FITE3011

Distributed ledger and blockchain

Lecture 1 Introduction
 Agenda
› Course Introduction
› Review of Cryptography
› Blockchain 101

Acknowledgement: this set of slides is adapted from Prof. SM Yiu’s lecture 1

Teaching Team
› Lecturer: Allen Au
› Teaching Assistant: Jingjing Fan

2
Course Structure Lectures/tutorials

Lab sessions Consultation

(Hands-on) & Help channels

Assignments Examination

•3
+ ~34 lecture/tutorial hours
+ ~ 6-9 lab hours

4 written assignments (12%)

3 Lab Tasks (28%)

Consultation hours
Emails
Discussion forum

Coursework: 40%; Final Exam: 60%

4
Schedule Lectures will be delivered in both F2F and
online. Tutorials are delivered in online mode
only. Please refer to schedule on Moodle.
› Lecture/Tutorial
– Tuesday 4:30 – 6:20
– Friday 5:30 – 6:20
› TA’s Consultation (Zoom, Tuesday 2:30 – 3:30)
– https://hku.zoom.us/j/91402128397?pwd=bUtGVm5vM1F1KzN
5T2hqbnptWm02UT09
– Meeting ID: 914 0212 8397
– Password: 473013
› Allen’s Consultation (Zoom /CB409)
– Friday 1:30 – 3:30
u Refer to moodle page for any changes/announcements.
5
What to learn in this course?
CLO1. [Technical foundation]
Identify key components behind the design of a
distributed ledger (and blockchain) and evaluate different
designs/solutions for implementing a distributed ledger.
CLO2. [Applications and programming]
Understand the types of applications that best fit the
model of distributed ledger; program applications and
smart contracts on some popular platforms.
CLO3. [Cryptocurrency and related issues]
Understand the technologies behind different
cryptocurrencies, their applications, and related issues (e.g.
Regulations).
CLO4. [Limitations and extensions]
Understand the limitations, pros and cons of a distributive
ledger, possible enhancements to existing platforms, and
identify new applications.
Review of Cryptography

7
(i) Concept of public key, private key pairs
- Public key & private key always go in pairs (like
husband and wife)
- Each user has a pair of public and private key
Private Key Public Key

Q: Public key or private key

should be kept confidential?
- Private key – keep secret;
public key – open to public
Q: If I know A’s public key,
can I know A’s private key?
** Knowing one’s public cannot
deduce one’s private key ** 8
How to use public key/private key? Q: If I want to
send a secret
Alice document to Bob,
what I should do?

- To encrypt a
document to be
read by user Bob,
we need to use
Bob
Bob’s public key;
and only Bob’s
private key can
be used to
decrypt it.

Important property: Without the correct private

key, it is very difficult to decrypt the message.
9
(ii) Second usage of public key/private key: digital signature
Q: If Bob wants to create a digital signature on a
document, whose private key he should use?
- Given a digital document D, Bob can create a digital
signature on D using Bob’s private key.
Q: How to verify Bob’s signature on document D?
- Anyone can verify the signature using Bob’s public key.
I.e., We need D, Bob’s signature on D, and Bob’s public
key, then we can verify it.

Q: Can you sign for Bob on document D?

- No, unless you know Bob’s private key.
Q: In physical world, after you sign on a document D, if
you change something in D, what you should do?
- You need to sign it again!!
10
In digital world, we can have a similar property!
- *** Any change (even one letter or just a bit in the
document), the signature won’t match! ***
(I.e., once you sign on a document D, D cannot be
modified, or you need to sign on D again!!)

An efficiency problem for digital signature:

The longer the document is, the longer the
time to create the signature and the longer
the signature will be.
[some research tries to create compact
signature]

11
(iii) Hash value (cryptographic hash)
Given any digital document (no matter how long it is), we
can generate a fingerprint of fixed length (e.g. 160 bits),
called hash value.
Q: Can you name some hash functions?
E.g. MD5, SHA1

- Again, one change (e.g. one bit/letter) in the document,

the hash won’t match.
I.e., Given a document D and its hash value H(D), if D
has been tampered/modified (even one bit) to be D’,
everybody knows that D’ and H(D) won’t match

Q: Oh, what are the differences between a hash value and

a digital signature?
12
(a) Digital signature is specific to a person (i.e., your
digital signature and my digital signature, even on the
same document are different).

