UNDERSTANDING BLOCKCHAIN

Introduction – Priyabrata Dash

Summary

Blockchain Introduction

Basics to understand Blockchain■ Public Key Cryptography. Alice has a public key and private key. She can use her private

key to create a digital signature, and Bob can use Alice’s public key to verify that a signature is really from Alice’s private key, i.e., really from Alice. When you create an Ethereum or Bitcoin wallet the long ‘0xdf…5f’ address is a public key and the private key is stored somewhere. A Bitcoin wallet service like Coinbase stores your wallet’s complementary private key for you, or you can store it yourself. If you lose your private key for a wallet with real funds you’ll lose all your funds forever, so it’s good to back up your keys.

■ Peer-to-Peer Networking. Like BitTorrent, all Ethereum nodes are peers in a distributed network, there’s no centralized server.

■ [In the future, there’ll be hybrid semi-centralized services for Ethereum as a convenience to users and developers, more on that later.]

■ Smart Contracts.

Blockchain Overview

Whenever a transaction happens between A & B, an encrypted record of the transaction is sent out to all other nodes in the Blockchain network. The other nodes verify the transaction by performing complex cryptographic calculations on the data in the record, and notify one another each time a new “block” of transactions is confirmed as legitimate . When a majority of the nodes agree that a block passes muster, they all add it to the ledger and use the updated version as a cryptographic basis for encrypting and verifying future transactions.

What is in Block

Public vs Private Blockchain■ – Public blockchains (unpermissioned): a public blockchain is a blockchain that anyone in the world can

read, anyone in the world can send transactions to and expect to see them included if they are valid, and anyone in the world can participate in the consensus process – the process for determining what blocks get added to the chain and what the current state is. As a substitute for centralized or quasi-centralized trust, public blockchains are secured by cryptoeconomics – the combination of economic incentives and cryptographic verification using mechanisms such as proof of work or proof of stake, following a general principle that the degree to which someone can have an influence in the consensus process is proportional to the quantity of economic resources that they can bring to bear. These blockchains are generally considered to be “fully decentralized”.

■ – Consortium blockchains: a consortium blockchain is a blockchain where the consensus process is controlled by a pre-selected set of nodes; for example, one might imagine a consortium of 15 financial institutions, each of which operates a node and of which 10 must sign every block in order for the block to be valid. The right to read the blockchain may be public, or restricted to the participants, and there are also hybrid routes such as the root hashes of the blocks being public together with an API that allows members of the public to make a limited number of queries and get back cryptographic proofs of some parts of the blockchain state. These blockchains may be considered “partially decentralized”.

■ – Fully private blockchains (permissioned) : a fully private blockchain is a blockchain where write permissions are kept centralized to one organization. Read permissions may be public or restricted to an arbitrary extent. Likely applications include database management, auditing, etc internal to a single company, and so public readability may not be necessary in many cases at all, though in other cases public auditability is desired.

Blockchain stack

Bitcoin block structure

Private & Public keys

■ approach for a digital token. We create an obfuscated smart contract which contains a private key, and accepts instructions encrypted with the corresponding public key. The contract stores account balances in storage encrypted, and if the contract wants to read the storage it decrypts it internally, and if the contract wants to write to storage it encrypts the desired result before writing it. If someone wants to read a balance of their account, then they encode that request as a transaction, and simulate it on their own machine; the obfuscated smart contract code will check the signature on the transaction to see if that user is entitled to read the balance, and if they are entitled to read the balance it will return the decrypted balance; otherwise the code will return an error, and the user has no way of extracting the information.

Blockchain use cases

Bitcoin – Digitally Signed

Ethereum■ The project was crowdfunded during August 2014 by fans all around the world. It is developed by the

Ethereum Foundation, a Swiss nonprofit

■ Ethereum has at its core a way to apply arbitrary rules for : • Ownership • transaction formats and • state transition functions

taking both the state of a blockchain and a transaction for that chain, and then outputting a new state as its result. It does this by way of an internal scripting language that is aware of a system’s state while being Turing-complete, which means it can encode any computation that may be performed by the system.

■ The state is made of objects called accounts, which have a 20-byte address and state transitions that exist between accounts. Accounts have four fields: a nonce, so each transaction is processed only once; a balance of ether, or the internal numbers used to pay fees; a contract code that may be empty; and storage, which may also be empty.

