Presentation is loading. Please wait.

Presentation is loading. Please wait.

TELE3119: Trusted Networks Week 5

Published byAlan Cummings Modified over 5 years ago

Similar presentations

Presentation on theme: "TELE3119: Trusted Networks Week 5"— Presentation transcript:

1 TELE3119: Trusted Networks Week 5
Course Coordinator: Prof. Aruna Seneviratne, Room EE 312 Course web-page:

2 Applications of Cryptography
Access & Availability Confidentiality Integrity Authentication Cryptography Symmetric Asymmetric Applications Crypto Currencies Stream Ciphers Block Ciphers Trusted Networks

3 Hash Functions Again Hash Function Properties
Takes any string as input Generates a fixed size-output Efficiently computable Has the following security features Almost Collision free Hiding Puzzle friendly slides have been taken from: Intro to Crypto and Crypto Currencies by Ed Felton

4 (N−1)/N×(N−2)/N×⋯×(N−{k−})N×(N−{k−1})/N
1. Collision Free Assume, given a space of N possible hash values, already picked a single value. N−1 remaining values that are unique from the first The probability of randomly generating two integers that are unique from each other I = (N-1)/N N−2 remaining values (out of a possible N) that are unique from the first two Probability of randomly generating three integers that are all unique = (N-1)/N x (N-2)/N Multiply the probabilities because each random number generation is an independent event In general, the probability of randomly generating k integers that are all unique is: (N−1)/N×(N−2)/N×⋯×(N−{k−})N×(N−{k−1})/N Can be approximated by: e−k(k−1)/2N

5 1. Collision Free cont. If you have 2130 randomly chosen inputs
99.8% chance that two of the inputs will collide This is the case regardless of what H( ) is Takes a long time to compute No H( ) has been proven to be collision free Despite – safe to assume If H(x) = H(y) than x = y Therefore you can use to recognise large files Adapted from Ed Felton

6 2. Hiding Given H(x), it is infeasible to find x
If r is chosen from a probability distribution that has high minimum entropy H (r |x) it is in feasible to find x High minimum entropy means that the distribution is very spread out Probability of a particular value being chosen is negligibly small H(“heads”) H(“tails”) Network Layer

7 Example Commit to a value, reveal later Possible commitment API
Putting message in a box (commitment) and locking it with key Possible commitment API (com,key) := commit (msg) com is the commitment and key is the secret key for unlocking the box match (true/false) := verify (com, key, msg) Given the commitment, key and message, one can verify that the message are the same (true of false) Locking box (com,key) := commit (msg) and publish com and msg Opening box match := verify (com, key, msg) Network Layer

8 Implementing Commitments
Security Properties Hiding: Given com, infeasible to find msg Binding: Infeasible to find msg !=msg’ such that verify (commit(msg), msg’) = = true Implementaion commit(msg) := (H(key |msg), H(key) Where key is a random 256 bit value Verify (com, key, msg) := (H(key | msg) == com) Network Layer

9 Hiding Given H(x) it is not possible to find x
If r is chosen from a probability distribution that has a high minimum entropy H(r | x), it is infeasible to find x High minimum entropy means that the distribution is very spread out Probability of a particular value being chosen is negligibly small Adapted from Ed Felton

10 Commitments Commit to a value and reveal it later
commit(msg) => (com, key) Match := verify (com, key, msg) – true or false Publish commitment then reval key, mg Any one can verify Two properties com –> cannot see msg Once key & msg is revealed -> non repudiation Adapted from Ed Felton

11 Commit Implementation
Property of Hiding Commit (msg) = H(key|msg), H(key) commit key Property of collision avoidance Verify (com, key, msg) = H(key|msg) Adapted from Ed Felton

12 3. Puzzle Friendly For every possible output y from the hash function,
if k is chosen from a distribution with high minimum entropy, then it is not possible to find x such that H( k | x) = y Search Puzzle Mathematical problem requires the searching of a very large space in order to find the solution Given a “puzzle ID” (min-entropy distribution) and target set Y (make the has function fall into) Y is a target range of set of hash results we want ID specifies the specifies the specific puzzle and x a solution to the puzzle Try to find a “solution” x such that H(puzzle ID | x) ∈ Y Only way -> Try random values of x Adapted from Ed Felton

