Aurelien Alvarez, reply by Jean-Paul Delahaye
Jean-Paul Delahaye explains clearly ter his article how the bitcoin protocol works, spil well spil the enthusiasm and fear it elicits. The major innovation behind bitcoin is the creation of an ecosystem that permits for a decentralized overeenstemming. Users no longer need a reliable central authority to interact with each other. While it is difficult to predict how blockchain technology will become significant te our everyday activities overheen the next few years—increasing our happiness, or not—the enthusiasm it elicits is growing. It could have many applications, of which cryptocurrencies are only an initial example. Among the platforms arousing good rente is Ethereum, which permits users to manage and interact with smart-contracts. Ethereum promises applications that work exactly spil they were programmed and cannot be interrupted, censored, or modified ter any way. It has bot spoken of spil one of the building blocks of web Three.0!
Understanding precisely how all this works te practice is a fascinating subject. How can a user, interacting with the network via only his smartphone, quickly verify that a transaction has bot saved on the blockchain? One treatment uses the concept of a Merkle tree. This is an significant gegevens structure used ter computing and cryptography, and I would like to go after up Delahaye’s article by explaining this point. Another legitimate question that one might ask with reference to the mechanism of transaction validation is: why do bitcoins have real economic value?
There is more to bitcoin than simply a currency of exchange. To illustrate this, I will examine ter some detail a transaction inscribed te the bitcoin blockchain. This has nothing to do with any financial transaction, on the contrary, it is connected to the idea of using the blockchain to write information, permanently, that is tamper-proof and visible to everyone. This way of “hacking” the bitcoin blockchain—that is, to diverting it from its primary use, albeit this “hack” is fully authorized by the protocol—immediately opens up a world of possibilities. I will illustrate this using an example application for which a toneelpodium like Ethereum is ideally adapted.
A Merkle Forest
Creating a peer-to-peer network permitting one to transfer “money” without resorting to a central authority like a bankgebouw, is, it voorwaarde be said, a conceptual challenge. It is an even greater challenge when you keep ter mind that, unlike a gold ingot, a laptop opstopping can be duplicated infinitely many times at almost zero cost. Yet Satoshi Nakamoto’s ideas, spil described ter his article, “Bitcoin: A Peer-to-Peer Electronic Specie System,” posted on the web te 2008, make this possible. 1 Far from being extraordinarily complicated, his ideas are, on the contrary, a clever opstelling of plain building blocks. Some of thesis have bot well known for around forty years and have bot widely used te many cryptographic systems. It seems almost a miracle that a currency can be supported by a collective laptop verkeersopstopping and that it works. It is a miracle—and te the case of bitcoin, a currency—that depends entirely on mathematics.
Ter terms of cryptography, the bitcoin toneel relies on two fundamental mathematical concepts: hash functions and electronic signatures. One might think of the hash of a pc opstopping spil its digital fingerprint. The initial rekentuig verkeersopstopping can be potentially very large (from a few kilo- to several giga-bytes, depending on whether it is text, pic, music or movie), while its fingerprint is only a few bytes. Calculating a hash is a very swift process, consumes few resources, and is an irreversible operation, since it is unlikely, te practice, to reconstitute the original verkeersopstopping from its fingerprint. Importantly, it is enormously unlikely that two distinct files will produce the same hash. The electronic signature of a message proves that the person claiming to be its author is indeed its author. The underlying mathematics ensures that it will not suffice to examine te detail the messages signed by a person to be able to adequate his signature and sign fresh messages without his skill.
Bitcoin relies on the blockchain, a gegevens structure that permits the gegevens to be linked together. How? By organizing the gegevens ter blocks and indicating ter the header of each block the hash of the preceding block. Modifying a datum ter a block modifies its hash and is therefore reflected te all subsequent blocks. Each block organizes the transactions it contains according to a Merkle tree, a gegevens structure very first described by Ralph Merkle ter 1979. Imagine that one wants to verify that some gegevens belongs to a set of gegevens that is known te advance. Te the case of the bitcoin blockchain, one wants to know whether a particular transaction has bot recorded te a given block. Compared to what might be described spil the “naive” method, i.e. recovering the block of transactions and comparing the known transaction with each of the transactions te the block, a Merkle tree answers this question ter a way that reduces calculation and gegevens transfer overheads.
