Build your own

BlockChain
 http://www.finextra.com/news/fullstory.aspx?newsitemi

http://www.finextra.com/news/fullstory.aspx?newsitemid=28395

https://ripple.com/

http://www.pymnts.com/news/2015/ripple-effect-for-blockchain-a
 http://www.coindesk.com/microsoft-hints-future-ripple-blockchai
http://www.wired.com/insights/2015/01/block-chain-2-0/ oolkit/

https://www.ethereum.org/
http://www.finextra.com/news/fullstory.aspx?newsite
mid=28405

http://www.cnbc.com/2016/01/28/
016 looks to be the year of the Block Chain

OK, ok.
So how does it work?
Lots of documentation
and presentations

https://bitcoin.org/bitcoin.pdf

but heres my
attempt
Triple entry booking (or enter the
middleman)
From: Alice
To: Bob
Time: 12 Mar 2013
For: One pig
Signatories:
Alice
Fred Flintstone
Bob

Alice is hungry
Alice could eat a pig

Bob gives Alice a pig and creates an IOU transaction receipt

Alice owes Bob one pig

To provide trust, Alice and Bob use Fred to notarise the transaction
3 copies of a transaction receipt, one for each party
Never trust the middleman
Bob loses his receipt

Fred colludes with Alice and claims Bob is mistaken - no pig

was provided...

Bob is smad.

Is there a way to get rid of a middleman and provide trust?

Maybe... let's take advantage of
public key cryptography

Public key: kL5SwAT6A3U7LAjd Public key: 28wOoK6Nq9bDExK

Private key:yaqmH9Z+nKD Private key:9xl/K0veBBMtZ
Story time! Private public key
cryptography
Once upon a time there was encryption and decryption with a shared key. As long as
anyone knew the key, and how to use the key, then they could encrypt or they could
decrypt. This is called symmetric encryption.
Move by n number of Uqog vgzv
Some text Key (n) =
characters in
2
alphabet

Then some smart people had an idea. They realised they could create an approach that
involved two different keys. One key is purposely kept private, the other is provided to
the other party (or often the public). If you use the private key to encrypt then the
public key can decrypt. If you use the public key to encrypt then you can use the
private key to decrypt. This is called asymmetric encryption.
Private
Some text Asymmetric algorithm key 6ab3d9f...
Public
key
There are many asymmetric encryption algorithms. RSA is one of the most common.
This is how
1. Alice and Bob generate public-private key pairs eg
RSA
2. Alice encrypts the plain text version of the transaction
receipt with her private key
3. Alice prepends her name to the signed receipt (so we
know which public key to use when many people
involved)
4. Alice and Bob (and any other members of the
network) store the result
Which means

Weve created a record of the transaction that we

know can only have been generated by Alice.
The contents can be decrypted by anyone so the
transaction record is visible to all.
The balance of what is owed at a point in
time is the sum of all signed transaction
receipts.
From: Alice
To: Bob
Time: 12 Mar 2013 AT6A3U7LAjd
What: One pig

From: Alice
To: Bob
Time: 15 Apr 2014
B7F8U7LA92C
What: Two pig

From: Bob
To: Alice
Time: 2 Dec 2015 87AB2D9A1d
What: One pig

Alice owes Bob one pig

Bartering is painful, lets introduce
money
Bob is hot and dry so Alice provides two melons, how many
melons to a pig?

We introduce a currency reflecting value

Add it to the transaction records to enable summation
 From: Alice
To: Bob
Time: 12 Mar 2013
What: One pig
BT6A3U7LAjd
Value: $100

From: Alice
To: Bob
Time: 15 Apr 2014
What: Two pig C7F8U7LA92C
Value: $200

From: Bob
To: Alice
Time: 2 Dec 2015
What: One pig 27AB2D9A1d
Value: $100

From: Bob
To: Alice
Time: 2 Dec 2015 BDA32E9ACd
What: Two melons
Value: $50

Alice owes Bob $150

Sorted!?

Not quite, how do we transfer value?

