3. Table of
Contents Concepts
Bits & Bytes, Hashing, Encryption, Signatures, DLT,...
Blockchain use cases
Cryptocurrency Bitcoin, Smart Contracts Ethereum
Your own blockchain
When to use and when not to use, recipes for the future
5. Before we start, I want to say:
01000111 01101111 01101111 01100100 00100000
01100101 01110110 01100101 01101110 01101001
01101110 01100111 00100001
Bay Bridge, San Francisco Bay Area
7. In hexadecimals:
47 6F 6F 64 20 65 76 65 6E 69 6E 67 21
Or, in a more human version:
G o o d e v e n i n g !
San Francisco Bay
8. All information is transmitted,
received, and stored as a
sequence of zeros and ones
8 bits = 1 byte (today!)
Initially: 1 byte = 6 bits
ASCII: 7 bits needed
IBM System/360: 8 bits
Computers use
binary code
0 1 1 0 0 0 0 1
Bits:
Byte
(Octet)
9. Encoding
examples
ASCII:
American Standard
Code for Information
Interchange
UTF-16:
16-bit Unicode
Transformation Format
B
66
0100 0010
42
r
114
0111 0010
72
u
117
0111 0101
75
n
110
0110 1110
6E
o
111
0110 1111
6F
ASCII:
브
10111110 00001100
BE 0C
루
10111000 11101000
B8 E8
노
10110001 01111000
B1 78
UTF-16:
12. Compression
Reduce the size in
bytes without loss
of information
▪ Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
eiusmod tempor incididunt ut labore et dolore magna aliqua.
Facilisi morbi tempus iaculis urna id volutpat. Cras tincidunt
lobortis feugiat vivamus at augue eget arcu dictum. Ac feugiat
sed lectus vestibulum mattis. Hac habitasse platea dictumst
quisque.
- 318 bytes
▪ eNo9kFtOxUAMQ7fiBaDuASEhPthEOhOKpXm0k6TrJ/eC+IsS
+1jO51zawdOio842F4wO6eovKHOYFlePBak8aYXjgDbm0bS
mAcqwPitc+5lmjsLKGsMRjiZ74qH+i1Z0OYZAGq+QDe9S2G
hEn2vnExEGSoncIlZKWXHPFn6Kb3hbYvBnxCOgzaR7Kr80D
orj5i09CTlKHJHBR0bLKoHK4tE3vJZ/9aNAy3ppuNWce7T8Q
RdP5IYPKfiWnS5mirOJq/xRzHEF7QrdfgBikHXp
- 276 bytes, using LZW compression
- Other compression algorithms: gzip, bzip2,…
14. Hashing
Creating a
“message digest”
A Cryptographic Hash function is a mathematical transformation algorithm
that takes an input of arbitrary length (“message”) and returns a fixed-size
byte sequence (the “message digest” or “hash”).
Example:
▪ Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Facilisi morbi tempus
iaculis urna id volutpat. Cras tincidunt lobortis feugiat vivamus at augue
eget arcu dictum. Ac feugiat sed lectus vestibulum mattis. Hac habitasse
platea dictumst quisque.
- 318 bytes
▪ SHA-1, 160-bit (or 20 bytes):
cc1b6a165b20e5d31f6ccac8eaff0bf64b95bffb
▪ SHA-256, 256-bit (or 32 bytes):
a2ef46f63e8d8e093e1a263206692a973d332826a33e11270f37708c8c47faed
15. Use cases
not limited to
cryptographic
hash functions
▪ Digital signatures
▪ Integrity check
▪ Random ID
▪ Session Cookies
▪ Hash tables
▪ Caching
▪ Passwords
▪ InterPlanetary File System (IPFS)
▪ …
▪ Blockchain!
16. Integrity check
“fingerprint” of
digital content
▪ Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Facilisi morbi tempus
iaculis urna id volutpat. Cras tincidunt lobortis feugiat vivamus at augue
eget arcu dictum. Ac feugiat sed lectus vestibulum mattis. Hac habitasse
platea dictumst quisque.
▪ SHA-1, 160-bit (or 20 bytes):
cc1b6a165b20e5d31f6ccac8eaff0bf64b95bffb
▪ Lorem ipsum dolor sit amet. consectetur adipiscing elit. sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Facilisi morbi tempus
iaculis urna id volutpat. Cras tincidunt lobortis feugiat vivamus at augue
eget arcu dictum. Ac feugiat sed lectus vestibulum mattis. Hac habitasse
platea dictumst quisque.
