footer: 2018-03-24 - Code Block London - [email protected] - @provoost on Twitter slidenumbers: true autoscale: false
- Coins
- Digital signatures
- Chain of blocks
- Proof of work
- Censorship resistance
- Anatomy of a Transaction
Alice emails Bob: "I give you 2 BTC"
- Why is it worth anything?
- What did Bob get that Alice gave up?
^ 1. Because people are willing to exchange it for money and other things of value. ^ 2. A coin
[.build-lists: true]
-
Alice has two 1.5 BTC coins1
-
Alice emails Bob:
I spend my coins, and create:
- 2 BTC coin for Bob; and
- 1 BTC coin for Alice
Alice emails Bob: "I give you 2 BTC"
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- Private key: big random number
- Public key: point on curve2
- private key can encrypt or sign message
^ In Bitcoin the message is public, so only signed, not encrypted
^ Exchanging public keys can be a hassle, e.g. SSL certificate chains or GPG key signing parties...
- Coin is signed message: "Only Alice can spend me" 3
- Who's Alice?
- Bitcoin address derived from public key 4
- Alice is whoever can reveal public key and sign a message with private key
Alice emails Bob: "I give you 2 BTC"
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- What if Alice sends Carol the same coins?
^: 4. Instead of email, let's use a blockchain
A Blockchain is a chain of blocks -- Peter Todd
A Blockchain is a database with virtue -- Chris DeRose
Things we care about to solve problem (4):
- Publish all transactions, and in which order
- Ensure everyone can see all transactions
^ Merkle trees: each block tied to its transactions, and the previous block
^ Image Source: https://blog.bitmex.com/graphical-illustration-of-a-bitcoin-block/
Alice publishes: "I give Bob my 2 BTC"
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- What if Alice sends Carol the same coins?
- it's on the blockchain so everyone can see it
- what if there's many different blockchains?
Alice publishes: "I give Bob my 2 BTC"
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- What if Alice sends Carol the same coins?
- it's on the blockchain so everyone can see it
- what if there's many different blockchains?
- declare existence of conflicting blockchains fraud
- give regulator(s) access to your database
- add additional crypto magic
- brand it "blockchain inspired technology"
Convince someone to:
- do useless work
- which uniquely commits to transaction data
- in exchange for coins.
Throw dice on a piece of paper with the transaction list.
^ Imagine seeing the list of transactions in the video background
sha("000001 | Alice sends Bob 2 BTC, etc") = 0fed9a90sha("000002 | Alice sends Bob 2 BTC, etc") = e7c54529sha("000003 | Alice sends Bob 2 BTC, etc") = 6c48ab21sha("855453 | Alice sends Bob 2 BTC, etc") = 000005e6- N leading zeros -> X kWh * £0.10 -> £... per block 5
- Miner creates coin out of thin air which Alice & Bob consider valid
^ Difficulty adjusted so it's always ~10 mins
^ Uselessness is a feature. Specialized (ASIC) hardware can't be used for anything else, unlike CPU's which a government could have a large supply off that normally does other things.
Alice publishes: "I give Bob my 2 BTC", miner burns electricity to attest this.
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- What if Alice sends Carol the same coins?
- it's on the blockchain so everyone can see it
- what if there's many different blockchains?
^ Many different blockchains require bribing miner.
Alice publishes: "I give Bob my 2 BTC", miner burns electricity to attest this.
- Why is it worth anything?
- What did Bob get that Alice gave up?
- How does Alice prove she owned the coin?
- What if Alice sends Carol the same coins?
- What if someone doesn't like Bob?6
- Miners compete, fees offer extra incentive
- P2P: transactions and blocks route around censorship
- Fungability: all transacions (should) look the same
- Lot's of problems left to solve
Alice publishes: "I give Bob my 2 BTC"
- Bob is whoever can reveal public key corresponding to Bob's address and sign a message with private key:
Alice publishes: OP_DUP OP_HASH160 <Bob's address> OP_EQUALVERIFY OP_CHECKSIG
Bob spends: <Bob's signature><Bob's pubkey>
^ Remember that Bitcoin address is derived from public key
Alice publishes: "I give Bob my 2 BTC"
- Bob is whoever can reveal public key corresponding to Bob's address and sign a message with private key:
Alice publishes: OP_DUP OP_HASH160 <Bob's address> OP_EQUALVERIFY OP_CHECKSIG
Bob spends: <Bob's signature><Bob's pubkey>
- <Bob's signature>
- <Bob's pubkey>
- OP_DUP
- OP_HASH160
- <Bob's address>
- OP_EQUALVERIFY
- OP_CHECKSIG
- <Bob's signature>
- <Bob's pubkey>
- <Bob's pubkey>
- OP_HASH160
- <Bob's address>
- OP_EQUALVERIFY
- OP_CHECKSIG
- <Bob's signature>
- <Bob's pubkey>
- <Bob's address>
- <Bob's address>
- OP_EQUALVERIFY
- OP_CHECKSIG
- <Bob's signature>
- <Bob's pubkey>
- OP_CHECKSIG
true
OP_CHECKMULTISIG: N of M sigsOP_CHECKLOCKTIMEVERIFY: HODLOP_IF/OP_ELSEOP_RETURN: 80 bytes spam 7OP_NOP: does nothing (yet!)
Slides: slideshare.net/provoost
Blog: medium.com/provoost-on-crypto
PGP:
ED9B DF7A D6A5 5E23 2E84 5242 57FF 9BDB CC30 1009
Footnotes
-
UTXO: Unspent Transaction (tx) Output ↩
-
secp256k1 ↩
-
The new coins say "Only Bob can spend me" and the change says "Only Alice can spend me". ↩
-
Q&A tip: why not just use the public key as a Bitcoin address? ↩
-
Any scarce resource will do, but the simplest known combination with the right properties is electricity + specialized chips + hashing. ↩
-
i.e. wants to stop the transaction ↩
-
e.g. Rare Pepe trades: CryptoKitties, but with frogs ↩
