Scribd
Upload
24 views

SenGupta_Slides

Uploaded by

Najmus Sakib Sizan181-115
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views

SenGupta_Slides

Uploaded by

Najmus Sakib Sizan181-115
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 55

BLOCKCHAIN

The foundation behind Bitcoin

Sourav Sen Gupta


Indian Statistical Institute, Kolkata
CRYPTOGRAPHY
Backbone of Blockchain Technology
Component 1 : Cryptographic Hash Functions
HASH FUNCTIONS

Map variable-length input to constant-length output.

101011101011001…0010110100101 x h y 101110101001000110111100010101
HASH FUNCTIONS

Finding the pre-image of a given output is not easy.

101011101011001…0010110100101 ? h y 101110101001000110111100010101
HASH FUNCTIONS

Finding a colliding twin of a given input is not easy.

101011101011001…0010110100101 x1
h y 101110101001000110111100010101
1100101001011001…110010100110 x2
HASH FUNCTIONS

Finding any colliding pair of inputs is not easy.

101011101011001…0010110100101 x1
h y 101110101001000110111100010101
1100101001011001…110010100110 x2

It is of course possible, but not easy.


HASH FUNCTIONS

Minor input-mismatch to major output-mismatch.

101011101011001…0010110100101 x1 y1 101110101001000110111100010101

h
101010101011001…0010110100101 x2 y2 110010100101100100110010100110
CONSTRUCTIONS

m1 m2 mn

IV f f f h

Merkle-Damgard Construction
Example : SHA 256 — used in Bitcoin
CONSTRUCTIONS
m1 m2 mn h1

f f f f
c

Sponge Construction
Example : SHA 3 — used in Ethereum
APPLICATION

x h y

record(x) : verify(c,x) :
c = h(x) h(x) == c

Provably secure scheme for tamper-detection


DATA STRUCTURES

addr(data)
data
h hash(data)

Hash Pointer

Tamper-evident data pointer = Hash Pointer


DATA STRUCTURES

data data

HP(block) h HP(block)

timestamp timestamp

Block Block

Tamper-evident linked data structure = Block


DATA STRUCTURES
data data data data data

HP(block) HP(block) HP(block) HP(block) HP(block)

timestamp timestamp timestamp timestamp timestamp

Block Block Block Block Block

Tamper-evident linked-list = Blockchain


DATA STRUCTURES
data data data data data

HP(block) HP(block) HP(block) HP(block) HP(block)

timestamp timestamp timestamp timestamp timestamp

Block Block Block Block Block

data data data data data

HP(block) HP(block) HP(block) HP(block) HP(block)

timestamp timestamp timestamp timestamp timestamp

Block Block Block Block Block

Tamper-evident linked-list = Blockchain


DATA STRUCTURES
Properties Blockchain Merkle Tree Merkle Trie

Size of Commitment O(1) O(1) O(1)

Append a Block/Node O(1) O(log n) O(k)

Update a Block/Node O(n) O(log n) O(k)

Proof of Membership O(n) O(log n) O(k)

Structural Abstraction List of Objects Set of Objects Set of (key, value)

Used for Construction Bitcoin Bitcoin Ethereum


Component 2 : Digital Signature Schemes
DIGITAL SIGNATURE

s = sign(sk,m) sk keygen(n) pk verify(pk,m,s)

(sk, pk) = keygen(n) verify(pk,m,sign(sk,m)) = True


DIGITAL SIGNATURE

s = sign(sk,m) sk keygen(n) pk verify(pk,m,s)

Given pk and access to sign(mi) as an oracle, an adversary should


not be able to create a valid fresh message-signature pair (m,s)
CONSTRUCTION
Q Fp

Elliptic Curve Digital Signature Algorithm (ECDSA)

ECDSA on curve E(Fp) : { (x,y) in Fp x Fp | y2 = x3 + 7 }


with base prime p = 2256 - 232 - 29 - 28 - 27 - 26 - 24 - 1
CONSTRUCTION
Elliptic Curve group of size |E(Fp)| = q ~ p ~ 2256

Parameters Format Range Bit-size


sk random Zq 256
pk sk x G E(Fp) 512
m hash(M) Zq 256
Signature (r, s) Zq x Zq 512

ECDSA on curve E(Fp) : { (x,y) in Fp x Fp | y2 = x3 + 7 }


with base prime p = 2256 - 232 - 29 - 28 - 27 - 26 - 24 - 1
APPLICATION
pk

sk
sk
? sk

verify(pk,m,sign(sk,m))

Publish the public key pk as your Identity


Use the secret key sk to prove your identity
BITCOIN
Blockchain in Practice
ANONYMOUS E-CASH
35624

35624 35624

35624

35624 35624

Zero-Knowledge Proof and Blind Signature


BLIND SIGNATURE
David Chaum, 1984

First Concept of Untraceable e-Payments and e-Cash


CYPHERPUNKS

?!

