Nitin Yadav: Brain, Mind and Markets Lab The University of Melbourne
Nitin Yadav: Brain, Mind and Markets Lab The University of Melbourne
Nitin Yadav: Brain, Mind and Markets Lab The University of Melbourne
Semester 2, 2019
● 5 multiple choice questions
● 10 minutes to complete
● Worth 2% of your final mark
○ All multiple choice questions are weighted equally
● Please enter your name and student number correctly
○ Your marks will be recorded against your student number
● Please use your Unimelb student account to login to Google
● Complete on your own!
2
1. Regulated payment systems
a. Swift
b. Online payment systems
2. How cryptocurrencies work and technology behind them
a. Cryptography and hashing
b. Addresses
c. Transactions
d. Blockchain
e. Mining and consensus
3. Security and some caveats
4. How to evaluate cryptocurrencies?
3
1. Regulated payment systems
4
● Society for Worldwide Interbank Financial Telecommunication
● A messaging platform that links more than 11,000 financial institutions globally
● Does NOT hold funds, or manage accounts, or transfer money
● Provides a secure, reliable, trusted, communication channel
● Revenue of 811m EUR in 2018
5
Expressed in million messages (average daily traffic volumes per month)
● Each financial institution identified by a code
<bank-id><country><branch>
○ E.g., a CBA branch has the code CTBAAU2SOBU
● Messages are sent through the SWIFT network
○ Cost: €2.333 up to €1Mn
● Money transferred via interbank relationships
● What if two banks don’t have a relationship?
○ An intermediary is found who has a relationship with Source: HSBC’s guide to straight-through processing
both banks
● Banks earn money via spread and/or charging fees
to customers
○ Expensive and inefficient process
Source: wikipedia
7
● Technology reaches where banks
don’t!
● Technology has impact where usual
channels have failed (e.g., protection
from loan sharks)
● Solution to “Sorry No-Change”?
Response to an increasingly
cash-free society
https://www.financialexpress.com/industry/beggars-with-qr-code-chinese-poor-collect-alms-in-mobile-wallets-ditch-tin-bo
wls/1641567/
https://www.dailymail.co.uk/news/peoplesdaily/article-3235484/No-small-change-Chinese-shoppers-cash-free-farmer-s-m
arket-thanks-tech-let-pay-smartphones.html
8
2. How cryptocurrencies work and technologies
behind them
• Cryptography and hashing
• Addresses
• Transactions
• Blockchain
• Mining and consensus
Note: Many slides use bitcoin as an example, but the concepts discussed here are generic to cryptosystems.
9
Source: BIS annual economic report 2018.
10
● A central authority (e.g., a bank) ● Authority is distributed and there is consensus on rules
● Ledger is maintained by one authority ● Ledger is distributed
● Identities are verified (TFN, Driver’s License, Passport, etc) ● Identities are anonymous (hard to keep bad actors out)
● Central authority prevents double spending ● System needs to have rules to avoid double spending
● If the system is exposed (e.g., credit card information is ● Hard to bring down the whole network (attacks still
leaked) individual is compromised possible)
11
Images from: https://www.aier.org/article/sound-money-project/centralized-decentralized-and-distributed-payment-mechanisms
● Peer to peer network
● A public ledger
(blockchain)
● A set of rules
○ Validation
○ Currency creation
● Decentralized
consensus
12
Source: http://thumbnails.visually.netdna-cdn.com/bitcoin-infographic_5029189c9cbaf.jpg
And now to the ground level view...
c 12
● Hexadecimal number system
○ Base 16 (0 to 9 and then a till f)
d 13
f 15
15
Building blocks
Let us denote the private procedure by D and the public procedure by E.
These have the following 4 properties:
16
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Encryption
Alice wants to tell Bob a secret, i.e., that she likes FNCE30012.
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.
Alice Bob
FNCE30012 is Fun
1. M’=EB(M)
2. M’
O4RoY0cTXD8hqcqoBC8v21jAdHyo9LeL7jiAsPfIyJ
bwTZjDfg24nwz2Qc7CLxkdCWn/YGHArfqZ96ISg5
J6Xg==
3. M=DB(M’)
FNCE30012 is Fun
17
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Digital signature
Where is the proof that it is indeed Alice who likes FNCE30012.
