Consensus Algorithms.

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

Secure Multiparty Computations on Bitcoin
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Caesar Cipher a b c d e f g h I j k l m n o p q r s t u v w x y z b c d e f g h I j k l m n o p q r s t u v w x y z a shift of 1 c d e f g h I j k l m.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
Cryptography, Authentication and Digital Signatures
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
1 Bitcoin A Digital Currency. Functions of Money.
Network Security – Special Topic on Skype Security.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Block Chain 101 May 2017.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
Attacks on Public Key Encryption Algorithms
Public-Key Cryptography and Message Authentication
DTTF/NB479: Dszquphsbqiz Day 26
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Information Security message M one-way hash fingerprint f = H(M)
Cryptographic Hash Function
Bitcoin - a distributed virtual currency system
Network Security.
Topic 14: Random Oracle Model, Hashing Applications
So what is Blockchain anyway?
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Deanonymization of Clients in Bitcoin P2P Network

Digital Signature Schemes and the Random Oracle Model
Chap 6: Security and Protection
Advanced Cryptography Protocols
Cryptography Lecture 13.
MAC: Message Authentication Code
Focus Group 3: Blockchain and digitalisation
ICS 454 Principles of Cryptography
Information Security message M one-way hash fingerprint f = H(M)
Nonce Making Sense of Nonces.
Protocol ap1.0: Alice says “I am Alice”
ICS 454 Principles of Cryptography
DTTF/NB479: Dszquphsbqiz Day 27
Outline Using cryptography in networks IPSec SSL and TLS.
Cryptocurrency Intro OK so the motivation that we’re going to use for the first third of the course is going to be cryptocurrencies. We’re not going to.
Lecture 10: Network Security.
Kai Bu 04 Blockchain Kai Bu
Consensus Algorithms So let’s talk about consensus algorithms.
Basic Network Encryption
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Diffie/Hellman Key Exchange
Modified from Bob Vachon
Cryptography Lecture 14.
Hashing Hash are the auxiliary values that are used in cryptography.
Faculty Seminar Series Blockchain Technology
Cryptography Lecture 13.
Security: Integrity, Authentication, Non-repudiation
CRYPTOGRAPHY & NETWORK SECURITY
Chapter 8 roadmap 8.1 What is network security?
Campbell R. Harvey Duke University and NBER
Key Exchange With Public Key Cryptography
Not about digital currencies
Presentation transcript:

Consensus Algorithms

Consensus Algorithms: Byzantine Generals

Consensus Algorithms: Byzantine Generals

Consensus Algorithms: Byzantine Generals Key Question: How do we coordinate with all the other generals at once? Assume we can’t send signals the enemy can see (like torches) We’re going to have to send messengers

Consensus Algorithms: Byzantine Generals What issues might we have? How do we know the messengers made it? How do we know that the message wasn’t intercepted and replaced? Same for the response How do we know that the generals will even go along with the plan?

Consensus Algorithms: Byzantine Generals How does this relate to Computer Science? Replace generals with computers and messengers with network packets

Consensus Algorithms: Byzantine Generals How does this relate to Computer Science? Replace generals with computers and messengers with network packets

Consensus Algorithms: Byzantine Generals What issues might we have? How do we know the packets made it? Networking (TCP) How do we know that the packet wasn’t intercepted and replaced? Encryption, Digital Signatures, etc. How do we know that the other computers aren’t working against us?

Proof of Work

Proof of Work: Cryptographic Hashing Requirements for a good cryptographic hash: Deterministic (i.e. a given input will always result in the same output) Computationally infeasible to generate the input from the output Small changes to input should result in big (random-looking) changes to output (the outputs should not appear correlated in any way) Computationally infeasible to create two inputs with the same output Ideally, fast to compute

Proof of Work Alice Bob Charlie Deborah OK so remember that our $CornellCoin$ crypotocurrency is a distributed ledger; there’s no single centralized ledger that serves as the source of truth. Instead, everyone keeps their own version of the ledger… but how can we ensure that everyone’s ledger is the same? Any individual in the system will want to make sure that they both (1) don’t miss any ledger updates broadcast by others, and (2) have some assurance that everyone else has recorded the ledger updates that they have broadcast out. So what’s the idea with this algorithm?

Proof of Work BIG IDEA: trust the ledger that has had the most “work” into it. What do we mean by work? Hashing! So the big idea is that we’re going to trust the person who has put the most “work” into ledger updates. When we say “work” in this context, we’re referring to a very particular challenge.

