Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Build your own block chain

9 063 vues

Publié le

Block chain introduction for an entry level technical audience.

Publié dans : Technologie

Build your own block chain

  1. 1. Build your own BlockChain
  2. 2. http://www.finextra.com/news/fullstory.aspx?newsitemid=28395 http://www.pymnts.com/news/2015/ripple-effect-for-blockchain-and-banks/ http://www.finextra.com/news/fullstory.aspx?newsitemid=28400 https://ripple.com/
  3. 3. http://www.wired.com/insights/2015/01/block-chain-2-0/ https://www.ethereum.org/ http://www.coindesk.com/microsoft-hints-future-ripple-blockchain-toolkit/
  4. 4. http://www.finextra.com/news/fullstory.aspx?newsitemid=28405 http://www.cnbc.com/2016/01/28/
  5. 5. 2016 looks to be the year of the Block Chain OK, ok. So how does it work?
  6. 6. Lots of documentation and presentations… https://bitcoin.org/bitcoin.pdf …but here’s my attempt…
  7. 7. Triple entry booking (or enter the middleman) • Alice is hungry • Alice could eat a pig • Bob gives Alice a pig and creates an IOU transaction receipt • Alice owes Bob one pig • To provide trust, Alice and Bob use Fred to notarise the transaction • 3 copies of a transaction receipt, one for each party From: Alice To: Bob Time: 12 Mar 2013 For: One pig Signatories: Alice Fred Flintstone Bob
  8. 8. Never trust the middleman Bob loses his receipt Fred colludes with Alice and claims Bob is mistaken - no pig was provided... Bob is smad. Is there a way to get rid of a middleman and provide trust?
  9. 9. Maybe... let's take advantage of public key cryptography Public key: 28wOoK6Nq9bDExK… Private key:9xl/K0veBBMtZ… Public key: kL5SwAT6A3U7LAjd… Private key:yaqmH9Z+nKD…
  10. 10. Story time! Private public key cryptography Once upon a time there was encryption and decryption with a shared key. As long as anyone knew the key, and how to use the key, then they could encrypt or they could decrypt. This is called symmetric encryption. Some text Move by n number of characters in alphabet Key (n) = 2 Then some smart people had an idea. They realised they could create an approach that involved two different keys. One key is purposely kept private, the other is provided to the other party (or often the public). If you use the private key to encrypt then the public key can decrypt. If you use the public key to encrypt then you can use the private key to decrypt. This is called asymmetric encryption. Some text Asymmetric algorithm Private key Public key There are many asymmetric encryption algorithms. RSA is one of the most common.
  11. 11. This is how… 1. Alice and Bob generate public-private key pairs eg RSA 2. Alice encrypts the plain text version of the transaction receipt with her private key 3. Alice prepends her name to the signed receipt (so we know which public key to use when many people involved) 4. Alice and Bob (and any other members of the network) store the result
  12. 12. Which means… We’ve created a record of the transaction that we know can only have been generated by Alice. The contents can be decrypted by anyone so the transaction record is visible to all.
  13. 13. The balance of what is owed at a point in time is the sum of all signed transaction receipts. From: Alice To: Bob Time: 12 Mar 2013 What: One pig AT6A3U7LAjd… From: Alice To: Bob Time: 15 Apr 2014 What: Two pig B7F8U7LA92C… From: Bob To: Alice Time: 2 Dec 2015 What: One pig 87AB2D9A1d… Alice owes Bob one pig
  14. 14. Bartering is painful, let’s introduce money • Bob is hot and dry so Alice provides two melons, how many melons to a pig? • We introduce a currency reflecting value • Add it to the transaction records to enable summation
  15. 15. From: Alice To: Bob Time: 12 Mar 2013 What: One pig Value: $100 BT6A3U7LAjd… From: Alice To: Bob Time: 15 Apr 2014 What: Two pig Value: $200 C7F8U7LA92C… From: Bob To: Alice Time: 2 Dec 2015 What: One pig Value: $100 27AB2D9A1d… From: Bob To: Alice Time: 2 Dec 2015 What: Two melons Value: $50 BDA32E9ACd… Alice owes Bob $150
  16. 16. Sorted!? Not quite, how do we transfer value?
