ilovepdf_merged.pdf

Transcript

CCMP 606
Lecture 1
W ELC OME , C OUR SE INT RO, AN D F OUN DAT ION S
J ANU ARY 5 202 3
M ARC I D ETW ILL ER
 Experience across
research, startup, large
organizations

Certs: A+, Network+,

About Me Security+, GSEC, GCIH

Passion for learning that I
hope to share with you
Marci Detwiller, P.Eng.
[email protected] Experience building a
dapp in Dappcamp
(Ethereum)
LEARNING LOTS! CURIOSITY CONVICTION AND
FEEDBACK
WELCOME.
BEFORE
CRITICISM
ENTHUSIASM FOR
BLOCKCHAINS
What to
Expect
from Me
WHEN I DON’T I’D LOVE TO GET
KNOW, I’LL FIND TO KNOW YOU!
OUT.
 Analyze the benefits and challenges of blockchain-
Analyze based solutions and smart contracts.

Analyze classical web applications and distributed
Analyze applications (Dapps).

CCMP 606 Analyze Analyze consistency, availability and partition
tolerance of Dapp solutions.

Learning
Objectives Implement Implement smart contract interactions.

Implement Implement oracle smart contracts.

Implement Implement a distributed application (Dapp).
Assessments & Activities

3 quizzes, 2 assignments, and 1 project.

Besides assessments, I will give readings
and some exercises – on your own time

Classes will be a mix of lecture and lab.
What did you
cover in T1
What Will we Cover Today?
Why Blockchains?

History of Blockchains – Reading and Activity

Byzantine General’s Problem

Ingredients of Bitcoin & Ethereum

~15 min Break~

Dapps are Webapps: Getting Setup & JavaScript “Hello World”
Why Blockchains
What problems could we solve?

Let’s view this
from multiple
perspectives:

From an
From an From a
individual
enterprise government
(citizen)
perspective perspective
perspective
What problems could we solve?
Trust Data integrity = tamper-proof data

Block integrity is maintained via cryptography
Transactions in a block cannot be changed
Immutability Transactions from an account must be
digitally signed by the account owner

Distributed/ Fault tolerance
Decentralized: Blocks are verified via
consensus & cannot be changed except via a
Decentralized 51% attack
What problems could we solve?
A blockchain is a public database (ledger) that is updated and
shared across many computers in a network.

DATABASE BLOCKCHAIN

Centralized (single entity) Decentralized (shared, P2P)

Mutable Immutable (tamper-proof historical
record)

Authorship unverified Non-repudiation (signed transactions)
Videos: Blockchain vs Database

https://learning.oreilly.com/videos/introduction-to-
blockchain/0636920327813/0636920327813-video329077/
 On-chain Off-chain Transaction Environmental
financial crimes financial crimes throughput Issues

Increased
individual /

risk

What problems have we created?
Why blockchain?

The value proposition of blockchain is
about trust. Blockchains maintain data
integrity through cryptography and
consensus algorithms.
History of
Blockchain
A lot of great
ideas start as
open source
projects by
people who want
to build!

(Xkcd comics)
 Mastering Blockchain by Lorne Lantz and Daniel
Reading: Cawrey, 2021
Origins of Chapter 1: Origins of Blockchain Technology
Blockchains https://learning.oreilly.com/library/view/masteri
ng-blockchain/9781492054696/ch01.html
Group
Activity:
Compare and contrast a centralized database vs
Distributed a decentralized blockchain solution. When would
vs you choose the database and when would you
choose the blockchain?
Decentralized
 Consider Digicash, E-gold, Hashcash, B-money,
and Bitgold.
Start here:

