf.me · @jxxf A B C Ledger Ledger Ledger

http://jxf.me · @jxxf Ledger Ledger Ledger B

http://jxf.me · @jxxf Ledger Ledger Ledger 2 Bob paid Alice

50 1011⋯ B

http://jxf.me · @jxxf Ledger Ledger 2 Bob paid Alice 50

1011⋯ 2 Bob paid Alice 50 1011⋯ 2 Bob paid Alice 50 1011⋯ Ledger B

http://jxf.me · @jxxf Ledger Ledger 2 Bob paid Alice 50

1011⋯ 2 Bob paid Alice 50 1011⋯ 2 Bob paid Alice 50 1011⋯ Ledger B

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers 5. distribute the ledger

problem: what order to use? http://jxf.me · @jxxf

http://jxf.me · @jxxf 2 Alice paid Dave 30 1001⋯ 2

Alice paid Carol 30 0101⋯ Ledger B

http://jxf.me · @jxxf 2 Alice paid Dave 30 1001⋯ 2

Alice paid Carol 30 0101⋯ Ledger B double spending!

http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers 5. distribute the ledger (how?!)

trusting the ledger http://jxf.me · @jxxf 5

http://jxf.me · @jxxf

how do we know it’s valid? http://jxf.me · @jxxf

http://jxf.me · @jxxf

http://jxf.me · @jxxf sign(m ⋯)

http://jxf.me · @jxxf sign(m + n) nonce

http://jxf.me · @jxxf sign(m + n) 01011101101⋯ nonce

http://jxf.me · @jxxf sign(m + n) 01011101101⋯ ~1 2 nonce

http://jxf.me · @jxxf sign(m + n) 00101101101⋯ ~1 4 nonce

http://jxf.me · @jxxf sign(m + n) 00001101101⋯ ~ 1 16

nonce

http://jxf.me · @jxxf sign(m + n) 000000000000⋯ ~ 1 2

nonce

http://jxf.me · @jxxf signature

http://jxf.me · @jxxf signature nonce

http://jxf.me · @jxxf signature nonce 175 <network> paid Dave 50

1001⋯

http://jxf.me · @jxxf $ $$$ $$ $$$ $ $$

http://jxf.me · @jxxf signature nonce previous

http://jxf.me · @jxxf signature nonce previous signature nonce previous signature

nonce previous

http://jxf.me · @jxxf signature nonce previous signature nonce previous signature

nonce previous

consensus: trust longest chain http://jxf.me · @jxxf

http://jxf.me · @jxxf

building with blockchains http://jxf.me · @jxxf 6

http://jxf.me · @jxxf Should I use a blockchain for my

app? Probably not.

can I wait a while for consensus? http://jxf.me · @jxxf

is this better for me than a database? http://jxf.me ·

@jxxf

does my app need to be distributed? http://jxf.me · @jxxf

do I need to trust people? http://jxf.me · @jxxf

cryptocurrency challenges http://jxf.me · @jxxf

a very different kind of money http://jxf.me · @jxxf is

it a good kind of money?

cryptocurrencies aren’t currency… http://jxf.me · @jxxf

cryptocurrencies aren’t currency… right now http://jxf.me · @jxxf

http://jxf.me · @jxxf blockchain.info price graph [source]

http://jxf.me · @jxxf blockchain.info price graph [source] $7,000 $1,000 2014

2017

deflationary currencies aren’t great http://jxf.me · @jxxf

http://jxf.me · @jxxf

deflation discourages production http://jxf.me · @jxxf

http://jxf.me · @jxxf

http://jxf.me · @jxxf $

http://jxf.me · @jxxf $ $ $ $

PoW is ecologically problematic http://jxf.me · @jxxf

http://jxf.me · @jxxf Vice Motherboard [source]

the future http://jxf.me · @jxxf 7

http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

takeaways Bitcoin is a trustless, permissionless set of rules in

software, those rules allow us to trustlessly exchange value the protocol has some serious problems blockchains have enormous potential … if we get it right http://jxf.me · @jxxf

John Feminella on Bitcoin: A Peer-to-Peer Electronic Cash System

John Feminella on Bitcoin: A Peer-to-Peer Electronic Cash System

More Decks by pwl

Other Decks in Technology

Featured

Transcript