Intro/kick-off for a blockchain lecture / training at TU Kenya and USIU Nairobi.

1. What is Blockchain?
And how does it work?
Dr. Bastian Blankenburg, UTU Technologies Limited
Nairobi, September 2018

2. Outline
1. Blockchain: a Distributed Ledger Technology
2. Smart Contracts and Decentralised Applications
3. Challenges of 1st and 2nd Generation Blockchains — and some Solutions
4. UTU’s case
5. Conclusion

3. Blockchain:
a Distributed Ledger Technology
Part 1

4. Blockchain: a Distributed Ledger Technology
Source: Blockchain technology. Legislative Council of the Hong Kong Special Administrative Region, 2015,
http://www.legco.gov.hk/research-publications/english/essentials-1516ise15-blockchain-technology.htm, original source given: Oliver Wyman (2015)
• Ledger: history of transactions.
• Examples: Bank account, land registry, Facebook, any classical database
Centralised ledger Distributed ledger

5. How to Safely Distribute a Ledger? (1)
Each node to add only valid transactions:
•digitally sign a hash of the previous transaction and the public key of the next owner.
•recipient can verify the signatures to verify the chain of ownership.

6. How to Safely Distribute a Ledger? (1)
Each node to add only valid transactions:
•digitally sign a hash of the previous transaction and the public key of the next owner.
•recipient can verify the signatures to verify the chain of ownership.

7. How to Safely Distribute a Ledger? (2)
Prevent double-spend:
•Every node needs to know of all transactions.
•Majority of nodes need to agree on single history of the order of transactions.
Solution: time-stamping:
1. Take hash of a set (“block”) of transactions + previous timestamp.
2. Timestamp the hash.
3. Publish the hash + timestamp widely.

8. How to Safely Distribute a Ledger? (2)
Prevent double-spend:
•Every node needs to know of all transactions.
•Majority of nodes need to agree on single history of the order of transactions.
Solution: time-stamping:
1. Take hash of a set (“block”) of transactions + previous timestamp.
2. Timestamp the hash.
3. Publish the hash + timestamp widely.

9. How to Safely Distribute a Ledger? (3)
Problem: No central server for time-stamping.
Solution: p2p time-stamping using Proof of Work:
1. Everybody can create blocks + hashes.
2. But: hashing is made difficult.
3. Broadcast blocks to all known nodes (recursively)
4. Consensus: the longest chain always wins.

10. How to Safely Distribute a Ledger? (3)
Problem: No central server for time-stamping.
Solution: p2p time-stamping using Proof of Work:
1. Everybody can create blocks + hashes.
2. But: hashing is made difficult.
3. Broadcast blocks to all known nodes (recursively)
4. Consensus: the longest chain always wins.
Sources: Bitcoin: A Peer-to-Peer Electronic Cash System. Nakamoto, 2008, https://bitcoin.org/bitcoin.pdf,

11. How to Safely Distribute a Ledger? (3)
Problem: No central server for time-stamping.
Solution: p2p time-stamping using Proof of Work:
1. Everybody can create blocks + hashes.
2. But: hashing is made difficult.
3. Broadcast blocks to all known nodes (recursively)
4. Consensus: the longest chain always wins.
Sources: Bitcoin: A Peer-to-Peer Electronic Cash System. Nakamoto, 2008, https://bitcoin.org/bitcoin.pdf,

12. Smart Contracts and
Decentralised Applications
Part 2

13. What are Smart Contracts?
• A smart contract
• is a program that is run as transactions on the chain,
• can execute transactions as specified through its code,
• has to be “mined” to made available in the chain, which includes assigning it an address,
• provides functions which are invoked in transactions,
• has a proper on-chain address, i.e. can hold and transfer coins,
• is publicly verifiable (because on-chain), and
• typically costs a transaction fee to execute (“gas”).
• Smart contracts enable decentralised apps:
• transaction sequences they specify are guaranteed by the platform.
• apps can be for use by humans but also autonomous software agents (cf. multi-agent system).

