L4-Blokchain.pdf

Full Transcript

CSCI301 Contemporary Topics in Security Applications of Blockchain Subject Coordinator: A/Prof. Fuchun Guo School of Computing and Information Technology This slide is copyrighted. It must NOT be distributed without permission 1 Crypto-currency The first widely known blockchain is an application of a crypto-currency, Bitcoin. The Bitcoin blockchain serves as the de-facto example of how blockchain systems can work. ØBitcoin, Litecoin, Dash and Peercoin are crypto currencies. ØThey are similar to today’s fiat currency, but it is a digital asset since there is no institutional framework such as regulation, legislation and oversight for them. ØThey do not pass the test to become legitimate fiat currencies and do not offer to consumers the same rights and protections of conventional fiat currencies ØThe regulations against the crypto currencies are getting stronger (like a currency market without regulation). This slide is copyrighted. It must NOT be distributed without permission 2 Crypto-currency: Altcoin Altcoin (also called Alternative cryptocurrency) Ø“altcoin” describes any cryptocurrency alternative to Bitcoin ØBitcoin is, by far, the most popular and widespread cryptocurrency. As a result, the bitcoin market is extremely competitive and it’s difficult and expensive for beginners and amateurs (non-professional person) to get into. ØBitcoin is the first widely-used cryptocurrency. Although the system is powerfully designed, as it grows to a large scale crypto-commodity, we are beginning to notice problems and challenges. ØMany altcoins have been developed specifically to address concerns raised over the future and long-term viability of BitCoin. This slide is copyrighted. It must NOT be distributed without permission 3 Crypto-currency: LiteCoin LiteCoin ØIt was released as an open-source client on GitHub on October 7, 2011 by Charlie Lee, a former Google employee, and it went live on October 13, 2011. ØIt was a fork of the Bitcoin Core client, differing primarily by having 1) a decreased block generation time (2.5 minutes), 2) increased maximum number of coins, 3) different hashing algorithm (Scrypt, instead of SHA-256), and a slightly modified GUI. Ø FPGA and ASIC devices made for mining Litecoin are more complicated to create and more expensive to produce than they are for Bitcoin, which uses SHA-256 This slide is copyrighted. It must NOT be distributed without permission 4 Crypto-currency: Dash Dash (previously, DarkCoin) ØUnlike LiteCoin, Dash include additional functions such as anonymous transaction and instant transaction. ØAnonymous transaction : Bitcoin leave a trace on the blockchain. So-called “clean bitcoins” are worth slightly more than any other coin on the network, as they have no history linking ownership of the coins to that specific wallet addresses. This is possible because the transaction list in bitcoin is public.  Dash hides the transaction records by mixing coins using a master node. ØInstant transaction: It reduces the block generation time to 1 sec and allows real-time transaction. This slide is copyrighted. It must NOT be distributed without permission 5 Application Stacks In the context of blockchain, the term "application stack" refers to the set of technologies and components that are used to develop and deploy blockchain-based applications. Blockchain application stacks share similarities with traditional software application stacks but have some unique characteristics due to the decentralized and distributed nature of blockchain technology. This slide is copyrighted. It must NOT be distributed without permission 6 Application Stacks Smart Contract ØA smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract. ØSmart contracts allow the performance of credible transactions without third parties. Smart contracts were first proposed by Nick Szabo, who coined the term, in 1994. ØContract is not necessary to be a traditional contract. It also can be any program. ØSmart contract is also called self-enforcing language. It enforces an execution when the execution conditions are met. Therefore, if contractors agree with the code written. They can make a contract without any third party or law enforcement. This slide is copyrighted. It must NOT be distributed without permission 7 Application Stacks Smart Contract (example) Ø Alice published a transaction in one block. Ø The transaction says: Alice will pay $1 to the account who will receive the highest amount in the next 10 blocks. Ø It is unknown who will receive $1 from Alice at the beginning, but after 10 blocks, this result will be known by the public and cannot be changed. This slide is copyrighted. It must NOT be distributed without permission 8 Application Stacks (Reading Only) Smart Contract ØA blockchain-based smart contract is visible to any user in a blockchain system. However, this leads to a situation where bugs, including security holes, are visible to all yet may not be quickly fixed. ØIssues in Ethereum smart contracts in particular include üambiguities and easy-but-insecure constructs in its contract languages, ücompiler bugs, üEthereum Virtual Machine bugs, üattacks on the blockchain network, üthe immutability of bugs ØThere is no central source documenting known vulnerabilities, attacks and problematic constructs. This slide is copyrighted. It must NOT be distributed without permission 9 Application Stacks