Download as pdf or txt
Download as pdf or txt
You are on page 1of 181

Introduction to Blockchain

Lecture 2: Bitcoin and Cryptocurrency

Ras Dwivedi

Indian Institute of Technology Kanpur

May 22, 2018

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 1 / 43

1 Recap

2 Hash Functions

3 Digital Signature

4 Cryptocurrency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 2 / 43


1 Recap

2 Hash Functions

3 Digital Signature

4 Cryptocurrency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 3 / 43


Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ −→ e × d = 1 mod φ

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ −→ e × d = 1 mod φ
Idea: me×d = me = m modulo n

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ −→ e × d = 1 mod φ
Idea: me×d = me = m modulo n
encryption: c = me mod n

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ −→ e × d = 1 mod φ
Idea: me×d = me = m modulo n
encryption: c = me mod n
decryption: p = c d mod n

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43


proposed by Rivest,Shamir,Adleman
choose two large distinct prime number p, q
calculate n = pq
calculate φ = lcm(p − 1, q − 1)
choose e such that gcd(e, φ) = 1
calculate d such that d = e −1 modφ −→ e × d = 1 mod φ
Idea: me×d = me = m modulo n
encryption: c = me mod n
decryption: p = c d mod n

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 4 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work
for document m Alice uses s = md as her digital signature. To verify,
verifier calculates s e and if m = s e mod n, signature is genuine

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work
for document m Alice uses s = md as her digital signature. To verify,
verifier calculates s e and if m = s e mod n, signature is genuine
d is called Alice’s secret key and e is called Alice’s Public key

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work
for document m Alice uses s = md as her digital signature. To verify,
verifier calculates s e and if m = s e mod n, signature is genuine
d is called Alice’s secret key and e is called Alice’s Public key

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 5 / 43

Is the Scheme secure?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?


Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.
Problem: forging given m1 , m2 as two document, and s1 , s2 as their
digital signature, one can find the valid signature of m1 .m2 as s1 .s2

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.
Problem: forging given m1 , m2 as two document, and s1 , s2 as their
digital signature, one can find the valid signature of m1 .m2 as s1 .s2
Also the length of the signature is proportional to the size of the

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.
Problem: forging given m1 , m2 as two document, and s1 , s2 as their
digital signature, one can find the valid signature of m1 .m2 as s1 .s2
Also the length of the signature is proportional to the size of the

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

Is the Scheme secure?

given (n, e) private key of Alice cannot be calculated
given document m, s = md could not be guessed.
Problem: forging given m1 , m2 as two document, and s1 , s2 as their
digital signature, one can find the valid signature of m1 .m2 as s1 .s2
Also the length of the signature is proportional to the size of the
What could we do now?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 6 / 43

SHA: Secure Hash Functions

An Ideal Hash function is one which has following properties

given f (x ) it is impossible to guess x

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43

SHA: Secure Hash Functions

An Ideal Hash function is one which has following properties

given f (x ) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1 ) = f (x2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43

SHA: Secure Hash Functions

An Ideal Hash function is one which has following properties

given f (x ) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1 ) = f (x2 )
it is impossible to find x1 , x2 , such that x1 6= x2 and f (x1 ) = f (x2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 7 / 43

Merkle Demgrad Construction

Need of Padding message m?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)
if |m1 | = |m2 | then |PAD(m1 )| = |PAD(m2 )|

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)
if |m1 | = |m2 | then |PAD(m1 )| = |PAD(m2 )|
if |m1 | =
6 |m2 | then the last block of PAD(m1 ) 6= PAD(m2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43

Merkle Demgrad Construction

Need of Padding message m?

m is prefix of PAD(m)
if |m1 | = |m2 | then |PAD(m1 )| = |PAD(m2 )|
if |m1 | =
6 |m2 | then the last block of PAD(m1 ) 6= PAD(m2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 8 / 43
Hash Functions


1 Recap

2 Hash Functions

3 Digital Signature

4 Cryptocurrency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 9 / 43
Hash Functions

Hash Function:

Figure: Hash Function

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 10 / 43
Hash Functions

Document integrity

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions

Document integrity

If I have a document ”m” and I publish its hash ”H(m)”

