Pro Yearly is on sale from $80 to $50! »

John Feminella on Bitcoin: A Peer-to-Peer Electronic Cash System

4762c519c32569eb4c6f1c2797947eb5?s=47 pwl
July 10, 2018

John Feminella on Bitcoin: A Peer-to-Peer Electronic Cash System

The original Bitcoin paper was published by a pseudonymous individual named Satoshi Nakamoto on Halloween 2008, in the quiet recesses of a small cryptography mailing list, where it was mostly ignored. A couple of months afterwards, Satoshi published the original Bitcoin client software that implemented the ideas in the paper.

Ten years later, a lot has happened both about cryptocurrency, and a lot of money has changed hands. In this talk, we explore the core ideas laid out in the paper, the historical background around digital currencies, and how these ideas and history were implemented in the original Bitcoin client.

4762c519c32569eb4c6f1c2797947eb5?s=128

pwl

July 10, 2018
Tweet

Transcript

  1. let’s build a blockchain an overview of Satoshi Nakamoto’s paper,

    “Bitcoin: A Peer-to-Peer Electronic Cash System” by: John Feminella at: Papers We Love NYC in: Two Sigma, New York, NY on: July 10, 2018
  2. questions? ★ email: jxf@jxf.me Twitter: @jxxf http://jxf.me · @jxxf

  3. JOHN FEMINELLA Pivotal http://pivotal.io http://jxf.me · @jxxf

  4. in the beginning http://jxf.me · @jxxf

  5. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  6. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  7. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  8. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  9. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  10. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer- to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers."
  11. before money http://jxf.me · @jxxf 0

  12. http://jxf.me · @jxxf $

  13. a transaction http://jxf.me · @jxxf

  14. http://jxf.me · @jxxf Alice

  15. http://jxf.me · @jxxf ⋯

  16. http://jxf.me · @jxxf ? Bob

  17. http://jxf.me · @jxxf ? ⌚?

  18. http://jxf.me · @jxxf ? ⌚?

  19. http://jxf.me · @jxxf ? ⌚?

  20. http://jxf.me · @jxxf ✓

  21. a failed transaction http://jxf.me · @jxxf

  22. http://jxf.me · @jxxf ? ⌚?

  23. http://jxf.me · @jxxf ? ⌚?

  24. http://jxf.me · @jxxf ? ⌚? ✗

  25. fixing a failed transaction http://jxf.me · @jxxf

  26. http://jxf.me · @jxxf ? ⌚? ?

  27. http://jxf.me · @jxxf

  28. “double coincidence of wants” http://jxf.me · @jxxf

  29. http://jxf.me · @jxxf ?

  30. http://jxf.me · @jxxf ? ✗ ✗ ✗ ✓

  31. money http://jxf.me · @jxxf 1

  32. what’s not money? http://jxf.me · @jxxf

  33. http://jxf.me · @jxxf

  34. http://jxf.me · @jxxf { ? }

  35. http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

  36. http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

  37. http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

  38. http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

  39. http://jxf.me · @jxxf disintermediation? fungibility? resiliency? measurable? debt instrument?

  40. http://jxf.me · @jxxf poor disintermediation poor fungibility low resiliency not

    easily measurable not a debt instrument
  41. can we do better? http://jxf.me · @jxxf

  42. fiat currency advocates think so http://jxf.me · @jxxf

  43. http://jxf.me · @jxxf fiat: “it shall be”

  44. http://jxf.me · @jxxf

  45. http://jxf.me · @jxxf disintermediation! fungibility! resiliency! measurable! debt instrument!

  46. transactions with money http://jxf.me · @jxxf

  47. http://jxf.me · @jxxf ? ⌚/$?

  48. http://jxf.me · @jxxf ? ⌚/$?

  49. http://jxf.me · @jxxf ✓

  50. but money requires trust http://jxf.me · @jxxf

  51. http://jxf.me · @jxxf

  52. http://jxf.me · @jxxf

  53. http://jxf.me · @jxxf ?

  54. a recipe for money http://jxf.me · @jxxf

  55. http://jxf.me · @jxxf trust rules history

  56. making fiat currency http://jxf.me · @jxxf

  57. http://jxf.me · @jxxf trust rules history

  58. http://jxf.me · @jxxf trust rules history

  59. http://jxf.me · @jxxf trust rules history

  60. http://jxf.me · @jxxf trust rules + + history

  61. http://jxf.me · @jxxf these details are abstracted from users

  62. can we do better? http://jxf.me · @jxxf

  63. http://jxf.me · @jxxf "A purely peer-to-peer version of electronic cash

    would allow online payments to be sent directly from one party to another without going through a financial institution."
  64. cryptocurrency advocates think so http://jxf.me · @jxxf

  65. http://jxf.me · @jxxf trust rules history

  66. http://jxf.me · @jxxf trust rules history ≡ ⋯

  67. http://jxf.me · @jxxf ≡ ⋯ 0101 0010 1010 1110 0110

    0101 1000 0011 trust rules history
  68. http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

    0011 ≡ ⋯ trust rules history
  69. http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

    0011 trust rules history + + ≡ ⋯
  70. http://jxf.me · @jxxf these details are abstracted from users (?)

