3. Blockchain Basics & Cryptography
Jun 02, 2021The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high-quality educational resources for free. To make a donation or view additional materials from hundreds of MIT courses, visit MIT opencourseware at ocw.mit.edu. I want to say how touched I am that all of you are still here. They really know that there are a lot of shopping opportunities in MIT courses and they came back and didn't shake Louis after reading Satoshi Nakamoto's Bitcoin peer-to-peer article or maybe. You just came back to see if I was going to crash and burn describing it, but what we're going to try to do in the next three classes just to frame it is really give you some of the technical fundamentals of
blockchain
technology through the lens of Bitcoin.
Bitcoin is only the first use case of
blockchain
technology, so if I often say Bitcoin this or Bitcoin that, it's actually not entirely applicable to blockchain technology, my feeling is that I'm only about eight or nine months away. in front of all of you. I've spent my entire professional life around finance and public service and I can talk a lot about markets and public policy, but MIT has given me the gift of thinking about blockchain technology and I'm trying to give a little bit of that gift back to all of you. and I have some computer scientists in the room who will bail me out if I don't do it right.
More Interesting Facts About,
3 blockchain basics cryptography...
Sabrina and then oh I see Aileen is putting hers on everyone know? Alene, he's actually a PhD student in computer science at MIT, so someone gets to that part of their lives, what was that terrible life choice, yeah, but he's going to bail us all out, but the reason why What I think is relevant not just to insist is that I truly believe it is the only way any of us can get to the fundamental truth. it's knowing a little bit about the inner workings of this technology or you're not going to have to do an algorithm or actually do a hash function, but know what's underneath and then you can walk away and say I don't need to know anymore. how the carburetor works, but I know what a carburetor is or you know whatever analogy you want, so with that a little bit instead of all those Socratic cold calls that I made during a class because money, fiat currency, is something in the core and Ledger is the core of Sloan students, whether it's education or background, there is a little less core in today's and upcoming lectures, if you can work with me, I want you to interrupt me whenever you have I have a question.
I'm not going to do a lot of cold calling. Oh, I don't want you to relax too much. I still want you to do the readings for the next three classes, but just raise your hand. Stop, you may say fine, but what is all that? and that's kind of like we can work a little differently in the next classes, so as always I'm going to be consistent, what are the study questions? What really are the design features? What are the key design features of this new one? blockchain technology and I put some in the syllabus and we'll go over all of this today and next week
cryptography
timestamps of just adding blocks distributed consensus algorithms and networks that I list later in this lecture you'll see eight or ten I guess it's ten in the that we're really going to dig deeper.
Can I get an idea of the class? And this isn't the first time Talita or Sabrina have written notes about participation? at least read Nakamoto's article okay, okay, great, I just have an idea how many of you felt like you got at least half, maybe less than two-thirds of at least half, very good, pretty good, when I read it for the first time, I was with you. so okay, read, you're more than half okay, you read it five years ago, yeah, yeah, yeah, life choices, talk to them, talk about it, okay and you're taking this class, okay, okay, so we're going to go over each of those and then more specifically we're going to look at
cryptography
, the two main cryptographic algorithms or these words that you'll hear sometimes, cryptographic primitives.I mean, what is a cryptographic primitive? What are the two words together that basically protect the opponent's communication and presence? Therefore, communications and calculations that must be protected or verified have some type of cryptographic algorithm called a cryptographic primitive. The main two and there's a third one that we'll talk about later in this semester, but the main two want hash functions. just like it pays to know a working knowledge of blockchain and we're going to get everyone there, we're all going to get there, until you have an idea of what a hash function is and then all this. concept of digital signatures which is related to asymmetric cryptography, those two are very fundamental to blockchain technology later in the semester we will talk a little about zero knowledge proof, but they are not so fundamental to the first application and that is why They're you know, and they help make things verifiable and immutable and that's the business side, the market side, why does it matter?
Otherwise who cares what's in the car operator if it doesn't matter and then how does all of this relate to double spending? problem, I can call it by calling Isabella, do you remember what the double spending problem originated from? So in essence, a double spend is when you have an information and you use it twice and we haven't called this information money, but you use it twice, you can send an email to two people and it's okay, I mean, it's a Little embarrassing if you send it to a friend telling them you're available for dinner and the other friend thought you told them you weren't. available but you can still send it to two places, but in the monetary system it is essential that you do not use it twice.
The readings were helpful. I mean, we're going to do a lot more. I know I saw that demo last November and December, it was one of the first things I saw. I am a student at MIT. I don't know if you knew Bosworth and I found him very useful, so I have it clear and see that it is Actually, that demo is also a Stanford blockchain course, so on the west coast one of our competitors is using a product from MIT, so we're going to do a little review of what we did in class two and then we're going to talk about the key features of the hash pool design just like I mentioned what is a record block of just adding headers and Merkle trees and asymmetric cryptography and digital signatures.