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions

Document integrity

If I have a document ”m” and I publish its hash ”H(m)”

Can I change document later?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions

Document integrity

If I have a document ”m” and I publish its hash ”H(m)”

Can I change document later?
Can I have two document with same Hash?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions

Document integrity

If I have a document ”m” and I publish its hash ”H(m)”

Can I change document later?
Can I have two document with same Hash?
Can I verify a document with incorrect Hash

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Hash Functions

Document integrity

If I have a document ”m” and I publish its hash ”H(m)”

Can I change document later?
Can I have two document with same Hash?
Can I verify a document with incorrect Hash

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 11 / 43
Digital Signature


1 Recap

2 Hash Functions

3 Digital Signature

4 Cryptocurrency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 12 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work
for document m Alice uses s = md as her digital signature. To verify,
verifier calculates s e and ifm = s e mod n, signature is genuine

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital signature Attempt 1

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
simple pasting a copy of signature do not work
for document m Alice uses s = md as her digital signature. To verify,
verifier calculates s e and ifm = s e mod n, signature is genuine
d problem: given s(m1 ) and s(m2 ) one could calculate s(m1 .m2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 13 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)
for document m Alice uses s = hd as her digital signature.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)
for document m Alice uses s = hd as her digital signature.
To verify, verifier calculates s e and ifH(m) = s e mod n, signature is

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature

Digital Signature: Another try

AIM: Convince everybody that Alice have signed the document

nobody should be able to forge the document
IDEA: publish hash of document m as h = H(m)
for document m Alice uses s = hd as her digital signature.
To verify, verifier calculates s e and ifH(m) = s e mod n, signature is
d given s(m1 ) and s(m2 ) one can not calculate s(m1 .m2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 14 / 43
Digital Signature


Symmetric vs asymmetric encryption system

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature


Symmetric vs asymmetric encryption system


Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature


Symmetric vs asymmetric encryption system

SHA as tool for data integrity

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature


Symmetric vs asymmetric encryption system

SHA as tool for data integrity
Digital signature

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43
Digital Signature


Symmetric vs asymmetric encryption system

SHA as tool for data integrity
Digital signature

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 15 / 43


1 Recap

2 Hash Functions

3 Digital Signature

4 Cryptocurrency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 16 / 43


Figure: Barter Trade

Problem: Meet of Demand

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 17 / 43

how to Meet Demand

Medium of Exchange

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 18 / 43

how to Meet Demand

Medium of Exchange

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 18 / 43

Meet of Demand

Figure: Coins

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43

Meet of Demand

Figure: Coins

Confidence of metal inside

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43

Meet of Demand

Figure: Coins

Confidence of metal inside

Problem: Difficult to carry
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 19 / 43

Solution: Paper note

Figure: paper note

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 20 / 43

Solution: Paper note

Figure: paper note

problem: Paper alone do not have value

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 20 / 43

What gives currency power?

Backed by RBI

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43

What gives currency power?

Backed by RBI
RBI controls the flow

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43

What gives currency power?

Backed by RBI
RBI controls the flow
strong regulation against counterfeiting

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43

What gives currency power?

Backed by RBI
RBI controls the flow
strong regulation against counterfeiting

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 21 / 43

Digital currency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 22 / 43

Digital currency

Figure: PoS machine

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 22 / 43

Digital currency

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

problem: Double spending

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

problem: Double spending

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

problem: Double spending
solution:Central server to record all the transaction

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

problem: Double spending
solution:Central server to record all the transaction
Enter Banks: act as centralized server

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

Digital currency

Backed by Central Bank to give legitimacy

problem: Double spending
solution:Central server to record all the transaction
Enter Banks: act as centralized server

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 23 / 43

2008 Recession

Figure: Caption
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 24 / 43

Cryptocurrency: The Begining

problem: cannot trust bank

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43

Cryptocurrency: The Begining

problem: cannot trust bank and their ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43

Cryptocurrency: The Begining

problem: cannot trust bank and their ledger
solution: Make decentralized ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 25 / 43

Cryptocurrency: The Begining

problem: cannot trust bank and their ledger
solution: Make decentralized and permissionless ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 26 / 43

Problem solved?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43

Problem solved?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43

Problem solved?
It just exploded.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 27 / 43

Problem 1: Identity

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Problem 1: Identity

bank used to do the verification and assign an identity to the account


Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Problem 1: Identity

bank used to do the verification and assign an identity to the account

for India KYC norms

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Problem 1: Identity

bank used to do the verification and assign an identity to the account

for India KYC norms
Who would do identity management here?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Problem 1: Identity

bank used to do the verification and assign an identity to the account

for India KYC norms
Who would do identity management here?
Think RSA !!