▪ SHA-1, 160-bit (or 20 bytes):
04085fd6c91aa3f4a83ac4ee7d4eaf211acc0266
17. Confidential
Document
(e.g. proof of funds)
Generate Hash
AF1B4C...D34E
Secure
Server or
Website
Retrieve Hash
AF1B4C...D34E
Compare!
Use case: integrity check
18. Requirements ▪ Deterministic: The same message always results in the same
digest
▪ Irreversible: The output doesn’t contain any info about the
input. E.g. Belgian National Number contains birth date and
last digit indicates the gender should be a hash!
▪ Collision resistant: It should be extremely difficult to find two
inputs resulting in the same digest. Although it’s
mathematically possible; e.g. with MD5 you “only” have
340,282,366,920,938,463,463,374,607,431,768,211,456
posible hash values (128 bit means 2128 combinations).
▪ Computationally efficient: It shouldn’t take a long time to
compute the hash.
▪ Random output: It should be unpredictable, as if someone
rolled dice. E.g. it should be very unlikely to get a hash like
0000000000000000000000000012345678abcdef
19. Types ▪ MD 5: Ron Rivest (broken)
▪ SHA: Secure Hashing Algorithm
- SHA-1: NSA (broken: see https://shattered.io )
- SHA-2: NSA / NIST
- SHA-3: Keccak (made in Belgium!)
▪ RIPEMD: KULeuven
▪ …
These algorithms “age”:
▪ Flaws are discovered, e.g. SHA-1 deprecated by NIST in 2011
▪ Computer power increases (brute force attacks)
24. ▪ Rot13: move 13 letters down the alphabet
▪ Good Evening!
▪ 7 8 26 15 1 17 9 9 21 5 19!
▪ Good Evening!
▪ Tbbq Riravat!
▪ Ghzo Aqiiues!
It’s easy if you
have the key!
1. A
2. B
3. C
4. D
5. E
6. F
7. G
8. H
9. I
10. J
11. K
12. L
13. M
14. N
15. O
16. P
17. Q
18. R
19. S
20. T
21. U
22. V
23. W
24. X
25. Y
26. Z
26. Asymmetric
Encryption
Keys come in pairs: one public key and one private key.
What one key encrypts, only the other key can decrypt!
Encryption:
Signing:
27. Encryption
Bob sends public key
to Alice
Alice encrypts
message with
public key Bob
Bob receives
encrypted
message
Bob decrypts
message with
private key
👦👩
🔑 🔑🔑
🔑 🔑
28. Some
“name dropping”
Some types are better
for encryptions, others
are better for signing.
▪ Public Key Cryptography Standards
- PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman)
- PKCS#7: Cryptographic Message Standard (CMS)
- PKCS#11: Cryptographic Token Interface
- PKCS#12: Personal Information Exchange Syntax Standard
- PKCS#13: Elliptic Curve Cryptography Standard (ECDSA)
▪ National Institute of Standards and Technology (NIST)
- AES: Advanced Encryption Standard (aka Rijndael)
- Vincent Rijmen – Joan Daemen (Belgium!)
▪ Federal Information Processing Standards (FIPS)
- DSA: Digital Signature Algorithm (DSA)
▪ European Telecommunications Standards Institute (ETSI)
- CMS Advanced Electronic Signatures (CAdES)
The size of the encrypted message depends on the size of the
original message, the type of encryption, and the key length.
32. How it’s
done in PDF
• There are no bytes in the
PDF that aren’t covered,
other than the PDF
signature itself.
• The digital signature isn’t
part of the ByteRange.
• The concept “to initial a
document” doesn’t exist;
you sign the complete
document at once, not on
a page per page basis.
37. “
Distributed Ledger Technology refers to a system to record
and share data across multiple data stores (ledgers), which
each have the exact same data records and are collectively
maintained and controlled by a distributed network of
computer servers, which are called nodes.
41. Distributed
Ledger
Technology
DLT is a type of distributed database technology with the
following characteristics:
▪ The records can be replicated over different nodes in a network
(decentralized environment),
▪ New records can be added by each node, upon consensus reached by
other nodes (ranging from one specific authoritative node to potentially
every node),
▪ Existing records can be validated for integrity, authenticity, and non-
repudiation,
▪ Existing records can’t be removed, nor can their order be changed,
▪ The different nodes can act as independent participants that don’t
necessarily need to trust each other.