Proof of Work Miner Alice Bob Charlie Deborah Alice owes Bob 100CC Bob owes Charlie 80CC Miner Alice Bob Alice owes Charlie 500CC Bob owes Deborah 30CC Charlie Deborah

Proof of Work N = 10 Alice owes Bob 100CC SHA-256 000111010100111000101000010100100100100001010010100000011111111100110…. Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 16784 Recall from our earlier discussions about cryptographic hashes that they have the property that although the output is deterministic it’s also seemingly random. In other words, there’s no way to reverse the output of a hash into the corresponding input, and the only way to generate a particular output is to just brute force inputs until you get what you want. We’re going to use this to our advantage. The idea is we’re going to challenge participants to take a few transactions (to be clear: not the whole ledger, just the most recent few) and find some number that can be appended to the ledger such that when the block+number is hashed the output is less than some certain threshold. Equivalently, you can think of the problem as finding a hash where the binary representation of the output starts with at least a certain number of 0’s (remember hashes have a fixed bit length, so this makes sense -- in this case we’re using 256). This handful of transactions + special number is a “block”. So let’s say the miner wants to broadcast her block out to everyone. First, she has to complete this challenge. We’ll talk more later about how we should set the challenge threshold, but for now let’s say for $CornellCoin$ we set our challenge to hash the transactions + special number to a hash that starts with at least 10 0’s. Since by design the miner has no better strategy than just guessing, she decides to just start with 16784. Bummer, that only starts with 3 0’s.

Proof of Work N = 10 Alice owes Bob 100CC SHA-256 0111010011111111111111110010100000010101110101000000101001010…. Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 46816 She tries again with another number… bummer this is only one 0.

Proof of Work N = 10 Alice owes Bob 100CC SHA-256 00000000000011100101111010101001010100000010101110101000000101001010…. Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 37212 OK third times a charm! The miner gets lucky and finds a number that hashes everything to a number that starts with more than 10 0’s. Great! Now notice that this number 37212 effectively serves as “proof” that the miner has put in the work towards generating the number. When the miner broadcasts her handful of transactions here, she will broadcast that special number along with them. That way, everyone who hears the broadcast can run the SHA-256 hash themselves and quickly verify that the hash does in fact pass the challenge and start with enough 0’s. Since they all know that the miner had no better strategy than guessing numbers, they know that she must’ve put in the work to generate that valid special number.

Proof of Work Alice Bob Miner 37212 Charlie Deborah Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 37212 Charlie Deborah

Proof of Work Bob 37212 Alice Miner 37212 SHA-256 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Alice Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 37212 SHA-256 00000000000011100101111010101001010100000010101110101000000101001010…. N = 10

Proof of Work What’s in it for the Miner? Miner receives 50CC Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner Miner receives 50CC

Proof of Work How can Alice make sure her transaction makes it in? Miner Alice owes Bob 100CC Alice tips Miner 5CC Alice

Proof of Work How can Alice make sure her transaction makes it in? Miner receives 50CC Alice owes Bob 100CC +5CC +2CC +3CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner

Proof of Work How does Alice know she hasn’t missed anything? Bob 37212 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Alice Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner SHA-256 37212 00000000000011100101111010101001010100000010101110101000000101001010…. N = 10

Proof of Work BLOCKCHAIN SHA-256 SHA-256 ... ??? 01482 37212 Eve owes Fred 20CC Fred owes Gina 123CC Fred ows Harold 10CC Gina owes Eve 500CC Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC SHA-256 BLOCKCHAIN

Proof of Work 83332 75245 Alice 83332 01482 SHA-256 Miner 37212 Eve owes Fred 20CC Fred owes Gina 123CC Fred ows Harold 10CC Gina owes Eve 500CC 75245 Alice 83332 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC SHA-256 Alice owes Charlie 500CC Miner 37212 83332

Proof of Work 37212 83332 Alice 83332 SHA-256 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC 83332 Alice 83332 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC SHA-256 00000000000011100101111010101001010100000010101110101000000101001010…. N = 10 Alice owes Charlie 500CC Miner 37212

Proof of Work Miner 83332 Alice Bob Miner 37212 Charlie Deborah Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 37212 Charlie Deborah

Proof of Work What if Alice hears two different Miners at the same time? 37212 Alice owes Bob 100CC Bob owes Charlie 80CC Bob owes Deborah 30CC Alice owes Charlie 500CC Miner 83332 00653 Ingrid owes Jerry 10CC Kevin owes Jerry 8CC Lena owes Ingrid 30CC Jerry owes Lena 70CC Alice

Proof of Work Answer: choose the longest chain Miner

Proof of Work Also protection against fraud! (So long as you don’t have 51% of computation power) Miner Evil Miner

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.