13 SHA-256 Padding - 10* | 64 bit length filed 512 bits Block1 Block2 Blockn 256 bits 256 bits IV Hash C C C If C, the compression function is collision free, then the final hash is also collision free Adapted from Ed Felton

14 Summary Three properties of hash functions
SHA 256 as compression function Adapted from Arvind Narayanan

15 Hash Pointers Hash pointer Hash stored in the hash pointer is the
Pointer to where some information is stored Cryptographic has of the info Hash stored in the hash pointer is the Hash of the whole data of the previous block And the hash pointer to the block before that one. Data Pointer to Data Hash of Data

16 Hash Pointers cont. Can be used to create any data structure as long as there are no cycles Simple linked list Data Pointer to Data Hash of Data If we have a hash pointer Ask to get the information back Verify that it has not changed Adapted from Ed Felton

17 Blockchain Tamper-evident block Data Data Genesis Block Block 1
Pointer to Data Hash of Data Genesis Block Block 1 Block 2 Block 3 Block 4 Tamper-evident block Data Pointer to Data Hash of Data Trusted Networks

18 Binary Tree – Merkle Tree
Data Data Data Data Data Data Data Data Adapted from Ed Felton

19 Membership of a Merkle Tree
Data Adapted from Ed Felton

20 Advantages Can hold many items but need remember the root hash
Can verify membership in O(log n) time/space Sorted Merkle trees Can verify non membership in O(log n) Show items before, after missing one More generally Hash pointers can be used in any pointer-based data structure that has no cycles Adapted from Ed Felton

21 Digital Signatures Only you can sign, but anyone can verify
Uses public private key pair Signature is tied to particular document Cannot cut and paste Public Key == an identity Decentralised ID Anybody can make a new identity at any time No central point of coordination Address in crypto currencies Adapted from Ed Felton

22 A Simple Cryptocurrency Goofy coins
Goofy can create new coins Signed by PKGoofy CreateCoin [uniqueCoinID] Whoever owns a coin can spend it Signed by PKGoofy Pay to PKAlice H( ) Signed by PKGoofy CreateCoin [uniqueCoinID] Adapted from Ed Felton

23 A Simple Cryptocurrency cont.
Signed by PKAlice Pay to PKBob H( ) Signed by PKGoofy Pay to PKAlice H( ) Signed by PKAruna CreateCoin [uniqueCoinID] Adapted from Ed Felton

24 Simple Cryptocurrency – Double Spending
Signed by PKAlice Signed by PKAlice Pay to PKBob H( ) Pay to PKRandy H( ) Signed by PKGoofy Pay to PKAlice H( ) Signed by PKGoofy CreateCoin [uniqueCoinID] Adapted from Ed Felton

25 Overcoming Double Spend
Creator published a history of all transactions Blockchain, signed by the creator (goofy) H( ) Trans ID #8 Data ID #9 ID #10 Can optimise by putting multiple transaction into the same block What does the history do? Detect double spending Adapted from Ed Felton

26 Overcoming Double Spend cont.
CreateCoints transaction creates new coins transID # type:CreateCoins num Coins created value recipient 3.3 0x…. 1.4 7.1 Coin10(0) Coin10(1) Coin10(2) Adapted from Ed Felton

27 Paycoins PayCoins transaction consumes (and destroys) some coins and creates new coins of the same total vale transID # type:PayCoins num Coins created value recipient 3.3 0x…. 1.4 7.1 Consumed coinIDs: 68(1), 42(0), 72(3) signatures Valid if: Consumed coins are valid Not already consumed Total value = Total value in, and Signed by owners of all consumed coins Adapted from Ed Felton

28 What is the problem? Centralisation Solution - decentralisation
What if Goofy is dishonest? Solution - decentralisation Trusted Networks

29 Summary Data structured used in a blockchain
How a simple crypto currency can be created Problems with  simple crypto currency systems Double spend Centralisation How to overcome double spend problem Next decentralisation Trusted Networks