Decentralized App, dApp ØDecentralized applications (dApps) are applications that are run on a P2P network of computers rather than a single computer. ØdApps have already existed since the advent of P2P networks. They are a type of software program designed to exist on the Internet in a way that is not controlled by any single entity. ØBitTorrent, Popcorn Time, BitMessage and Tor are all traditional dApps that run on a P2P network. ØdApps are a ‘blockchain enabled’ website. The easiest way to understand this is to understand how traditional websites operate. This slide is copyrighted. It must NOT be distributed without permission 10 Application Stacks The traditional web application: uses HTML, CSS and Javascript to render a page. It will also need to grab details from a database utilizing an API. When you go onto Facebook, the page will call an API to grab your personal data and display them on the page. Traditional websites: Front End → API → Database dApps: are similar to a conventional web application. The front end uses the exact same technology to render the page. The one critical difference is that instead of an API connecting to a database, you have a Smart Contract connecting to a blockchain. dApp enabled website: Front End → Smart Contract → Blockchain This slide is copyrighted. It must NOT be distributed without permission 11 Application Stacks (Reading Only) dApps Security failure: ØThe DAO was a digital decentralized autonomous organization, and a form of investordirected venture capital fund. ØOn June 17, 2016 The DAO was subjected to an attack that exploited a combination of vulnerabilities, including the one concerning recursive calls, and the user gained control of 3.6 million Ether, around a third of the 11.5 million Ether that had been committed to The DAO; the affected Ether had a value of about $50M at the time of the attack. Ø The funds were put into an account subject to a 28-day holding period under the terms of the Ethereum contract so were not actually gone; members of The DAO and the Ethereum community debated what to do next, with some calling the attack a valid but unethical, others calling for the Ether to be re-appropriated, and some calling for The DAO to be shut down. ØThe DAO was delisted from major exchanges in late 2016. This slide is copyrighted. It must NOT be distributed without permission 12 Applications More decentralized systems with blockchain are coming….. q Lotteries q Auction q Voting This slide is copyrighted. It must NOT be distributed without permission 13 Lotteries Step 1: Smart Contract Deployment: Deploy a smart contract on the blockchain to serve as the foundation for the lottery. Step 2: Transparent Rules Definition: Encode transparent and immutable rules within the smart contract, including entry conditions and prize distribution. Step 3: Decentralized Entries: Participants enter the lottery by initiating cryptocurrency transactions to the smart contract, ensuring decentralized and tamper-proof entries. Step 4: Blockchain Randomness: Utilize the blockchain's pseudorandomness to ensure fair and unpredictable winner selection within the smart contract. Step 5: Automatic Prize Distribution: Design the smart contract to automatically distribute prizes to winning participants, eliminating the need for intermediaries. Step 6: Record Keeping on Blockchain: Record all lottery transactions, entries, and results on the blockchain, leveraging its immutable nature for auditability. This slide is copyrighted. It must NOT be distributed without permission Lotteries: Benefits: Trustless Environment: Establish trust through blockchain consensus without relying on a central authority. Reduced Fraud: Immutable records and transparent processes minimize the risk of fraudulent activities. Global Accessibility: Enable participation from anywhere in the world, promoting inclusivity. Efficient and Automated: Smart contracts automate the entire lottery process, minimizing manual intervention. This slide is copyrighted. It must NOT be distributed without permission Auction Step 1: Smart Contract Deployment: Deploy a smart contract on the blockchain to serve as the auction platform. Step 2: Auction Item Tokenization: Tokenize auction items using blockchain tokens, representing ownership and transfer rights. Step 3: Bidder Registration: Allow bidders to register by interacting with the smart contract, ensuring transparency and traceability. Step 4: Transparent Bidding: Conduct transparent bidding where participants place bids by interacting directly with the smart contract. Step 5: Automatic Bid Validation: Automate bid validation within the smart contract to ensure fair and tamper-proof auction processes. Step 6: Winner Determination & Settlement: Automatically determine the highest bidder as the winner and settle transactions using smart contract logic. This slide is copyrighted. It must NOT be distributed without permission Auction:Benefits Trustless Environment: Establish trust through blockchain consensus, eliminating the need for a central authority. Reduced Fraud: Immutable records and transparent processes minimize the risk of fraudulent activities during bidding and settlement. Global Accessibility: Enable participation from anywhere in the world, breaking geographical barriers and reaching a wider audience. Efficient and Automated: Smart contracts automate bidding, validation, and settlement processes, reducing