Group https://learning.oreilly.com/library/view/masteri
ng-blockchain/9781492054696/ch01.html
Activity:
“Ancient”
Answer these questions:
Blockchains
What did the creator(s) aim to solve?
What made the technology unique or novel?
Why did the technology fail?
Development toward today’s
blockchains began pre-2000s
The start of e-commerce
DigiCash (1989)
E-Gold (1996) – a digital store of value backed by gold until 2008.
Centralized platform
Hashcash (1997) – introduced PoW (proof of work) using SHA1 hashes.
Meant to reduce spam emails. Hashing takes compute resources.
B-Money (1998) – PoW for digital store of value
Bitgold (2005) – PoW for digital store of value
Break
Byzantine General’s Problem
A problem in distributed computing as a whole:
Distributed Systems 2.2: The Byzantine generals problem - YouTube
Bitcoin (2008)
https://bitcoin.org/bitcoin.pdf

Major components of Bitcoin:
- P2P network (Bitcoin protocol)
- public transaction ledger (blockchain) which made use of cryptography to
secure transactions
- PoW (proof of work) consensus algorithm to achieve consensus to validate
blocks on the blockchain
 Here Comes the Epoch of Blockchain | by
ConsenSys | ConsenSys Media

What do you
need to
build a P2P network
Cryptography
blockchain Consensus algorithm
that runs Turing-complete computing

smart
contracts?
 1. Hash functions
2. Public key cryptography
3. Digital signatures

Some
cryptography
necessary for
blockchains
includes…
Dapps are Webapps
Exercises – see Handout

Install git
Make a github account
Install VSCode
Install Node
“Hello World” JavaScript Tutorial
Homework – see Handout

Read article on Hashes (Oct 27)
Setup Metamask wallet (Nov 1)
CCMP 606
Lecture 2
E THE REU M I NGR EDI ENT S
J AN 19 202 3
M ARC I D ETW ILL ER
For next class
You will need to have created a github account and have
an account in Metamask to use for your assignments.
Please make sure the account address you enter is the
address you will use to deploy your contracts.

Read: Section 4 of the NIST Blockchain Technology
Overview Whitepaper.
Note: Quiz in class
I will update your calendar in Brightspace.

10-15 questions, most multiple choice.
What Will we Cover Today?
Cryptography (to be continued)

Peer-to-peer networking

Turing complete

Consensus Algorithms (to be continued)

Cryptozombies Exercises
Development toward today’s
blockchains began pre-2000s
The start of e-commerce
DigiCash (1989)
E-Gold (1996) – a digital store of value backed by gold until 2008.
Centralized platform
Hashcash (1997) – introduced PoW (proof of work) using SHA1 hashes.
Meant to reduce spam emails. Hashing takes compute resources.
B-Money (1998) – PoW for digital store of value
Bitgold (2005) – PoW for digital store of value
Bitcoin (2008)
https://bitcoin.org/bitcoin.pdf

Major components of Bitcoin:
- P2P network (Bitcoin protocol)
- public transaction ledger (blockchain) which made use of cryptography to
secure transactions
- PoW (proof of work) consensus algorithm to achieve consensus to validate
blocks on the blockchain, allowing Byzantine Fault Tolerance to prevent the
double-spending problem.
 Here Comes the Epoch of Blockchain | by
ConsenSys | ConsenSys Media

What do you
need to
build a P2P network
Cryptography
blockchain Consensus algorithm
that runs Turing-complete computing

smart
contracts?
Ingredients of smart-contract
capable blockchains
1. Cryptography - enables immutability
2. P2P networking - enables decentralization
3. Consensus algorithm - enables adding blocks in the ledger
4. Turing complete - enables smart contracts
 1. Hash functions
2. Public key cryptography
3. Digital signatures