(Bob could have sent that message to himself...)
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.
18
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems by R.L. Rivest, A. Shamir, and L. Adleman. 1978.
Digital signature without encryption
Alice can also broadcast her message to everyone.
(Anyone can verify that the message indeed came from Alice)
Let us denote their private procedures and public procedures by DA, EA, DB and EB, resp.
21
● The generation of a public address from a private key is done using a “Trap-door”
function:
○ Easy to compute the public address from a private key, but very difficult (computationally) to do the
reverse
○ In RSA (Rivest, Shamir, Adleman) this is achieved by multiplying two large prime numbers
■ Multiplication of two primes is easy, but finding correct factors of a semiprime is (currently)
computationally hard
■ Advances in quantum computing may make factoring easier
● For the curious: look at Shor’s algorithm
■ RSA is still used for securing the channel used to transmit data securely
● E.g., when you do online banking
○ In ECC (Elliptic curve cryptography) one uses properties of elliptic curve equations to generate keys
■ Key generation process is faster and yields smaller, yet more secure, keys
■ Used for most cryptocurrencies
22
Generating an account: private key → public key → address
e150290c1e40964981b6826b03cdb5f98eca398dc359a1d
d1e181580df3b8fa7
In tutorial 2 you will
create your accounts. Private key
This is already Using Elliptic Curve Digital Signature Algorithm
implemented.
f10953362e9597b1739a21049bc3f0b082cc250280c0885f
74d5934ddd53c8acabb73f195bc4bb55511e78c2d621aab4f
70713cacd4e54b4e2a1c8d8565f2daa
Public key
Hashing for Bitcoin Hashing for Ethereum
1Jr9g7VbaVPNxZYuYke651SmnXSSZ7p3pu 0x9f8217d5bebae2f052f0d866fe448a6f6f88eab9
for an address
a. Print and keep in wallet or distribute
3. You can also generate payment QR codes Pay 1BTC
a. With some interesting messages!
FNCE30012
This is really fun
25
Source: https://www.commbank.com.au/personal/apply-online/download-printed-forms/betterbankingbook-adb1758.pdf
Required properties of such messages:
1. Completeness of instruction
Digital signatures
○ Time, account information, amount of transfer, etc.
and hashing provide
2. Authorisation
2, 3, and 4
○ The person who sent the transaction is the owner of the account
3. Non-repudiation
○ The owner cannot deny sending the transaction (later on)
4. Tamper-proof
○ No one else has modified the transaction after the owner has signed
26
Bitcoin Ethereum
27
● Generally in a crypto system a cryptocurrency is transferred
○ Bitcoin in the bitcoin system and Ether in the ethereum system (we will revisit this later)
● Signed messages over the cryptocurrency network
○ In the case of Bitcoin, these messages encode transfer of value from one account to another
○ In the case of Ethereum, these messages contain a value transfer and (optionally) data
■ Data is relevant for smart contracts that we will cover next week
● Each transaction is recorded in a public blockchain
○ A distributed database (ledger)
● A simple process
1. Get the public address of the receiver
2. Create a transaction message
3. Sign the transaction with sender’s private key
4. Send the transaction to the network
28
Bitcoin transaction
31
A common structure of a block:
● A header
○ A reference (hash) to the previous block
○ Details of the mining
■ Time stamp
■ Difficulty (related to consensus, proof of work)
■ Nonce (related to proof of work)
○ A merkle tree root
■ An efficient way to index transactions Genesis
Block
● List of verified transactions
● Number of included transactions
Source: https://bitcoin.org/bitcoin.pdf
32
● The first block is called the genesis block
● In the case of Bitcoin, a new block is
created on average every 10 mins
with limit size of 1Mb
● In Ethereum the limitation is on gas
○ 6.7 million gas (not fixed)
● A block can be identified by
○ Hash of the header; or
○ Height of the block (genesis block has height of 0) Genesis
● Everyone can view blocks and transactions in Block
a public blockchain, e.g.:
○ BlockChain Explorer (https://www.blockchain.com/explorer)
Source: https://bitcoin.org/bitcoin.pdf
○ BlockCypher (https://live.blockcypher.com)
33
○ Blockscout for Ethereum (https://blockscout.com/eth/mainnet/)
Crucial: Who verifies the transactions and how are they rewarded for their work?
