9. Sources of Trust
Yourself (super trustworthy!)
Mathematics and Science
Trustworthy because of logic, verified experiments
Organizations and People
Trustworthy because of what they have to lose (reputation)
Trustworthy because of trusted oversight (law, police)
Trustworthy because incentives are aligned
Trustworthy because of processes they follow
8
11. Public Ledger
10
Node A Node B Node C
M = transfer X to Bob SignKRA
[H(M)]
Bob wants to verify:
1. Alice hasnât already transferred X
2. The coin will be valuable for Bob
12. Public Ledger: Distributed Trust (?)
11
Node A Node B Node C
M = transfer X to Bob
Bob wants to verify:
1. Alice hasnât already transferred X
2. The coin will be valuable for Bob
tb
tb
tb tb
SignKRA
[H(M)]
13. 12
Node A Node B Node C
M = transfer X to Bob
Bob wants to verify:
1. Alice hasnât already transferred X
2. The coin will be valuable for Bob
tb
tb
tb tb
ok!
ok!
t
Transactions
1 tb (X->Bob)
Transactions
1 tb (X->Bob)
SignKRA
[H(M)]
14. 13
Node A Node B Node C
Bob wants to verify:
1. Alice hasnât already transferred X
2. The coin will be valuable for Bob
tb
tb
tb tb
ok!
ok!
t
Transactions
1 tb (X->Bob)
Transactions
1 tb (X->Bob)
15. 14
Node A Node B Node C
M = transfer X to Cathy
tc
tc
tc tc
BAD!
t
Transactions
1 tb (X->Bob)
Transactions
1 tb (X->Bob)
Transactions
1 tc (X->Cathy)
SignKRA
[H(M)]
17. Blockchain
16
Public ledger without fixed set of nodes â decentralized, distributed trust
Requires coalition with majority of computing power to collude to cheat
22. Idea: Proof-of-Work
Pricing Function: (f)
- moderately easy to compute
- cannot be amortized
computing f(m1),âŠ, f(ml) costs l times as
much as computing f(mi).
- easily verified: given x, y easy to check y = f(x)
21
23. Proposed Pricing Function
22
Extracting Square Roots
index: p
find x, y such that y2 = x mod p
Dwork and Naor proposed two other pricing
functions, designed to have âshortcutsâ (backdoors)
to allow administrators to compute them efficiently.
26. Interactive Hashcash
25
mail sender
mail recipientâs
server
Hello
Challenge: r
r ï§ random nonce
search for x such that
f(x) = r
Everyone agrees on one-way function f
(x, Mail)
27. Interactive Hashcash
26
mail sender
mail recipientâs
server
Hello
Challenge: r
r ï§ random nonce
search for x such that
f(x) = r
Everyone agrees on one-way function f
(x, Mail) Verify f(x) = r
28. Interactive Hashcash
27
mail sender
mail recipientâs
server
Hello
Challenge: r
r ï§ random nonce
search for x such that
f(x) = r
Everyone agrees on one-way function f
(x, Mail) Verify f(x) = r
Can we make this non-interactive?
30. Non-Interactive Hashcash
29
mail sender
mail recipientâs
server, s
Everyone agrees on one-way function f
How well would this work if f is SHA-256?
msg || x
Verify f(msg || x) = s
34. Variable-Difficulty f
33
Challenge: r, Difficulty: d
Find an x such that:
SHA-256(msg || x) < T/d T is some set âtargetâ.
If the difficulty doubles, how much more work is expected?