(b) On the other hand, using the same hash function,

everybody can compute the same hash value. (i.e., hash
function is known by public)

Of course, as we mentioned, hash value has fixed length

no matter how long the document is.

13
** Important properties of hash function (must
satisfy) **
(i) Given a document D, computing the hash value of D,
H(D) is easy, but Given a hash value x, very difficult to
find a document D such that H(D) = x.
(i’) A variation of (i):
Find a document D such that H(D) starts with 10
0’s is also difficult!

(ii) Finding two documents D1 ≠ D2 such that

hash(D1) = hash(D2) is also difficult.

14
Usage (fast and safe):
Given a document D,
(i) create a hash value of D, H(D)
(ii) sign on H(D) instead of D.

Remarks:
- H(D) guarantees D has not been modified.
- Signature on H(D) can claim the ownership of D

15
 Challenge: Secure Hash Function?
2 3
x1
6 .. 7
𝐴:= 𝑥: = 4 . 5
xn

For any binary vector 𝑥, 𝐻 𝑥 : 𝑥 ↦ 𝐴𝑥 𝑚𝑜𝑑 𝑝 is a secure hash function.

16
Challenge: Secure Hash Function?

17
A short summary (Usage of these techniques)

Alice wants to send a contract C to Company X

Company
Alice X
I am Alice, Here is our contract C

Internet

Internet not safe

Hackers 18
 Company
Alice X
I am Alice. Here is our contract C X

C’

Hackers
Devil

19
There are two things Alice want to do:
- Avoid the contract being modified
- Claim that she is the author
Q: What can she do?

Can she send the following? Is it safe？

Contract C + H(Contract C)

No, recall that hash function is public, so the

attacker can change C and also hash(C):

C ‘ + hash(C ‘)

20
Q: How about this?

Contract C + H(Contract C) + Sign (H(C))

This is ok provided
(1) Company knows the sender is Alice (not Devil)
[Authentication].
(2) Company can check if hash value matches the
contract.
(3) Based on the signature, Company can confirm
the Contract is from Alice and nobody has
modified it.

21
Q: how about this:
“Contract C + Sign (C)”?

If the authentication of Alice has done

properly, from the security point of view, ok.

But Sign(C) is longer than Sign (H(C))

[Bandwidth problem]

22
More on cryptographic primitives
Q: If we know A’s public key, is it impossible to compute
his private key even if you have tremendous amount of
computing resource?
A: It is possible: computationally secure only.

1. If one has a huge amount of computing resources

(time + computational power), one can recover A’s
private key using a brute-force approach.
2. When quantum computers exist, it is fast to
recover A’s private key from his public key unless
the encryption is post-quantum in nature
(designed against quantum computers).

23
Q: There are many encryption/signature schemes, is it ok
to randomly pick one to use?

A: No, different schemes may have different properties

and security levels.

Q: Is it correct that for the same scheme, the longer the

key size, the higher the security?

A: Yes.

Q: Given a document D, is it possible to find a different

document D’ such that their hash values are the same?
A: Yes. But again if the hash function is proven to be
secure, it is computationally difficult to do it.

24
Blockchain 101

25
What is a blockchain (in the context of
bitcoin or bank transactions for ease
understanding)?
Transaction example:
Deposit 15 coins to Alice
Or
Transfer 10 coins from Alice to Bob
Or
Transfer 6 coins from Bob to David

26
A transaction chain:
Authorization
Deposit 15 coins to Alice

Transfer 10 coins from Alice to Bob Signed by Alice

Transfer 6 coins from Bob to David Signed by Bob

Q: how to check if a transaction is valid (e.g. enough

balance, correct signature)?
In reality, bank is doing this and keeps track of the
transactions for EACH customer.

Q: Why the bank wants to do that?

