Upload
prithwis-mukerjee
View
677
Download
2
Embed Size (px)
Citation preview
Bitcoin, Blockchai
n & CryptoCon
tractsPart 2
the shared ledger
Prithwis Mukerjee, PhD, Praxis Business School, Calcutta, India
Establishing Ownership & Transfer of an AssetProblem with any non-material, or dematerialised asset is the question of ownership
Arup can write a cheque to Bina without having money in the bank
Or can write two cheques of Rs 1000 each to Bina and Dipa while having only Rs 1000 in the bank
Arup may not have a house to sell
Or may try to sell the same house twice
Ownership verified with a central ledgerEach transaction is validated or allowed by a bank, or a share depository or a land registry office depending on the “balance” available in the central ledger
Name Bal
Arup 1000
Bina 2000
Chandru 1500
Dipa 200
Esha 4000
Arup transfers 600 to Bina
Bina transfers 1500 to Chandru
Chandru transfers 2500 to Dipa
Dipa transfers 100 to Esha
The Distributed LedgerName Bal
Arup 1000
Bina 2000
Chandru 1500
Dipa 200
Esha 1000
Arup xfers 600 to Bina
Bina xfers 1500 to ChandruChandru xfers 2500 to Dipa
Dipa xfers 100 to Esha
Name Bal
Arup 1000
Bina 2000
Chandru 1500
Dipa 200
Esha 1000
Name Bal
Arup 1000
Bina 2000
Chandru 1500
Dipa 200
Esha 1000
Everyone can keep a copy of the ledger.
All copies are updated simultaneously.
Anyone can verify any transaction.
However everyone need not do so.
Does not maintain ledger, only transacts
In reality, not balance but are storedKPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
Arup xfers 600 to Bina
KPuA 800 KPuA 200
KPuB 600 KPuA 400
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400
Dipa xfers 100 to Esha
KPuD 200
KPuE 100 KPuD 100
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400 KPuE 100 KPuD 100
Chandru xfers 2500 to Dipa
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400 KPuE 100 KPuD 100
KPuC 700
KPuC 1000 KPuD 2500
The ledger stores public key, not name. Hence anonymous
UTXO - Unspent Transaction Output
KPuC 800 KPuB 500
What is a public key? See this slide deck!
Verification : When can an UTXO not be used?1. When UTXO does not belong to
the “person” [ or the “wallet” or the “public key” ] who is transferring the assetthis can be easily checked from the signature used to sign the transfer.
2. If the UTXO does not exist in the database!
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400 KPuE 100 KPuD 100
KPuC 700
KPuD 2500
KPuC 800 KPuB 500
sigC
sigC sigC
sigC
Suppose Arup “Double Spends”KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
Arup xfers 600 to Bina
KPuA 800 KPuA 200
KPuB 600 KPuA 400
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400
Arup xfers 800 to Esha
KPuA 400
KPuA 500 KPuE 800
KPuA 800
KPuA 200
KPuB 1500
KPuB 500
KPuC 700
KPuC 800 KPuD 200
KPuE 1000
KPuB 600 KPuA 400
KPuA 100
KPuA 500 KPuE 800 KPuA 100
Arup creates a fake transaction and publishes a corrupt version of the ledger
Will his fake transaction be accepted?
Network has full nodes and light nodes (wallets)
ledger
ledger
ledger
ledger
The ledger is huge ( ~ 50GB+) and growing. Not everyone can afford to have the ledger on his or her own machine
for verification & transaction
only transaction
Whose ledger is correct?Suppose Arup has “friends” who agree to take a copy of his “corrupt” ledger and declare that this is the ledger that they will follow
Can this copy of the corrupt ledger become the accepted ledger?
Yes, if a “sufficient” number of members of the network agree that this is indeed the true ledger and start using it
What is a “sufficient” number?
Say 51% but then .. total number of members in a peer-to-peer network is never known!