Some
cryptography
necessary for
blockchains
includes…
Basics of
Cryptography
Cryptographic Concepts
Hash Functions
https://youtu.be/b4b8ktEV4Bg
Six Key Components of a Viable
Hash Function
Fixed-width
- algorithm results in the same number of bits in the hash digest
Deterministic
- same input, same output every time
Pre-image resistant
- One-way function, cannot go backwards
Collision resistant
- Difficult to find two inputs with the same output (although always possible
given a certain number of inputs)
Avalanche effect
- One bit changes in input, output changes dramatically
Hash speed
- Not too difficult of a calculation that performance suffers
Most Common Hash Functions
1. MD5 (md5sum) (128-bit, deprecated)
2. SHA-1 (sha1sum) (160-bit, deprecated)
3. SHA-2 (sha2sum) (256-bit)
4. SHA-3 Family aka Keccak (various sizes)
- Ethereum’s Keccak-256 and Keccak-512 are minor variants
of SHA3 standard
Cryptographic Concepts (Useful
Links for Review)
Public Key Cryptography:

Cryptography: Crash Course Computer Science #33 - YouTube

Hashes:

https://www.youtube.com/watch?v=HHQ2QP_upGM
Break
Cryptographic Concepts

Asymmetric encryption: involves a public key/private key pair. Also known as
public key encryption, and many public/private keys used in a system is known as
PKI (public key infrastructure).

Symmetric encryption: involves a shared key.

Hashing != Encryption! Hashing is a one-way cryptographic function. A hash is
also known as a checksum.
Cryptographic Concepts
Often multiple types of cryptography are used together.

For example, digital signatures are a combination of asymmetric encryption and a
hash.

Another example, to set up an HTTPS session using TLS. This is a combination of a
digitally signed certificate, which contains a webserver’s public key. Then the
webserver’s public key is used to encrypt information (asymmetric encryption) that
sets up the session, which is then carried out by symmetric encryption.

Symmetric encryption is faster to encrypt/decrypt than asymmetric encryption.
Peer-to-peer
networking
Every node requires a client
https://learning.oreilly.com/library/view/mastering-
ethereum/9781491971932/ch03.html

Geth (Golang) is the most common Ethereum client.

Clients - ethernodes.org - The Ethereum Network & Node
Explorer
Types of ETH nodes
Types of nodes:

1. Full nodes (will verify the entire blockchain, i.e. its entire
history, and can interact directly with the network)
2. Light nodes (verify only current blocks, rely on full nodes to
interact with the network)
3. Archive nodes (store many checkpoints over the blockchains
history so you can view data from the blockchain quickly)
Accessing the blockchain
Ethereum’s clients have JSON-RPC API specification.

We can run Ganache (local Eth network) or use our Alchemy
node to query:

https://ethereum.github.io/execution-apis/
Demo: Querying Client
Alchemy and Infura are node providers. You can get a free
account with Alchemy.

Let’s take a look at the Ethereum API and make a few queries.

Alchemy

Alchemy Quickstart Guide

Ethereum API FAQ (alchemy.com)
Turing complete
Turing completeness

https://youtu.be/RPQD7-AOjMI

Vitalik Buterin wrote the Ethereum whitepaper in 2014 to
propose a Turing complete blockchain that could run smart
contracts. Turing-complete refers to the ability of a
computer to execute any program.
Consensus
Algorithms
Consensus algorithms Solve:
1. Byzantine General’s Problem
- By incentivizing consensus and block production
2. Double Spending Problem
- By producing agreement on the order of the transactions
in a block

Decentralized systems are vulnerable to sybil attacks.

How are sybil attack risks mitigated in today’s blockchains?
Byzantine General’s Problem
A problem in distributed computing as a whole:
Distributed Systems 2.2: The Byzantine generals problem - YouTube
Cryptozombies:
Solidity Refresh
Exercises (if there’s time)
Go to cryptozombies.io/en/course
Create an account (to track progress)
Start with Levels 1 & 2 of Solidity Path:
Beginner to Intermediate
You may be asked at some point to submit
a screenshot on brightspace showing your
progress.
CCMP 606
Lecture 3
E THE REU M I NGR EDI ENT S
J AN 26 202 3
M ARC I D ETW ILL ER
Complete Survey
on Brightspace
Kahoot
Note: First Quiz Oct 4 in class
Quiz #1 will cover:
advantages and challenges of blockchains
distributed systems vs decentralized systems
permissionless (public) vs permissioned (private and consortium) blockchains
blockchain origins: pre-Bitcoin, Bitcoin, Ethereum.
smart-contract capable blockchain ingredients:
cryptography (hashes, public key cryptography, digital signatures)
p2p networking
Turing complete
Note: the 4th ingredient, consensus algorithms along with CAP theorem will be
covered on the next quiz.
What Will we Cover Today?
Review of blockchain advantages (reading)