Anonymity is not Enough!


De-Centralize e-Cash
CYPHERPUNKS
DigiCash PGP HashCash B-Money BitGold RPOW

David Phil Adam Wei Nick Hal


Chaum Zimmermann Back Dai Szabo Finney

1990 1991 1997 1998 1998 2004


BITCOIN
Satoshi Nakamoto
31 October 2008
BITCOIN
Ledger of Transactions
between
Pseudonymous Identities

Semi-Decentralised Publicly-Verifiable
Tamper-Resistant Eventually-Consistent
NOT BITCOIN
Economic Transaction
that we are familiar with

Tx
NOT BITCOIN

Tx

Centralised Account-based Ledger


NOT BITCOIN

Tx

Decentralised Account-based Ledger


NOT BITCOIN YET

Tx Tx Tx Tx Tx Tx Tx

Tx

Decentralised Transaction-based Ledger


TRANSACTION

Tx Tx
Signed by

Network verifies the Signature


TRANSACTION

pk

Tx Tx pk

Signed by sk

Network verifies the Signature


TRANSACTION
Input : Array of previous Transactions | Output : Array of recipient Addresses

pk1 pk

Tx R1

Recipient(s)
Sender(s)

pk2 pk

Tx Tx R2
sk1 sk2 sk3
pk3 pk

Tx R3

Network verifies the Signature(s)


TRANSACTION
Input : Array of previous Transactions | Output : Array of recipient Addresses

pk1

Tx Tx
Input Transactions

pk2 pk pk pk
Tx R1 R2 R3 Recipients
pk3

Tx sk1 sk2 sk3 Signatures

Network verifies the Signature(s)


Metadata
TRANSACTION

Input(s)

Output(s)

Data obtained from blockchain.info


LEDGER

Tx Tx Tx Tx Tx Tx Tx Tx

Tx Tx Tx Tx Tx Tx Tx Tx Tx Tx Tx Tx

Decentralised Transaction-based Ledger


BLOCK

Data obtained from blockchain.info


BITCOIN
Tx Tx

Tx

Tx

Transaction
Mining
MINING
Tx Tx

Tx

Tx

Transaction

Computational
Lottery (Puzzle)

Find r such that


hash(r || m) < C

Existing blocks Winner writes


at a given time the next block
BITCOIN
Tx Tx

Tx

Tx

Transaction
Mining
BITCOIN
Framework — Decentralised peer-to-peer collaborative network
Goal : All peers should agree on a sequence of transactions
BITCOIN
Publicly-Verifiable
as the complete ledger and the hash function is public
BITCOIN
Tamper-Evident / Tamper-Resistant
as the ledger is connected through a chain of hash pointers

X X X

X X X

X
BITCOIN
Eventually-Consistent
as the longest chain eventually sustains as the main chain
BITCOIN
Semi-Decentralised
as the mining is dominated by computational power
BITCOIN
Semi-Decentralised Publicly-Verifiable
Tamper-Resistant Eventually-Consistent
BEYOND BITCOIN
Exploiting the power of Blockchain Ecosystem
MINING
Proof-of-Work Proof-of-Space
Computation-hard challenge Memory-hard challenge

PermaCoin, SpaceMint

Proof-of-Stake Proof-of-Importance
Depends on holdings Depends on involvement

OmiseGo, EOS
NETWORK
De-Centralized Semi-Centralized
Without any Authority With Trusted Authority

Almost all active Currency RSCoin (Bank of England)


ANONYMITY
Pseudonymity Pure Anonymity
Not easily Traceable Provably not Traceable

Mixing Services provide some guarantee of anonymity otherwise.


Abstraction of Bitcoin
to the backbone protocol of blockchain
APPLICATION

You might also like