blockchain: applicaons, security promises and internals · 2020. 4. 8. · cyber security &...
TRANSCRIPT
Blockchain:Applica.ons,SecurityPromisesandInternals
CyberSecurity&Informa3onSystemsInforma3onAnalysisCenter(CSIAC)
Dr.Yuzhe(Richard)TangDepartmentofEECS,SyracuseUniversity
Dec.19,2017
Outline
1. Introduc+on
2. Blockchainapplica.onsandinterfaces
3. Blockchainsecuritypromises
4. Blockchaininternals(abrief)
12/19/17 YuzheTang,SyracuseUniv. 2
1.Introduc.on• Cryptocurrency:– “Acryptocurrencyisadigitalassetdesignedtoworkasamediumofexchangethatusescryptographytosecureitstransac.ons,tocontrolthecrea.onofaddi.onalunits,andtoverifythetransferofassets.”(wiki)
– BitCoin,Etheruem,Litcoin,etc.
12/19/17 YuzheTang,SyracuseUniv. 3
1.Introduc.on
• HowtocomparetheconceptofBitCoinwithfiatcurrency(e.g.USdollar)?
12/19/17 YuzheTang,SyracuseUniv. 4
What’sSimilaraboutBitcointoUSDollar
Reviewofgov-issued(fiat)currency• Workflow– Moneycreatedbyamint– Moneycirculatedamongownersthru.transac+ons.– BitCoinsupportsthesameworkflow
12/19/17 YuzheTang,SyracuseUniv. 5
What’sSimilaraboutBitcointoUSDollar
Reviewofgov-issued(fiat)currency• Threat1:Printfakemoney– Dollarbillsaresecuredbyan.-counterfeit– US.mintissafeguarded– Bitcoinhastodefendthisthreat
• Threat2:Doublespending(digitalcurrency)– Visa’sledgerdatabasevalidatestransac.ons– BitCoinhastopreventdouble-spending
12/19/17 YuzheTang,SyracuseUniv. 6
What’sSimilaraboutBitcointoUSDollar
Reviewofgov-issued(fiat)currency• Threat1:Printfakemoney– Dollarbillsaresecuredbyan.-counterfeit– US.mintissafeguarded– Bitcoinhastodefendthisthreat
• Threat2:Doublespending(digitalcurrency)– Visa’sledgerdatabasevalidatestransac.ons– BitCoinhastopreventdouble-spending
12/19/17 YuzheTang,SyracuseUniv. 7
IssueswithUSDollar
• Usingdollarbills,youimplicitlytrust– Government,mint,credit-cardorg.(Visa)– Thesearetrustedcentralauthori+es
• Aretheytrustworthy?– Youmaynotwantgov.towithdrawatxacerit’ssedled.– Youmaynotwantgov.tofreezeyouraccount– Youmaynotwantgov.toinflatethecurrencyanddepreciateyoursavings:Zimbabwe
12/19/17 8
Mo.va.ngBitCoin(What’suniqueaboutBitCoin)
• Getridofcentralauthori.esbydecentraliza+on– NoneedtotrustgovernmentandVisa– Insteadtrusttheen.repopula.onontheplanet
• Maketransac.onhistorypublic(Transparency)– Transparencyinvitestrust
• Automatetheprocesswithincen+ve-compa+bility– Automa.onlowerscost(transac.onfee)
12/19/17 YuzheTang,SyracuseUniv. 9
• BitcointxhistoryisrecordedinBlockchain– BlockchainistheledgerforBitcoin
BitCoinandBlockchain
12/19/17 YuzheTang,SyracuseUniv. 10
Outline
1. Introduc.on
2. Blockchainapplica+onsandinterfaces
3. Blockchainsecuritypromises
4. Blockchaininternals(abrief)
12/19/17 YuzheTang,SyracuseUniv. 11
• GetyourfirstBitCoin– Exchangeservices:Coinbase,Coindesk,etc.
• UsingBitCointosellandbuystuff(transac.on)• Orsellit.llthepricegrowshigher
Scenario1:DoingTransac.ons
12/19/17 YuzheTang,SyracuseUniv. 12
Scenario2:Mining
• AnotherwaytogetBitCoin:Mining– Getthemoneyanonymously
• Youcanpurchasehardwaretodosome(non-sense)computa.ons– Withsomeprobability,yourcomputa.onwillberewardedinBitCoin
– Theprobabilitydependsonhowpowerfulyourhardwareis
12/19/17 YuzheTang,SyracuseUniv. 13
Scenario2:Mining
• Interestedinmining?– Howmuchisyourbudget?