27
Q: How about we don’t want a bank, we don’t want
a centralized entity to do it? [Why?]
A: One solution: put the transaction chain in the
Internet, everybody can get a copy & check it!

Good idea, but

a) Can anyone modify the transaction easily?
b) Who maintain the chain and who appends new
transactions to the chain?

28
 Recall:

Contract (C) + H(C) + Sign (H(C))

Hash of the
contract

29
Use cryptographic operations to build blockchain

1st attempt:

Tr1: Tr2: Tr3:

A: $10 to B B: $5 to C A: $5 to D

h1 = hash(Tr1) h2 = hash(Tr2) h3 = hash(Tr3)

SignA(h1) SignB(h2) SignA(h3)

Everybody can check if each transaction is authorized

and valid

Q: Is this secure enough?

Problem: A can change the transaction!

30
Use cryptographic operations to build blockchain

1st attempt:
$1 to D
Tr1: Tr2: Tr3:
A: $10 to B B: $5 to C A: $5 to D

h1 = hash(Tr1) h2 = hash(Tr2) h3 = hash(Tr3)

SignA(h1) SignB(h2) SignA(h3)

A can recompute
the new hash and
the signature!

31
 Hint:
Recall that hash can make things
difficult to change!

Once you change one bit, the hash does

not work.

Our problem: The text and the

signature are from the same user A.

32
 Modified version
Tr1: Tr2:
A: $10 to B B: $5 to C h3 = hash(Tr3+D2)

h1 = hash(Tr1) h2 = hash(Tr2+D1)
SignA(h1) SignB(h2) hi = hash(Tri+Di-1)

D1

Q: Why this version is more secure? If A wants to

change Tr1, what he should do?

If A changes a transaction, he has to change all the

following transactions!

33
(b) Who is going to maintain this chain and append
new Tr?
A: Everybody joining the scheme in the network
- Everybody tries to keep a copy of the chain
- When A has a new transaction, he broadcasts to
everyone. Everyone can check it to make sure it is valid
and tries to append it to the chain

- The first one who

completes it broadcast The ones who help to
the new chain check the transaction
are called Miners

34
Chaos?
In the beginning, assume every miner got the
same blockchain, but after a while, we may have:

E.g. Miner A appends a new block and broadcast,

but B and C did not get it.

E.g. Miner E, who is an adversary, appends a fake

block and broadcast, D is working on E’s chain….

E.g. Even worse, F double-spends, send out two

transactions (give the same money to two users)
and broadcast....
35
Tr1: Tr2:
A: $10 to B B: $5 to C
Correct
h1 = hash(Tr1) h2 = hash(Tr2+D1)
SignA(h1) SignB(h2)
Assume B only have $10
Tr1: Tr2:
A: $10 to B B: $15 to C
Fake
h1 = hash(Tr1) h2 = hash(Tr2+D1)
SignA(h1) SignB(h2)

Tr1: Tr2:
A: $10 to B B: $5 to D Double
h1 = hash(Tr1) h2 = hash(Tr2+D1) Spend
SignA(h1) SignB(h2)
36
A very simple rule, but it works:
Everybody follows the longest chain

Based on what principle, why we can guarantee that only

valid transactions are in the chain? And Everyone
eventually only keeps this valid chain?

A: Assuming the majority of users are honest.

37
 Tr1:
Existing A: $10 to B
chain h1 = hash(Tr1)
SignA(h1)
Correct Fake
Tr2: Tr2’:
B: $5 to C B: $15 to C

h2 = hash(Tr2+D1) h2 = hash(Tr2’+D1)
SignA(h2) SignA(h2)

Most miners will agree the

correct one and produce: Tr1 à Tr2
More miners receive this one and further
work on it, so it becomes longer 38
Why people want to help?
Incentives:
In return, he can create new coins for himself if
he is the one who completes the checking and
appends a new transaction and/or receive a
transaction fee (stated in the transaction).
Q: Do you think “checking if a transaction is valid” a
time-consuming task?

NO, should be quite easy and fast to complete.

Q: Then, will it be a problem?

