Introduction to BlockchainLecture 2: Bitcoin and Cryptocurrency
Ras Dwivedi
Indian Institute of Technology Kanpur
May 22, 2018
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 1 / 43
Outline
1 Recap
2 Hash Functions
3 Digital Signature
4 Cryptocurrency
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 2 / 43
Recap
Outline
1 Recap
2 Hash Functions
3 Digital Signature
4 Cryptocurrency
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 3 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, q
calculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pq
calculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1
calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ
−→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo n
encryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod n
decryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
RSA
proposed by Rivest,Shamir,Adlemanchoose two large distinct prime number p, qcalculate n = pqcalculate φ = lcm(p − 1, q − 1)choose e such that gcd(e, φ) = 1calculate d such that d = e−1modφ −→ e × d = 1 mod φ
Idea: me×d = med = m modulo nencryption: c = me mod ndecryption: p = cd mod n
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the document
nobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the document
simple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not work
IDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSA
for document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuine
d is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and if m = se mod n, signature is genuined is called Alice’s secret key and e is called Alice’s Public key
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!
given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.
Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocument
slowWhat could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
Is the Scheme secure?
No!given (n, e) private key of Alice cannot be calculatedgiven document m, s = md could not be guessed.Problem: forging given m1,m2 as two document, and s1, s2 as theirdigital signature, one can find the valid signature of m1.m2 as s1.s2
Also the length of the signature is proportional to the size of thedocumentslow
What could we do now?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43
Recap
SHA: Secure Hash Functions
An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43
Recap
SHA: Secure Hash Functions
An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)
it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43
Recap
SHA: Secure Hash Functions
An Ideal Hash function is one which has following propertiesgiven f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43
Recap
Merkle Demgrad Construction
Need of Padding message m?
m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Recap
Merkle Demgrad Construction
Need of Padding message m?m is prefix of PAD(m)
if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Recap
Merkle Demgrad Construction
Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|
if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Recap
Merkle Demgrad Construction
Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Recap
Merkle Demgrad Construction
Need of Padding message m?m is prefix of PAD(m)if |m1| = |m2| then |PAD(m1)| = |PAD(m2)|if |m1| 6= |m2| then the last block of PAD(m1) 6= PAD(m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Hash Functions
Outline
1 Recap
2 Hash Functions
3 Digital Signature
4 Cryptocurrency
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 9 / 43
Hash Functions
Hash Function:
Figure: Hash FunctionRas Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 10 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”Can I change document later?Can I have two document with same Hash?Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”
Can I change document later?Can I have two document with same Hash?Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”Can I change document later?
Can I have two document with same Hash?Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”Can I change document later?Can I have two document with same Hash?
Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”Can I change document later?Can I have two document with same Hash?Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions
Document integrity
If I have a document ”m” and I publish its hash ”H(m)”Can I change document later?Can I have two document with same Hash?Can I verify a document with incorrect Hash
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Digital Signature
Outline
1 Recap
2 Hash Functions
3 Digital Signature
4 Cryptocurrency
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 12 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the document
nobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuined problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the document
simple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuined problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not work
IDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuined problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSA
for document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuined problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuine
d problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital signature Attempt 1
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentsimple pasting a copy of signature do not workIDEA: USE RSAfor document m Alice uses s = md as her digital signature. To verify,verifier calculates se and ifm = se mod n, signature is genuined problem: given s(m1) and s(m2) one could calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)IDEA: USE RSAfor document m Alice uses s = hd as her digital signature.To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuined given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentIDEA: publish hash of document m as h = H(m)
IDEA: USE RSAfor document m Alice uses s = hd as her digital signature.To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuined given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentIDEA: publish hash of document m as h = H(m)IDEA: USE RSA
for document m Alice uses s = hd as her digital signature.To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuined given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentIDEA: publish hash of document m as h = H(m)IDEA: USE RSAfor document m Alice uses s = hd as her digital signature.