We're going to cover all five today and then you're going to tell me how we did it, oh, Bitcoin addresses, which is actually just a little thing, so last time, for those of you who work with this, we talked about money and, again, money is just a social construct or an economic consensus mechanism, let's talk a little bit. A lot about consensus next Tuesday when we talk about the consensus protocol on Bitcoin, but remember that money itself is just a consensus. There was a question on Tuesday. I think a levy had actually asked this question about what it means to be a liability of the central bank. bank, why is it money?
What does that really mean? And I said it just means someone else will accept it. It's a social consensus because it's not like they're going to give you anything else, it's just that you can get a bank deposit and you can pay your taxes, you can use it, it's Starbucks if you actually already had a cup of coffee, if you remember it's just currency legal tender for a debt, etc., fiat money is in that long line, but it has had its challenges, instabilities, no. means it's going away I'm not a Bitcoin maximalist I think fiat currencies are going away but fiat currencies have their instabilities, particularly around weak monetary policy, in essence when you debase a currency and allow it to issue a large amount or usually around unstable fiscal policy, so either the government is spending a lot, the king has gone off to foreign wars, and the Bank of England was created in the late 17th century essentially to control the currency when the king was of England, I think he was in wars with France, if I can remember, many banks central banks were created just when a sovereign was devaluing a currency and spending too much on war. accounting books we talked about how critical accounting books are in essence. those records could be transaction records or balance records you will see that bitcoin is set up as a transaction record system.
Later we will talk about other blockchain technologies that are set up as balance ledgers, so one should not just immutably think that there is only One way to do this, but transactions and Ledgers are the core of Bitcoin and central banking, so Of course, it is based on the central bank ledger, and then the commercial banks have a kind of sub-Ledger and then you can sometimes think of your digital wallet. maybe Starbucks still has a third level ledger, obviously we live in an electronic age or we already know it, there have been many efforts, they are all dead until Bitcoin, to solve that riddle we talk about about peer to peer money without an authority central and Later in the semester, when we talk about what the use cases are, that will be the main thing and why I'm not a Maximus.
I'm not sure that in all circumstances a central intermediary is not necessarily that bad and this is not a value judgment, this is just pure money and markets etc., but in some circumstances decentralization will actually compete and it will be a decentralized intermediary , so let's talk about her little role, which of course was modest or she was modest, please remind me we don't know who. Nakamoto is or was a group of people where I have been working on a new electronic cash system that is fully peer-to-peer without a trusted third party, so you will have seen this slide before, but a law of only append with timestamp just think about blocks of data, you know it's a bit simplified but it has a name blockchain and I don't think the satoshis paper has been read in the last few days.
Of course, I read it again yesterday just to make sure I remembered it. I don't remember him ever using the word blockchain, am I right about that? So the words blockchain have really overlaid their innovation, so the information is locked and that leads to basically a database, but it's Bitcoin data blocks, right? now it's about five hundred and fifty thousand blocks and the blocks are added on average every 10 minutes and we'll talk about why it's every 10 minutes and not only why Satoshi Nakamoto made it every 10 minutes but also how they kept the theory of luck from other blockchains. it emits about every 7 seconds so don't get caught up in the fact that everything is the same and there are some technologists here Sylvia McCauley is working on algorri & & and that is even stricter, less than 7 seconds, so there is no one way, there are multiple designs on how often there are blocks, but let's start with Bitcoin secured by itself, guess what those two cryptographic primitives are, hash functions and digital signatures, you still lose someone, yes, maybe and then there is a consensus to reach an agreement.
The whole debate generally about databases is who can change the data and this is true in all databases, in essence they are usually centralized, but in blockchain suddenly it is okay, maybe it is not centralized who can add the next piece of information, then the next block and the consensus agreement is what we will discuss. Next Tuesday is just about that topic and I think there was a nice little image I had done on slides earlier, but I'm going to delay that discussion until next Tuesday and I hope everyone comes back, so what's the point? features and could make a little cold call.
Do you remember any table of key characteristics of newspapers? Any other key features. Let's see how many I'll have. 10 on this page. A public-private child. Yes, asymmetric or public and private cryptography. key yes hash functions yes private and public key and the other type of key design features or words that you didn't understand maybe that's another way of saying it Leandra address Bitcoin addresses three are four of the things that this goes well in rehabilitation the payment is is something they are trying to fix, it's not really a design feature, but they have a solution for double payments, so I'll give them credit for that, but okay, so Hugo says minors, which is really the consensus, so I will say that The design feature is consensus or proof of work, Kelly, very interesting, this concept of nodes and Satoshi actually talks about full nodes or lightweight nodes, in essence, how much information should be stored.
I'm going to reserve that, Kelly, please remind me when we talked about block headers to come back to that, but nodes and network are a very important design feature here. The Merkle tree structure, so the Merkel tree structure is a way of compressing a large amount of data and also classifying it. Oh no, no, not Sabrina.I'm going to clean up here The Merkle tree structure is there, let's talk about those two more, what is that? The knots are fine then Ananse, does anyone know what the word nan says a year ago? I don't, so we're all getting there.