39
So, they make the addition of transaction difficult:
“Proof of work”: You work on it, you get reward!

In order to appendix a new transaction to an

existing chain, he/she needs to solve a difficult
problem (computing power).

Remark: A randomness is introduced into the

proof of work => miner with more computing
resources may not get the result faster than one
with fewer resources.
[Proof of work (PoW) is considered a consensus algorithm
that enables the system make the decision! There are
many other consensus algorithms.]
40
Recall
Tr1: Tr2:
A: $10 to B B: $5 to C h3 = hash(Tr3+D2)

h1 = hash(Tr1) h2 = hash(Tr2+D1)
SignA(h1) SignB(h2) hi = hash(Tri+Di-1)

D1
Requirement:
Q: How to find Add a random r to (Tr2+D1||r)
this r? such that the value of
hash(Tr2+D1||r) starts with n
No efficient
method => 0’s (n approx. = 75 now)
brute-force
e.g. hash() can be SHA-256
41
More questions to think about:
Q: If B transfers $100 to A, immediately A sees that
the transaction has been appended to the blockchain, can
A be sure that the money has been transferred
successfully.

Q: What do you think about the transaction rate (# of

transactions per second) of bitcoin (based on this basic
version of blockchain)?
High, medium, or low

42
More questions to think about:
Q: If B transfers $100 to A, immediately A sees that
the transaction has been appended to the blockchain, can
A be sure that the money has been transferred
successfully.

Q: What do you think about the transaction rate (# of

transactions per second) of bitcoin (based on this basic
version of blockchain)?
High, medium, or low

43
Last Q: How to protect privacy?

A: We do not use names in the transaction.

Tr1: B creates a pair of public key (PKB)

A: $10 to B and private key (RKB) to receive A’s
money.
h1 = hash(Tr1)
SignA(h1) A also another pair (PKA, RKA) for
his $10

Tr1:
PKA: $10 to PKB

h1 = hash(Tr1)
SignRKA(h1)

44
Hey, then what is blockchain?

To increase efficiency, we can put several transactions

together into a block:

Block 1 Block 2 Block 3

Tr, Tr, …, Tr Tr, Tr, …, Tr Tr, Tr, …, Tr
hash value hash value hash value
signature signature signature

This is our blockchain!

45
<Very high level: short summery> What is blockchain?

Can it be A
replaced by database X
system
A blockchain platform

A kind of distributed ledger (transaction book)

-storing *all* transactions of *all* users.
-capable of executing embedded programs automatically
(smart contract).

Properties:
-Decentralized (no centralized authority (all users/miners))
-Immutability (no changes in records, guaranteed by crypto)
-Transparent (every one can check *all* transactions), ……
46
Q: Differences between a distributed system
and a decentralized system?
Distributed systems vs Decentralized systems

- Store & process data in No SINGLE point/party can

decide how the system behaves
different locations or
- Aggregate responses from
different computers multiple parties
- Replication - Extreme case: every party
makes decision

Whether it is
decentralized:
Who “own” and “make”
decisions for the system

47
E.g. Google
Q: Is it distributed? Yes
Q: Is it decentralized? No
Other examples:
- Cloud service providers, e.g. Amazon, Tencent?

Distributed system

Decentralized
system

Q: Then, what is a distributed ledger?

48
Bitcoin?
Bitcoin, other cyber currencies
are built:
Application 1 ------------- Application n

Blockchain technology (decentralized)

Applications exist in different areas

-Finance Q: Do you know any of these
-Supply chain applications using blockchain?
-Healthcare
-Insurance Q: What applications best-fit
-even music industry….. blockchain?

49
Q: Why decentralized?

(i) Trust issue

E.g. if the application involves multiple banks, who

is going to manage the database? Why they? Who
is the trusted party?

(ii) Transaction fee

Even if you have a trusted party who can manage
the database of transactions (e.g. bank to hold
our accounts), why we need to pay high
transaction fee?
50
Some disadvantages of having a centralized party

- High transaction fees

- No privacy (the centralized party has full
authority to read all personal information,
transaction information of the customers)
- Trust issue (need to trust it)
- Processing time for the transaction (it depends
on the centralized party how fast they can
complete the transaction).

