Prof Willy Susilo presented a seminar titled "Blockchain and its Applications" as part of the SMART Seminar Series on 20th September 2018. More information: https://news.eis.uow.edu.au/event/blockchain-and-its-applications/ Keep updated with future events: http://www.uoweis.co/events/category/smart-infrastructure-facility/

1. Blockchain and
its applications
Willy Susilo
Institute of Cybersecurity and
Cryptology, School of
Computing and IT, UOW
wsusilo@uow.edu.au

2. Content
• Introduction
• Tools and Mechanisms
• Blockchain applications
• On-going Research
Document title2

3. Document title3
1. Introduction

4. Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin

5. Traditional View of Digital Currency
Bank
Payer Payee
Account
Establishment
Generate
an e-coin
Spend an
e-coin
Deposit
an e-coin
Remove the
central party

6. Bitcoin
Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash system."
(2008): 28.

7. Bitcoins revisited
• Bitcoin is a cryptocurrency, existing purely in
the digital realm – first deployed in 2009.
• Cryptocurrency: a currency built upon computer
science, cryptography and economics.
• Born out of the Cypherpunk movement – a
libertarian fight for privacy and self-governance.
• The inspiration for the invention of the
blockchain.
• Created by Satoshi Nakamoto (anonymous ID)

8. What is Blockchain?
• A chain of blocks
• Public ledger/database
• Records all transactions across P2P network
• Shared between participants

9. Public
Decentr
alized
Distribu
ted
Immuta
ble
Publicly accessable
No central party
Approved by most peers
Can not be tampered
Main
features

10. Components
Record payer ,
payee,
transaction
amounts, etc…
Transaction Block Blockchain
A chain of blocks
A list of
transactions

11. Components
trans: H( )
prev: H( )
trans: H( )
prev: H( )
trans: H( )
prev: H( )
H( ) H( )
H( ) H( ) H( ) H( )
transaction transaction transaction transaction
transaction
Block
Blockchain

12. Four elements characterize Blockchain

13. How Blockchain Works

15. *********
Traditional blockchain protocols were
designed with script language

16. Document title16
make a protocols like this
Blockchain 2.0 ---- Ethereum
or

17. Document title17
2. Tools & Mechnisms

18. Ingredient #1: Hashes
• A hash function (like SHA-256) takes a block
of data in, and produces an effectively random
fixed size integer.
• Any change to the input randomizes it
SHA-256
“The quick brown fox did some crypto”
410312395834291203…
SHA-256
“The quick brown Fox did some crypto”
983249120432492340…

19. Hash property 1: Collision-free
• Nobody can find x and y such that
• x != y and H(x)=H(y)
x
y
H(x) = H(y)

20. • Collisions do exist ...
• … but can anyone find them?
possible inputs
possible outputs

21. Hash property 2: Hiding
• Hiding property:
• If r is chosen from a probability
distribution that has high min-entropy,
then given H(r | x), it is infeasible to
find x.
• High min-entropy means that the
distribution is “very spread out”, so
that no particular value is chosen with
more than negligible probability.

22. Hash property 3: Puzzle-friendly
• Puzzle-friendly:
• For every possible output value y,
• if k is chosen from a distribution
with high min-entropy,
• then it is infeasible to find x such
that H(k | x) = y.

23. Application: Search puzzle
• Given a “puzzle ID” id (from high min-entropy
distrib.),
• and a target set Y:
• Try to find a “solution” x such that
• H(id | x) ∈ Y.
• Puzzle-friendly property implies that no solving
strategy is much better than trying random
values of x.

24. SHA-256 hash function
256 bits 256 bits
512 bits
Theorem: If c is collision-free, then SHA-256 is
collision-free.
Padding (10* | length)
IV
Message
(block 1)
Message
(block 2)
Message
(block n)
Hash
c c c

25. Consensus--Hash-based Proof of Work
• To find a hash with N zeros at the start of the input,
requires 2N computations…proves computational work
• If we hash an incrementing “nonce” as the hash input,
we can go looking for zeros:
in 3e-05 seconds, nonce = 0 yielded 0 zeros. value =
4c8f1205f49e70248939df9c7b704ace62c2245aba9e81641edf…
in 0.000138 seconds, nonce = 12 yielded 1 zeros. value =
05017256be77ad2985b36e75e486af325a620a9f29c54…
in 0.000482 seconds, nonce = 112 yielded 2 zeros. value =
00ae7e0956382f55567d0ed9311cfd41dd2cf5f0a7137…
in 0.014505 seconds, nonce = 3728 yielded 3 zeros. value =
000b5a6cfc0f076cd81ed3a60682063887cf055e47b…
in 0.595024 seconds, nonce = 181747 yielded 4 zeros. value =
0000af058b74703b55e27437b89b1ebcc46f45ce55d6….
in 3.491151 seconds, nonce = 1037701 yielded 5 zeros. value =
00000e55bd0d2027f3024c378e0cc511548c94fbeed0e….
in 32.006105 seconds, nonce = 9913520 yielded 6 zeros. value =
00000077a77854ee39dc0dc996dea72dad8852afbde6….