Look, I took a look, do you know what knot is not in the actual vertical? It's essentially a guess for miners too, so the word knots means a random number that is used once and for number and once it is a random number and is used once, that's how I learned it and one more because serves, this is great, actually, remembering your name, yes, Priya, here, okay, so how is this? I have cryptographic hash functions, we will analyze them in more detail. append-only log block with timestamp headers and Merkle trees, so Merkle trees were discussed, but we actually need to say what information is kept in the header of the block compared to all the bots in the body and some of that It's just to make it more manageable. asymmetric cryptography which is this public private key and signatures of the Bitcoin addresses, which interestingly are a little bit different than the public keys and then I see a violation break because I'm with the next one, we'll talk next Tuesday about the proof of work of the miners. nodes the Nazis are all on that little topic actually there is a really important protocol in Bitcoin it's how information spreads on the Internet only network communication about which not much is written about, you won't read much about it in the found your digital poppers gold or all the other popular books, but it is important to remind ourselves that information has to spread over the Internet and all these transactions have to communicate with each other.
There are currently around 10,000 nodes on the Bitcoin network that we don't know where. They all are, but they are probably in a hundred and eighty different countries, so networks and communication are also important and it is very important for the economy, there is a native currency and this is interesting, it was the only thing that nobody said that it is a actual technological design feature, it's not just that it created a currency, but the native currency is part of the economic incentive system and we'll have a little fun with that, in essence, it said that when you care and did the proof of work that you created and you got a native currency called Bitcoin, so it created a system of economic incentives, whoever Satoshi Nakamoto was or was knew a lot about economics and technology.
Yes, I quickly add to what you said, so it's not just that you believe this. native currency, but once the finite supply is reached, the currency can be distributed as a transaction, which I think is, what Daniel just said is really interesting not only to bring to light these individuals who made this, but also to this world of Bitcoin and other cryptocurrencies. it creates a unit of account that could be valued and once valued you have a kind of native currency, but as Daniel said, Nakamoto also said that there would be a finite limit, it turns out that 21 million Bitcoin is the maximum it can be and it will get there.
Around the year 2040, does anyone know how many Bitcoin you have right now, but half of them were invested in them, so it's funny that you have about seventeen million Bitcoin right now and the 17 million come from this process of proof of work and Initially the mining was 50 Bitcoin every 10 minutes, about every 10 minutes, then it went down to 25 and now we are at 12 and a half Bitcoin. Does anyone know what the current value is? I always have to say the supposed value of Bitcoin because I don't know. I don't know if we can trust some of those websites that say a value, so what is it? $6,500 per Bitcoin at 12 and a half Bitcoin to mine a block, so you use, you see it's about $80,000. dollars is the reward for mining a block, so he created an incentive system that initially if you got 50 Bitcoin and it wasn't worth a cent, you wouldn't commit as much if you had to be a hobbyist basically in 2009 or a cyberpunk or just a little curious because you weren't getting a lot of incentives, if it's actually worth 6500 today, you'll get $80,000 if you actually successfully mine a block and then there's transaction inputs and outputs, think about a check, you know who signs it. where you move money there is something called the unspent transactions ledger, so this is the part of the ledger, so when you think, I think of technology, I think of cryptography, which is all that on top that we will discuss today, secondly place, consensus.
In essence, that is the key question of any database: who gets to a man in the database who decides to change the state of what we all agree to and then thirdly, there is the general ledger or the ledger of transactions in which we are not going to delve deeper. Dive into the scripting language, but next Thursday we'll talk a little bit about the underlying scripting, so that gives you an F payout, that's okay, this crypto, the consensus and then the transactions in terms of the CPU feed the electricity that will be. consumed to extract that fabric, how much does that translate into US dollar equivalent terms?
So the question being asked is how much electricity is being consumed for that miner to get that $80,000 reward and I'm going to try to answer that in a minute, but we'll come back to this later in the semester on economics, blockchain economics and mining economics. , but what has happened during these ten years is that more and more computers are used or attempts are made to mine Bitcoin, and so today and in the most recent ones. The research I have seen is that the probability of winning a block is so much, it is measured in Tara hashes.
I don't remember the numbers, but it's how many Tara hashes, which is 15 zeros, is Tara hash these trackers at 12? In any case, there are so many hashes being made, a second mining where they soften the risk and everyone shares. rewards, but the economics we'll talk about later are thought to be that you need electricity to cost about three cents a kilowatt hour to be successful and in most of the world you can't get electricity for three cents a kilowatt hour hour, so you would put your mining rigs where you can get electricity at low cost or where you can possibly get it legally at low cost or illegally at low cost, so there are a lot of mining rigs and in jurisdictions where there may be local officials that are allowing those mining rigs and instead of three cents per kilowatt hour for the power company, it's one to two cents per kilowatt hour for local government officials, and the two largest mining pools are in China and the third is in Russia, but let's get into this kind of economy and at least some theories about why in the summer there is so much crypto, so Aleene will probably clear me, it's not just communication in the presence of adversaries, it's also computation in the presence of adversaries, that would be Well, and we talked about we're not going to go into too much depth if you remember, even in ancient times, if you went to war, there was a wonderful little way to do cryptography and then anybody's image invitation games, yeah, about the patent British.