30 Questions Who maintains the ledger?
Who has authority over which transactions are valid? Who creates a new coin? Who determines how the rules of the system change? How does bit coins acquire exchange value? Adapted from Arvind Narayanan

31 Distributed System Distributed Consensus Numerous applications
Peer to Peer Network Mining Updates Distributed Centralised Distributed Consensus Fundamental problem is maintaining consistency Numerous applications DNS, Public Key Directory, …… Adapted from Arvind Narayanan

32 Consensus Definition P2P Bitcoin
Protocol terminates all legitimate nodes decide on the same value The value has to have been proposed by a some legitimate node P2P Bitcoin Alice broadcasts the transaction to all nodes on P2P network The which transactions were broadcast and order in these transactions took place Signed by Alice Pay PKBob H( ) Bob’s machine does not need to be on the network Received form somebody else Adapted from Arvind Narayanan

33 Consensus – Bitcoin All nodes have Select any valid block
TrA Tr TrA A Tr All nodes have A sequence of blocks of transactions that they have received consensus on A set of outstanding transactions they head about Select any valid block Really hard technical problem …. Tr TrB Tr B Tr …. Tr TrC Tr TrC C Tr TrC …. Tr Tr Tr Tr Adapted from Arvind Narayanan

34 Why Nodes may crash or be malicious Network is imperfect
Not all pairs of nodes are connected Faults in the network Latency Many impossibility results Byzantine generals problem Fischer-Lynch-Paterson – consensus impossible with a single faulty node Some well known protocols Paxos: Never produces inconsistent results, but can get stuck (rarely) Adapted from Arvind Narayanan

35 Some Observations Models say more about the model than the problem
Models were developed to study systems like distributed data bases Bitcoin is a practical solution Bitcoin Introduces the notion of incentives Embraces randomness No specific end-point Consensus happens over long time scales (~1 hour): as time goes on the probability increases Adapted from Arvind Narayanan

36 Consensus without Identities
Identity is hard in P2P systems No central entities Pseudonmity is a goal Implicit Concensus Assume that it is possible to pick a random node In each round pick a node at random The selected ndoe proposes the next block in the chain Others nodes accepts the and extends the blockchain, if all transactions are valid(unspent, valid signature) or Reject this block extends the blockchain from an earlier block Adapted from Arvind Narayanan

37 Consensus Algorithm New transactions are broadcast to all nodes
Each node collects new transactions into a new block In each round a random node gets to broadcast its block Other nodes accepts the block Nodes express their acceptance of the block by including its hash in the next block they create Extend the longest valid branch Adapted from Arvind Narayanan

38 Validation Stealing somebody else’s bit coins?
Cannot because cannot forge signature Denial of service by not including any of the transactions from a give user Only an a delay Double spending Signed by PKAruna CreateCoin [uniqueCoinID] Pay to PKAlice H( ) Signed by PKAlice Pay to PKBob H( ) Adapted from Arvind Narayanan

39 Double Spend (1) Signed by PKAlice CA -> B Pay to PKBob H( )
Pay to PKA’ H( ) CA -> A’ Adapted from Arvind Narayanan

40 Bobs View 1 confirmation 3 confirmations CA -> B CA -> A’ Hears about CA ->B 0 confirmations Double spend probability decreases exponentially with the number of confirmations Common heuristic: 6 Adapted from Arvind Narayanan

41 Incentives not to act maliciously
Reward the node that created these blocks Signed by PKAlice Pay to PKBob H( ) CA -> B Signed by PKAlice Pay to PKA’ H( ) CA -> A’ Punish the node that created this block Adapted from Arvind Narayanan

42 Incentive 1: Block Reward
Creator of a block gets to: Include special con-creation transaction in the block Choose the recipient address of this transaction Block creator gets to to “collect” the reward only if the block ends up on the long-term concensus branch Value is fixed: currently 25BTC, halves every 4 years Adapted from Arvind Narayanan

43 Finite Supply Block reward is how new bit coins are created
Total supply:21 million Block reward is how new bit coins are created Runs out in 2040 Adapted from Arvind Narayanan

44 Transaction Fee Creator of a transaction can choose to make output value less than the input value Like a tip – voluntary Problems How to pick a random node How to avoid a free for all How to prevent Sybil attacks Adapted from Arvind Narayanan