To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuined given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentIDEA: publish hash of document m as h = H(m)IDEA: USE RSAfor document m Alice uses s = hd as her digital signature.To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuine
d given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Digital Signature: Another try
AIM: Convince everybody that Alice have signed the documentnobody should be able to forge the documentIDEA: publish hash of document m as h = H(m)IDEA: USE RSAfor document m Alice uses s = hd as her digital signature.To verify, verifier calculates se and ifH(m) = se mod n, signature isgenuined given s(m1) and s(m2) one can not calculate s(m1.m2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature
Summary
Symmetric vs asymmetric encryption system
RSASHA as tool for data integrityDigital signature
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature
Summary
Symmetric vs asymmetric encryption systemRSA
SHA as tool for data integrityDigital signature
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature
Summary
Symmetric vs asymmetric encryption systemRSASHA as tool for data integrity
Digital signature
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature
Summary
Symmetric vs asymmetric encryption systemRSASHA as tool for data integrityDigital signature
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature
Summary
Symmetric vs asymmetric encryption systemRSASHA as tool for data integrityDigital signature
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Cryptocurrency
Outline
1 Recap
2 Hash Functions
3 Digital Signature
4 Cryptocurrency
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 16 / 43
Cryptocurrency
Trade
Figure: Barter Trade
Problem: Meet of Demand
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 17 / 43
Cryptocurrency
how to Meet Demand
Medium of Exchange
Gold
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 18 / 43
Cryptocurrency
how to Meet Demand
Medium of ExchangeGold
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 18 / 43
Cryptocurrency
Meet of Demand
Figure: Coins
Confidence of metal insideProblem: Difficult to carry
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43
Cryptocurrency
Meet of Demand
Figure: Coins
Confidence of metal inside
Problem: Difficult to carry
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43
Cryptocurrency
Meet of Demand
Figure: Coins
Confidence of metal insideProblem: Difficult to carry
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43
Cryptocurrency
Solution: Paper note
Figure: paper note
problem: Paper alone do not have value
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 20 / 43
Cryptocurrency
Solution: Paper note
Figure: paper note
problem: Paper alone do not have valueRas Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 20 / 43
Cryptocurrency
What gives currency power?
Backed by RBI
RBI controls the flowstrong regulation against counterfeiting
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43
Cryptocurrency
What gives currency power?
Backed by RBIRBI controls the flow
strong regulation against counterfeiting
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43
Cryptocurrency
What gives currency power?
Backed by RBIRBI controls the flowstrong regulation against counterfeiting
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43
Cryptocurrency
What gives currency power?
Backed by RBIRBI controls the flowstrong regulation against counterfeiting
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43
Cryptocurrency
Digital currency
Figure: PoS machine
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 22 / 43
Cryptocurrency
Digital currency
Figure: PoS machineRas Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 22 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spendingsolution:Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacy
problem: Double spendingsolution:Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spending
solution:Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spendingsolution:
Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spendingsolution:Central server to record all the transaction
Enter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spendingsolution:Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
Digital currency
Backed by Central Bank to give legitimacyproblem: Double spendingsolution:Central server to record all the transactionEnter Banks: act as centralized server
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43
Cryptocurrency
2008 Recession
Figure: Caption
problem: cannot trust the banks
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 24 / 43
Cryptocurrency
Cryptocurrency: The Begining
problem: cannot trust bank
and their ledgersolution: Make decentralized ledger
Figure: The hindu
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43
Cryptocurrency
Cryptocurrency: The Begining
problem: cannot trust bank and their ledger
solution: Make decentralized ledger
Figure: The hindu
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43
Cryptocurrency
Cryptocurrency: The Begining
problem: cannot trust bank and their ledgersolution: Make decentralized ledger
Figure: The hindu
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43
Cryptocurrency
Cryptocurrency: The Begining
problem: cannot trust bank and their ledgersolution: Make decentralized and permissionless ledger
Figure: Caption
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 26 / 43
Cryptocurrency
Problem solved?
No!It just exploded.
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43
Cryptocurrency
Problem solved?No!
It just exploded.
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43
Cryptocurrency
Problem solved?No!It just exploded.
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumberfor India KYC normsWho would do identity management here?Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumber
for India KYC normsWho would do identity management here?Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumberfor India KYC norms
Who would do identity management here?Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumberfor India KYC normsWho would do identity management here?
Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumberfor India KYC normsWho would do identity management here?Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Problem 1: Identity
bank used to do the verification and assign an identity to the accountnumberfor India KYC normsWho would do identity management here?Think RSA !!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to all
Secret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to none
Anybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt it
Idea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea:
What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identity
nobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,
but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?
Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Identity: RSA a quick look
Public key: Known to allSecret key: known to noneAnybody can use my public key to encrypt the text and only I candecrypt itIdea: What if I make Public key as Identitynobody would know my real identity,but does that really matters?Anonymity comes for free
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43
Cryptocurrency
Problem 2: Authorization
How does Banks do it?
They provide you with some secret key like: Password, PIN, OTP, whichyou can use to verify your identityproblem: No trusted BanksSolution: use Digital signature with secret key of RSA :)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43
Cryptocurrency
Problem 2: Authorization
How does Banks do it?They provide you with some secret key like: Password, PIN, OTP, whichyou can use to verify your identity
problem: No trusted BanksSolution: use Digital signature with secret key of RSA :)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43
Cryptocurrency
Problem 2: Authorization
How does Banks do it?They provide you with some secret key like: Password, PIN, OTP, whichyou can use to verify your identityproblem: No trusted BanksSolution:
use Digital signature with secret key of RSA :)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43
Cryptocurrency
Problem 2: Authorization
How does Banks do it?They provide you with some secret key like: Password, PIN, OTP, whichyou can use to verify your identityproblem: No trusted BanksSolution: use Digital signature with secret key of RSA
:)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43
Cryptocurrency
Problem 2: Authorization
How does Banks do it?They provide you with some secret key like: Password, PIN, OTP, whichyou can use to verify your identityproblem: No trusted BanksSolution: use Digital signature with secret key of RSA :)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?
They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger
and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every account
what could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do?
Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodes
Problem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved?
No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to know your balance?
How does Banks do it?They maintain each and every account and every transaction.Basically a ledger and a ledger for each and every accountwhat could we do? Maintain a ledger over distributed nodesProblem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write it
Problem: how do you know that node is trustworthy?Solution: verify it by majoritycost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write itProblem:
how do you know that node is trustworthy?Solution: verify it by majoritycost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write itProblem: how do you know that node is trustworthy?
Solution: verify it by majoritycost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write itProblem: how do you know that node is trustworthy?Solution:
verify it by majoritycost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write itProblem: how do you know that node is trustworthy?Solution: verify it by majority
cost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 1allow any node to write itProblem: how do you know that node is trustworthy?Solution: verify it by majoritycost for not trusting central bank
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it
and verify it by majorityProblem:Sybil AttackSybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majority
Problem:Sybil AttackSybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:
Sybil AttackSybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:Sybil Attack
Sybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:Sybil AttackSybil attack: Where one node have more than one identities
Solution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:Sybil AttackSybil attack: Where one node have more than one identitiesSolution:
Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:Sybil AttackSybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resources
What are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Problem 3: How to update ledger
Solution 2allow any node to write it and verify it by majorityProblem:Sybil AttackSybil attack: Where one node have more than one identitiesSolution: Ask them to show proof of some limited resourcesWhat are the resources available?
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power.
you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)
How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?
Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problems
What could be a difficult problem ?We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?
We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.
Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.Factoring
problem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We have seen one such problem before.Factoringproblem: how would you find such difficult problems again and again
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?
We know hash is uniformly distributedAsk them to find a hash of number, such that it has certain numberof leading zerosAdvantage: you can control the difficulty level of the problem
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We know hash is uniformly distributed
Ask them to find a hash of number, such that it has certain numberof leading zerosAdvantage: you can control the difficulty level of the problem
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We know hash is uniformly distributedAsk them to find a hash of number, such that it has certain numberof leading zeros
Advantage: you can control the difficulty level of the problem
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We know hash is uniformly distributedAsk them to find a hash of number, such that it has certain numberof leading zerosAdvantage: you can control the difficulty level of the problem
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43
Cryptocurrency
Proof of Work
Limited Resource is your computation power. you cannot fake it :)How to implement it?Ask them to solve some very difficult problemsWhat could be a difficult problem ?We know hash is uniformly distributedAsk them to find a hash of number, such that it has certain numberof leading zerosAdvantage: you can control the difficulty level of the problem
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43
Cryptocurrency
SHA: Secure Hash Functions
An Ideal Hash function f (x) : {0, 1}m → {0, 1}n is one which hasfollowing properties
given f (x) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43
Cryptocurrency
SHA: Secure Hash Functions
An Ideal Hash function f (x) : {0, 1}m → {0, 1}n is one which hasfollowing properties
given f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)
it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43
Cryptocurrency
SHA: Secure Hash Functions
An Ideal Hash function f (x) : {0, 1}m → {0, 1}n is one which hasfollowing properties
given f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43
Cryptocurrency
SHA: Secure Hash Functions
An Ideal Hash function f (x) : {0, 1}m → {0, 1}n is one which hasfollowing properties
given f (x) it is impossible to guess xgiven x1 its is impossible to find x2 such that f (x1) = f (x2)it is impossible to find x1, x2, such that x1 6= x2 and f (x1) = f (x2)
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions
verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify them
consolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then
guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random number
such that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zeros
then the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify it
Gossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocol
once verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Problem 3: update the ledger
Ask every node to collect the transactions verify themconsolidate them into a block and then guess a random numbersuch that hash of the block has certain leading zerosthen the successful node propagates the block to every other node,and they too verify itGossip Protocolonce verified they add it to their ledger
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43
Cryptocurrency
Merkel tree
Figure: Merkle TreeRas Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 38 / 43
Cryptocurrency
Problem 3: update the ledger
What if two node are successful?accept the one which has better solution
Problem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43
Cryptocurrency
Problem 3: update the ledger
What if two node are successful?accept the one which has better solution
Problem solved?