35
● Given an input i and a difficulty target t, find a value n
such that: hash of i + n meets the target t
● The input in the block is its header (except nonce), and nonce is the n
● The higher the number of prespecified ending digits, the higher the difficulty
○ For Bitcoin, difficulty is varied dynamically to ensure new blocks are created every 10 minutes on
average
36
● Finding a nonce is computationally hard, however, verifying it is easy
● A mined block is verified by all (full) nodes in the network
● Only validated blocks are sent to other nodes
● But what happens if more than one miner find a nonce for same block?
● The longest chain (i.e., the one with the most proof-of-work) is accepted
● A block has a unique parent (i.e., previous block hash) but may have more than one child
4 4 5
0 1 2 3 0 1 2 3 0 1 2 3
4’ 4’
38
3. Security and some caveats
39
● Centralised system (e.g., a bank)
○ Identities are verified (TFN, driver’s license, passport, etc)
○ Access is controlled
○ All transactions are sequential, hence double spending is easily avoided
○ If the system is exposed (e.g., credit card information is leaked), individuals are compromised
○ Trust in the central authority is a necessary condition
● Decentralised system (e.g., Bitcoin or Ethereum)
○ Bad actors cannot be kept out as there is no access control
○ Double spending is avoided due to the rules of decentralisation
○ Identifiable information is not stored
○ Trust emerges from the technology of public, open, decentralised ledger
40
● Transactions are broadcasted to the network and verified by multiple parties
● Full transaction history is maintained by the network with multiple copies
● A new block must be valid and verified by the network (e.g., PoW or PoS)
● If a block at height h has to be modified then all blocks at heights greater than h
must be recomputed
● Clear consensus rules to accept the true blockchain
● What if majority of the miners are malicious (majority attack)?
○ They might extend the block chain by adding blocks verified amongst themselves
○ As the chain grows it will become longer and be accepted as the main chain
● Generally transactions before the last 6 blocks are considered immutable
41
● Theft of private key
○ Issue with exchanges not necessarily the (Bitcoin) technology itself
○ https://en.bitcoin.it/wiki/List_of_Major_Bitcoin_Heists,_Thefts,_and_Losses
○ https://en.wikipedia.org/wiki/History_of_bitcoin#Theft_and_exchange_shutdowns
● Sybil attack
○ Shirley (Sybil) Ardell Mason had multiple personality disorders
○ Attacker can create multiple nodes and disrupt the network
● Dusting attack (Bitcoin)
○ “Dust” a small amount of Satoshis to accounts, then analyse if these accounts belong to same wallet
● Denial of service
○ Spam the network to delay transmission of transactions
● Finney attack
○ An attacker generates a block with a transaction A to B where A and B are from his wallet
○ The attacker does not broadcast the block
○ The attacker then creates a new transaction A to C, owner of C waits for a few seconds and honors the receipt
○ The attacker now broadcasts the block with transaction A to B
42
● Energy consumption is similar to Austria
● 6.7M+ US households can be powered with equivalent energy
● Consumes 0.33% of the world’s energy
● Approximately 21 US households can be powered for 1 day by energy consumed for 1 transaction
● Most miners are located in China (coal-based power vs renewable power generation)
43
Source: https://digiconomist.net/bitcoin-energy-consumption. Further reading: https://www.iea.org/newsroom/news/2019/july/bitcoin-energy-use-mined-the-gap.html
Source: Rauchs, Michel, et al. "2nd Global Cryptoasset Benchmarking Study." Available at SSRN 3306125 (2018).
44
● One block is mined on average every 10 mins This is because of the
● The specification puts a limit of 1Mb on the block size specification and not a
restriction of the
● This results in 7 transactions per second on average underlying technologies.