45 Proof of work Selecting a random node
Select nodes in proportion to a resource that no one can monopolise In proportion to the computing power: proof of work In proportion to owership: proof of stake Let nodes compete for the right to create a block Make it difficult to create new identities Adapted from Arvind Narayanan

46 Puzzle Friendly For every possible output y, if k is chosen forma distribution with high minimum entropy, then it is not possible to find x such that H(k|x) = y Search Puzzle Given a “puzzle ID” and target set Y, find a solution x such that H(puzzle ID|x) ∈ Y Only way -> Try random values of x Adapted from Ed Felton

47 Has Puzzles To create a block, find a nonce such that H(nonce |prev_has|tx|…..|tx) is very small Output Space of hash nonce Target Space Signed by PKAlice Pay to PKA’ H( ) If the hash function is secure, the only way to find such a nonce keep trying until you get lucky Adapted from Arvind Narayanan

48 Some finer Details Nodes automatically re-calculate the target every two weeks Goal: average time between blocks ~10 mins. Attacks are infeasible if majority of miners weighted by has power follow the protocol Adapted from Arvind Narayanan

49 Summary Identities Transactions Peer to Peer Network
No real-world ID any user can create an ID Transactions Messages that are broadcast to the P2P network giving instructions as to what to do with coins Coins are chain of transactions Peer to Peer Network Transfers the transactions to all the nodes in the network – best effort. Security coems form the blockchain and concensus protocol Blockchain and Concensus Transaction to be in a block cahin needs a number of confirmations (6 is the heuristic). Could have a orphan of blocks. Hash puzzles and mining Randomly finding nodes Adapted from Arvind Narayanan

50 Etherium Premise is that it can be used for number of other things tan just financial transactions Ethereum is an open-source, publicly distributed computing platform, that has the notion of smart contracts to build decentralised applications The value token of the Ethereum blockchain is an Ether Gas Ethereum Virtual Machine (EVM)

51 Ethereum v. Bitcoin Bit Coin Ethereum Concept Digital Currency
World Computer Cyptocurrency Token BTC Ether Scripting Language Turing Incomplete Turing Complete Consensus Algorithm SHA256 Ethash Coin Release method Early Mining ICO Average Block Time ~10min 12-15sec

52 Types of Ethereum Accounts
Two Types: Externally Owned & Contract Externally Owned Accounts Owned by people or ganisations Controlled by private keys Contract Accounts Autonomous Accounts Controlled by code Smart Contracts Computerised protocol Contract rules Immutable

53 Example Smart Contract
Immutable pieces of code Self operating program Store and update information Executed when specific conditions are met Individual are anonymous Contract is public Solidity

54 Generality - IoT BoM Location

55 Ethereum Gas EVM is running code Gas Gas Limit
Unit of for the amount of computational work done by the computer for one cycle of the contract Gas Limit Max. amount of gas the contract can use for it computations Gas Station

Download ppt "TELE3119: Trusted Networks Week 5"

Similar presentations

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
1 Bitcoin A Digital Currency. Functions of Money.

1 Bitcoin A Digital Currency. Functions of Money.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.

Bitcoin Tech Talk Zehady Abdullah Khan (Andy) Graduate Assistant, Computer Science Department, Purdue University.
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.

Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
Intro to Cryptocurrencies & Review of Relevant Crypto Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward.

Intro to Cryptocurrencies & Review of Relevant Crypto Tyler Moore, CS 7403, University of Tulsa Slides adapted from Arvind Narayanan, Joseph Bonneau, Edward.
How Bitcoin Achieves Decentralization

How Bitcoin Achieves Decentralization
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.

Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Block Chain 101 May 2017.

Block Chain 101 May 2017.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
CSE 4095 Lecture 22 – BlockChain Slides adapted from Claudio Orlandi.

CSE 4095 Lecture 22 – BlockChain Slides adapted from Claudio Orlandi.
Basics of Cryptography

Basics of Cryptography
Bitcoin and the Blockchain

Bitcoin and the Blockchain

Similar presentations

Ads by Google