manual intervention and enhancing efficiency. Transparent Bidding: Conduct transparent bidding directly through the smart contract, ensuring fairness and visibility for all participants. Immediate Transaction Settlement: Automate the settlement of transactions immediately after the auction concludes, providing quick and secure transfers of assets. This slide is copyrighted. It must NOT be distributed without permission Voting Step 1: Smart Contract Deployment: Deploy a secure and audited smart contract on a blockchain platform to serve as the foundation for the voting system. Step 2: Voter Registration: Enable voter registration by allowing participants to create blockchainbased identities. Each voter receives a unique cryptographic key pair for secure authentication. Step 3: Tokenized Voting Rights: Tokenize voting rights using blockchain tokens, ensuring each voter has a limited and verifiable number of tokens corresponding to their eligibility. Step 4: Transparent Voting Process: Conduct the voting process directly through the smart contract, allowing voters to cast their votes using cryptographic signatures for transparency and authenticity. Step 5: Decentralized Validation: Leverage the decentralized nature of blockchain for validation. Each node in the network verifies the legitimacy of votes, preventing manipulation. Step 6: Immutable Record Keeping: Record all voting transactions and results on the blockchain, creating an immutable and transparent ledger that can be audited by all participants. This slide is copyrighted. It must NOT be distributed without permission Voting: Benefits Security and Immutability: Ensures a highly secure and tamper-resistant voting process. Transparency and Auditability: Provides visibility and verifiability for all participants. Decentralization: Prevents single points of failure through decentralized validation. Tamper-Resistant Records: Ensures the integrity of recorded votes through immutable records. Accessibility and Inclusivity: Facilitates global and remote participation. Faster Results and Settlement: Enables immediate calculation of results and settlements. This slide is copyrighted. It must NOT be distributed without permission Ethereum Ø What is Ethereum Ø Ethereum Blockchain framework Ø Benefits of Ethereum This slide is copyrighted. It must NOT be distributed without permission Ethereum Ø What is Ethereum Ø Ethereum Blockchain framework Ø Benefits of Ethereum This slide is copyrighted. It must NOT be distributed without permission What is Ethereum? The second largest crypto currency by market capitalization. The vision of Ethereum is to create an unstoppable, censorship-resistant, self-sustaining, decentralised world computer (can run smart contracts). What Bitcoin does for distributed data storage, Ethereum does for distributed data storage plus computations. The Ethereum client software in your computer can ØConnect to the Ethereum network ØExplore Ethereum’s blockchain ØCreate new transactions and smart contracts ØRun smart contracts ØMine for new blocks This slide is copyrighted. It must NOT be distributed without permission 22 What is Ethereum? This slide is copyrighted. It must NOT be distributed without permission 23/82 23/42 The birth of Ethereum This slide is copyrighted. It must NOT be distributed without permission 24/82 24/42 Ethereum market This slide is copyrighted. It must NOT be distributed without permission What is Ethereum Ethereum is powered by the Ethereum Virtual Machine which allows smart contracts to run on a decentralized blockchain. These contracts self-execute when certain set of conditions are met. Smart contracts enable automated transactions. They run exactly as programmed without any possibility of downtime, censorship, fraud, or third party interference. This slide is copyrighted. It must NOT be distributed without permission 26/82 26/42 Smart Contract in Ethereum Crowdfunding Smart Contract: Initialization: The contract is initialized with the funding goal and the duration of the crowdfunding campaign. The project owner deploys the contract and becomes the project owner. Contributions: Contributors send Ether to the contract using the contribute function. Contributions are tracked, and the total funding is updated. If the total funding reaches the goal, the contract transitions to the "Successful" state. State Transitions: The contract has three states: Funding, Successful, and Expired. Contributions are only allowed in the Funding state. If the deadline is reached and the goal is not met, the contract transitions to the Expired state. If the goal is met, the project owner can claim the funds. Claiming Funds:The project owner can claim the funds only when the contract is in the Successful state and after the campaign deadline. Refunds:Contributors can request refunds if the campaign expires without reaching the funding goal. Refunds are issued to contributors if the campaign expires and the goal is not met. This slide is copyrighted. It must NOT be distributed without permission 27/82 27/42 Smart Contract in Ethereum A simple DAO contract where members can vote on proposals, and funds are allocated based on the voting results. Membership:Users join the DAO by calling the joinDAO function, becoming members with voting power. Proposal Creation:Members can create proposals by calling the createProposal function with a description of the proposal. Voting:Members