Professional Documents
Culture Documents
(https://cs251.stanford.edu)
Cryptocurrencies and
Blockchain Technologies
Dan Boneh Benedikt Bünz
Stanford University
Sep. 2021
Transaction volume
e ta il CB DC
r k i n g o n r
c ti vel y w o 9]
ra l b a nks a vey Jan . 2 0 1
30 c e nt [B I S s u r
What is a blockchain?
consensus layer
Consensus layer (informal)
achieved by replication
A public append-only data structure:
• Persistence: once added, data can never be removed*
• Safety: all honest participants have the same data**
• Liveness: honest participants can add new transactions
• Open(?): anyone can add data (no authentication)
consensus layer
How are blocks added to chain?
blockchain
I am the
signed leader
2 ETH
skA verify
verify block
block
skB
skC
How are blocks added to chain?
blockchain
…
2 ETH I am the
leader
skA
skB
2 ETH
skC
Why is consensus a hard problem?
Tx1, Tx2, Tx3, Tx4 Tx1, Tx2, Tx3, Tx4
Tx1 Tx3
Tx2 Tx4
Tx1
Problems:
∆ Tx3
• Network delay
• Network partition
Tx2 Tx4
∆
Tx1
Problems:
• crash
• malice
Tx2 Tx4
compute layer
consensus layer
Decentralized applications (DAPPS)
Run on
blockchain
computer
consensus layer
Common DAPP architecture
Top layer: user facing servers
end user
cs251.stanford.edu
Goal:
- Alice posts a short binding commitment to ,
- Bob reads . Given can check that
Bob runs ⇾ accept/reject
commitment h Goal:
• commit to list S of size n
• Later prove
Merkle tree
commitment
𝑚1 𝑚2 𝑚3 𝑚4 𝑚5 𝑚6 𝑚7 𝑚8
list of values S
Merkle tree (Merkle 1989)
commitment h Goal:
• commit to list S of size n
𝑦5 H 𝑦6 • Later prove
𝑦1 H 𝑦 𝑦3 H 𝑦 4
2 To prove ,
H H H H proof
𝑚1 𝑚2 𝑚3 𝑚4 𝑚5 𝑚6 𝑚7 𝑚8 length of proof:
list of values S
Merkle tree (Merkle 1989)
commitment h To prove ,
proof
𝑦5 H 𝑦6
𝑦1 H 𝑦 𝑦3 H 𝑦 4 Bob does:
2
H H H H
𝑚1 𝑚2 𝑚3 𝑚4 𝑚5 𝑚6 𝑚7 𝑚8
accept if
list of values S
Merkle tree (Merkle 1989)
Merkle proofs are used to prove that a Tx is “on the block chain”
Another application: proof of work
How? e.g.
• verify(): accept if
Another application: proof of work
signing
secret signing
algorithm public verification
key (sk) key (pk)
Digital signatures: syntax
Def: a signature scheme is a triple of algorithms:
• Gen(): outputs a key pair (pk, sk)
• Sign(sk, msg) outputs sig. σ
• Verify(pk, msg, σ) outputs ‘accept’ or ‘reject’