区块链技术和应用简介

1 .清华大学信息学院DACA区块链开发公开课 区块链技术和应用简介 信任润滑经济，技术驱动变革 吕旭军 Jack Lu 

2 .

3 .

4 . What is Bitcoin • A protocol that supports a decentralized, pseudo-anonymous, peer-to- peer digital currency* • A publicly disclosed linked ledger of transactions stored in a blockchain • A reward driven system for achieving consensus (mining) based on “Proofs of Work” for helping to secure the network • A “scare token” economy with an eventual cap of about 21M bitcoins 

5 . Satoshi Nakamoto • Unknown identity: pseudonymous person or group? • Worked on Bitcoin since probably 2007 • Published the paper in 2008 • Released the code in January 2009 • Stopped involvement mid-2010 • Entrusted the project and a copy of the alert key to Gavin Andresen, effectively his successor • He owns about 1M bitcoins, never spent 

6 . Precursors • Ecash, David Chaum, 1982 (blind signature) • Hashcash, Adam Back, 1997 (Proof-of-Work) • B-money, Wei Dau, 1988 (distributed database) • Bit gold, Nick Szabo, 1998 (distributed database, sequential money creation) • Anonymous Electronic Cash, Tomas Sander and Amnon Ta- Shma, 1999 (anonymity) • Reusable P-o-W, Hal Finney, 2004 

7 .Bitcoin Whitepaper – 2008.10.31* 

8 . The announcement From: Satoshi Nakamoto <satoshi <at> vistomail.com> Subject: Bitcoin P2P e-cash paper Newsgroups: gmane.comp.encryption.general Date: 2008-10-31 18:10:00 GMT I've been working on a new electronic cash system that's fully peer-to-peer, with no trusted third party. The paper is available at: http://www.bitcoin.org/bitcoin.pdf The main properties: Double-spending is prevented with a peer-to-peer network. No mint or other trusted parties. Participants can be anonymous. New coins are made from Hashcash style proof-of-work. The proof-of-work for new coin generation also powers the network to prevent double-spending. Bitcoin: A Peer-to-Peer Electronic Cash System Abstract. A purely peer-to-peer version of electronic cash […] Satoshi Nakamoto --------------------------------------- The Cryptography Mailing List 

9 . Features of Bitcoin • Essentially it’s “deflationary” – the reward is cut in half every four years, and tokens can be irrevocably destroyed • Nearly infinitely divisible currency units supporting eight decimal places 0.00000001 (known as a Satoshi or Noncent*) • Nominal transaction fee’s paid to the network – Same cost to send $.01 as $1,000,000 • Consensus driven – no central authority • Counterfeit resilient – Cannot add coins arbitrarily – Cannot be double-spent • Non-repudiation – aka “gone baby gone” – no recourse and no one to appeal to return sent tokens 

10 . Why does it matter? http://coinmarketcap.com 

11 . Decentralized • The “digital wallet” operates in a peer to peer mode • When it starts it bootstraps to find other nodes – Originally it used the Internet Relay Chat (IRC) network – Now based on DNS and “seed nodes” • The wallet will synchronize with the network by downloading ALL of the transactions starting from the GENESIS block if necessary 

12 .P2P Network 

13 .Coins flow from Inputs to Outputs 

14 .

15 . Pseudo Anonymous • Using public key cryptography, specifically Elliptic Curve Cryptography due to its key strength and shorter keys • Transactions are sent to public key “addresses” 1AjYPi8qryPCJu6xgdJuQzVnWFXLmxq9s3 1Give4dry2pyJihnpqV6Urq2SGEhpz3K 15 

16 . Addresses are like Accounts • The wallet listens for transactions addressed to any of its public keys and in theory is the only node that is able to decrypt and accept the transfer • “Coins” are “sent” by broadcasting the transaction to the network which are verified to be viable and then added to a block • Keys can represent a MULTI-SIG address that requires a N of M private keys in order to decrypt the message 

17 .Public Ledger 17 

18 . Arriving at Consensus • Although the accepted chain can be considered a list, the block chain is best represented with a tree. • The longest path represents the accepted chain. • A participant choosing to extend an existing path in the block chain indicates a vote towards consensus on that path. The longer the path, the more computation was expended building it. 

19 . Transaction Confirmation • Having a transaction provisionally accepted into a candidate block signals that the network has verified that the inputs were viable • Every new block accepted into the chain after the transaction was accepted is considered a confirmation • Coins are not considered mature until there have been 6 confirmations (basically an hour assuming a 10 minute block cadence) • New Coins created by the mining process are not valid until about 120 confirmations • This is to assure that a node with more than 51% of the total hash-power does not pull off fraudulent transactions 

20 . Consensus Process = Mining • Originally the digital wallet could also participate in the consensus process by attempting to secure the network directly • This process is known as “mining” • Mining involves attempting to find a numerical value, known as a “nonce” that when combined with all open transactions can be “hashed” into a value that satisfies a certain “difficulty” • Custom, purpose built-hardware has long since replaced the function such that its no longer productive for simple CPU based systems to compete in the mining process, and thus it was removed 

21 . Proof of Work • A publicly auditable cost-function can be efficiently verified by any third party without access to any trapdoor or secret information. • A fixed cost cost-function takes a fixed amount of resources to compute. The fastest algorithm to mint a fixed cost token is a deterministic algorithm. • A probabilistic cost cost-function is one where the cost to the client of minting a token has a predictable expected time, but a random actual time as the client can most efficiently compute the cost-function by starting at a random start value. Sometimes the client will get lucky and start close to the solution. 

22 .What is Bitcoin Mining 

23 .Inelastic Money Supply Deterministic Decreasing Rate 

24 .Ethereum 

25 .Smart Contract 

26 .

27 .Factom 

28 .Anchoring 

29 . The Byzantine Generals' Problem • Generals can communicate using messengers, cannot have a summit • There are traitors amongst them • Must decide unanimously whether to attack • Success (i.e. fault tolerance) is achieved if the loyal generals can agree on their strategy, whatever it might be