can vote on proposals using the vote function, expressing support or opposition. Voting power is based on the member's stake in the DAO. Execution of Proposals: Proposals can be executed by the DAO if they receive enough support. The executeProposal function checks if a proposal has sufficient votes and executes it. Events: Events are emitted throughout the process, such as when a member joins, a proposal is created, a vote is cast, or a proposal is executed. Events help in tracking and understanding the DAO's activities. This slide is copyrighted. It must NOT be distributed without permission 28/82 28/42 What is Ethereum “The world computer” Ethereum provides a universal, programmable blockchain which anyone can use. This slide is copyrighted. It must NOT be distributed without permission Ethereum Ø What is Ethereum Ø Ethereum Blockchain framework Ø Benefits of Ethereum This slide is copyrighted. It must NOT be distributed without permission Ethereum Blockchain framework Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third-party interference. This slide is copyrighted. It must NOT be distributed without permission Architectural Components Node/Client Block Miners Proof of work Ethereum Virtual Machine Smart Contract Ether Gas Gas Limit Mining Pool This slide is copyrighted. It must NOT be distributed without permission Ethereum Virtual Machine (EVM) Think of EVM as the execution runtime for an Ethereum network. EVMs are primarily responsible for providing an environment that can execute code written in smart contracts. It can(must) access accounts, both contract and externally owned, and its own storage data. This slide is copyrighted. It must NOT be distributed without permission 33/82 33/42 A computer protocol that enforces the negotiation between two Smart Contract exchanging parties.It makes up a contractual clause between two parties. It automatically verifies the contract and executes the agreed terms. This slide is copyrighted. It must NOT be distributed without permission How does it work？ This slide is copyrighted. It must NOT be distributed without permission 35/82 35/42 Who uses ethers? This slide is copyrighted. It must NOT be distributed without permission 36/82 36/42 Ethereum Ø What is Ethereum Ø Ethereum Blockchain framework Ø Benefits of Ethereum This slide is copyrighted. It must NOT be distributed without permission Why use Ethereum? Benefits from Smart Contract This slide is copyrighted. It must NOT be distributed without permission 38/82 38/42 Ethereum vs Bitcoin This slide is copyrighted. It must NOT be distributed without permission 39/82 39/42 Ethereum vs Bitcoin Common properties: ØEthereum is a blockchain. ØEthereum is public and permissionless. üHowever, like Bitcoin, you can take Ethereum software to create private networks that aren’t connected to the main public network. ØEthereum has Proof-of-Work (PoW) mining. üEthereum’s PoW maths challenge called Ethash works slightly differently to Bitcoin’s, and this allows common hardware to be used for mining. üOn Ethereum’s roadmap there is a plan to move from electricity-expensive Proof-ofWork mining to a more energy-efficient Proof-of-Stake protocol (But, not yet completed) ØEthereum has an inbuilt cryptocurrency. üEthereum has its own currency ETH as Bitcoin has BTC This slide is copyrighted. It must NOT be distributed without permission 40 Ethereum vs Bitcoin Difference ØEthereum’s block time is shorter ü In Ethereum the time between blocks is around 12~14 seconds, which is a lot shorter compared with Bitcoin’s ~ 10 minutes. ØEthereum has smaller blocks ü In Bitcoin, the maximum block size is specified in bytes (currently 1 MB) whereas Ethereum’s block size is based on complexity of contracts being run. But, Data-wise currently the average size of Ethereum blocks are 20 ~ 40 KB. ØThe Ethereum Virtual Machine can run smart contracts ü Compared with Bitcoin’s primitive scripting language, the code that can be deployed in Ethereum and run as smart contracts based on Turing complete language is more advanced and familiar to developers. This slide is copyrighted. It must NOT be distributed without permission 41 Ethereum vs Bitcoin Difference (continue) ØETH token will be generated at a constant number every year. Mining rewards ØIn Bitcoin, the miner of a block receives: 6.25 new BTC + transaction fees from the transactions included in the block. ØIn Ethereum, the miner of a block receives: 2 new ETH block reward. It is decreased over time from 5 to 2 ether. This change is not hard-coded like Bitcoin, but decided by the Ethereum core developer team. This slide is copyrighted. It must NOT be distributed without permission 42 Ethereum Gas and Gas Price= Running Smart Contract ØWhen you activate a smart contract, you ask all the miners in the whole network to each individually perform the calculations within it. This costs them time and energy, and Gas is the mechanism by which you pay them for that service. ØThe payment is a small amount of ETH that the person who wants to run the contract needs to send to the miner to make it work. ØPayment (in ETH) = Gas amount (in Gas) x Gas price (in ETH/Gas) Gas amount ØThe more complex the smart contract (the number and type of computational steps, memory used for storage, etc), then the more Gas the contract requires to run and complete. ØThe amount of Gas to run a contract is fixed for specific contract, as determined