You know, breaking into the German codes even though they probably should have given more credit to the Polish government, which had probably broken into them in the 1930s, but the tours did a great job and then we'll talk about asymmetric cryptography for the day , OK? is a hash function a hash function and these are just words that I think of it. I think of it as a fingerprint for the data, but it has certain properties, the one you'll see throughout is that it takes inputs from input X and maps them. input of any size to a fixed size so we use here in the US a hash function that we all use it's zip codes in a way it's five digits it's a fixed size I know I'm doing this as a loose hand, is it?
Do you know how? I can think about it, but with zip code, you might have 50,000 people or 5,000 people living in a zip district and you can map them to zip codes and it has a fixed length now. I don't know about my friends and the IT departments, but it's an early idea for a hash function. I just wanted to say that there are tangible things in our life that act like hash functions. The problem with zip codes is that there is no way it will be a secure hash function and you will see it in a minute, but it is needed: you can be a 300 pound person or a 30 pound child and still assign the same zip code, It is deterministic, it is always the same, so if you take a certain set of data, it always gives you the same hash and that is relevant to the background and you can calculate it efficiently.
You don't want to take a year to do this. You have to do it in short periods of time and in the case of Bitcoins it is done in nanoseconds or less because they are a computer a CPU can do, it can remember probably how many millions per second, a couple of Terra House hashes per second, so which is a remarkably efficient algorithm and it's a group of mathematicians and hashing started in the 1950s and 1960s. but the ones we're talking about here are much more recent, but they're really talented scientists, mathematicians, computer scientists and sometimes the National Institute technology standards here in the US work on hash functions, so you take an array of any size and put it into a fixed number.
I think zip codes for a minute are deterministic, in a sense you always live in a single zip code and it's very efficient, but now what are these cryptographic properties? Because a zip code wouldn't do it, it just wouldn't be good, the computer scientist uses the term preimage resistant. I would just say it's one way, it can only go in one direction, which means it's not feasible to determine the input from the output, it's not feasible to determine the ax from the hash of brute infeasible instead of impossible, what do you mean by brute force? For everyone, but as I understand it, a kind of principle of cryptography for centuries is not to have it mathematically. impossible, the point is to make it so infeasible that your adversary can't get the communication, etc., so hash functions.
I only say this because you cannot assume that Bitcoin cannot be broken, we all call it immutable. immutable until the hash functions that are inside Bitcoin can be broken and even Satoshi wrote about this in 2010. he received emails. There's a wonderful book, if any of you want, that I mentioned on the shelf at the end of the program. He said, "Well, what if?" sha-256, which is the hash function, breaks and his response, by the way, was: well, there will be a better hash function at that time, whatever it is, it will hash the entire system, whatever it is, because remember that you can take something of any size.
Do it with the new system and move on, and what he or she felt in this wonderful email is that Bitcoin could actually transition to a new hash function as long as you know it had a little time before everything was corrupted, what is it like? It's up to me to create a fork and she doesn't parse the point. Oh, you're talking about him in the article. Yes, in his article, he talks about how computationally difficult it is to do what some people call a 51% attack to basically take control. all the nodes and that part of his article that we're going to talk about next Tuesday, but basically it is: can you take control of the nodes?
I was talking about a separate thing, can you break crypto? and he doesn't write about it in his article. writes in an email about ten months later or so the second cryptographic key, so we said one is one way and the other is this concept of collision resistance. I guess if everyone in this room told me their birthdays, there would be several people in this room. who have the same birthday, and in fact, if we go beyond 26 people in a room, there's a better than 50% chance that you two have the same birthday, we don't need to get to one hundred and eighty-three people in the room, which is half the days of the year we can get to about twenty-six or seven and similarly the key is that two sets of data are again infeasible for x and y to get the same thing, it's not impossible, it's infeasible and if you look at history of hash functions, this is usually what at some point these hash functions will not be collision resistant, some quantum computing will appear or something will appear, but for now you can put something of any size and they are independent, they also look terribly random , it's called the avalanche effect, which means you change a little difference and everything looks different, so when you noticed in that little video, if you changed one thing, everything looks very different and why is that important? it makes it safer and then there's something called puzzle support, even if you know the input a little bit, it doesn't mean you'll get the output.
I put them here, not so you know, you're not going to get tested if you start a business since you startedwhen you probably haven't thought it through, you already know that it's collision resistant, but I just wanted you to know that there's always a bunch of cryptography underneath this and the key is that. It's not a hundred percent mutable, it's probably one and you know, I don't know quadrillion immutable, but still, these things could break and quantum computing and something else could be a lot more than one in a quadrillion, so it's 1 more From 10 to 40 approximately, how did I do my calculations?
That's fine, and anyone who is interested can come to office hours. Well, five, so it's very unlikely that it will break, but I think it's always worth saying, well, no, there's something external. It's not as limited as you think, so what is it used for in many places? It's used for names, references and pointers, and something called commitments in Bitcoin, it's used for pointers because there's a block that points to another block, but it's also used in commitments. You'll hear these words, we're not going to get into them, but headers and Merkle trees use something called sha-256, which is a standard that is literally 256 bits long, which is like zeros and ones for 256 registers, but one address of Bitcoin. actually Satoshi Nakamoto in a loop.