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Problem 1: Identity

bank used to do the verification and assign an identity to the account

for India KYC norms
Who would do identity management here?
Think RSA !!

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 28 / 43

Identity: RSA a quick look

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it
Idea: What if I make Public key as Identity

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it
Idea: What if I make Public key as Identity
nobody would know my real identity,

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it
Idea: What if I make Public key as Identity
nobody would know my real identity,but does that really matters?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Identity: RSA a quick look

Public key: Known to all

Secret key: known to none
Anybody can use my public key to encrypt the text and only I can
decrypt it
Idea: What if I make Public key as Identity
nobody would know my real identity,but does that really matters?
Anonymity comes for free

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 29 / 43

Problem 2: Authorization

How does Banks do it?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43

Problem 2: Authorization

How does Banks do it?

They provide you with some secret key like: Password, PIN, OTP, which
you can use to verify your identity

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43

Problem 2: Authorization

How does Banks do it?

They provide you with some secret key like: Password, PIN, OTP, which
you can use to verify your identity
problem: No trusted Banks

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43

Problem 2: Authorization

How does Banks do it?

They provide you with some secret key like: Password, PIN, OTP, which
you can use to verify your identity
problem: No trusted Banks
Solution: use Digital signature with secret key of RSA

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43

Problem 2: Authorization

How does Banks do it?

They provide you with some secret key like: Password, PIN, OTP, which
you can use to verify your identity
problem: No trusted Banks
Solution: use Digital signature with secret key of RSA :)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 30 / 43

Problem 3: How to know your balance?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every account

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every account
what could we do?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every account
what could we do? Maintain a ledger over distributed nodes

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every account
what could we do? Maintain a ledger over distributed nodes
Problem solved?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to know your balance?

How does Banks do it?

They maintain each and every account and every transaction.
Basically a ledger and a ledger for each and every account
what could we do? Maintain a ledger over distributed nodes
Problem solved? No!

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 31 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it
Problem: how do you know that node is trustworthy?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it
Problem: how do you know that node is trustworthy?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it
Problem: how do you know that node is trustworthy?
Solution: verify it by majority

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 1
allow any node to write it
Problem: how do you know that node is trustworthy?
Solution: verify it by majority
cost for not trusting central bank

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 32 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority
Problem:Sybil Attack

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority
Problem:Sybil Attack
Sybil attack: Where one node have more than one identities

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority
Problem:Sybil Attack
Sybil attack: Where one node have more than one identities

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority
Problem:Sybil Attack
Sybil attack: Where one node have more than one identities
Solution: Ask them to show proof of some limited resources

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Problem 3: How to update ledger

Solution 2
allow any node to write it and verify it by majority
Problem:Sybil Attack
Sybil attack: Where one node have more than one identities
Solution: Ask them to show proof of some limited resources
What are the resources available?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 33 / 43

Proof of Work

Limited Resource is your computation power.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We have seen one such problem before.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We have seen one such problem before.

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We have seen one such problem before.
problem: how would you find such difficult problems again and again

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 34 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We know hash is uniformly distributed

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We know hash is uniformly distributed
Ask them to find a hash of number, such that it has certain number
of leading zeros

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We know hash is uniformly distributed
Ask them to find a hash of number, such that it has certain number
of leading zeros
Advantage: you can control the difficulty level of the problem

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43

Proof of Work

Limited Resource is your computation power. you cannot fake it :)

How to implement it?
Ask them to solve some very difficult problems
What could be a difficult problem ?
We know hash is uniformly distributed
Ask them to find a hash of number, such that it has certain number
of leading zeros
Advantage: you can control the difficulty level of the problem