So it is technically possible for a group of people acting in concert to inject fake UTXOs into the system thus
creating a “parallel” ledger
undermining the credibility of the “real” ledger
Verification
A>B V1
C>D V2
P>Q V6
A>B V1
C>D V2
M>N V7
G>K V8
C>D V2
M>N V7
A>B V1
C>D V2
P>Q V6
Pool of unverified transactions
Multiple full nodes verify some transactions and assemble them into a BLOCK
Block
234: id w
xd
Block
235: id esf
Block
236
BLOCK CHAINOrdered set of verified, valid transactions. Shared with all and cannot be changed.
Which of these 4 blocks will be accepted as #236?
Proof of Work
A>B V1
C>D V2
P>Q V6
A>B V1
C>D V2
M>N V7
G>K V8
C>D V2
M>N V7
A>B V1
C>D V2
P>Q V6
Block
234: id w
xd
Block
235: id esf
A>B V1
C>D V2
M>N V7
Prev Block ID = esf“nonce” = 1,2,3 …set of valid txns
hash
keep trying various values of the nonce until you get a hash value that begins with a defined number of 0s
A>B V1
C>D V2
M>N V7
whoever wins “the race” gets to place his block into the blockchain and then the race starts again for the next block
verifying a block is easy, but locating the proof of work is computationally hard - you need a lot of raw CPU power
the only way a false transaction can get into the block chain if a group of “criminals” control more than 50% of the computing power of the network
“If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains” Satoshi Nakamoto
Reward! - the Coinbase transaction
A>B V1
C>D V2
M>N V7
Block
234: id w
xd
Block
235: id esf
A>B V1
C>D V2
M>N V7
miner R
Why should anyone use his computational resources AND electric power to verify transactions for the network?
Winner is allowed to add one coinbase transaction into the block chain that has
No INPUT ONLY OUTPUT favouring winner
This add value to the economy in general
the wallet of the winner that he can use in subsequent transactions
The Mining ProcessA self-sustaining mechanism
1. Validate Transactions
2. Demonstrate Proof-of-Work
3. Collect Rewards
Keeps the Crypto-Economy running forward
Block 234: id wxd
Block 235: id wst
Block 236: id qlp
Block 237: id bre
time >>>
Block 238: id ???
Pool of unvalidated transactions
BlockChain of of validated transactions
Latency, Simultaneity and the ForkSince the size of the network is large, there is definite, non-zero time lag between the discovery of a new block and its announcement or detection in a “distant” node
In this interval there is a finite, non-zero probability of another new block being discovered and hence detected before the other new block
The block chain is “forked” and both parts of the chain (with the red block and the blue block) are kept as candidates UNTIL ….
Block 234: id wxd
Block 235: id wst
Block 236: id qlp
Block 237: id bre
Block 238: id opx
Block 238: id wer
Note :Each block is chained to and defined by its predecessor
Until … the next new block is detected!If the new block is derived from the red block then it elongates, the red fork of the chain. Otherwise it elongates the blue fork of the chain.
Whichever chain is longer, has more “proof of work” and is generally accepted by the majority of nodes.
Now all miners will try to locate the next block that will be derived from the latest block (239) and the blue fork ( containing 238) will be dropped or forgotten
Block 234: id wxd
Block 235: id wst
Block 236: id qlp
Block 237: id bre
Block 238: id opx
Block 238: id wer
Block 239: id sur
Block Chain -- the Shared LedgerThe block chain is a read-only database of validated transactions that is shared by all but cannot be changed by anyone except the one who “discovers” the next block at the “head” of the chain.
❖ Can non-asset data be stored in transactions?
❖ Yes! Bitcoin is just one application
The size of the Bitcoin blockchain in Feb 2015 is 55GB and is growing exponentially.
It can be pruned, compressed and otherwise compacted but it is estimated that even if Bitcoin transactions exceed Visa card transactions, scalability will not be an issue because of Moore’s law.
Block 234: id wxd
Block 235: id wst
Block 236: id qlp
Block 237: id bre
Block 238: id opx
Block 238: id wer
Block 239: id sur
Bey
ond
So what does the shared ledger store?A new kind of
1. Crypto Currency
2. Crypto Commodity
3. Crypto Corporation
Prithwis Mukerjee, PhD, Praxis Business School, Calcutta, India
This question will be addressed next. See next presentation