I'm happy to debate why, but it uses two hash functions for Bitcoin addresses. The only thing I saw was that he actually wrote about it, since he said that if one of them is broken, at least the other one is less likely to be broken, so that's how I read about it. He thinks in his own voice that you have to hash something twice and he was just making it much safer even though Alene was 1 in 10 at the 40th chance, so he remembers where Caroline is . I don't remember where we are. You asked me. About I thought about setting it for today, but you were good about reminding me for Tuesday what the longest running hash timestamp is.
I'm not sure, but it came out of that laboratory, the super newspaper and I'm sure it's there, yes. Haber and his colleague, yes, you got it, do you remember it great? So I'm just trying to say that it wasn't Bitcoin that had it. He did this in 1991, but in 1995 they started a company called bail bond. I don't believe it. took off so much, it's not competing with Apple for the largest market capitalization or anything like that or with Facebook, but every week in the ads section you can see a hash, literally, that has a timestamp because it's in the New York Times and it's a hash of all those original digits and all the information came before and they're basically encoding any document in any document that you want a timestamp on that week, you put it one after another and that's a blockchain, no it's about money, there's no native currency, etc., I think Hebert and the stern Etta or three of the eight or nine footnotes in Satoshi's paper are maybe four of them, so he gets his credit and if you go to his website he stored Hebert, I think it says blockchains co-founder on his personal website no, so here we have this was in the National Institute, the NIST document, but the timestamp depends only on the records in Bitcoin or blockchain, what is put together is the header, the main information and if I go over the visual and just say what's there there are five pieces of key information, the version doesn't change that frequently, but there is a version number, the hash of the previous blocks, so there is information about all the previous blocks, the Merkel path hash, did anyone want to tell me what that is?
Is it Merkel? So if I go back to the nice little image, the yellow box at the bottom of each of these blocks are all the transactions. There could be more than 2000 2000 transactions in a block, so there is the concept of blockchain one thousand two thousand, there are means. and methods long before Nakamoto's article on how to compress that, how to keep that information a little bit more organized and that uses this thing called Merkel roots, the five elements right at the top, what's called the block header, not It has a thousand transactions. and earlier, Kelly, you had asked me about full nodes and light nodes, a light node or a wallet that anyone here could download on their cell phone, probably won't download the millions of transactions that have occurred in the history of bitcoin, it's unlikely to download what is called full node, but you can download all the headers, this information, which is all the headers, all the information in Bitcoin is not that big yet, it is less than 200 gigs, but I think all the headers They are single-digit gigs.
I don't remember if it's 4 or 6 gigabytes right now, what's the number? Fifty megabytes 60 megabytes 60 megabytes, so it's a lot smaller compared to one hundred and eighty gigs, so Satoshi was thinking ahead of time and every blockchain that you're likely to run, I mean, there may be something to this concept really keep it secure with a little bit of information and something called a header and then push the whole essence of the transaction and the data down and this is really important when you get to like in theory, it's where there's a lot of data and a lot of calculations in each one of these blocks, it's like Stewart Hebert has a lot of documents and images and everything he didn't have, you don't have. to have all the image quality and a full movie, you can actually hash a whole movie and you'll still get these 256 bits, so wow, the header has the above hash, this Merkel root, which is just a way to get all the transactions, just think of a Merkel root as a way to get two thousand transactions in a way a timestamp that's easy, we can achieve that difficulty goal.
Does anyone know what the Bitcoin blockchain tried to do to make it more or less difficult over time? No bro, we've heard block the more miners there are, so each block header should have what's called a difficulty target. How difficult will mining be? Since we're talking about mining next Tuesday, please bring me back: difficulty target and then what is a? nonce, what is a random number used? What is number one? Boogers and that are hash functions. How do we do it? They are a little out of place. We are MIT. Yes, the exit, not the entrance.
So could you help me pronounce your name? Just, yes, Moe. you've asked the right question, you're saying well how do you know, especially since you have more and more time and more and more time you can get the same result from a hash of different inputs and if you remember, hope someone remembers to know before produce it? of the British is possible, but if the miners are working not at the same time, it is as if the same information is not being processed at exactly the same time, it will not be a problem because you are right when it comes to mining, but there is Another part is also that the hash function, if it is a good secure cryptographic hash function, is what is called collision resistant, where what you are saying is so infeasible, in fact, 1/10 to the power of 40, you know that is a 1 with 40 0. it is so unfeasible for it to happen, it is probably possible, but unfeasible, what you are referring to is what would happen if two parties solve the cryptographic puzzle instead of a collision and due to the difficulty they got it at the same time, please, it seems like a silly Question, but throughout the system, timestamps are not a particularly important part of Bitcoin, they have timestamps, but sometimes, if someone postpones something and it is delayed by a few minutes or even up to two hours, there is a check in the technology and scripting function if the time is delayed more than a couple of hours then it is literally not that accurate.