  71. http://jxf.me · @jxxf each currency’s rules and history make it

    unique 0101 0010 1010 1110 0110 0101 1000 0011 rules history +
  72. a very different kind of money http://jxf.me · @jxxf

  73. http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

    0011 trust rules history ≡ ⋯
  74. a very different kind of money http://jxf.me · @jxxf is

    it really money at all?
  75. a very different kind of money http://jxf.me · @jxxf is

    it really money at all? we’ll come back to this
  76. let’s build a cryptocurrency http://jxf.me · @jxxf

  77. ledgers http://jxf.me · @jxxf 2

  78. http://jxf.me · @jxxf Alice Bob Carol

  79. http://jxf.me · @jxxf A B C

  80. http://jxf.me · @jxxf A B C Alice paid Carol $15

  81. http://jxf.me · @jxxf A B C Bob paid Alice $20

    Bob paid Carol $30
  82. shuffling cash is cumbersome http://jxf.me · @jxxf

  83. can we do better? http://jxf.me · @jxxf

  84. http://jxf.me · @jxxf A B C

  85. http://jxf.me · @jxxf A B C $

  86. http://jxf.me · @jxxf A B C Ledger

  87. http://jxf.me · @jxxf our ledger records our transactions Ledger

  88. Ledger http://jxf.me · @jxxf our ledger doesn’t run out of

    room
  89. http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

    gets $100 (...) Ledger
  90. http://jxf.me · @jxxf A B C Alice paid Carol $15

  91. http://jxf.me · @jxxf our protocol describes how we use the

    ledger
  92. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

  93. http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

    gets $100 Alice paid Carol $15 (...) Ledger
  94. http://jxf.me · @jxxf A B C Alice paid Carol $15

    Ledger
  95. http://jxf.me · @jxxf A B C Bob paid Alice $20

    Bob paid Carol $30
  96. http://jxf.me · @jxxf Alice gets $100 Bob gets $100 Carol

    gets $100 Alice paid Carol $15 Bob paid Alice $20 Bob paid Carol $30
  97. http://jxf.me · @jxxf A B C Bob paid Alice $20

    Bob paid Carol $30 Ledger
  98. what about big transactions? http://jxf.me · @jxxf

  99. http://jxf.me · @jxxf A B C Alice paid Carol $1,500

    Ledger
  100. http://jxf.me · @jxxf A B C Ledger Alice paid Carol

    $1,500 overspending!
  101. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. settle up every week
  102. http://jxf.me · @jxxf A B C $1,500?

  103. http://jxf.me · @jxxf A B C ¯\_(ツ)_/¯

  104. http://jxf.me · @jxxf A B C ¯\_(ツ)_/¯

  105. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. no overspending
  106. ledger is now its own currency () http://jxf.me · @jxxf

  107. http://jxf.me · @jxxf Ledger

  108. http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

    gets 100 Alice paid Carol 15 Bob paid Alice 20 Bob paid Carol 30 (...)
  109. problem: malicious actors http://jxf.me · @jxxf

  110. http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

    gets 100 B
  111. http://jxf.me · @jxxf Alice gets 100 Bob gets 100 Carol

    gets 100 Carol paid Bob 100 B
  112. problem: can’t trust the ledger forgery: actors can add lines

    that aren’t valid erasure: actors can remove lines that are valid http://jxf.me · @jxxf
  113. how do we stop forgery? http://jxf.me · @jxxf

  114. securing the ledger http://jxf.me · @jxxf 3

  115. http://jxf.me · @jxxf "Digital signatures provide part of the solution."