● Achieved by adapting the mining difficulty dynamically
Source: https://en.bitcoin.it/wiki/Scalability 45
Can Bitcoin handle the same volume of transactions as Visa and Mastercard?
This is about 2000 transactions per second, Bitcoin does around 7 transactions per second (see prev. slide)
● CPU
○ Can do about 4000 signature verifications
on a core i7 2.2Ghz (8000 if optimised)
● Block size can be increased
○ Bitcoin Cash and Bitcoin SV
● Network
○ About 1Mbps needed for 2000 transactions
per second
● “Lightning network” (Layer 2 systems)
● Some issues:
○ Hard drive space to store the full blockchain Source: https://www.statista.com/statistics/647523/worldwide-bitcoin-blockchain-size/
47
What does it mean to talk about the “value” of a cryptocurrency?
48
“[Bitcoin is] probably rat poison squared [...] In terms of cryptocurrencies, generally, I
can say with almost certainty that they will come to a bad ending [...] If I could buy a
five-year put on every one of the cryptocurrencies, I’d be glad to do it but I would
never short a dime’s worth.”
49
● Since 2017, value of 1
Bitcoin (BTC) consistently
above 1,000 USD
● Who is right? Warren Buffet
or Bitcoin traders?
● Can we tackle the question
more systematically?
50
We have to differentiate between:
In both cases, coins are used to pay transaction fees, i.e., costs (“fuel”) for mining, and can act as
stake for the validation process of transactions. 51
● We follow a simplified version of Mitchnick and Athey (2018)
● Simple model:
○ Interested in the long-term fundamental value
○ In equilibrium we must have: demand = supply
○ Demand driven by:
■ Efficiency of economic transactions → medium of exchange
■ Possibility to save wealth over time → store of value
○ Leaves out the “unit of account” functionality (less relevant for valuation)
○ Model quantities still denominated in fiat currency (e.g., USD or AUD)
52
The demand D for the cryptocurrency has two components:
D=X+I
53
● We can go back to the “Quantity Theory of Money” (size of monetary base affects price
levels, see lecture 1)
MV = Y
X = M = Y/V
54
● To be appealing as store of value, a cryptocurrency must fulfill 3 criteria:
1. Widespread expectation that it will be accepted as an instrument of value ?
2. Allows for secure storage without risk of theft, seizure, or destruction (✔
3. Common belief that its supply will not be increased arbitrarily )✔
S=N+𝛾
56
In equilibrium, supply (in $) should equal demand (in $):
Sv = D
To get today’s value per coin P, we have to compute the present value of v:
(Y/V+I) / (N+𝛾)
P = PV(v) =
(1+i)T
i = Discount rate (annualised)
T = Time until long-term equilibrium is reached (in years)
57
● Of course, it is challenging to Parameter Value Remark
pick the right parameter values!
Y USD 17.5 bn Based on average estimate
● Applying the above framework
V 0.025 Based on transaction data
to Bitcoin, we follow Mitchnick
I USD 1.35 tn Based on average estimate
and Athey (2018)
N 14.2 m 2.8 m BTC permanently lost
𝛾 4m Based on maximum of 21 m
58
● Let’s assume that Bitcoin
either succeeds or completely
vanishes (value of zero)
● Then, according to the above
framework, markets currently
estimate its success
probability to be:
59
● How PoW solves the byzantine generals problem by Satoshi Nakamoto:
https://www.mail-archive.com/cryptography@metzdowd.com/msg09997.html
● Elliptic curve cryptography tutorial:
https://www.johannes-bauer.com/compsci/ecc/
60
● Lecture
○ Quiz 2
○ Smart contracts
● Tutorials
○ Interacting with a private blockchain
● Mandatory readings:
○ “Bitcoin energy use - mined the gap” by George Kamiya, access via:
https://www.iea.org/newsroom/news/2019/july/bitcoin-energy-use-mined-the-gap.html
○ “Banks in no rush to join Facebook’s crypto project” by Laura Noonan, Robert Armstrong,
Nicholas Megaw and Stephen Morris, access via LMS
61