Having said that the actual way timestamping happens is if a block is mined and it's block 540,000 and it's pretty much accepted and everything. the nodes, these 10,000 nodes start mining the 540,000 and first block, in essence just think of it as almost a stack and therefore what is in essence more relevant than the actual time that is in the header and all They have a timestamp in the header, but what is more relevant is the order of the blocks and, most importantly, the hash of the previous block. I partially agree with you because the difficulty adjustment happens every two weeks, so even if one individual or five or six timestamps are a little bit off.
Over the two weeks, the algorithm basically analyzes about 2000 blocks. You need the timestamps. Put it on. It's more important. It is the order of the blocks. I want to keep that question for Tuesday, but it has to do with more than the collision. The problem that the newspapers are talking about is if two minors solve the puzzle and that does not mean that they obtained identical hashes because the puzzle is not aimed at obtaining an exact hash, the Bitcoin puzzle has a certain number of zeros on the left, so which is said literally. started, I think it was nine or ten leading zeros, I'm talking about ten years ago and now you have to hash something, I think it's about twenty or twenty-six leading zeros, which means it's become increasingly harder and the result of the hash has to have a lot of leading zeros, which you saw in that video.
Sorry, if it's just hashes of transactions, how does it change when the hash of the previous block changes the idea? Reminds me of that old TV so Johnny Carson and you just did a great setup for the comedian so thanks I'm going to go to Merkel's roots so Merkel's roots that are in the binary data tree of Natick look like this, if you had a thousand transactions, you wouldn't do it. you have a nice slide so this only goes to four levels but think about four transactions at the bottom each hashed and then you concatenate put the two hashes together and keep going up the tree if you had a thousand transactions because that's two . to the tenth or so then you would have ten levels of this tree and that's what happens and literally the mining pool operators are doing this a lot for the nodes but in the main application of Bitcoin in the software that anyone in this room could download the software if you want, there is software that helps you make transactions, you basically put them into this binary tree called Merkel tree, it uses hash functions and basically it's thin to the top, since the structure exists, how do you change the root hash? with the block above, basically all forwarding will be invalidated because the hash changes, oh, but it doesn't seem to use the old address, so I'm going to repeat the question: a Merkel root that is basically a summary of all those 10,000? the transactions that are in a block change if the rest of the header changes or the previous frame changes and the answer is no, it only changes if some of the data in the ten thousand transactions changes and therefore a Merkel rule we will change if you put different transactions into the mix or since it's really important, one of the incentives is that you get your 12 and a half bitcoins today in what's called a coinbase transaction and therefore one of these thousand transactions is the payment to the miner , so Merkel's route would be different depending on who wins, but that was not your question, just saying, but Merkel's routes are a very efficient way to make thousands of transactions, save them, have a place please, so that the order of the different transactions has to be exactly the same for everyone. that's charging well, no, not really, if you're hashing and you're running a mining rig and you allow a mining rig to run if a line solves the puzzle and spreads it on the network and people start mining on top of a line block. because they say, well he finished yours, you don't, you'll probably start mining on top of his block and look in something called mempool, the memory pool is a disease.
Network all the floating transactions you will collect. the next set of transactions and all the transactions and erosions are fine so validation is what's more next thursday but I'll try it no no it's a good question for each transaction or actually you are setting me up signatures digital there. Thanks, do you have any questions or something? The second crypto thing and we're going to keep going back and forth. Hash functions are basically a way to compress a large amount of data. They have a fingerprint. Make sure it's basically a commitment with digital signatures. remember that little graph we had Alice and Bob Alice wants to send a note to Bob and just say hello to Bob, she wants to encrypt it, she encrypts it with Bob's public key and sends it to him, he decrypts it with his private key, you could say Oh.
OMG Genzler, what is a private key? What is a public key in cryptography? It is a way of encoding information. I know I'm really doing this, but if we went back to that little mechanism that the Romans used or used what the Germans used. in the Enigma machine they were symmetric cryptography both people had the key the key was the Enigma machine with five rotors in the 1970s a wonderful technologist here and elsewhere basically said well, what if the key is not the same because the adversary can steal the key? What if it is not symmetrical but is asymmetrical?
There is a private key and a public key; In essence, there are two keys that have somemathematical relationship and the math between these two keys does matter for a class like this, but you should know that the probable key and the private key. they are linked, they are linked, but the bottom line is about digital signatures, there are three functions that you have to generate a key pair and when you generate a key pair, you generate a public key and a private key at the same time and they need a number to enter and one of the things that makes many Bitcoin and other wallets insecure and is probably the reason why some have been hacked, wallets and not Bitcoin is because they don't have good random number generation.