Cryptography (continued from last week)

Peer-to-peer networking (continued from last week)

Cryptozombies Exercises
Ingredients of smart-contract
capable blockchains
1. Cryptography - enables immutability
2. P2P networking - enables decentralization
3. Consensus algorithm - enables adding blocks in the ledger
4. Turing complete - enables smart contracts
Blockchain Review
Blockchain properties and advantages

Read up until the title “Blockchain Is a Distributed System”

https://learning.oreilly.com/library/view/blockchain-
consensus/9781484281796/html/515270_1_En_4_Chapter.xht
ml

You should read the remainder of this chapter as homework, as
it explains some of the important Ethereum concepts.
Distributed vs Decentralized
Distributed computing was first an area of research in the
1980s.

Decentralized systems are necessarily distributed computing
systems, however not all distributed systems may be considered
decentralized.

For example, data may be spread across multiple AWS Regions
but still be managed and owned by one AWS account. We would
consider this system distributed, in that it is geographically
redundant, but not decentralized, as data is owned and
managed by one entity.
Blockchain vs DLT (Distributed
Ledger Technology)
Blockchains are distributed ledgers, but not all distributed
ledgers are blockchains.

Distributed ledgers are append-only systems that use
distributed computing to ensure availability and redundancy.

Unlike distributed ledgers, blockchains must group transactions
into cryptographically secure and tamper-evident blocks, using
block hashes.
Permissioned and
Permissionless
Permissioned blockchains can be either private or consortium
blockchains.

Permissionless blockchains are also known as public
blockchains and typically involve a cryptocurrency to
incentivize validators to come to a consensus and continue to
append blocks to the blockchain.
Permissioned Blockchain Use
Case
Private
To enable one source of truth with trust and traceability for
multiple parties within one organization. Example supply chain
management, auditing.

Consortium
To provide one source of truth between multiple known parties
(businesses). This enables them to collaborate in a way such
that there is a single source of truth with reduced overhead to
maintain separated databases or ledgers.

Many specific use cases can be built on top of these generalities.
Public Blockchain Use Case
Generally, it is to enable transactions between any two parties
without any centralized authority in between, and is enabled by
a decentralized, fault-tolerant payment network via a
cryptocurrency. However, with the evolution of smart contracts,
the use cases are evolving.

The nodes in the network that are verifying the transaction have
entirely separate incentives that do not involve the transacting
parties (validators are incentivized by consensus mechanisms).
Basics of
Cryptography (contd)
Cryptographic Concepts

- Hashing
- Symmetric encryption
- Asymmetric encryption (public key encryption)
- Digital signatures
How are hashes used?
Hashes are one-way functions that are not easy to brute-force reverse (ie. Pre-image
resistant). Hashes’ primary use case is to verify integrity of a file or piece of data.
They are also used to store passwords, as the hash cannot be reversed and this
helps avoid storage of plaintext passwords.

On the blockchain, hashes are used to ensure immutability. Transaction hashes are
used to create Merkle trees which verify all transactions within a block. There are
also block hashes that are stored to verify no tampering has been done in the block.

Hashes have also been used in the case of blockchain to propose a cryptographically
hard problem to solve to enable Proof-of-Work consensus (cryptocurrency
mining). This is where the hash has to meet a certain condition of a certain difficulty
in order to be accepted as the block hash.
Why aren’t hashes enough to
ensure a transaction is valid?
Hashes don’t ensure non-repudiation (the undeniability that it was you and only
you that sent a transaction).