 Bob likes Johns hat
John says its $200
Bob reckons why not transfer his $200 IOU from Alice to
John
From: Alice From: Alice From: Bob From: Bob From: Bob
To: Bob To: Bob To: Alice To: Alice To: John
Time: 12 Mar 2013 Time: 15 Apr 2014 Time: 2 Dec 2015 Time: 2 Dec 2015 Time: 2 Dec 2015
What: One pig What: Two pig What: One pig What: Two melons What: V1jZUy
Value: $100 Value: $200 Value: $100 Value: $50 Value: $200

SHA256 signature
calculated for the
"V1jZUyLvPOxzZvKpuUwTCNzGmovoxHRzJ76FGXMN3JY="
transaction
Story time! SHA256 - what's that?
Once upon a time someone figured out that it was possible to calculate a short identifier for
any given input. Its like a unique signature for the input (although in reality its not guaranteed
to be unique at all but for all intents and purposes it is). It's called a hash because in the
process the algorithm is effectively doing a lot of chopping and mixing.

There are lots of algorithms to do this task but some are better than others. SHA-2, often
referred to as SHA256, was designed by the NSA. The letters stand for Secure Hash Algorithm
2.

If you have a hash value, it's not at all easy to obtain the input, even small changes to the
input have large consequences on the output. JD digoW 2O uYy8CkQ V10Xm yLnN nvD 42tAta25Rm
Some text
O iIqI=
SHA256

12E+SmrYMSTj6vlh51UdVDWgJQNGz35AOvesa2z3y
Some text1
Ao=
SHA256
Don't confuse it with encryption - there's no key, for any given input you always get the
same output.
Recap
No middle man
The summation of signed transaction receipts gives the
outstanding balance position across all parties
Including value transfer between parties
Sorted!?

Not quite, we need to stop

double spending
 Problem - double spending
If members fail to update their personal transaction
registers quickly enough, then a malicious member can
replicate and use transaction records by spending more
than once.
From: Alice From: Alice From: Bob From: Bob From: Bob From: Bad Guy From: Bad Guy
To: Bob To: Bob To: Alice To: Alice To: John To: John To: John
Time: 12 Mar Time: 15 Apr Time: 2 Dec 2015 Time: 2 Dec 2015 Time: 2 Dec 2015 Time: 2 Dec 2015 Time: 2 Dec 2015
2013 2014 What: One pig What: Two melons What: V1jZUy What: V1jZUy What: V1jZUy
What: One pig What: Two pig Value: $100 Value: $50 Value: $200 Value: $200 Value: $200
Value: $100 Value: $200

SHA256 signature
This will become obvious in
calculated for the
transaction "V1jZUyLvPOxzZvKpuUwTCNzGmovoxHRzJ76FGXMN3JY="
time but by then the damage
is done
Question is: how do we ensure an action such as the creation
of a transaction record is valid?
 We need some way to get transaction
integrity
How about 2-phase commit? Nope grinds to a halt when scaling

A 3rd-party in the path? Nope then weve failed!

ow about distributed consensus with member voting eg Paxos?

Story time! Paxos was created by Leslie Lamport and named after a
fictional parliament on the Greek island of Paxos.

Paxos is a 3-Phase Commit protocol with several versions but idea is

that majority quorum results in eventual consistency.

Good start, but more required

Consensus voting has a weakness: fake
identities
Distributed networks with voting systems are
susceptible to the creation of fake identities
Fake identities can subvert the vote.
Sometimes called a Sybil attack after the name of
the novel of a woman with identity disorder.
When people are involved we can refer to
sockpuppets

Somehow we need to make the creation of

identities hard enough to be not worth it
 Proof of work: a cost to create
identity & vote
At the moment our block chain suffers because

1. its easy to create public-private key pairs, and

2. Its easy to sign a value transaction.

Whats something hard???? Were talking

computers here so it has to be computationally
hard
ow about the reverse of a signing operation?
HA256(Some simple text) "AX+dClQgll/3QNCXacNn3q0O4lv2SKrjQ5C8vLMUc

oing in reverse you have to brute force which is hard but not impossible.
We can make this much harder
though
Look for a hash outcome that has some arbitrary substring eg 00 at the beginning.

SHA256(I vote for Bob) "wn8iR1xcp4JLpHC1WLkXSDS+wtNeF5TYCthCycGw1+c=

Fail, so lets modify the input in some way..

SHA256(I vote for Bob - 2) -> "O1ODEfjRTAgsbMuRSUnMPD84nAExphQ0zqQTpD3Omr8=

Fail again, keep going

open System.Security.Cryptography
open System.Text The idea is to make this expensive
let hasher = new SHA256Managed()
let bytesHash' (s:string) = hasher.ComputeHash((new UnicodeEncoding()).GetBytes(s)) for the member generating the
let r = System.Random()
let rs = [0..10000] |> List.map (fun i -> i* r.Next(0,1000)) vote.
let hashes = rs |> List.map (fun i -> System.Convert.ToBase64String(bytesHash' (i.ToString()) ))
hashes |> List.filter (fun h -> h.StartsWith("00"))

I typically get 2 to 4 hashes that work in 10,001 random choices

The more 0s at the beginning, the harder work it is.

