An Overview of Blockchain Technologies and Uses (Day 2)
Andy Dolan • Computer Science Department • Colorado State University
Last Time we Covered
● An Introduction to Bitcoin● The Core Features: What is a Blockchain?● Distributed Consensus
Image: Jay’s Brick Blog
Outline
● Identity in blockchain and anonymization● Smart contracts● Attacks against blockchain● Interesting (non-cryptocurrency) blockchain use cases
Image: Jay’s Brick Blog
Identity in Blockchain
How do we manage who’s who?
Identity in Public Blockchain
● Public key, associated private key○ If you have the private key, you have the
associated transactions
● Beyond that, what identity exists?○ Do you register for a Bitcoin account?○ Where might your information be revealed?
Is Blockchain Anonymous?
● Cryptocurrencies can be traced back through
the ledger● At some point, there is an exchange to a
product/service/currency○ These might require some identity information
● Is this a privacy risk?○ Or is this an advantage?
● Either way, users will want to make their
tokens anonymous
Token Tumbling
● Also called mixing, blending, cleaning● Third-party services that will “clean” your
“tainted” tokens for you● Put your tokens in a tumbler/mixer
○ This is still just a transaction○ Is there a risk in doing this?
● Get some other tokens out that aren’t linked
to you● Only misdirection, not true “cleaning”
Other Anonymization Efforts
● Use of zero-knowledge proofs to verify
transactions● Built into the protocol of the particular chain● Can end up being somewhat similar to mixing
○ Exchanging “real” coins for others
● Other implementations involve burning old
coins and then minting new ones○ Zcoin
Burning Tokens
● Some systems use the concept of
“destroying” tokens● Often dubbed “sending to an
impossible/unspendable address”● Control of currency supply● Proof of burn● Is there a risk here?
○ Is the address really unspendable?
Permissioned Blockchain
● Stronger concept of identity○ Use of PKI
● Only certain participants can join● Stronger trust model?● Advantages, disadvantages● Use cases
○ Supply chain in a particular market○ Record keeping between key stakeholders○ Public read-only, permissioned writes
Questions/Comments?
Introduction to Smart Contracts
Automated trust, or millions of costly bugs?
Smart Contracts
● Distributed pieces of code associated with
blockchain transactions● Executions that define how a transaction is
carried out● “Smart” because the contract is automatically
enforced by the system● Usually simple, sometimes complex● Now present in most blockchain
implementations
A Simple Implementation: Bitcoin
● Every Bitcoin transaction has a script○ Written in Script
● Super, super simple● List of instructions for how the next person
wanting to spend coins can gain access to
them○ If the script returns TRUE, you have access to the
funds
● Can be just about anything
Typical Bitcoin Script
● Requires two things:● Public key that hashes to destination address
of transaction○ The recipient of coins
● Signature to prove ownership of the private
key corresponding to the public key○ The recipient provides this○ Only the owner of the right private key can get the
coins
More Unique Bitcoin Scripts
● Freezing funds until a future date● Creating a mini proof-of-work puzzle that
anyone can solve● Incentivized finding of SHA1 hash collisions
○ Created in 2013, donation based○ Solved, reward claimed in February 2017 shortly
after SHA1 was broken○ A little over 2 bitcoin claimed
Ethereum and Smart Contracts
● Arguably the biggest smart contract platform● Turing-complete smart contract language:
Solidity● Opens up lots of different possibilities for
○ Applications○ Tokens (and how they operate)
● More complexity can be problematic
Where Smart Contracts go Wrong
● What problems can slip through with a more
complex smart contract?● The DAO attack
○ A bug in the code with huge consequences: hard
fork○ Creation of Ethereum Classic
● Updating a deployed contract can be…
complicated
Questions/Comments?
Security Aspects of Blockchain
Attacks against blockchain technologies
Additional Reading
Attacking Consensus
● Majority attacks○ Proof of Work○ Proof of Stake
● Compromised centralized “leader” in PBFT● Consensus delays● Selfish mining
○ Similar to majority attack○ Try to trick the network by maintaining a parallel
chain
Attacking the Network
● Traditional network attacks to mislead or
disable nodes● DDoS, DNS attacks, routing attacks● Spam transactions, slow/limited propagation● Limit availability
Questions/Comments?
Other Use Cases
Less cryptocurrency-centric applications of blockchain
Supply Chain
● A ledger of how supply changes ownership
throughout its lifecycle● BeefChain● Lettuce from Walmart● What issues are solved by blockchain?● How does this model differ from
cryptocurrencies?
Blockchain for IoT
● Improving security of IoT devices with a
blockchain platform● IoT device identity● IoT device and service permissions● Storage on an immutable ledger
IoT for Blockchain
● IoTa: Ledger technologies built for IoT● Attempting to make blockchain more efficient
to be able to run on IoT devices at scale● Consensus algorithms optimized for
hardware● Network architecture to accommodate for IoT
capabilities
Storage??
● Again, this is really just a database● However, it’s append only● What about use cases that require a lot of
record changes?● Does it scale?
○ Bitcoin: about 200 GB total○ Ethereum: about 200 GB total
Voting, Elections
Other Questions?
Conclusion
● Blockchain is cool● But needs to be used carefully● Design is critical● It really isn’t the answer for most problems
Thank you