Since there are no intermediaries, non-repudiation is necessary on the blockchain
whenever a sender account sends a transaction so there can be no disputes about
transaction validity. If there were disputes, consensus (and the blockchain) would
grind to a halt. Without non-repudiation, anyone could remove all the Ether in your
account by sending a transaction spoofing your account as the sender!

In order to ensure non-repudiation, we need digital signatures. Digital
signatures are hashes that are encrypted with a private key. Because they need a
private key, they make use of asymmetric encryption. Because it is assumed that
you and only you have access to the private key, digital signatures enable non-
repudiation and confirm transaction validity.

This is why it is so important with asymmetric encryption to protect your private key.
How are hashes different than
encryption?
Hashes are one-way functions that are not easy to brute-force reverse (ie. Pre-image
resistant). Encryption is by definition decryptable.

Hashes are meant to verify integrity of data (data has not been changed).

Encryption is meant to ensure confidentiality of data (only those with the keys can
see it). Encryption is also used to enable non-repudiation (under the assumption
that your private key is only known by you).
What is a hash collision?

Hashes are meant to verify integrity of data (data has not been changed). When
two or more data result in the same hash (which is always possible though usually
improbable to determine), this is called a hash collision.
Why do we need asymmetric
encryption on the blockchain?
Because transactions from a sending account must only be initiated
by the owner of the sending account! This means we need digital
signatures. Digital signatures mean that we need asymmetric
encryption to enable private keys to sign transactions and public
keys to be used to verify the signature.
Asymmetric encryption

https://learning.oreilly.com/library/view/real-world-
cryptography/9781617296710/Text/ch06_Wong.htm
Asymmetric encryption for key exchange

https://learning.oreilly.com/library/view/real-world-
cryptography/9781617296710/Text/ch06_Wong.htm
Digital signatures

https://learning.oreilly.com/library/view/real-world-
cryptography/9781617296710/Text/ch07_Wong.htm
Peer-to-Peer
Networking (contd)
Ethereum uses JSON-RPC API
REST API vs. JSON-RPC API

Difference Between REST API and RPC API –
GeeksforGeeks
REST API vs JSON-RPC API
REST API vs. JSON-RPC API

REST APIs can make use of HTTP GET, POST, PUT,
PATCH, and DELETE (all of CRUD – Create Read
Update Delete) functionality of a database.

RPC APIs can only use HTTP GET and POST. RPC is all
that is required since blockchains are append-only.
This means that no Update or Delete functions are
possible.
JSON
JavaScript Object Notation Syntax Rules

Data is in key/value pairs
Data is separated by commas
Objects are placed in curly brackets {}
Arrays are placed in square brackets []

For further reference:
What is JSON (w3schools.com)
Quick Ethereum API HTTP demo
We can see we are doing HTTP GET request with
Ethereum API if we make use of our browser dev
tools (Network inspection)
Break
Turing Complete
Turing completeness
https://youtu.be/RPQD7-AOjMI

Vitalik Buterin wrote the Ethereum whitepaper in 2014 to
propose a Turing complete blockchain that could run smart
contracts. Turing-complete refers to the ability of a
computer to execute any program.
Consensus
Algorithms
Byzantine General’s Problem
A problem in distributed computing as a whole:
Distributed Systems 2.2: The Byzantine generals problem - YouTube
Consensus algorithms Solve:
1. Byzantine General’s Problem
- By incentivizing consensus and block production
2. Double Spending Problem
- By producing agreement on the order of the transactions
in a block

Decentralized systems are vulnerable to sybil attacks.

How are sybil attack risks mitigated in today’s blockchains?
Cryptozombies:
Solidity Refresh
Exercises

Go to cryptozombies.io/en/course
Create an account (to track progress)
Do Levels 1 & 2 of Solidity Path: Beginner
to Intermediate