understanding blockchains - carnegie mellon … › asset_files › presentation › ...• some...
TRANSCRIPT
Understanding Blockchains Qinghua Lu | Senior Research Scientist @ AAPLen Bass |Adjunct Faculty @ CMU
April 2018
Len Bass
© Len Bass 2018 2
Topics
• Blockchain network and platforms• Blockchain variants• Pieces of Blockchains• Applications
© Len Bass 2018 3
Quick definitions
• Blockchain = data + contract +immutability + encryption
• Blockchain platform =distributed +high availability +consensus mechanism
© Len Bass 2018 4
Topics
• Blockchain network and platforms• Blockchain variants• Pieces of Blockchains• Applications
© Len Bass 2018 5
Public Blockchain Network
5 |
• Network• Gossip protocol for
propagation• Every node hosts a replica
• Good availability • Efficient reading
• Node content• A sequence of blocks of
transactions for which consensus has been reached.
• Each node has a set of outstanding transactions
Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 6
Platforms
• Bitcoin • Ethereum • Hyperledger Fabric• Multiple others in development or use
© Len Bass 2018 7
Bitcoin
• Used only for bitcoin cryptocurrency
© Len Bass 2018 8
Ethereum
• The Ethereum platform supports a Turing complete programing langage
• You write a “smart contract” in this programming language that specifies the rules of your contract.
• There are other rules for using the platform that govern costs and fees.
Blockchain | Xiwei (Sherry) Xu8 |
© Len Bass 2018 9
Hyperledger Fabric• Open source platform supported by IBM• Contracts are written in Chaincode• Chaincode is a program, written in Go, node.js, and
eventually in other programming languages such as Java, that implements a prescribed interface.
• Turing Complete• Plug ins exist for different variants
Blockchain | Xiwei (Sherry) Xu9 |
© Len Bass 2018 10
Topics
• Blockchain network and platforms• Blockchain variants• Pieces of Blockchains• Applications
© Len Bass 2018 11
Blockchain variants• Trust (consensus) model• On chain/off chain• Public/private• Customizability • Incentive model• Permissioned/permissionless
• We will introduce variants here and expand on them as appropriate
Blockchain | Xiwei (Sherry) Xu11 |
© Len Bass 2018 12
Consensus models• Distributed consensus• Superusers
Blockchain | Xiwei (Sherry) Xu12 |
© Len Bass 2018 13
Distributed Consensus• Each node collects new transactions into a
block• In each round, a random node gets to
broadcast its block• Other nodes accept the block only if all
transactions in it are valid • Other nodes implicitly accept/reject the block
• Extending it• Ignoring it and extending chain from an earlier
block
Blockchain | Xiwei (Sherry) Xu13 |
© Len Bass 2018 14
Accepting block• All users have copy of blockchain.• Any user can propose a new block with new
transactions. Must be a valid transactions• Valid transactions are restricted by computational
difficulty. Proposed transactions are easy to verify, difficult to generate.
• If competing proposals, vote by users.• In Bitcoin and Ethereum votes are weighted to
prevent flooding user pool with artificial users• Proof of stake• Proof of work
© Len Bass 2018 15
Superusers
• Additions must be verified by small group of superusers
• Rules to prevent rogue superusers
© Len Bass 2018 16
On chain/off chain• All data on chain or some data off chain?
• On chain data is immutable • Off chain data must have provisions to verify
integrity• Performance trade off. Whole chain is copied for
availability and integrity reasons.• May go off chain
• to retrieve data stored in database, for example.• Because data is voluminous
© Len Bass 2018 17
Public / Consortium / Private • Anyone can use a public blockchain network
• Public Bitcoin or Public Ethereum• Public networks have incentives for people to join and fees for use• Better transparency and auditability, bad performance
• Consortium blockchain is used cross-organizations• Controlled by pre-authorized nodes
• Private blockchain is within a single organization
• Consortium/private instantiation of public blockchain• Blockchain platform is (mostly) open source• Network layer access control – firewall
Blockchain | Xiwei (Sherry) Xu17 |
© Len Bass 2018 18
Customizability
• Some blockchains have hard coded transaction rules– e.g. Bitcoin or other non government backed digital currencies.
