An Overview of Blockchain Technologies and Uses (Day 2)

Andy Dolan • Computer Science Department • Colorado State University

Last Time we Covered

● An Introduction to Bitcoin● The Core Features: What is a Blockchain?● Distributed Consensus

Image: Jay’s Brick Blog

Outline

● Identity in blockchain and anonymization● Smart contracts● Attacks against blockchain● Interesting (non-cryptocurrency) blockchain use cases

Image: Jay’s Brick Blog

Identity in Blockchain

How do we manage who’s who?

Identity in Public Blockchain

● Public key, associated private key○ If you have the private key, you have the

associated transactions

● Beyond that, what identity exists?○ Do you register for a Bitcoin account?○ Where might your information be revealed?

Is Blockchain Anonymous?

● Cryptocurrencies can be traced back through

the ledger● At some point, there is an exchange to a

product/service/currency○ These might require some identity information

● Is this a privacy risk?○ Or is this an advantage?

● Either way, users will want to make their

tokens anonymous

Token Tumbling

● Also called mixing, blending, cleaning● Third-party services that will “clean” your

“tainted” tokens for you● Put your tokens in a tumbler/mixer

○ This is still just a transaction○ Is there a risk in doing this?

● Get some other tokens out that aren’t linked

to you● Only misdirection, not true “cleaning”

Other Anonymization Efforts

● Use of zero-knowledge proofs to verify

transactions● Built into the protocol of the particular chain● Can end up being somewhat similar to mixing

○ Exchanging “real” coins for others

● Other implementations involve burning old

coins and then minting new ones○ Zcoin

Burning Tokens

● Some systems use the concept of

“destroying” tokens● Often dubbed “sending to an

impossible/unspendable address”● Control of currency supply● Proof of burn● Is there a risk here?

○ Is the address really unspendable?

Permissioned Blockchain

● Stronger concept of identity○ Use of PKI

● Only certain participants can join● Stronger trust model?● Advantages, disadvantages● Use cases

○ Supply chain in a particular market○ Record keeping between key stakeholders○ Public read-only, permissioned writes

Questions/Comments?

Introduction to Smart Contracts

Automated trust, or millions of costly bugs?

Smart Contracts

● Distributed pieces of code associated with

blockchain transactions● Executions that define how a transaction is

carried out● “Smart” because the contract is automatically

enforced by the system● Usually simple, sometimes complex● Now present in most blockchain

implementations

A Simple Implementation: Bitcoin

● Every Bitcoin transaction has a script○ Written in Script

● Super, super simple● List of instructions for how the next person

wanting to spend coins can gain access to

them○ If the script returns TRUE, you have access to the

funds

● Can be just about anything

Typical Bitcoin Script

● Requires two things:● Public key that hashes to destination address

of transaction○ The recipient of coins

● Signature to prove ownership of the private

key corresponding to the public key○ The recipient provides this○ Only the owner of the right private key can get the

coins

More Unique Bitcoin Scripts

● Freezing funds until a future date● Creating a mini proof-of-work puzzle that

anyone can solve● Incentivized finding of SHA1 hash collisions

○ Created in 2013, donation based○ Solved, reward claimed in February 2017 shortly

after SHA1 was broken○ A little over 2 bitcoin claimed

Ethereum and Smart Contracts

● Arguably the biggest smart contract platform● Turing-complete smart contract language:

Solidity● Opens up lots of different possibilities for

○ Applications○ Tokens (and how they operate)

● More complexity can be problematic

Where Smart Contracts go Wrong

● What problems can slip through with a more

complex smart contract?● The DAO attack

○ A bug in the code with huge consequences: hard

fork○ Creation of Ethereum Classic

● Updating a deployed contract can be…

complicated

Questions/Comments?

Security Aspects of Blockchain

Attacks against blockchain technologies

Additional Reading

Attacking Consensus

● Majority attacks○ Proof of Work○ Proof of Stake

● Compromised centralized “leader” in PBFT● Consensus delays● Selfish mining

○ Similar to majority attack○ Try to trick the network by maintaining a parallel

chain

Attacking the Network

● Traditional network attacks to mislead or

disable nodes● DDoS, DNS attacks, routing attacks● Spam transactions, slow/limited propagation● Limit availability

Questions/Comments?

Other Use Cases

Less cryptocurrency-centric applications of blockchain

Supply Chain

● A ledger of how supply changes ownership

throughout its lifecycle● BeefChain● Lettuce from Walmart● What issues are solved by blockchain?● How does this model differ from

cryptocurrencies?

Blockchain for IoT

● Improving security of IoT devices with a

blockchain platform● IoT device identity● IoT device and service permissions● Storage on an immutable ledger

IoT for Blockchain

● IoTa: Ledger technologies built for IoT● Attempting to make blockchain more efficient

to be able to run on IoT devices at scale● Consensus algorithms optimized for

hardware● Network architecture to accommodate for IoT

capabilities

Storage??

● Again, this is really just a database● However, it’s append only● What about use cases that require a lot of

record changes?● Does it scale?

○ Bitcoin: about 200 GB total○ Ethereum: about 200 GB total

Voting, Elections

Other Questions?

Conclusion

● Blockchain is cool● But needs to be used carefully● Design is critical● It really isn’t the answer for most problems

Thank you