51
 No
Database? X
Yes
Yes
Have a trusted authority High trans fee?
No Yes No
No
Involve > 2 entities? X
Yes
No (only a few)
Will all entities join?
Yes (majority) Yes
High freq?
No evaluate? Chain of custody,
Consider blockchain savings in proc, many-many? 52
Summary questions:
Q1
Which of the followings are the reasons for using blockchain technologies?
(a) There is no trusted authority.
(b) The transaction fee is too high.
(c) We want to ensure data availability.
(d) Because we require high transaction rate.
(e) All of the above.

Q2
How blockchain protect the identify of users? And how one
can show that he/she is the owner of the account to use the
bitcoin?

53
Q3:
How blockchain technology guarantees that no users can
easily modify the transactions without being noticed?

Q4:
Why miners need to solve a computational problem before
adding a new transaction to the blockchain?

Q5:
Why in the original blockchain system, we should follow the
longest chain?

54
Answers
Q1: (a), (b), (c).

Q2: Use public key as the account # without disclosing the

real identity of the owner, then use private key to verify
its authority to use the bitcoin.

Q3: Using the *chained* hash values: Transaction x will

make use of the content of transaction x-1 to create the
hash value so that if a hacker wants to change the details
of Transaction x, he/she needs to change all subsequent
transactions

Q4: We do not want the frequency of adding new

transactions to be too high, otherwise, there may be a
chaos.
55
Q5. Because we assume that the majority of the miners
are honest. Most of these honest miners will work on the
”correct” blockchain and make it longer and longer, so
following the longest blockchain should be the correct
chain

56
 Question: Where is the blockchain?

N Blockchain Network
P1 P2 P3
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
P Peer node

1 2 3 4 5 Blockchain
P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Ans: Each peer node has a copy of the entire blockchain

 Transactions Recording (1)
Client
A Application
P1 P2 P3
A1 Blockchain
N
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Network
Tx1

Tx2 P Peer node

A2
P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
1 2 3 4 5 Blockchain
N

Client applications broadcast their transaction in the blockchain network

or send them to specific peer node for processing
 Transactions Recording (2)
Client
A Application
P1 P2 P3
A1 Blockchain
N
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Network
Tx1

Tx2 Tx1
Tx2
Tx1
P Peer node
Tx2
A2 Tx2
Tx3
Tx3 Tx4

P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
1 2 3 4 5 Blockchain
N

Peer node maintain a pool of transactions that have not been included in the blocks yet
 Transactions Recording (3)
Client
A Application
P1 P2 P3
A1 Blockchain
N
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Network

Tx1
Tx2
Tx2 Tx1
Tx2
P Peer node
A2 Tx3
Tx3
Tx4

P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
1 2 3 4 5 Blockchain
N
6
Tx1
Tx2
Tx3 Each peer node tries to create a new block that contains the transactions in its pool.
The peer node should also execute each transaction to ensure they are valid.
 Transactions Recording (4)
Client
A Application
P1 P2 P3
A1 Blockchain
N
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Network
6

Tx1
Tx2
Tx2 Tx1
Tx2
P Peer node
A2 Tx3
Tx3
Tx4

P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
1 2 3 4 5 Blockchain
N
6
Tx1
Tx2
Tx3 The peer node broadcast the newly found block to other peer node in the blockchain network.
 Transactions Recording (5) Tx16
Tx2
Tx3 Client
A Application
P1 P2 P3
A1 Blockchain
N
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5

Network
6

Tx1
Tx2
Tx2 Tx1
Tx2
P Peer node
A2 Tx3
Tx3
Tx4

P4 P5 P6
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
1 2 3 4 5 Blockchain
N

The peer node receiving the new block check the correctness of the block, which include
validating all transactions included in the block with respect to its local blockchain copy,
and append it to its own copy of the blockchain
 Transactions Recording (6)
Client
A Application
P1 P2 P3
A1 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 Blockchain
N
Network

P Peer node
A2 Tx4

P4 P5 P6
1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 Blockchain
N

Each peer node appends the new block and updates its own mempool