• Other blockchains allow you to set up your own transaction rules. E.g. Ethereum has a Turing complete language to specify transaction rules. • Programs in these languages are called
“smart contracts”
Blockchain | Xiwei (Sherry) Xu18 |
© Len Bass 2018 19
Incentive structure for public networks
• Creating a new block in Bitcoin is computationally difficult. This is referred to as “mining”
• In public networks, some of the power of blockchain is due to replication and having new blocks validated.
• The incentive structure is intended both to incentivize creation of new blocks and to replicate existing blocks.• If you are a successful miner, you are allocated
new Bitcoins• Collected fees are also allocated to encourage
participation.
Blockchain | Xiwei (Sherry) Xu19 |
© Len Bass 2018 20
Permissionless / Permissioned
• Consortium/Private networks require permissions to access• More suitable for regulated industries
• Know-Your-Customer (KYC) • Other permissions
• Permission to initiate transactions• Permission to mine• Fine-grained permission: permission to create a particular
asset• Public networks can be used for private purposes
• E.g. executing a smart Ethereum contract to manage a supply chain.
• Public networks that are used for private purposes require permissions to access the private portions.
Blockchain | Xiwei (Sherry) Xu20 |
© Len Bass 2018 21
Topics
• Blockchain network and platforms• Blockchain variants• Pieces of Blockchains• Applications
© Len Bass 2018 22
Quick definitions
• Blockchain = data + contract +immutability + encryption
• Blockchain platform =distributed +high availability +consensus mechanism
© Len Bass 2018 23
Data in Blockchain
• A blockchain consists of an linked list of transactions on a blockchain platform.
• Sometimes called a ledger
Block 2Block 1 Block 3 Block 4
© Len Bass 2018 24
Adding new transaction
• Adding new transaction depends on trust model• Consensus model• Superuser model
© Len Bass 2018 25
Quick definitions
• Blockchain = data + contract +immutability + encryption +consensus mechanism
• Blockchain platform =distributed +high availability
© Len Bass 2018 26
Blockchain contract
• A contract is a specification of how individuals or entities can interact with the blockchain and their obligations and rewards from this interaction.
• Contracts can be • explicit or implicit • hard coded into the platform or programmable
• Smart contracts are written in a language within the platform for specifying the contract.
26 |
© Len Bass 2018 27
Bitcoin contract• Hard coded• Key concepts:
• Accounts – an individual may have one or more accounts within the bitcoin network
• Spending – an individual owning an account can transfer bitcoins to another account
• Mining – a new bitcoin can be created by finding a valid new block (complicated process)
• Consensus validation. A transaction is not “accepted” until it has been validated by participants in the network.
Blockchain | Xiwei (Sherry) Xu27 |
© Len Bass 2018 28
Ethereum contract
• Similar to Bitcoin for cryptocurrency• Specified in smart contract for other
applications
© Len Bass 2018 29
Hyperledger contract
• Specified in Chaincode• Hyperledger is a private platform
© Len Bass 2018 30
Quick definitions
• Blockchain = data + contract +immutability + encryption +consensus mechanism
• Blockchain platform =distributed +high availability
© Len Bass 2018 31
How to make ledger immutable
• Immutability rests on two foundations• Hash functions• Difficulty of modifying blockchain
© Len Bass 2018 32
Hash Function• Hash functions
• Takes any string as input• Fixed-size output (for example, 256 bits)• Efficiently computable
• Security properties • Collision-unlikely
32 | Blockchain | Xiwei (Sherry) Xu
xy
H(x) = H(y)
© Len Bass 2018 33
Hashing linked list
Block 1
Hash of genesis block
Block 2
Hash of Block 1
Genesis block
Block 3
Hash of Block 2
Any change to Block N requires changing all subsequent blocks
© Len Bass 2018 34
What prevents someone from changing the whole blockchain?
• It depends on the trust model• Consensus model. • Superuser model.
34 |
© Len Bass 2018 35
Change models
• Consensus model• Any user can recognize change• Validation of change depends on voting by
users• Superuser model
• Changes must be validated by superuser
© Len Bass 2018 36
Merkle tree
• A Merkle tree is a data structure that supports rapid validation that a linked list (blockchaindata) has not been modified
• Binary tree where node is hash of children and leaf nodes are hashes of blockchain blocks. then hashing the hash
© Len Bass 2018 37
Merkle tree for four block chain
© Len Bass 2018 38
Quick definitions
• Blockchain = data + contract +immutability + encryption
• Blockchain platform =distributed +high availability +Consensus mechansm
© Len Bass 2018 39
Building blocks of cryptography with Zerocash example
• NP completeness• Zero Knowledge proofs• Quadratic Span Programs
• Very complicated – you don’t need to understand cryptographic portions of blockchain to understand uses of blockchain
Blockchain | Xiwei (Sherry) Xu39 |
© Len Bass 2018 40
NP completeness
• An NP complete problem is one in which there is no way to locate a solution in polynomial time.