  116. http://jxf.me · @jxxf Alice paid Carol 15 Bob paid Alice

    20 Bob paid Carol 30
  117. http://jxf.me · @jxxf Alice paid Carol 15 Alice Bob paid

    Alice 20 Bob Bob paid Carol 30 Bob
  118. physical signatures can be copied http://jxf.me · @jxxf

  119. http://jxf.me · @jxxf Alice paid Carol 15 Alice Bob paid

    Alice 20 Bob Bob paid Carol 30 Bob Alice paid Bob 50 Alice B
  120. let’s use digital signatures instead http://jxf.me · @jxxf

  121. http://jxf.me · @jxxf sign(⋯) sign lines to authorize transactions verify(⋯)

    verify signed lines to ensure signature is valid
  122. http://jxf.me · @jxxf A

  123. http://jxf.me · @jxxf A public key (pk) secret key (sk)

  124. http://jxf.me · @jxxf A public key (pk) secret key (sk)

  125. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

    key (sk) message (m) Alice paid Carol 15
  126. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

    key (sk) message (m) Alice paid Carol 15
  127. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions

  128. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions signature

    0101 1101 1110 1010 0001 0111 [⋯] =
  129. http://jxf.me · @jxxf changes in m produce unpredictable signatures sign(m’,sk)

    sign lines to authorize transactions signature 1010 1101 0010 0110 0111 0101 [⋯] =
  130. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

    sign lines to authorize transactions = signature 0101 1101 1110 1010 0001 0111 [⋯]
  131. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

    sign lines to authorize transactions = signature 0101 1101 1110 1010 0001 0111 [⋯]
  132. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

    sign lines to authorize transactions = signature 0101 1101 1110 1010 0001 0111 [⋯]
  133. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions verify(m,s,pk)

    sign lines to authorize transactions = signature 0101 1101 1110 1010 0001 0111 [⋯]
  134. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions signature

    0101 1101 1110 1010 0001 0111 [⋯] verify(m,s,pk) sign lines to authorize transactions = = validation {true, false}
  135. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

    signature 0101 1101 1110 1010 0001 0111 [⋯] virtually impossible very easy!
  136. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

    signature 0101 1101 1110 1010 0001 0111 [⋯] virtually impossible very easy!
  137. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions =

    signature 0101 1101 1110 1010 0001 0111 [⋯] computationally infeasible very easy!
  138. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. no overspending 3. must sign lines to be valid
  139. http://jxf.me · @jxxf Alice paid Bob 50 0111⋯ B

  140. http://jxf.me · @jxxf Alice paid Bob 50 0111⋯ B

  141. can no longer forge lines… http://jxf.me · @jxxf

  142. http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ B

  143. http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ Alice paid

    Bob 50 1011⋯ B
  144. http://jxf.me · @jxxf Alice paid Bob 50 1011⋯ Alice paid

    Bob 50 1011⋯ B
  145. but can duplicate legitimate lines! http://jxf.me · @jxxf

  146. http://jxf.me · @jxxf sign(m,sk) sign lines to authorize transactions secret

    key (sk) 1 Alice paid Carol 15 message (m) add id to message
  147. http://jxf.me · @jxxf 1 Alice paid Bob 50 1011⋯ 2

    Alice paid Bob 50 1011⋯ B
  148. http://jxf.me · @jxxf B 1 Alice paid Bob 50 1011⋯

    2 Alice paid Bob 50 1011⋯
  149. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers
  150. problem: ledger is centralized http://jxf.me · @jxxf

  151. http://jxf.me · @jxxf A B C Ledger

  152. distributing the ledger http://jxf.me · @jxxf 4

  153. http://jxf.me · @jxxf A B C Ledger Ledger Ledger

  154. http://jxf.me · @jxxf A B C Ledger Ledger Ledger

  155. broadcast our ledger updates http://jxf.me · @jxxf

  156. http://jxf.me · @jxxf A B C Ledger Ledger Ledger

  157. http://jxf.me · @jxxf Ledger Ledger Ledger B

  158. http://jxf.me · @jxxf Ledger Ledger Ledger 2 Bob paid Alice

    50 1011⋯ B
  159. http://jxf.me · @jxxf Ledger Ledger 2 Bob paid Alice 50

    1011⋯ 2 Bob paid Alice 50 1011⋯ 2 Bob paid Alice 50 1011⋯ Ledger B
  160. http://jxf.me · @jxxf Ledger Ledger 2 Bob paid Alice 50

    1011⋯ 2 Bob paid Alice 50 1011⋯ 2 Bob paid Alice 50 1011⋯ Ledger B
  161. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers 5. distribute the ledger
  162. problem: what order to use? http://jxf.me · @jxxf

  163. http://jxf.me · @jxxf 2 Alice paid Dave 30 1001⋯ 2

    Alice paid Carol 30 0101⋯ Ledger B
  164. http://jxf.me · @jxxf 2 Alice paid Dave 30 1001⋯ 2

    Alice paid Carol 30 0101⋯ Ledger B double spending!
  165. http://jxf.me · @jxxf protocol: 1. anyone can add valid lines

    2. no overspending 3. must sign lines to be valid 4. lines have unique identifiers 5. distribute the ledger (how?!)
  166. trusting the ledger http://jxf.me · @jxxf 5