Yeah, Brit, I saw you were at a conference last week where a technologist from the University of Pennsylvania had done a survey of 150 hedge fund mining companies and Bitcoin wallet companies and the like, so they let a security guy cyber to go in and do a survey of 150 who they would consider really committed high-end. users of Bitcoin miners and hedge funds and crypto exchanges and their cybersecurity was horrendous in terms of how they were doing with their private keys, even before they got to the private keys, many of them didn't really have a secure way of creating the random numbers to create your private keys, so just one part when someone says they have a really good public key in the back of their mind, just know that there has to be some way to do random number generation, that's the only one. math I'll ask you to remember that there is a signature function and the key is that a signature is created.
You can create a digital signature from a message and a private key, so if Kelly has a private key and wants to send a secret message to someone. Across the room Isabella you want a message from Kelly Kelly is going to take the message you have this Kelly you are going to take the message and you are going to sign it with a private key, you sent it to Isabella House, it was a bill now, that's yours, she it has to check it, so there's a check function code and it returns just yes, now I mean.
I could say it says different but it's just a yes now it's a verification function Isabella you want to do this with me it will verify that your signature is valid for this message because you have the public key so you're right Isabella has your public key but using her public key she can verify that the signature is magic math well it's not magic math it's real math but it's not math we need to study in this class the puppy, you can imagine it in Bitcoin, it uses an elliptic curve cryptography and you can think about it as if the private key is based on random number.
To me this is based on something more technical, so the random number is what gets you to the public key, but I think of it as our private keys. the random number and then the public key is generated along it, yes, so it chooses the number actually because 0 and 2 to 256 is a private key to choose a public key, it derives it directly from the private key, In fact, all you do is exponentially add another number times the private key, so you have to think of the public key as a one-way function of the private key, so by dipping a public key you can't get the private key back if could, then you could sign disastrous and instead of exponentiation and Bitcoin uses a well-known function called an elliptic curve, but what properties and these are the key economic properties as well as the cryptographic properties, it is basically not feasible and again I use the word in rates.
I didn't say impossible, although Eileen might want to. to tell me it's 1 out of 10 to the power of 40 or something like that, but it's not feasible to find a private key from a public key to reverse engineer spoofing that you need to do a signature, yes please just swipe up to do a digital signature. I need a private key and a message and it is a function of the message and the private key like, sir, let's call it complex mathematics, that the digital signature was created from the private key and the public key was created from the private key and to oversimplify the reason. that the verification function works is because both the digital signature and the public key that Isabella has Isabella has this digital signature and has the public key and has the message.
The math is such that basically the private key, if you will, is almost like factors. You know, but think about two functions: she has Isabella has Kelly's public key, the message, the digital signature, she verifies it, she doesn't have it, but she never has to see the private key and, in fact, Kelly doesn't want to. May she never see it. The private key simplifies that the way validating a digital signature works is that the message is run through a hash function that generates and is encrypted with your private key, then the message and the sick digital signature go to surveillance Abela what she does is she uses the same hash function to run it with the document to generate the hash function and she uses K's public key to decrypt the signature compared to those two, those two hashes correspond, that means the message belongs to Kenny and it hasn't been comfortable. that is the more or less simplification of the digital signature.
I mean, the key is basically that there is a non-Bitcoin related scheme that exists for many other reasons on the Internet, many other reasons in commerce and at work, that this public key is private key cryptography and it is not just returning , it's not just Alice sending something, it's also digital signatures, you generate the key pair, everything in Bitcoin, everything in etherium has key pairs, public key and private key, a digital signature, but Kelly never loses her private key . and by the way, you have to create it with a good random number generator because the most sophisticated hedge funds in the world are not, so you will be better than those, that's what I learned at a conference recently and then there is a verification function .
So is there any third party that generates the generator or is the generator like a function that already exists and already exists? So the question is whether random number generation is that important. Are there external parties that have essentially good software to produce the random number? number generating and the answer is yes and there are some that are not so good and yes some good laptops have it at their heart. I want to skip ahead to the elliptic curve digital signature algorithm, which is the actual algorithm that Bitcoin uses to take the private key, etc. but many of the wallets, if you download a wallet app to store your Bitcoin, to store your light currency to store some other currency, that wallet app has random number generation software.
I can't vouch for all the random number generation software. I'm not a cybersecurity expert, but there are probably a variety of some that are a little stronger, the key to generating random numbers is that if you're generating a length it really isn't lumpy, that is, what they say it is. what maximum entropy do you know and you don't really have any clusters, if everything is clustered in one area, then that's not a lot of randomness, so I just want to wrap up because there's another thing we're going to talk about to lay the groundwork: Bitcoin. addresses I put in, you can see the slides later, the details don't matter much, but the key is that when you hear someone talk colloquially about public keys and Bitcoin addresses, we all refer to them in the same way, they are not really the same.
The technology that Nakamoto did was he uses the public key, he literally did it twice with this program, this hash function called sha-256, another hash function then concatenates and puts a little checksum at the end and then uses something called base 58 to do is even shorter. I went back and read some of Nakamoto's emails over the two years after he posted all this and read other things, as I understand it the reason there are two hash functions and actually two different lines was just to make all. a bit more secure, also a public key is very long, it's about 512 bits, so you can reduce the data and make the data more compressed by hashing it, bringing it to 256 bits, process it twice and then it does this base 58. it makes it even a little bit stricter, so for all purposes you can go ahead and just use the public key and the Bitcoin addresses to say it, but keep it in mind.