• It may be possible, however, to verify a solution in polynomial time.
Blockchain | Xiwei (Sherry) Xu40 |
© Len Bass 2018 41
Boolean satisfiability• The Boolean satisfiability problem is NP complete.
• Given a statement in Boolean logic, finding an assignment of True or False to the variables in that statement that makes the statement evaluate to True is computationally difficult.
• Verifying that a particular assignment evaluates to True is computationally easy.
© Len Bass 2018 42
Zero Knowledge Proofs
• We begin with the Diffie Hellman algorithm
• Diffie Hellman is the basis of the SSH protocol.
Blockchain | Xiwei (Sherry) Xu42 |
© Len Bass 2018 43
Diffie-Hellman (intuitively)• Alice and Bob agree on a
common color • Each chooses a secret color • Each mixes their secret color
with the common color• Each sends their mixture to
the other• Each now adds their secret
color• Alice and Bob end up with
the same color but decoding it is difficult
• This color is the shared key for symmetric encryption
© Len Bass 2018 44
Moving to Zero Knowledge (ZK) proofs
• Alice generates two keys using techniques similar to Diffie Hellman. One she keeps secret and one she shares with Bob.
• Alice claims knowledge of some fact and encodes that knowledge using her secret key. She shares the encoding with Bob.
• Bob uses the shared key to verify the truth of the fact that Alice is claiming.
Blockchain | Xiwei (Sherry) Xu44 |
© Len Bass 2018 45
Security • It is not possible for Bob to derive Alice’s fact
from their communication without either factoring large numbers (an NP complete problem) or knowing Alice’s secret key.
• That is, Alice can convince Bob that she knows the fact in question without divulging the fact – zero knowledge proof.
• More importantly, there is an efficient way to generate zero knowledge proofs for any NP complete problem.
Blockchain | Xiwei (Sherry) Xu45 |
© Len Bass 2018 46
Quadradic Span Programs
Blockchain | Xiwei (Sherry) Xu
contract Key Generator
Prover token
Verifier token
Prover – I have complied with all elements of the
contract under my control
Compliance Token
Compliance Token
Verifier –Prover has (has not) complied
© Len Bass 2018 47
Roles
• Prover (Alice in prior examples). • Verifier (Bob).
Blockchain | Xiwei (Sherry) Xu47 |
© Len Bass 2018 48
Generating prover/verifier tokens
• Input Boolean expression into the key generator. Output is two publicly available tokens– one for the prover, one for the verifier
• Tokens are based on secret choices. These choices must be kept secret.
contract Key Generator
Prover key
Verifier key
© Len Bass 2018 49
Proof/verification• Prover uses prover token to assert a particular string
is true for the Boolean expression.• Verifier uses verifier token to check prover’s assertion
Blockchain | Xiwei (Sherry) Xu
Prover – I have complied with all elements of the
contract under my control
Compliance Token
Compliance Token
Verifier –Prover has (has not) complied
© Len Bass 2018 50
Cheating
• Prover cannot cheat because then their assertion cannot be verified.
• Verifier cannot cheat because verifier token is public, verifier algorithm is public, and assertion is public. Anyone can verify if assertion is true.
Blockchain | Xiwei (Sherry) Xu50 |
© Len Bass 2018 51
How do quadratic span programs work?
• Key idea – for any Boolean expression can generate a function that will determine whether an input satisfies that expression.• Function can work in linear time• Function does not find satisfying input, only verifies if
a given input satisfies• Function is derived by generating vectors that span
possible inputs and modeling each gate in Boolean circuit associated with Boolean expression as a vector.
• Two different functions – one for input wires (for proving) and one for internal wires (for verification)
Blockchain | Xiwei (Sherry) Xu51 |
© Len Bass 2018 52
Applying encryption - 1• Boolean satisfying problem is NP complete
so there exist Zero Knowledge proofs to determine validity. This is a part of creating a quadratic span program.
• A key generator creates the tokens based on choice of large primes. These primes must be kept secret but are only used in the generation phase.