  17. 17. • Bob likes John’s hat • John say’s it’s $200 • Bob reckons why not transfer his $200 IOU from Alice to John From: Alice To: Bob Time: 12 Mar 2013 What: One pig Value: $100 From: Alice To: Bob Time: 15 Apr 2014 What: Two pig Value: $200 From: Bob To: Alice Time: 2 Dec 2015 What: One pig Value: $100 From: Bob To: Alice Time: 2 Dec 2015 What: Two melons Value: $50 From: Bob To: John Time: 2 Dec 2015 What: V1jZUy… Value: $200 SHA256 signature calculated for the transaction "V1jZUyLvPOxzZvKpuUwTCNzGmovoxHRzJ76FGXMN3JY="
  18. 18. Story time! SHA256 - what's that? Once upon a time someone figured out that it was possible to calculate a short identifier for any given input. It’s like a unique signature for the input (although in reality it’s not guaranteed to be unique at all – but for all intents and purposes it is). It's called a hash because in the process the algorithm is effectively doing a lot of chopping and mixing. There are lots of algorithms to do this task but some are better than others. SHA-2, often referred to as SHA256, was designed by the NSA. The letters stand for Secure Hash Algorithm 2. If you have a hash value, it's not at all easy to obtain the input, even small changes to the input have large consequences on the output. Don't confuse it with encryption - there's no key, for any given input you always get the same output. Some text SHA256 JDdigoW2OuYy8CkQV10XmyLnNnvD42tAta25RmOiIqI= Some text1 SHA256 12E+SmrYMSTj6vlh51UdVDWgJQNGz35AOvesa2z3yAo=
  19. 19. Recap • No middle man • The summation of signed transaction receipts gives the outstanding balance position across all parties • Including value transfer between parties
  20. 20. Sorted!? Not quite, we need to stop double spending…
  21. 21. Problem - double spending If members fail to update their personal transaction registers quickly enough, then a malicious member can replicate and use transaction records by spending more than once. From: Alice To: Bob Time: 12 Mar 2013 What: One pig Value: $100 From: Alice To: Bob Time: 15 Apr 2014 What: Two pig Value: $200 From: Bob To: Alice Time: 2 Dec 2015 What: One pig Value: $100 From: Bob To: Alice Time: 2 Dec 2015 What: Two melons Value: $50 From: Bob To: John Time: 2 Dec 2015 What: V1jZUy… Value: $200 SHA256 signature calculated for the transaction "V1jZUyLvPOxzZvKpuUwTCNzGmovoxHRzJ76FGXMN3JY=" From: Bad Guy To: John Time: 2 Dec 2015 What: V1jZUy… Value: $200 From: Bad Guy To: John Time: 2 Dec 2015 What: V1jZUy… Value: $200 This will become obvious in time but by then the damage is done Question is: how do we ensure an action such as the creation of a transaction record is valid?
  22. 22. We need some way to get transaction integrity How about 2-phase commit? A 3rd-party in the path? Nope – grinds to a halt when scaling Nope – then we’ve failed! How about distributed consensus with member voting eg “Paxos”? Story time! Paxos was created by Leslie Lamport and named after a fictional parliament on the Greek island of Paxos. Paxos is a 3-Phase Commit protocol with several versions – but idea is that majority quorum results in eventual consistency. Good start, but more required…
  23. 23. Consensus voting has a weakness: fake identities • Distributed networks with voting systems are susceptible to the creation of fake identities • Fake identities can subvert the vote. • Sometimes called a Sybil attack after the name of the novel of a woman with identity disorder. • When people are involved we can refer to sockpuppets Somehow we need to make the creation of identities hard enough to be not worth it
  24. 24. Proof of work: a cost to create identity & vote At the moment our block chain suffers because 1. it’s easy to create public-private key pairs, and 2. It’s easy to sign a value transaction. What’s something hard???? We’re talking computers here so it has to be computationally hard… How about the reverse of a signing operation? SHA256(“Some simple text”)  "AX+dClQgll/3QNCXacNn3q0O4lv2SKrjQ5C8vLMUcC0=“ Going in reverse you have to brute force which is hard but not impossible.
  25. 25. We can make this much harder though… Look for a hash outcome that has some arbitrary substring eg 00 at the beginning. SHA256(“I vote for Bob”)  "wn8iR1xcp4JLpHC1WLkXSDS+wtNeF5TYCthCycGw1+c=“ Fail, so let’s modify the input in some way.. SHA256(“I vote for Bob - 2”) -> "O1ODEfjRTAgsbMuRSUnMPD84nAExphQ0zqQTpD3Omr8=“ Fail again, keep going… open System.Security.Cryptography open System.Text let hasher = new SHA256Managed() let bytesHash' (s:string) = hasher.ComputeHash((new UnicodeEncoding()).GetBytes(s)) let r = System.Random() let rs = [0..10000] |> List.map (fun i -> i* r.Next(0,1000)) let hashes = rs |> List.map (fun i -> System.Convert.ToBase64String(bytesHash' (i.ToString()) )) hashes |> List.filter (fun h -> h.StartsWith("00")) … I typically get 2 to 4 hashes that work in 10,001 random choices The more 0’s at the beginning, the harder work it is. The idea is to make this expensive for the member generating the vote.