• Constantcapital:buymachines,Variablecapital:electricityconsump.on
– Whoyouareupagainst(inwinningthereward)?• State-levelminers,bitcoinfarm,datacenters
12/19/17 YuzheTang,SyracuseUniv. 14
Scenario3:DevelopApplica.ons
• DistributedappoverBlockchain(Dapp)– FinTech:Insurance,trade,riskmanagement,accoun.ng,etc.• Examples:ERP,micro-payments,wallet,currencyexchange,etc.
– Otherdomains:Legal,medical/healthcare,IT,science/research,etc.
• “Blockchainissettodisruptmanyindustries”
12/19/17 YuzheTang,SyracuseUniv. 15
Scenario3:DevelopApplica.ons
• Dapparchitecture:On-chain/off-chain– On-chaindata:“Transac.ons”ormeta-data– Off-chaindata:someprivatedata(e.g.keys)
• Interac.ngBlockchainthru.transac.onAPI:– send_tx(sender,receiver,money#,memo)– Likewri.ngapersonalcheck
12/19/17 YuzheTang,SyracuseUniv. 16
Scenario3:DevelopApplica.ons
• Designissues– Par..oningapplica.onlogictosuiton-/off-chain– Designingincen.veschemes(whattorewardmining?)
– Dealingwiththelimita.onofBlockchain(e.g.deferredfinality)
• BuildingaBitCoinwalletDapp– DeveloperworkingforCoinBase
12/19/17 YuzheTang,SyracuseUniv. 17
Outline
1. Introduc.on
2. Blockchainapplica.onsandinterfaces
3. Blockchainsecuritypromises
4. Blockchaininternals(abrief)
12/19/17 YuzheTang,SyracuseUniv. 18
Security:ImmutableStorage
• Blockchainabstrac.onastxstorage– Readabletothepublic(transparency)– Appendablebyhonestminers– Cannotbemodified(immutability)
• Buildingatrusted.mestampserviceforlegaldocuments(signingcontract,applyingpatentetc)
12/19/17 YuzheTang,SyracuseUniv. 19
Security:NoDoubleSpending
• Nodouble-spending(An.-counterfeit)
• Smartproperty– Smart.cket:UseBitCointorepresentbaseball.ckets.
12/19/17 YuzheTang,SyracuseUniv. 20
Security:UnstoppableExecu.on• Programminglang.onBlockchain:Smartcontract– Smart-contractprogramisanobj.runningonBlockchain
– SolidityinEthereum• Securityproper.es:– Autonomouslyexecuted,unstoppable– Transac.onfairness:• IfIpaidyou,tobefair,Ineedtoreceiveyourgoods.
12/19/17 YuzheTang,SyracuseUniv. 21
Security:UnstoppableExecu.on• Smart-contractapplica.ons:– ImplementIFTTTlogicthatdecideshowtosendtx
• Astock-exchangeapplica.on– Alicewilltrade10sharesfor$10,000whenthestockpriceisbelow$1000.
Acknowledge:Prof.AriJuels12/19/17 YuzheTang,SyracuseUniv. 22
Outline
1. Introduc.on
2. Blockchainapplica.onsandinterfaces
3. Blockchainsecuritypromises
4. Blockchaininternals(abrief)
12/19/17 YuzheTang,SyracuseUniv. 23
Blockchaininternals
1. Blockchain:Immutabletxstorage
2. Blockchainconsensus:– Howtoaddtransac.onto
Blockchaininadecentralizedway?
12/19/17 YuzheTang,SyracuseUniv. 24
Blockchain:ImmutableTxStorage
• Createmoney– coinX=mint.CreateCoin()bybkc_as_mint.signmint_skey(“CoinXiscreated”)
• Circulatemoneybytransac.ons– alice.PayCoin(bob,coinX)bytx=alice.signalice_skey(“CoinXispaidtoBobbob_pkey”)bkc_as_visa.validate(tx)
– Txrepresenta.on• Howtorepresentcoins,owneriden.ty,ownership(bindingbtwncoinandiden.ty)?
12/19/17 YuzheTang,SyracuseUniv. 25
Blockchain:ImmutableTxStorage
• Hashpointer:Represen.ngcoinsinatx– Bob’scoinspentinatxisthetx’shashpointerpoin.ngtoapriortxwhereBobreceivesthecoin.
• Hashchainoftransac.ons
• Blockchainoftransac.ons
12/19/17 YuzheTang,SyracuseUniv. 26
Consensus
• Transac.on-addworkflow– Valida.on,Append
• Consensusmechanisms– Randomiza.on– PoWmining– Asmint:Incen.ve-compa.bility– Bootstrapthetrust
12/19/17 YuzheTang,SyracuseUniv. 27
Q/A
Contact: Yuzhe (Richard) Tang Assistant Professor Dept. of EECS Syracuse University [email protected] ecs.syr.edu/faculty/yuzhe
Thankyou!
28