by the complexity of the contract. This slide is copyrighted. It must NOT be distributed without permission 43 Ethereum Gas Price Øthe Gas Price is specified by the person who wants the contract to run, at the time they request it (a bit like Bitcoin transaction fees). Why Gas? ØMaking smart contracts cost Gas/ETH/money stops people from activating them without any direction or planning. (stop useless) ØSolving problems relating to transaction spam would happen if running smart contracts were free. This slide is copyrighted. It must NOT be distributed without permission 44 Proof-of-stake Proof-of-Stake is an alternative to Proof-of-Work. In Proof-of-Stake-based public blockchains, a set of validators take turns proposing and voting on the next block, and the weight of each validator's vote depends on the size of its deposit (i.e. stake). Ø Someone holding 1% of coins can mine 1% of the "Proof of Stake blocks". The blockchain keeps track of a set of validators, and anyone can become a validator by sending a special type of transaction that locks up their coins into a deposit. The process of creating and agreeing to new blocks is then done through a consensus algorithm that all current validators can participate in. This slide is copyrighted. It must NOT be distributed without permission 45 Proof-of-stake Benefits ØNo need to consume large quantities of electricity in order to secure a blockchain (e.g. it's estimated that Bitcoin burns over $1 million worth of electricity and hardware costs per day as part of their consensus mechanism). ØThere is not as much need to issue as many new coins in order to motivate participants to keep participating in the network. It may theoretically even be possible to have negative net issuance, where a portion of transaction fees is "burned" and so the supply goes down over time This slide is copyrighted. It must NOT be distributed without permission 46 Proof-of-stake Benefits ØReduced centralization risks, as economies of scale are much less of an issue. $10 million of coins will get you exactly 10 times higher returns than $1 million of coins. ØAbility to use economic penalties to make various forms of 51% attacks vastly more expensive to carry out than proof of work - to paraphrase Vlad Zamfir, "it's as though your ASIC farm burned down if you participated in a 51% attack". This slide is copyrighted. It must NOT be distributed without permission 47 Consensus algorithm of Ethereum Ethereum is moving to a proof-of-stake consensus algorithm. It currently has a proof-of-stake Beacon Chain and a proof-of-work Mainnet. Mainnet is the proof-of-work consensus protocol Ethereum has been using. Proof-of-stake of Ethereum is the underlying mechanism that takes users who deposit enough stake, called stakers, as validators. Ethereum will fully work with a proof-of-stake system in the future. This slide is copyrighted. It must NOT be distributed without permission 48 Consensus algorithm of Ethereum Join:For Ethereum, users will need to stake 32 ETH to become a validator. Work: Chain-based stake algorithm is used so that validators are chosen at random (higher probability when deposit more) to create blocks and are responsible for checking and confirming blocks they don't create. Mechanism: Good behaviours are required to a validator – penalty will be applied to irresponsible or malicious behaviors. reward will be given for validators. This slide is copyrighted. It must NOT be distributed without permission 49 Disadvantage of PoS PoS systems can lead to wealth concentration, giving larger stakeholders disproportionate influence. The "rich get richer" phenomenon may result from rewards tied to stake, potentially creating an imbalance in economic distribution and governance influence. This slide is copyrighted. It must NOT be distributed without permission 50 Comparison PoW (Proof-of-Work): In PoW, consensus is achieved through miners solving complex mathematical puzzles. Miners compete to find a hash value that meets specific criteria, and the first one to solve the puzzle gets the right to add a new block to the blockchain. The difficulty of the puzzles adjusts over time to maintain a relatively constant block generation time. PoS (Proof-of-Stake): In PoS, consensus is achieved through validators who are chosen to create and validate blocks based on the amount of cryptocurrency they hold and are willing to "stake" as collateral. Validators take turns proposing and validating blocks, and the selection process is often influenced by factors like the validator's stake, randomness, or a combination of these. This slide is copyrighted. It must NOT be distributed without permission 51 Comparison PoW (Proof-of-Work): In a PoW system, a 51% attack involves gaining control of more than 50% of the total hash rate, which means having more computational power than the rest of the honest network combined. This requires a significant investment in mining hardware (ASICs or GPUs) and electricity. PoS (Proof-of-Stake): In a PoS system, a 51% attack involves acquiring a majority of the total cryptocurrency tokens. This means controlling more than 50% of the stake in the network. The attacker needs to accumulate a significant amount of the native cryptocurrency. I This slide is copyrighted. It must NOT be distributed without permission 52 END OF BLOCKCHAIN This slide is copyrighted. It must NOT be distributed without permission 53