14. Smart Contract Example
contract Purchase {
uint public value;
address public seller;
address public buyer;
enum State { Created, Locked, Inactive }
State public state;
// Ensure that `msg.value` is an even number. Division will truncate if it is an odd
// number. Check via multiplication that it wasn't an odd number.
constructor() public payable {
seller = msg.sender;
value = msg.value / 2;
require((2 * value) == msg.value, "Value has to be even.");
}
modifier inState(State _state) {
require(
state == _state,
"Invalid state."
);
_;
}
event PurchaseConfirmed();
/// Confirm the purchase as buyer. Transaction has to include `2 * value` ether.
/// The ether will be locked until confirmReceived is called.
function confirmPurchase()
public
inState(State.Created)
condition(msg.value == (2 * value))
payable
{
emit PurchaseConfirmed();
buyer = msg.sender;
state = State.Locked;

15. Decentralised Application (d-app)
Source: A Decentralised Sharing App running a Smart Contract on the Ethereum Blockchain, Bogner et al., IOT, 2016

16. Challenges of 1st and 2nd
Generation Blockchains
— and some Solutions
Part 3

17. Challenges of 1st and 2nd Generation Blockchains
1. Centralisation and 51% Attacks
• Verge ($2.7m)
• Bitcoin Gold ($1.8m)
• Zencash ($0.5m)
2. Scalability (#tx / time)
3. Ethereum / Solidity: low design and implementation quality
• DAO hack (3.6m Eth)
• Parity Multisig Wallet hack (150k Eth)
• Parity Freeze (0.5m Eth)
4. UX/UI
5. Hard Forks (lack of governance)

18. How to Double-Spend
10 BTC
Malicious miner:
Legitimate balance:

19. How to Double-Spend
10 BTC
Malicious miner:
Legitimate balance:
Buys some goods online for 5 BTC.
5 BTC
tx: 5 BTC

20. How to Double-Spend
10 BTC
Malicious miner:
Legitimate balance:
Buys some goods online for 5 BTC.
5 BTC
Cheated balance: 10 BTC
tx: 5 BTC

21. How to Double-Spend
10 BTC
Malicious miner:
Legitimate balance:
Buys some goods online for 5 BTC.
5 BTC
Cheated balance: 10 BTC
Cheated chain needs
to grow longest to be
accepted.
Needs at least 51%
“hash rate”.
tx: 5 BTC

22. Challenge 1: Centralisation and 51% Attacks
• Nakamoto’s original argument: unlikely that a miner (or coalition) reaches >= 51% hash rate.
• But:
• Bitmain almost there for Bitcoin.
• Recently a number of 51% attacks happened on smaller chains (e.g. Bitcoin Gold).
• Vitalik Buterin’s recipe for takeover: create a smart contract for a coordinated activity such that:
• Any miner can join by sending a very large deposit to the contract.
• Miners send shares of their partially completed blocks to the contract; the contract verifies this and
also that you are a miner with sufficient hash power.
• Before 60% of all miners join, one can leave at anytime.
• After 60% of all miners join, you will be bound to the contract until the 20 blocks have been added to
cheating chain.

23. Excursus: Game Theory
• A (mathematical) tool to analyse strategic interaction between rational decision-makers.
• Types:
• Non-cooperative (no agreements) vs Cooperative (binding agreements)
• Simultaneous vs. sequential
• Perfect vs. imperfect information (-> Bayesian games)
• Zero-sum or not
• Repeated or one-time only
• Solutions:
• Non-Cooperative: Nash equilibrium
• Cooperative: Core, Shapley Value, Kernel etc.

24. Example: Prisoner’s Dilemma
Source: The legacy of John Nash and his equilibrium theory. Stephen Woodcock, 2015, The
Conversation, https://phys.org/news/2015-05-legacy-john-nash-equilibrium-theory.html

25. Example: Prisoner’s Dilemma

26. Example: Prisoner’s Dilemma

27. Example: Prisoner’s Dilemma
Equilibrium ≠ globally best solution!

28. The Case Against the 51% Attack
Game-theory:
• “Grim Trigger” game:
• Should an heir to the throne kill the current queen/king?
• Subjects get guarantee of stability from the kingdom.
• Once you killed the 1st king, there’s no reason to not also kill all subsequent kings!
• Once a chain was 51%-attacked, there’s no reason to not do it again for miners in general. However:
• This only holds if miners have vested interest in keeping the blockchain working in the long term, and
not completely destroy its ecosystem.
• Other chains for which miners don’t care so much can be exploited, then miners move on.
• The attacks on Bitcoin Gold and other small chains, but not Bitcoin or other big chains seem to
confirm this.