Combined, these characteristics make DLT a great way to keep a
ledger of records in a trustless environment.
47. Blockchain
types
▪ Permissionless versus permissioned:
- Permissionless: no authorization or authentication needed
- Permissioned: nodes must have a member identity; authorization
and authentication is needed
▪ Public versus private:
- Public: any node can join to read blocks and records, append
records, and participate in the consensus mechanism
- Private: only nodes that have been granted authority have that
access
▪ Centralized, decentralized, distributed ledger control:
- Centralized: one central server decides on the validation of a new
block of records
- Decentralized: a central authority delegates the validation of new
blocks to a limited number of blocks
- Distributed: all the nodes work together using a consensus
mechanism
53. How to reach
consensus?
▪ Proof of Work (PoW):
- Example: Bitcoin
▪ Proof of Stake (PoS):
- Example: Ethereum’s Casper
the Friendly Finality Gadget
(FFG)
54. Things you read about in the news
papers
1. Bitcoin
• Proof of Work: mining
• Advantages
• Disadvantages
2. Ethereum
• Distributed Computing platform
• Smart contracts
• Proof of Stake
Part 2:
Blockchain use cases
56. Bitcoin
Cryptocurrency
👦👩 50 BTC
Carol 10 BTC Alice
David 30 BTC Alice
Erin 20 BTC Alice
🔑 B 50 BTC
🔑 A 9 BTC
Sign hash with🔑A
1 BTC for the Miner
who succeeds in solving the PoW puzzle
and ensures Alice doesn’t spend a BTC twice
Similar to lines in a ledger
A has 60 BTC to spend
🔑A🔑 🔑B🔑
wallet wallet
58. Bitcoin
Mining
Solving the puzzle
in 10 minutes
together!
T1 T2 T3 T4 T5 T6 T7 TM
hash hash hash hash
hash hash
hash
👤 miner Mike
“Merkle Tree” proof
00000a5f4c8687d78ef…68b
40 leading bits must be zero: difficult!
240 attempts needed on average (~1 trillion)
Testing proof is very easy
Miner gets reward:
• Sum of fees
• Newly created coin
60. Bitcoin
creation
▪ The system looks at the time to generate 2016 blocks:
- If > 2 weeks: proof of work is made easier
- If < 2 weeks: proof of work is made more difficult
- 6 (1 hour) x 24 (1 day) x 14 (2 weeks): 2016
▪ Miners get a reward if they succeed in solving the puzzle
- Reward decreases over time
- Cut in half every 210,000 blocks
- About every 4 year (208 weeks)
- Upper limit 21,000,000 BTC
https://www.investopedia.com/tech/how-does-bitcoin-mining-work/
- Fractional coins exist: 0,00000001 BTC = 1 Satoshi (named after
Satoshi Nakamoto)
61. On December 8, 2017, already16.7 million Bitcoins were created
About 30% of those may be lost forever (hard drive crashes, misplaced private keys,…)
https://coincentral.com/how-many-bitcoins-are-left/
62. Have you heard of… Owns… Expext to own…
Cryptocurrencyhttps://think.ing.com/uploads/reports/ING_International_Survey_Mobile_Banking_2018.pdf
Sample size: 14,828
15 countries
minimum 1000 respondents / country (except Luxemburg)
63. How risky is owning one of the following asses, compared to cryptocurreny?
https://think.ing.com/uploads/reports/ING_International_Survey_Mobile_Banking_2018.pdf
64. Advantages
(some of which
can also lead to
disadvantages)
▪ Not controlled by any central authority (e.g. a bank, country,…)
- Easy to make international payments,
- The protocol can’t be manipulated by any person,
organization, or government.
- Not dependent on the political situation of a country,…
(but other factors may influence the value of 1 BTC),
▪ The information is transparent
- Everyone can see and verify all the transactions anytime,
but only your public address is known, no personal info
is visible, unless…
▪ Lower fees because there’s no “man in the middle”
- In practice, there are BTC Exchange companies handling
bitcoin transactions, e.g. Mt. Gox (Tokyo): RIP 2014 after
announcing that 850,000 BTC ($450M) went missing.
67. https://digiconomist.net/bitcoin-energy-consumption
Bitcoin energy consumption
Bitcoin network versus VISA network average consumption
But aren’t we comparing
apples with oranges?