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 35 / 43

SHA: Secure Hash Functions

An Ideal Hash function f (x ) : {0, 1}m → {0, 1}n is one which has
following properties
given f (x ) it is impossible to guess x

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43

SHA: Secure Hash Functions

An Ideal Hash function f (x ) : {0, 1}m → {0, 1}n is one which has
following properties
given f (x ) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1 ) = f (x2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43

SHA: Secure Hash Functions

An Ideal Hash function f (x ) : {0, 1}m → {0, 1}n is one which has
following properties
given f (x ) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1 ) = f (x2 )
it is impossible to find x1 , x2 , such that x1 6= x2 and f (x1 ) = f (x2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43

SHA: Secure Hash Functions

An Ideal Hash function f (x ) : {0, 1}m → {0, 1}n is one which has
following properties
given f (x ) it is impossible to guess x
given x1 its is impossible to find x2 such that f (x1 ) = f (x2 )
it is impossible to find x1 , x2 , such that x1 6= x2 and f (x1 ) = f (x2 )

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 36 / 43

Problem 3: update the ledger

Ask every node to collect the transactions

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number
such that hash of the block has certain leading zeros

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number
such that hash of the block has certain leading zeros
then the successful node propagates the block to every other node,
and they too verify it

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number
such that hash of the block has certain leading zeros
then the successful node propagates the block to every other node,
and they too verify it
Gossip Protocol

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number
such that hash of the block has certain leading zeros
then the successful node propagates the block to every other node,
and they too verify it
Gossip Protocol
once verified they add it to their ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Problem 3: update the ledger

Ask every node to collect the transactions verify them

consolidate them into a block and then guess a random number
such that hash of the block has certain leading zeros
then the successful node propagates the block to every other node,
and they too verify it
Gossip Protocol
once verified they add it to their ledger

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 37 / 43

Merkel tree

Figure: Merkle Tree

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 38 / 43

Problem 3: update the ledger

What if two node are successful?

accept the one which has better solution

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43

Problem 3: update the ledger

What if two node are successful?

accept the one which has better solution
Problem solved?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43

Problem 3: update the ledger

What if two node are successful?

accept the one which has better solution
Problem solved? No!

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 39 / 43

Problem 4: how to know your balance

Assume that there is a public ledger

It is not practical to maintain each and every account

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43

Problem 4: how to know your balance

Assume that there is a public ledger

It is not practical to maintain each and every account
Solution: modify transaction recording to get the balance

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43

Problem 4: how to know your balance

Assume that there is a public ledger

It is not practical to maintain each and every account
Solution: modify transaction recording to get the balance
Suppose: A have to give B Rs. x . Initial balance of A was a and B
was b
we record transaction as

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43

Problem 4: how to know your balance

Assume that there is a public ledger

It is not practical to maintain each and every account
Solution: modify transaction recording to get the balance
Suppose: A have to give B Rs. x . Initial balance of A was a and B
was b
we record transaction as A → B Rs x
A → A Rs a − x

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43

Problem 4: how to know your balance

Assume that there is a public ledger

It is not practical to maintain each and every account
Solution: modify transaction recording to get the balance
Suppose: A have to give B Rs. x . Initial balance of A was a and B
was b
we record transaction as A → B Rs x
A → A Rs a − x
Gain: you once you get to this transaction, you would never need to
see previous transactions to get balance of A

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 40 / 43

Problem 5: Double spending

Figure: Double Spending

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 41 / 43

Double spending

We have created blocks and verified them

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43

Double spending

We have created blocks and verified them

integrity of each block is ensured

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43

Double spending

We have created blocks and verified them

integrity of each block is ensured
we need to have integrity of all the block

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43

Double spending

We have created blocks and verified them

integrity of each block is ensured
we need to have integrity of all the block

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 42 / 43

A Chain of blocks

Figure: A chain of block

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43

A Chain of blocks

Figure: A chain of block

Problem: How to organize them?

Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43

A Chain of blocks

Figure: A chain of block

Problem: How to organize them?

Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43

A Chain of blocks

Figure: A chain of block

Problem: How to organize them?

Solution: Include hash of previous block
Ras Dwivedi (Indian Institute of Technology Kanpur) Introduction to Blockchain May 22, 2018 43 / 43

You might also like