52 |
© Len Bass 2018 53
Applying encryption - 2• Prover asserts particular string is true. Verifier uses
verifier token to verify but because quadratic span proofs and verification are zero knowledge, no information about the string is available to the Verifier (or anyone else).
© Len Bass 2018 54
Zerocash
• Zerocash (Zcash) is a crypto currency (like bitcoin) such that transactions can be verified without disclosing any information about the person initiating the transaction or the recipient of the transaction.
Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 55
What is a transaction? • A transaction describes the transfer of
money from one account to another. It has the following items:• From account• To account• Amount of money to transfer from sender
to recipient• Verification that the from account has
sufficient funds• Verification that the person initiating the
transaction owns the from account
Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 56
Pieces of zerocash• Setup – create public tokens• CreateAddress – open an account• Mint – create a new zerocash coin • Verify transaction – verify that a
reported transaction satisfies conditions
• Pour – spend coins• Receive – add spent coins to your
account
Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 57
Zerocash properties
• Relies on the public tokens• Relies on an immutable public ledger• Keeps private (encrypted) all of the elements
of the transaction• Account identifiers – from and to• Owners of accounts• Amount of accounts• Amount of transaction
Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 58
Topics
• Blockchain network and platforms• Blockchain variants• Pieces of Blockchains• Applications
© Len Bass 2018 59
Interest in Blockchain
Blockchain | Xiwei (Sherry) Xu59 |
Source: World Economic Forum (August 2016)
• c
© Len Bass 2018 60
Observation
• All of the proposed uses of blockchainrequire agreements between multiple users and organizations
• Why has this not happened already without blockchain?
© Len Bass 2018 61
Blockchain qualities• Blockchains are architectural design choice
• Functionally, they are a kind of database and computational execution engine
• Using a blockchain impacts non-functional properties • (+) Integrity, Non-repudiation • (-) Modifiability• (+) Availability• (-) Confidentiality, Privacy
• Solution: Cryptography• (- write / + read) Latency• (-) Throughput
• Solutions: Increasing block size, Lightning network, Segregated witnessBlockchain | Xiwei (Sherry) Xu61 |
© Len Bass 2018 62
Blockchain vs. Shared Database
62 | Blockchain | Xiwei (Sherry) Xu
Blockchain Shared DatabaseOperations Insert (Append Only) Create/Read/Update/Delete
(CRUD)Replication Full replication on every peer • Master-slave
• Multi-masterConsensus • Majority of peers agree on
the outcome of transactions
• Tolerant of Byzantine Generals’ problem
• Distributed transactions (2 Phase Commit, Paxos)
• Synchronization
Validation Global rules enforced on the whole blockchain
Local integrity constraints
© Len Bass 2018 63
63 | Blockchain | Xiwei (Sherry) Xu
Blockchain vs. Shared Database
© Len Bass 2018 64
Cotton Supply Chain• Grown• Harvested• Sent to gin mill• Packaged in bales• Loaded on train• Shipped to port• Loaded on ship• Unloaded at destination port• Trucked to cloth manufacturer
• Finished cloth sent to clothing manufacturer
• …• You buy shirt
© Len Bass 2018 65
Problems with current supply chain practice
• Multiple organizations• Lack of transparency• International currency exchange• Quality control• …
© Len Bass 2018 66
Blockchains in a supply chain
• Public blockchain• Transactions are transparent• Currency exchange can be built into
transactions• Every step is recorded publicly• No central control
© Len Bass 2018 67
Why now?• Every organization has to agree on details of using
blockchain• Previously the overhead of getting agreement and
software products was too high for organizations involved
• Vendors offering integrated products to support whole process• Open source blockchain software• Use of public blockchain platforms
© Len Bass 2018 68
Business Process Models• CMU MSE project• Input description of
business process in BPMN
• Output code that executes business process on Hyperledger
• Allows easy transition from existing business models to blockchain
© Len Bass 2018 69
• Blockchains are heavily hyped• Variants for different contexts• Blockchains are a distributed data
ledger (database)• Blockchains are being tested in a
variety of domains
Summary
69 | Blockchain | Xiwei (Sherry) Xu
© Len Bass 2018 70
More information
Blockchain | Xiwei (Sherry) Xu70 |
• Book by people I worked with in Australia
© Len Bass 2018 71
Shameless self promotion
Available from Amazon