■ There are two kinds of Ethereum accounts: externally owned and contract accounts. – Externally owned accounts are controlled by private keys and contain no code. Sending messages from an externally owned account is done by creating and signing a transaction. – Contract accounts are controlled by their contract code. Every time the contract account receives a message, its code activates, allowing it to read and write to internal storage, send other messages or create contracts in turn. – must be understood that contract here does not mean a legal arrangement: It is instead an agent inside the framework that executes code when it is stimulated by a message or transaction. It also has control over its own ether balance as well as other internal variables.

■ Code inside of contracts is written in Ethereum virtual machine (EVM) code, a series of bytes each representing an operation. It is much like assembly code in concept. Serpent is a higher-level language that compiles to EVM

■ The Ethereum Wallet is a gateway to decentralized applications on the Ethereum blockchain. It allows you to hold and secure ETHER and other crypto-assets built on Ethereum, as well as write, deploy and use smart contracts.

Blockchain/Ethereum key terms■ Blockchain. Like a global ledger or simple database of all transactions, the entire history of all transactions on the

network. ■ Ethereum Virtual Machine. So you can write more powerful programs than on top of Bitcoin. It refers to the

blockchain, what executes smart contracts, everything. ■ Node. Using this to mean you can run a node and through it read and write to the Ethereum blockchain, i.e., use the

Ethereum Virtual Machine. A full node has to download the entire blockchain. Light nodes are possible but in the works. ■ Miner. A node on the network that mines, i.e., works to process blocks on the blockchain. You can see a partial list of live

Ethereum miners here: stats.ethdev.com. ■ Proof of Work. Miners compete to do some math problem. The first one to solve the problem (the next block on the

Blockchain) wins a reward: some ether. Every node then updates to that new block. Every miner wants to win the next new block so are incentivized to keep up to date and have the one true blockchain everybody else has, so the network always achieves consensus. [Note: Ethereum is planning to move to a Proof of Stake system without miners eventually, but that’s beyond noob scope.]

■ – Ether. Or ETH for short. It’s a real digital currency you can buy and use! Here’s a chart from one of several exchanges for it. On July 21, 2016, 1 ETH is worth about 12$ in USD.

■ – Gas. Running and storing things on Ethereum costs small amounts of ether. Keeps things efficient. ■ – DApp. Decentralized App, what applications using smart contracts are called in the Ethereum community. The goal of a

DApp is (well, should be) to have a nice UI to your smart contracts plus any extra niceties like IPFS (a neat way to store and serve stuff in a decentralized network, not made by Ethereum but a kindred spirit). While DApps can be run from a central server if that server can talk to an Ethereum node, they can also be run locally on top of any Ethereum node peer. [Take a minute: unlike normal webapps, DApps may not be served from a server. They may use the blockchain to submit transactions and retrieve data (important data!) rather than a central database. Instead of a typical user login system, users may be represented by a wallet addresses and keep any user data local. Many things can be architected differently from the current web.]

Ethereum applications■ Ethereum has been used as a platform for decentralized applications, decentralized autonomous organizations and

smart contracts.The scope of applications include projects related to finance, the internet-of-things, identity management, farm to table produce, electricity sourcing and pricing, and sports betting.Decentralized autonomous organizations may enable a wide range of possible business models that were previously impossible or too costly to run.

■ Notable Ethereum applications include: – Augur decentralized, distributed prediction market software. – ConsenSys, a blockchain startup focused on Ethereum technology is developing both enterprise software and Dapps The DAO with the objective to "provide a new decentralized business model for organizing both commercial and non-profit enterprises".The DAO was funded with Ether. – Backfeed, socioeconomic platform – Ethcore, an Ethereum-based private venture focusing on light clients and Internet of Things (IoT). – FreeMyVunk, a gaming value platform. – The Rudimental, an equity crowdfunding portal for arts and media. – TransActive Grid – Slock.It, a system for building smart locks with Ethereum. – Etheropt, a decentralized options exchange. – Digix A value token, called DigixDAO has also been created and the token began trading on exchanges on 28 April 2016. – Ujo Music : Imogen Heap used the technology with her single "Tiny Human".