Bitcoin estimated to use 0.5% of the world’s
electric energy by the end of 2018…
and could someday consume 5% of the
world's electricity
The high cost of Proof of
Work created new and
original exploits, such as
malware that uses your
computer’s resources to
mine bitcoins for
hackers.
68. Disadvantages ▪ Exposure to fraud and scams
- BTC Exchanges can be hacked,
- Wallets can be lost (keys physically lost, keys stolen,…),
▪ No central authority is also a disadvantage
- Use in black markets damages reputation,
- No one can avoid “dump & pump”,
- There is no buyer protection (e.g. credit card),
▪ Technical limits
- Original bitcoin is slow
- Proof of Work requires a lot of energy
- May contain unexploited flaws
- If you have 51% of the resources, you can corrupt the system
- Could happen once miners stop mining if the reward drops
▪ High price volatility
- Result of “dump & pump”; scandals (e.g. Mt. Gox)
- many competing coins emerge; which one will “win”?
- Everyone goes ICO, but who will deliver?
70. “
Ethereum is an open-source, public, blockchain-based distributed computing
platform and operating system featuring smart contract (scripting) functionality.
Ether (ETH) is a cryptocurrency whose blockchain is generated by the Ethereum
platform. Ether can be transferred between accounts and used to compensate
participant mining nodes for computations performed.
71. Ethereum
Virtual
Machine
▪ The Ethereum Virtual Machine (EVM) is the runtime environment for
smart contracts in Ethereum. Every Ethereum node in the network runs
an EVM implementation and executes the same instructions.
- Distributed Computing Platform
- On February 1, 2018, there were 27,500 nodes in the main
Ethereum network.
▪ Smart contracts: computer code that is executed on a distributed ledger
- Smart contracts are high-level programming abstractions that are
compiled down to EVM bytecode and deployed to the Ethereum
blockchain for execution.
- Ethereum's smart contracts are based on different computer
languages, which developers use to program their own
functionalities.
72. Predefined
Contract
• All counterparties agree on the terms (e.g. terms & conditions for a sale)
• Known conditions for execution (e.g. 10% down-payment; full payment upon delivery)
• Expressed in source code stored in the blockchain
Events
• An event triggers contract execution
• An event can refer to:
• The initiation of a transaction (e.g. a down-payment)
• Information that is received (e.g. a parcel has been delivered)
Execute
• Terms of contract dictate movement of value based on conditions met
• E.g. a down-payment: a parcel is sent in the real world
• E.g. a parcel is received: the payment is processed
Settlement
• On-chain assets: e.g. cryptocurrency (for instance “paid with Bitcoin”)
• Off-chain assets: e.g. the parcel (for instance “a work of art”)
• The value bearing item resides outside (“off”) the blockchain; It has a digital counterpart in the blockchain (e.g. identified using an RFID tag)
• Lifecycle events of the item are mirrored in the blockchain: the blockchain contains the “rights” (e.g. owner’s claim to a work of art)
Smart contract: example
73. Coming soon:
Proof of Stake
Casper the Friendly
Finality Gadget (FFG)
(released on Github
for review)
▪ Proof of Work: all miners work on a difficult puzzle
▪ Proof of Stake: the creator of the next block is chosen based
on a criterium, e.g. the number of coin a miner owns.
- miners are limited to mining a percentage of
transactions that is reflective of their ownership stake.
- For instance: a miner who owns 3% of the coin available
can theoretically mine only 3% of the blocks.
- You’d need 51% of all coin to corrupt the system
- In the unlikely event you accumulate 51% of all coin, it’s
not in your interest to make the system fail.
▪ Ethereum plans to move from PoW to PoS
- Casper is a partial consensus mechanism combining
proof of stake algorithm research and Byzantine fault
tolerant consensus theory.
74. When, What to choose, Why
1. Do you need blockchain?
2. Which implementation?
• MultiChain
• Hyperledger project
3. Examples
• T-Mining
• iText
• …
Part 3:
Your own blockchain
75. Do you need
Blockchain?
10 questions to
decide whether
blockchain is the
technology you
need
1. Is it OK if the data is shared over all nodes? If not: NO BLOCKCHAIN
2. Is it OK if multiple identities can write? If not: NO BLOCKCHAIN
3. Is everyone known and trusted? If so: NO BLOCKCHAIN
4. Is having a central server necessary? If so: NO BLOCKCHAIN
5. Do you need to modify or erase data? If so: NO BLOCKCHAIN
6. Is performance critical? If so: MAYBE BLOCKCHAIN
7. Is data storage is going to be large? If so: MAYBE BLOCKCHAIN
8. Compliance with legal standards needed? If so: MAYBE BLOCKCHAIN
9. Are new participants free to enter?
If so, 10. Can all participants validate?