  167. http://jxf.me · @jxxf

  168. http://jxf.me · @jxxf

  169. http://jxf.me · @jxxf

  170. http://jxf.me · @jxxf

  171. how do we know it’s valid? http://jxf.me · @jxxf

  172. http://jxf.me · @jxxf

  173. http://jxf.me · @jxxf sign(m ⋯)

  174. http://jxf.me · @jxxf sign(m + n) nonce

  175. http://jxf.me · @jxxf sign(m + n) 01011101101⋯ nonce

  176. http://jxf.me · @jxxf sign(m + n) 01011101101⋯ nonce

  177. http://jxf.me · @jxxf sign(m + n) 01011101101⋯ ~1 2 nonce

  178. http://jxf.me · @jxxf sign(m + n) 00101101101⋯ ~1 4 nonce

  179. http://jxf.me · @jxxf sign(m + n) 00001101101⋯ ~ 1 16

    nonce
  180. http://jxf.me · @jxxf sign(m + n) 000000000000⋯ ~ 1 2

    nonce
  181. http://jxf.me · @jxxf signature

  182. http://jxf.me · @jxxf signature nonce

  183. http://jxf.me · @jxxf signature nonce

  184. http://jxf.me · @jxxf signature nonce 175 <network> paid Dave 50

    1001⋯
  185. http://jxf.me · @jxxf $ $$$ $$ $$$ $ $$

  186. http://jxf.me · @jxxf signature nonce previous

  187. http://jxf.me · @jxxf signature nonce previous signature nonce previous signature

    nonce previous
  188. http://jxf.me · @jxxf signature nonce previous signature nonce previous signature

    nonce previous
  189. consensus: trust longest chain http://jxf.me · @jxxf

  190. http://jxf.me · @jxxf

  191. http://jxf.me · @jxxf

  192. http://jxf.me · @jxxf

  193. http://jxf.me · @jxxf

  194. http://jxf.me · @jxxf

  195. building with blockchains http://jxf.me · @jxxf 6

  196. http://jxf.me · @jxxf Should I use a blockchain for my

    app? Probably not.
  197. can I wait a while for consensus? http://jxf.me · @jxxf

  198. is this better for me than a database? http://jxf.me ·

    @jxxf
  199. does my app need to be distributed? http://jxf.me · @jxxf

  200. do I need to trust people? http://jxf.me · @jxxf

  201. cryptocurrency challenges http://jxf.me · @jxxf

  202. a very different kind of money http://jxf.me · @jxxf is

    it a good kind of money?
  203. cryptocurrencies aren’t currency… http://jxf.me · @jxxf

  204. cryptocurrencies aren’t currency… right now http://jxf.me · @jxxf

  205. http://jxf.me · @jxxf blockchain.info price graph [source]

  206. http://jxf.me · @jxxf blockchain.info price graph [source] $7,000 $1,000 2014

    2017
  207. deflationary currencies aren’t great http://jxf.me · @jxxf

  208. http://jxf.me · @jxxf

  209. deflation discourages production http://jxf.me · @jxxf

  210. http://jxf.me · @jxxf

  211. http://jxf.me · @jxxf

  212. http://jxf.me · @jxxf

  213. http://jxf.me · @jxxf $

  214. http://jxf.me · @jxxf $ $ $ $

  215. http://jxf.me · @jxxf $ $ $ $

  216. http://jxf.me · @jxxf $ $ $ $

  217. PoW is ecologically problematic http://jxf.me · @jxxf

  218. http://jxf.me · @jxxf Vice Motherboard [source]

  219. the future http://jxf.me · @jxxf 7

  220. http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

    0011 trust rules history + + ≡ ⋯
  221. http://jxf.me · @jxxf 0101 0010 1010 1110 0110 0101 1000

    0011 trust rules history + + ≡ ⋯
  222. takeaways Bitcoin is a trustless, permissionless set of rules in

    software, those rules allow us to trustlessly exchange value the protocol has some serious problems blockchains have enormous potential … if we get it right http://jxf.me · @jxxf
  223. takeaways Bitcoin is a trustless, permissionless set of rules in

    software, those rules allow us to trustlessly exchange value the protocol has some serious problems blockchains have enormous potential … if we get it right http://jxf.me · @jxxf
  224. takeaways Bitcoin is a trustless, permissionless set of rules in

    software, those rules allow us to trustlessly exchange value the protocol has some serious problems blockchains have enormous potential … if we get it right http://jxf.me · @jxxf
  225. takeaways Bitcoin is a trustless, permissionless set of rules in

    software, those rules allow us to trustlessly exchange value the protocol has some serious problems blockchains have enormous potential … if we get it right http://jxf.me · @jxxf
  226. Thanks! ★ questions? email: jxf@jxf.me Twitter: @jxxf http://jxf.me · @jxxf