Ethereum enterprise adoption■ Ethereum is also being either tested or implemented by enterprise software

companies for various applications. – Deloitte and ConsenSys announced plans in 2016 to create a digital bank called Project ConsenSys. – R3 Project, which connects 11 banks to distributed ledger using a private Ethereum blockchain running on Microsoft Azure. – IBM ADEPT, an IoT system using Ethereum for smart contracts support. – Microsoft Visual Studio is making the Ethereum Solidity language available to application developers. – Ethereum Blockchain As a Service (EBaaS) on Microsoft Azure, which provides enterprise clients and developers with a cloud-based blockchain developer environment. – Innovate UK provided 248,000GBP in funding to Tramonex to develop cross border payments prototype using Ethereum.

Ethereum block structure

Smart ContractSmart contracts are computer protocols thatfacilitate, verify, or enforce the negotiation orperformance of a contract, or that make acontractual clause unnecessary.Smart contracts usually also have a user interfaceand often emulate the logic of contractual clauses.

Contract Creation Transaction with Ethereum??No Notification • Contract posted • Contract update

??No Subscribe • Potential users can Retrieve updates

HyperledgerLinux Foundation Project■ Feb 16, 2016 - IBM has open sourced a significant chunk of the

blockchain code it has been working on, putting its weight behind the Linux Foundation and its Hyperledger project.

■ Big Blue has dumped the Apache 2.0-licensed source on GitHub, providing a limited but functional dev environment to build on. The IT giant has pledged to maintain the code as others build on top of it, including big-name Hyperledger partners that include Intel, Fujitsu, Cisco, JP Morgan, Accenture and others.

■ Key elements in the code dump are a "consensus algorithm" which is vital for proper functioning of a decentralized system, and a contract template that helps people code agreements into the system in Java.

Hyperledger■ Hyperledger’s current goals are to combine three projects into practical blockchain

applications: ■ • Rippled, a public distributed ledger written in C++ that handles cross-currency

payments using order books ■ • IBM’s Open Blockchain, a low level fabric that implements smart contracts, digital

assets, record repositories, consensus oriented networks, and cryptographic security ■ • Digital Asset’s Hyperledger, which is a ready to deploy blockchain server with a

client API currently intended for use by financial services enterprises. It works by using an addition-only log of transactions that are designed to be replicated across multiple separate organizations all without a nexus of control. (The parent company, Digital Asset Holdings, lent the Hyperledger trademark name to the open source project as part of its contribution.)

Hyperledger Reference Architecture

Blockchain in OSI Stack

■ Blockchain is at the application Level

■ The underlying layers for communication remain the same – ex Telco network

Blockchain Challenges - Security Holes■ A blockchain-based smart contract is visible to all users of said blockchain. However, this

leads to a situation where bugs, including security holes, are visible to all but may not be able to be quickly fixed. Such an attack, difficult to fix quickly, was successfully executed on The DAO in June 2016, draining US$50 million in Ether while developers attempted to come to a solution that would gain consensus.

■ The DAO is a digital decentralized autonomous organization and a form of investor-directed venture capital fund created in May 2016.

■ There may be multiple security holes: • At the node or Dapp level : the code may be corrupted or hacked, spoofing etc • The private keys may be hacked, or corrupted preventing the user to access the blockchain • The miners may be corrupted or hacked too. The blockchain is supposed to be self-healing based but if >50% of the miners are attacked, the service may come down

Scalability & Performance

■ With millions/billions of nodes (IoT, money transfers etc), the blockchainneeds to be highly scalable■ Either processing & storage capacity of the miners■ Or number of miners■ Scalability of the databases storing the keys (public and private keys)■ Scalability of underlying networks to carry the traffic■ The latency between the node and the blockchain, and between the miners needs to be very low■ It would be good if the node was able to connect to the closest miner at a given time■ The node needs to be able to access the blockchain anytime anywhere:■ Connectivity requirement■ Availability of the blockchain itself in terms of capacity to process the request

Potential feature gaps

■ No Notification mechanism■ No Localization mechanism of the closest miner (latency issue)■ No Localization of the stored information (regulation issue)■ No subscribe mechanism■ No broadcast mechanism

Management

■ Management system to upload/update/configure the client devices app

■ Management of the different nodes, ?NFV Management for VM■ Management of the miners , configuration etc■ Management of the storage/databases, cleaning old records, old keys

never used etc??■ Backup■ Many ‘cloud management’ functions …

Future

Examples

Thank You