29. Additional Options for Better Decentralisation
• Alternative consensus methods:
• (Delegated) Proof of Stake — unproven
• Acyclic Graphs of transactions — proven (arguably) only for permissioned chains
• Alternative approach to Proof of Work:
• Limit by memory bandwidth, not computation — works iff ASIC development held off “long enough”.

30. Additional Options for Better Decentralisation
• Alternative consensus methods:
• (Delegated) Proof of Stake — unproven
• Acyclic Graphs of transactions — proven (arguably) only for permissioned chains
• Alternative approach to Proof of Work:
• Limit by memory bandwidth, not computation — works iff ASIC development held off “long enough”.
Cuckoo Cycle

31. Challenge 2: Scalability
• Proof of Work leads to low number of transactions / time.
• Alternative to using different consensus: reduce number of on-chain
transactions.
• Æternity State Channels:
• A sequence of transactions is done off-chain, then later written to the
chain in one aggregated transaction.
• Similar to Bitcoin’s Lightning Network, but supports smart contracts:
1. Set of nodes open a channel.
2. Nodes transact on the channel fee-free and limited only by “normal”
computation/network latency.
3. Nodes close the channel, transferring the resulting state back onto the
chain.

32. Challenge 3: Solid Smart Contracts
• Ethereum’s Solidity was designed in an ad-hoc fashion.
• Many bugs and quirks such as silent overflows.
• Æternity’s approach for Sophia:
• Solid, language-design experienced team (some of the original Erlang developers).
• Cleanly designed, functional language of the ML family, strongly typed and restricted mutable state.
• First-class blockchain types:
• Oracles (interfacing to off-chain services)
• Naming (AENS)

33. Challenge 3: Solid Smart Contracts
• Ethereum’s Solidity was designed in an ad-hoc fashion.
• Many bugs and quirks such as silent overflows.
• Æternity’s approach for Sophia:
• Solid, language-design experienced team (some of the original Erlang developers).
• Cleanly designed, functional language of the ML family, strongly typed and restricted mutable state.
• First-class blockchain types:
• Oracles (interfacing to off-chain services)
• Naming (AENS)
Easier to reason about programs and proof correctness.

34. • Many early d-apps are “from nerds, for nerds”.
• Most non-tech users
• care about ease of use, value-add.
• don’t care about the underlying tech.
• However they increasingly want systems to be secure, privacy-
preserving, transparent, reliable etc.
• Therefore blockchain / smart contract platforms should provide
SDKs for easy high quality d-app development.
• Æternity:
• SDKs for Javascript, Python, Go
• UI Components for Vue.js
• Example æpps
Challenge 4: UX/UI

35. Challenge 5: Preventing Hard Forks / Governance (1)
• Hard Fork:
• a group of users forks the source code + chain state to branch
off on their own.
• possible with any open source chain.
• to prevent it, the number of users willing to break off must be
sufficiently small.
• Æternity provides:
• delegated voting mechanism, weighted by the amount of Æ.
• technical tools to permit governance.
• frameworks for human interaction for effective discussion.

36. Challenge 5: Preventing Hard Forks / Governance (2)
Future: Liquid Democracy?
Source: http://blog.jochmann.me/post/35834118306/liquid-democracy-video-explanation-simple-terms

37. UTU’s Case
Part 4

38. UTU’s Service Endorsements

39. UTU’s Service Endorsements - Reward

40. UTU’s Service Endorsements - Reward
What might be the problem here?

41. UTU’s Service Endorsements - Reward
What might be the problem here?
Sybil attack possible!

42. Conclusion
Part 5

43. Conclusion
• DLTs enable decentralised, transparent, censorship-resistant transfer of money, other assets, and
implementation of apps.
• Blockchains are one way to implement DLTs.
• So far, only Proof of Work-based public chains have been proven to be secure — as long as no one obtains
51% of the hash rate.
• Other methods like Proof of Stake, Hashgraph etc. promise much higher scalability at the potential cost of
security.
• Scaling Proof of Work chains with tools such as Æternity’s State Channels might be considered a good
compromise.
• There are many other challenges when developing reliable and user friendly d-apps, that are tackled in different
ways by different projects. Æternity provides many useful tools to tackle these.
• When designing a d-app with it’s own token/trading/reward/otherwise economic ecosystem, its token
economics has to be analysed, for which game theory and related economic models are particularly useful.

44. Thank you!