 Important point: the time taken to
do a proof of work varies widely
Some times a node will
calculate the proof of work
Likelihood of solving quickly, other times very
slowly. When many nodes try
and calculate the result
simultaneously the time to
uncover the result tends
towards smaller values. (In
BitCoins case its about
10mins for all nodes but an
individual node might
typically take hours or days.)
Time taken to solve

Because of the broad distribution we dont normally get two solutions found at the same time.
Just what does harder work mean
here?
Recap
1. To stop malicious members double spending we
needed better transaction integrity but without the
downsides of a 3rd party or full 2 phase commit
majority consensus seems a reasonable idea.
2. But consensus voting is susceptible to the creation of
fake identities
3. It looks like we might have a way to make the vote
signing process sufficiently expensive to perform that
we can stop members trying to manipulate the
consensus mechanism.
Lets explore that proof of work cost aspect
a bit more
Lets say we have a network of 1000 participants
Alice transfers some value to Bob, lets say $1
We can set the computing cost (energy, hardware etc)
to create a transaction by making the proof of work
harder or easier Bob now has a choice:
$10
1. Trust that Alice wont double
spend, or
2. Ask some number of the network
participants to verify the
If Bob asks for verification, then whats a good
transaction
number of the total network to ask? 10, 100, 500,
Story time! Proof of work has an interesting history. The idea didn't start specifically with block
chains or BitCoin. It came up in the 1990s in the context of finding ways to hinder unwanted
behaviour in electronic systems; a classic example being Denial of Service.

Denial of Service is an a way to disrupt service by intentionally flooding a system with requests.
But what if we made the attacker's effort sufficiently large that it was no longer financially worth it?
What about if the task to make a request was computationally tough. The system offering the
service might could ignore those requests not able to satisfy the proof of work task.

Proof of work in the case of BitCoin is large which has lead to the creation of dedicated low energy
BitCoin mining hardware. Estimates for the electricity required to generate 1 BitCoin
vary greatly depending upon the type of hardware used (home PC versus laptop versus Raspberry
PI versus dedicated ASIC).

BitCoin also makes the proof of work progressively harder over time. Currently it's calibrated so
that on average the proof of work completes in about 10mins across the whole of the network. With
so many nodes on the bitcoin network that means any individual node would usually take many
hours or days to finish the proof of work.

1 BitCoin @ 5 Feb 2016 = $NZD 577

 Lets calculate a cost to be a
criminal
Number of
fake
verifications
(aka I vote Cost to verify
for Alice)
from fake
identities
$0.001 $0.01 $0.1
10 $0.01 $0.1 $1
100 $0.1 $1 $10
500 $0.5 $5 $50

For a $1 trade theres two options that look attract, particularly one of them.
 Whoa! Hold it there. Cost to be a
crim? Isnt it also the cost to do
business?
nd just thinking about this surely, Bob has to pay something for the effort to request verificatio

If every transaction is going to involve proof of work to

verify and it equals or exceeds the value of the
transaction, then whats the point?
 Lets add an incentive, and make it
more efficient
Transaction Fees
Lets give network members some recompense for transaction verification
And, lets make it efficient by pooling transactions into blocks

Blocks of transactions linked together ... doh,I get it: Block Chain!

Block ID: 3a4cb Previous Block ID: 178dfe Verified by:

Fred Date: 21 Feb 2016
From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1
From: To: Alice What: 2 Pigs, $220 Fee:
Mickey $0.15
From: Bob To: Mickey What: 3 Cheeses, $50 Fee:
$0.05
To: Fred What: transaction fees, value
$0.3
Block verification
1. Participants generate transactions and announce them
to the network for verification
2. Members like Fred aggregate unconfirmed
transactions and once the total transaction fees are
large enough
a. Adds a transaction fee for verification to the block
b. Make the effort to verify transactions are valid and not
doubled
c. Do the proof of work challenge to generate a block hash
3. Sends the block into the network to distribute to
everyone else
What happens when Barney and
Fred both choose to verify a block?
Block ID: 3a4cb Verified by: Fred
Someone will
Previous Block ID: 178dfe Date: 21 Feb 2016 09:56 always be ahead -
From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1
Fred gets in first
From: To: Alice What: 2 Pigs, $220 Fee:
Mickey $0.15 this time
From: Bob To: Mickey What: 3 Cheeses, $50 Fee:
$0.05
To: Fred What: transaction fees, value $0.3