26. PoW property 1: difficult to compute
~about 1020 hashes/block
Only some nodes bother to compete —
miners

27. PoW property 2: parameterizable cost
Nodes automatically re-calculate the target every
two weeks
Goal: average time between blocks = 10 minutes
Prob (Alice wins next block) =
fraction of global hash power she controls

28. Key security assumption
Attacks infeasible if majority of miners
weighted by hash power follow the protocol

29. PoW property 3: trivial to verify
Nonce must be published as part of block
Other miners simply verify that
H(nonce ‖ prev_hash ‖ tx ‖ … ‖ tx) < target

30. Block #0
Winner nobody
Parent_hash 0
Nonce 0
Block #1
Winner Player 23
Parent_hash 000D45698
Nonce 3459
SHA-256
Block #2
Winner Player 16
Parent_hash 000F67839
Nonce 974329
SHA-256

31. The Nonce / Hash Loop
• The algorithm to make a new block:
1. Verify the hashes of all the previous blocks
2. Build a new block with a random nonce
3. Hash the new block. Does it have N zeros?
– No? Go back to Step 2
– Yes? Send your new block to everyone!
• Note that as a result of step #1, you can find
out how many points anyone has by counting
how many blocks they have won

32. Ingredient #2: Signatures
Signing key
Public part 454F4D3E1..
Private part 56F23F2D..
Data
Signing
Algorithm
Signature
Private part
Signature
Verification
Algorithm
Yes/No
Public part
Data

33. What we want from signatures
• Only you can sign, but anyone can verify
• Signature is tied to a particular
document
• can’t be cut-and-pasted to another doc

34. API for digital signatures
• (sk, pk) := generateKeys(keysize)
• sk: secret signing key
• pk: public verification key
• sig := sign(sk, message)
• isValid := verify(pk, message, sig)
can be
randomized
algorithms

35. Requirements for signatures
• “valid signatures verify”
• verify(pk, message, sign(sk, message)) == true
• “can’t forge signatures”
• adversary who:
• knows pk
• gets to see signatures on messages of his choice
• can’t produce a verifiable signature on another message

36. • Bitcoin uses ECDSA standard
• Elliptic Curve Digital Signature Algorithm
• relies on hairy math
• will skip the details here --- look it up
if you care

37. Incentive 1: block reward
Creator of block gets to
• include special coin-creation transaction in the block
• choose recipient address of this transaction
Value is fixed: currently 12.5 BTC, halves every 4 years
Block creator gets to “collect” the reward only if the
block ends up on long-term consensus branch!
Mechanism: Incentive

38. Incentive 2: transaction fees
Creator of transaction can choose to make
output value less than input value
Remainder is a transaction fee and goes to
block creator
Purely voluntary, like a tip

39. Where are the rules?
• The laws of Bitcoin (or any blockchain)
are in the miner nodes
– Whatever 51% of the miners are running will
win
• The source to the node are the law
• How do you change rules?
• What happens if:
– The crypto breaks?
– We want to add more coins?
– We want to change the block format?

40. Attacks
• What happens if the majority of
the players defect?
– 51% attacks – can extend bad blocks
• How large a body needs to defect?
– Depending on network, can be 30% or
less
– Sybil attacks

41. Document title41
3. Blockchain Applications &
Ongoing Research

42. Blockchain
Cryptocurrency
Energy
Shipping
Healthcare
Trading
Voting
Government
Insurance
Finance
Key management
Manusfacturing
SmartContract
IoTTransportation Funding

43. Blockchain and Cryptocurrencies
• Thousands of cryptocurrencies are launched
• Various features and demands
• Top 2: Bitcoin & Ethereum

44. 2014
2014
2014
2014
Dash
Zcoin
Zcash
Monero
Bitcoin provides only Pseudonymity
Privacy-enhancing techniques:

45. WannaCry

46. Anonymity
Acountability

47. 47

48. 4848
Existing methods to trace
Based on transaction analysis
• Clustering algorithms, graph theory and
data analysis
Based on a central party
• RScoin and Solidus
Based on cryptographic tools
• Accountable DAP and our proposal

49. Traceable Monero
Transaction
Input
Output
...
Output Account
Tag
Tag*
Input Account
Payer Payee
pk1
pkn
Tag 1
Tag n
Tag*
.
.
.
R
P
Tracing
Authority
...
Transaction phase
Tracing phase
Tag + Ciphertext of
Input accounts
One-time
Public key
Long-term
Public key
Ciphertext C

50. 50
Result
Traditional e-voting

51. Blockchain-based e-voting
• No central party
• Automatically compute the final results
(Self-tallying e-voting)
• Fairness issues
– Abortive issues: Recover (ignore)
– Adaptive issues: Timed encryption

52. Document title52
Block Block BlockBlockGenesis
Blockchain
Register Vote
Block
Voters

53. Post-quantum Blockchain
• Making Cryptocurrency post-quantum resistant
• Making Blockchain post-quantum resistant
Document title53

54. Document title54
What about AI?

58. Document title58
4. Blockchain in Practice

59. Forecasting - Augur

60. Healthcare

61. 61

62. Document title62
What is the next killer
application?

63. Document title63
Myth vs Reality

64. Before
After, with Bitcoin
You Your money
at the bank intermediaries
Fees, slow, closed
Their bank
Other people
and business
You
The Bitcoin networks
Open, peer-to-peer, instant, free
Other people
and business

65. You Your money
at the bank
intermediaries
Fees, slow, closed
Their
bank Other
people and
business
The Bitcoin networks
Open, peer-to-peer, instant, free
intermediaries
Fees, slow, closed

66. Document title66
Final question: Centralized
or Decentralized?
Revisiting the design of EOS

67. Document title67
Thank you
for your attention!