Oh, actually, they are a little different and Bitcoin addresses are a little more secure. supposedly, unless of course someone has hacked your wallet and discovered all these little details, a Bitcoin address is a bit like the signatures in these notes we talked about, remember that half of you don't use checking accounts , but these are the first forms of checks and there is a signature at the bottom that is actually some kind of Bitcoin address. Sorry, the signature is the digital signature, the address, the Bitcoin address is who it's paid for and I promise on the last slide we'll talk about this. next week's transactions, all those things that accumulate in Merkle trees, all that important little information, basically they have an entry and an exit, the entry and a lock time, but the entry is a previous transaction that identifies unique way basically money and you. we are going to send value in Satoshi, he named the unit of account for himself, there are many satoshis and each one of bitcoin, that's why we don't hear much about Satoshi, but there are 10 to 8 satoshis and each one of bitcoin, so when you actually enter the computer code and a transaction you are doing in satoshis and it is sent to a public key which is a coin, that is what the incentive system is all about.
Any other questions and this is just I know there are a lot. I wonder how many of you. We'll be back on a Thursday, no, let me tell you this, it's not just that we're at MIT, but we're at MIT. Come on, everyone in this room can understand these kinds of key concepts. The key questions we talked about were time stamped. -just records does anyone want to tell me what's on and if this class here in the next seven minutes can understand these two concepts? That's all we talked about for the last hour, so I don't know your name on the orange shirt, what is that?
Candra andrew, what is the point when append-only records are essentially a block? Blockchain uses it with a time and that cannot be changed in the future, so it is something immutable because of all this cryptography that Stewart Hebert was creating in a Registry of just adding timestamp and was putting it where Carol and you still with me where was Hey, we'll put it in the New York Times, there you have it in the classified section, so it's just a bunch of compressed blocks of data, so we talked. about something called Merkle trees and Merkle roots, just think of it as a way to take a lot of information and compress it, but also make it searchable later because when we talk about a thousand transactions next week, you'd have to be able to verify that someone asked .
I'm wondering how to check it properly. I chuckle when you go back to verify that you need an index number to find it in that Merkle tree situation and it's secured by hash functions. Someone wants to tell me the simplest definition of a hash hash function. Jennifer, just one. you could take a picture of this class and everyone exactly and it could be mapped onto something. I don't know what a QR code is. be a non-cryptographically secure form of hash, but is it a hash? The graphical hash function is a way to not only take a large amount of information and put it in a fixed form, but the key here is that hash functions are what put the blocks together because hash functions can point to previous information and, as the video shows, if any of the underlying information changes. the hash changes, so what does that get you?
Basically, it protects data that you know if someone has been tampered with, so the only reason to really learn about hash functions is to say, "Oh, I get it, this is one of the ways to make this data tamper-proof." of manipulations". Would any relevant changes be adopted in Bitcoin? It is always a challenge because it is a decentralized network and all decentralized networks have a little governance challenge. The governance challenge is how software updates are performed. We all know that on our laptops, our iPhones there are probably software updates here now without me knowing, probably just apples dropping, you know, I mean, who knows what they're doing here, right?
I'm really one of my favorites who knows what's going on inside this phone, but the commercial. company, the central authority has a way to update the software. We probably signed some Terms of Use that allow them to do that. In a decentralized network like this, there has to be consensus and therefore the only way to update the software for a new hash. The function or for almost everything else is, in essence, that the nodes that the software operators collectively adopted in the form ofconsensus so it's another way that not only is the data immutable because of these hash functions but the software is and that comes with benefits and costs some people would say it's a blockchain bug some people say it's a feature that can come at your own discretion throughout the semester, but the software is harder to update than the software in the centralized authorities because the centralized authorities just say they just push the Now sometimes you have to click and say update , but don't be naive, you don't click on all programs.
I mean, there are some that are just happening, but you have to have consensus here. I know it didn't answer your question about the hash function, but if it were a hash function that had to be updated and everyone said they had to update it quickly, there are interesting debates about this, but you wouldn't need to go back to the previous 540,000 blocks, you could just do hash on all five. a hundred and forty thousand 180 gigabyte blocks to a 256 one or maybe it's a different DAT and then you'd have that and it would be tamper proof, so those are the key things, that's what we really cover, what we'll cover in the protocol consensus next Tuesday.
We've talked a lot about proof of work here because everyone thinks a bitcoin is proof of work, but we're going to talk about proof of work, nodes, and native currency, and then next Thursday we'll talk about transactions again. I'm trying to break down this technology if you want to forget about this lecture and you're going to say, "Oh my God, it was like going to the dentist, you could tell your friends that you actually know something about cryptography, it's called cryptocurrency, so how?" We might not know something about cryptography, but it's basically those three things? Crypto is a consensus mechanism and transactions, so write crypto consensus mechanism transactions and we will achieve this and you will see that this is important for finance and if you have any use cases.
So thanks
If you have any copyright issue, please Contact