Block ID: 581b2

Previous Block ID: 178dfe
Verified by: Barney
Date: 21 Feb 2016 16:21
Weve created an incentive
From: Alice To: Bob What: 1 Pig, $100 Fee: $0.1 to compete. The first to
From:
Mickey
To: Alice What: 2 Pigs, $220 Fee:
$0.15 complete gets the benefit.
From: Bob To: Mickey What: 3 Cheeses, $50 Fee:
$0.05
To: Barney What: transaction fees, value $0.3
What if two blocks get submitted to the network at nearly
the same time?
Barney
Block A sees block
Unlikely, but it could happen. Block A first
Block B
Cant use timestamps because they can be
Time Fred sees
maliciously altered.
block B
first

1. Barneys node sees Block A first so it starts to

build a new block on top of Block A from
unprocessed transactions. Its increasingly rare for blocks to be
solved and sent into the network near
2. Freds node sees Block B first so it starts to simultaneously. So the network
build a new block from unprocessed rapidly stabilizes.
transactions on top of Block B.

3. Block chains have a rule that you immediately

switch to the longest chain available.

4. If Barney gets to publish his new block first,

Solution: only follow the longest chain of blocks

Consequences are funky.

Blocks fundamentally cant ever be considered final you might not yet have
received all the generated blocks. That means transactions are also never
strictly final!

But it turns out that the odds the transaction isnt correct decrease dramatically as blocks get created.
 BitCoin as an example

kChain clients need to validate transactions and blocks right back to the beginning of BitCoin. It takes awhi

On a laptop about two days worth of work

What if Im trying to subvert the network?

To create fraudulent transactions then I need to create fraudulent blocks. To modify a past
block I would have to redo the proof of work on that block, and then all following blocks.

But this is a really tall order the probability of an attacker catching up diminishes
exponentially as blocks are added.

Block Block
Block
Block Block Block
Time

The computing cost is just too hard for one attacker

versus many honest participants.
Putting it all together
1. Transactional integrity is achieved with PKI
Non-repudiation and transaction integrity (no modification
after creation)
But not really identity
2. Transactions exist in a peer 2 peer network
3. Transactions are aggregated into blocks
Gives an efficient way to implement batched proof of work for
transaction fees
Simplifies management of transactions over time (probability
of correctness)
4. No middleman!
 So is this BitCoin?
Mostly. We've created a chain of transactional blocks which we can use for a crypto-
currency. BitCoin is a specific implementation tuned to have some interesting properties.

BitCoin has 1Mb blocks and the proof of work is much harder - roughly 13 0s on the front of
the hash which means an individual miner might days on average to complete the proof of
work, but with a big network BitCoin have tuned difficulty to achieve 10min average block
generation.

BitCoin currently limited to about 7 txns/sec by the 1Mb block size - that's not very much for
a retail payment system - moves afoot to increase block size and numbers of transactions
processed per mining operation.

Fees are effectively near 0 for a user. Compare/contrast to credit card or international
transaction fees which can be >3%. Costs of conventional payment brokers are high due to
operational overhead, especially fraud. BitCoin avoids all fraud in the actual payment
system itself.

BitCoin smallest unit 8 decimal places - micropayments become especially attractive.

http://www.digitalistmag.com/finance/2016/01/15/blockchain-poised-hot-tech-for-moving-mon
ey-2016-03941451
 So, what does it all mean?
http://www.wired.com/insights/2015/01/block-chain-2-0/

This is what I think:

learn this stuff

Block chains
+
Smart contracts
+
Internet of Things

Peer to peer transactional networks free from

reconciliation or 3rd-party costs with smart
contracts and very large numbers of
interacting devices are going to become very
important to our future lives.
References
https://www.igvita.com/2014/05/05/minimum-viable-bloc
k-chain/
https://www.youtube.com/watch?v=Lx9zgZCMqXE
https://www.khanacademy.org/economics-finance-domain/
core-finance/money-and-banking/bitcoin/v/bitcoin-what
-is-it

http://www.coindesk.com/math-behind-bitcoin/
http://scet.berkeley.edu/wp-content/uploads/BlockchainP
aper.pdf
https://bitcoin.org/bitcoin.pdf