No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43
Cryptocurrency
Problem 3: update the ledger
What if two node are successful?accept the one which has better solution
Problem solved? No!
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43
Cryptocurrency
Problem 4: how to know your balance
Assume that there is a public ledgerIt is not practical to maintain each and every account
Solution: modify transaction recording to get the balanceSuppose: A have to give B Rs. x . Initial balance of A was a and Bwas bwe record transaction as A→ B Rs xA→ A Rs a − xGain: you once you get to this transaction, you would never need tosee previous transactions to get balance of A
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43
Cryptocurrency
Problem 4: how to know your balance
Assume that there is a public ledgerIt is not practical to maintain each and every accountSolution: modify transaction recording to get the balance
Suppose: A have to give B Rs. x . Initial balance of A was a and Bwas bwe record transaction as A→ B Rs xA→ A Rs a − xGain: you once you get to this transaction, you would never need tosee previous transactions to get balance of A
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43
Cryptocurrency
Problem 4: how to know your balance
Assume that there is a public ledgerIt is not practical to maintain each and every accountSolution: modify transaction recording to get the balanceSuppose: A have to give B Rs. x . Initial balance of A was a and Bwas bwe record transaction as
A→ B Rs xA→ A Rs a − xGain: you once you get to this transaction, you would never need tosee previous transactions to get balance of A
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43
Cryptocurrency
Problem 4: how to know your balance
Assume that there is a public ledgerIt is not practical to maintain each and every accountSolution: modify transaction recording to get the balanceSuppose: A have to give B Rs. x . Initial balance of A was a and Bwas bwe record transaction as A→ B Rs xA→ A Rs a − x
Gain: you once you get to this transaction, you would never need tosee previous transactions to get balance of A
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43
Cryptocurrency
Problem 4: how to know your balance
Assume that there is a public ledgerIt is not practical to maintain each and every accountSolution: modify transaction recording to get the balanceSuppose: A have to give B Rs. x . Initial balance of A was a and Bwas bwe record transaction as A→ B Rs xA→ A Rs a − xGain: you once you get to this transaction, you would never need tosee previous transactions to get balance of A
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43
Cryptocurrency
Problem 5: Double spending
Figure: Double SpendingRas Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 41 / 43
Cryptocurrency
Double spending
We have created blocks and verified them
integrity of each block is ensuredwe need to have integrity of all the block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43
Cryptocurrency
Double spending
We have created blocks and verified themintegrity of each block is ensured
we need to have integrity of all the block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43
Cryptocurrency
Double spending
We have created blocks and verified themintegrity of each block is ensuredwe need to have integrity of all the block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43
Cryptocurrency
Double spending
We have created blocks and verified themintegrity of each block is ensuredwe need to have integrity of all the block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43
Cryptocurrency
A Chain of blocks
Figure: A chain of block
Problem: How to organize them?Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43
Cryptocurrency
A Chain of blocks
Figure: A chain of block
Problem: How to organize them?
Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43
Cryptocurrency
A Chain of blocks
Figure: A chain of block
Problem: How to organize them?Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43
Cryptocurrency
A Chain of blocks
Figure: A chain of block
Problem: How to organize them?Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43
Top Related