  26. 26. Important point: the time taken to do a proof of work varies widely Likelihood of solving Time taken to solve Some times a node will calculate the proof of work quickly, other times very slowly. When many nodes try and calculate the result simultaneously the time to uncover the result tends towards smaller values. (In BitCoin’s case it’s about 10mins for all nodes but an individual node might typically take hours or days.) Because of the broad distribution we don’t normally get two solutions found at the same time.
  27. 27. Just what does harder work mean here?
  28. 28. Recap 1. To stop malicious members double spending we needed better transaction integrity but without the downsides of a 3rd party or full 2 phase commit – majority consensus seems a reasonable idea. 2. But consensus voting is susceptible to the creation of fake identities 3. It looks like we might have a way to make the vote signing process sufficiently expensive to perform that we can stop members trying to manipulate the consensus mechanism.
  29. 29. Let’s explore that proof of work cost aspect a bit more • Let’s say we have a network of 1000 participants • Alice transfers some value to Bob, let’s say $1 • We can set the computing cost (energy, hardware etc) to create a transaction by making the proof of work harder or easier $10 Bob now has a choice: 1. Trust that Alice won’t double spend, or 2. Ask some number of the network participants to verify the transaction If Bob asks for verification, then what’s a good number of the total network to ask? 10, 100, 500, everyone????
  30. 30. Story time! Proof of work has an interesting history. The idea didn't start specifically with block chains or BitCoin. It came up in the 1990s in the context of finding ways to hinder unwanted behaviour in electronic systems; a classic example being Denial of Service. Denial of Service is an a way to disrupt service by intentionally flooding a system with requests. But what if we made the attacker's effort sufficiently large that it was no longer financially worth it? What about if the task to make a request was computationally tough. The system offering the service might could ignore those requests not able to satisfy the proof of work task. Proof of work in the case of BitCoin is large which has lead to the creation of dedicated low energy BitCoin mining hardware. Estimates for the electricity required to generate 1 BitCoin vary greatly depending upon the type of hardware used (home PC versus laptop versus Raspberry PI versus dedicated ASIC). BitCoin also makes the proof of work progressively harder over time. Currently it's calibrated so that on average the proof of work completes in about 10mins across the whole of the network. With so many nodes on the bitcoin network that means any individual node would usually take many hours or days to finish the proof of work. 1 BitCoin @ 5 Feb 2016 = $NZD 577
  31. 31. Let’s calculate a cost to be a criminal Number of fake verifications (aka “I vote for Alice”) from fake identities Cost to verify $0.001 $0.01 $0.1 10 $0.01 $0.1 $1 100 $0.1 $1 $10 500 $0.5 $5 $50 For a $1 trade there’s two options that look attract, particularly one of them.
  32. 32. Whoa! Hold it there. Cost to be a crim? Isn’t it also the cost to do business? If every transaction is going to involve proof of work to verify and it equals or exceeds the value of the transaction, then what’s the point? And just thinking about this – surely, Bob has to pay something for the effort to request verifications?