If so: PUBLIC PERMISSIONLESS BLOCKCHAIN
If not: PUBLIC PERMISSIONED BLOCKCHAIN
If not, 10. Can all participants validate?
Is so: PRIVATE PERMISSIONLESS BLOCKCHAIN
If not: PRIVATE PERMISSIONED BLOCKCHAIN
76. ▪ MultiChain by Coin Sciences Ltd.
- For private blockchains
▪ Hyperledger project started by the Linux Foundation
- Open source blockchains and tools: https://www.hyperledger.org/
- E.g. Hyperledger Fabric, contributed by IBM
80. How to make
this an
opportunity?
▪ Known flaws of data served to apps:
- Reliability: was the data presented correctly?
- Immutability: what if the data in the database changes?
- Security: who has access to the data?
▪ Known flaws of PDF
- Digital signatures are a pain
- Signatures need to be applied sequentially
- Certificate Authority (CA), Timestamp Authority (TSA) needed
- Not all viewers support signatures (Preview, mobile viewers)
- "Dark Data": it's difficult to unlock data from a PDF
- We can solve this with tools
- We're also working on "Next-Generation PDF"
▪ Enter blockchain: “A distributed database that serves
as an irreversible and incorruptible repository for
permanent records”
81. Storing the
signature in
the blockchain
Digital signatures in PDF Digital signatures in Blockchain
%PDF-1.5
…
/ID[<8AA01A08CDAAF3F46E6E121898C8FEE7
>
<EB4BDC9DA9206749952E4B89613D4658>
...
2 0 obj
<<… /Type/Sig /Contents<
> … >>
…
xref
0 81
0000000000 65535 f
…
trailer
<< … >>
startxref
15787
%EOF
DIGITAL SIGNATURE
PDFDocument
%PDF-1.5
…
/ID[
<8AA01A08CDAAF3F46E6E121898C8FEE7>
<EB4BDC9DA9206749952E4B89613D4658>
...
URI: my.blockchain.com
...
xref
0 81
0000000000 65535 f
…
trailer
<< … >>
startxref
15787
%EOF
Id:
<8AA01A08CDAAF3F46E6E121898C8FEE7>
<EB4BDC9DA9206749952E4B89613D4658>
Value: DIGITAL SIGNATURE
Metadata: URI, status
PDFDocumentBlockchain
82. Information
stored in the
blockchain
Document ID: [<ABCDEF>, <ABCDEF>]
Timestamp
Signed Document hash
Compressed property list with metadata:
- Status: e.g. “unpaid”, “paid”
- Location(s)
Certificate of signer
• Identity
• Public key
83. Advantages ▪ Criteria for signing are met:
- Integrity
- Authenticity
- Non-Repudiation
- Timestamp
- LTV => renew registration
▪ Parallel signing is possible
- Example: signing an NDA before a teleconference
▪ Make the existence of a document public, but not the content
- Example: first-to-invent
▪ Updating metadata is possible
- Example: avoid link-rot
▪ Due to the nature of IDs, related PDFs can be identified
- Example: always read the latest version
- Example: document processes can be automated
84.
85. Adapted
viewer
Upon opening an invoice, the viewer can inform you:
▪ This document was registered in blockchain XYZ
- Do you trust this blockchain?
- Do you want to check the document in this blockchain?
▪ A blockchain service can return the following info:
- The ID is not found:
- This is a ghost invoice!
- The ID is found, but the hash doesn’t correspond:
- This is a forged invoice!
- The ID is found and the hash corresponds:
- This is a genuine invoice
- It was originally signed by vendor ABC
- Bank Van Lanschot registered it as paid
87. Last Will &
Testament
▪ Suppose that I write my last will and testament today, and
I digitally sign it using today’s state-of-the-art technology,
would my digital signature survive me?
▪ I surely hope not:
- I hope I survive my signing certificate,
- I hope I survive the time-stamping certificate,
- I hope I survive the algorithms.
▪ A last will and testament is usually a document of which
the content may change over time, and of which the
content remains a secret until it needs to be executed.
▪ This is a good use case for blockchain.