  33. 33. Let’s add an incentive, and make it more efficient Transaction Fees • Let’s give network members some recompense for transaction verification • And, let’s make it efficient by pooling transactions into blocks Blocks of transactions linked together ... doh,I get it: Block Chain! Block ID: 3a4cb… Previous Block ID: 178dfe… Verified by: Fred Date: 21 Feb 2016 From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1 From: Mickey To: Alice What: 2 Pigs, $220 Fee: $0.15 From: Bob To: Mickey What: 3 Cheeses, $50 Fee: $0.05 To: Fred What: transaction fees, value $0.3
  34. 34. Block verification 1. Participants generate transactions and announce them to the network for verification 2. Members like Fred aggregate unconfirmed transactions and once the total transaction fees are large enough… a. Adds a transaction fee for verification to the block b. Make the effort to verify transactions are valid and not doubled c. Do the proof of work challenge to generate a block hash 3. Sends the block into the network to distribute to everyone else
  35. 35. What happens when Barney and Fred both choose to verify a block? Block ID: 3a4cb… Previous Block ID: 178dfe… Verified by: Fred Date: 21 Feb 2016 09:56 From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1 From: Mickey To: Alice What: 2 Pigs, $220 Fee: $0.15 From: Bob To: Mickey What: 3 Cheeses, $50 Fee: $0.05 To: Fred What: transaction fees, value $0.3 Block ID: 581b2… Previous Block ID: 178dfe… Verified by: Barney Date: 21 Feb 2016 16:21 From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1 From: Mickey To: Alice What: 2 Pigs, $220 Fee: $0.15 From: Bob To: Mickey What: 3 Cheeses, $50 Fee: $0.05 To: Barney What: transaction fees, value $0.3 We’ve created an incentive to compete. The first to complete get’s the benefit. Someone will always be ahead - Fred gets in first this time
  36. 36. What if two blocks get submitted to the network at nearly the same time? Unlikely, but it could happen. Can’t use timestamps because they can be maliciously altered. Block Block A Block B Time 1. Barney’s node sees Block A first so it starts to build a new block on top of Block A from unprocessed transactions. 2. Fred’s node sees Block B first so it starts to build a new block from unprocessed transactions on top of Block B. 3. Block chains have a rule that you immediately switch to the longest chain available. 4. If Barney get’s to publish his new block first, then Fred’s node will discard Block B, use Block A and race to build a new block on top of it. Barney sees block A first Fred sees block B first It’s increasingly rare for blocks to be solved and sent into the network near simultaneously. So the network rapidly stabilizes.
  37. 37. Consequences are funky. Solution: only follow the longest chain of blocks Blocks fundamentally can’t ever be considered final – you might not yet have received all the generated blocks. That means transactions are also never strictly final! But it turns out that the odds the transaction isn’t correct decrease dramatically as blocks get created.
  38. 38. BitCoin as an example BlockChain clients need to validate transactions and blocks right back to the beginning of BitCoin. It takes awhile: On a laptop about two days worth of work…
  39. 39. What if I’m trying to subvert the network? To create fraudulent transactions then I need to create fraudulent blocks. To modify a past block I would have to redo the proof of work on that block, and then all following blocks. But this is a really tall order – the probability of an attacker catching up diminishes exponentially as blocks are added. Block Block Block Block Time Block The computing cost is just too hard for one attacker versus many honest participants. Block
  40. 40. Putting it all together 1. Transactional integrity is achieved with PKI • Non-repudiation and transaction integrity (no modification after creation) • But not really identity 2. Transactions exist in a peer 2 peer network 3. Transactions are aggregated into blocks • Gives an efficient way to implement batched proof of work for transaction fees • Simplifies management of transactions over time (probability of correctness) 4. No middleman!
  41. 41. So is this BitCoin? Mostly. We've created a chain of transactional blocks which we can use for a crypto-currency. BitCoin is a specific implementation tuned to have some interesting properties. BitCoin has 1Mb blocks and the proof of work is much harder - roughly 13 0s on the front of the hash which means an individual miner might days on average to complete the proof of work, but with a big network BitCoin have tuned difficulty to achieve 10min average block generation. BitCoin currently limited to about 7 txns/sec by the 1Mb block size - that's not very much for a retail payment system - moves afoot to increase block size and numbers of transactions processed per mining operation. Fees are effectively near 0 for a user. Compare/contrast to credit card or international transaction fees which can be >3%. Costs of conventional payment brokers are high due to operational overhead, especially fraud. BitCoin avoids all fraud in the actual payment system itself. BitCoin smallest unit 8 decimal places - micropayments become especially attractive. All you need is the software and a QR code.
  42. 42. http://www.digitalistmag.com/finance/2016/01/15/blockchain-poised-hot-tech-for-moving-money-2016-03941451
  43. 43. So, what does it all mean? http://www.wired.com/insights/2015/01/block-chain-2-0/ This is what I think: learn this stuff… Block chains + Smart contracts + Internet of Things Peer to peer transactional networks free from reconciliation or 3rd-party costs with smart contracts and very large numbers of interacting devices are going to become very important to our future lives.
  44. 44. References • https://www.igvita.com/2014/05/05/minimum-viable-block-chain/ • https://www.youtube.com/watch?v=Lx9zgZCMqXE • https://www.khanacademy.org/economics-finance-domain/core- finance/money-and-banking/bitcoin/v/bitcoin-what-is-it • http://www.coindesk.com/math-behind-bitcoin/ • http://scet.berkeley.edu/wp-content/uploads/BlockchainPaper.pdf • https://bitcoin.org/bitcoin.pdf