A Merkle tree is a rooted binary tree, the gegevens are fastened to the leaves, the hashes of the corresponding gegevens are fastened to the parents of the leaves, and the hashes of the two child knots are affixed to all the other knots. The root of the Merkle tree contains a fingerprint of the entire tree. If someone wants to verify that a transaction belongs to the block te question, and not simply trust a network knot asserting that this is the case, he have to ensure that the block belongs to the blockchain and to recalculate what the root of the Merkle tree of the block should be. He can then compare it to the value indicated te the header of the block. One does not need to know all the transactions from the block, it is enough to request the hashes of the branch that goes from the leaf containing the particular transaction all the way to the root. This represents a very petite amount of gegevens when compared to that comprising all the transactions ter the block. For the same reasons, if one switches a datum te a leaf, it is not necessary to recalculate the entire Merkle tree, but only the corresponding branch all the way to the root. One of the excellent strengths of this gegevens structure is that it permits users to connect to the network via light clients on their smartphones and to verify the transactions of rente. Of course, nothing strikes a total client, one that stores the entire blockchain and ensures the validity of all transactions without the help of any third party, thesis knots can calculate the balance of a bitcoin address and trace precisely the origin of the bitcoins at the address ter question.
Why Do bitcoins Have Real Economic Value?
The simplest ideas are often the most brilliant. Nakamoto’s ideas are a prime example. The main problem te such a system is, of course, how to find a overeenstemming about the validity of transactions without a central authority, and when the network’s knots do not a priori trust one another.
Each block header contains the hash of the previous one, the root of the Merkle tree of the transactions contained ter the block (and thus a fingerprint of all the transactions ter the block!), a timestamp, and a nonce. Anyone can thus, te the blink of an eye, verify the validity of a block, while the miners have had to work hard to find the nonce ter question. Two The winning miner is the very first to provide a proof of work—i.e., the value of the nonce which makes it so that the hash of the header of the block te question is less than a certain value. This value is directly related to the computing capacity of the entire bitcoin network and periodically adjusted. Since the distribution of hashes is random, a miner has no choice other than to randomly take a nonce and see if it works. and, if it doesn’t work, to begin again. This is where the system acquires real economic value, moving from mathematics and pc science to physics, if you will. The cost for a miner to validate a block is significant: the purchase and maintenance of laptop equipment, and, above all, significant electro-stimulation consumption, and thus the degradation of energy into warmth. A mined block gets its value from computing, ter the same way that a gold ingot acquires value because it is a uncommon metal. If it were effortless to mine a block, a bitcoin would have no more value than a liter of air! That one can exchange goods or services for the result of a calculation is, ter contemporary terms, a totally disruptive idea.
For their work, miner are paid ter accordance with the two basic rules of the bitcoin protocol: on the one arm, one may only transfer accrued bitcoins, and, on the other arm, only miners can create fresh bitcoins ex nihilo. But te a dispersed world, two valid blocks may be found at almost the same time at two completes of the network. The two blocks do not necessarily contain the same transactions, and may even contain contradictory transactions. Te other words, a user of the network attempts to spend the same bitcoins twice. Two blockchains then find themselves te competition, a situation wij call a fork. But, a few minutes straks, other blocks will be mined. A overeenstemming is reached by keeping the blockchain with the highest “computing value.” Again, the central notion of “computing content” arises, one that gives a real economic value to the bitcoins, since overeenstemming is established by providing credit to the miner who has worked the most.
Why do miners agree to play the spel and why do they eventually come to a overeenstemming? If you are a miner, it means that you have purchased the necessary equipment and are willing to consume a significant amount of electro-therapy. When you look at the bitcoin protocol ter detail, you realize that there is no economic incentive to hack the network, everything wasgoed designed so that attacks, ter the end, are far more costly than any benefits that could be derived from them. Miners thus have a vested rente te “behaving well,” that is, ter obeying with the protocol. This is how overeenstemming emerges at the global level for validated transactions inbetween actors who do not know each other and have no particular a priori trust ter each other. Believe it or not, this has now bot working for eight years!
There is, however, a downside to this. It is indeed possible to alter the zindelijk functioning of the system if someone manages to capture at least 51% of the computing power of the entire network. This is unlikely, but not totally unimaginable, because of the concentration of miners into pools. There remain things a hacker would not be able to do. Ter particular, he would never be able to spend bitcoins that are not his. On the other mitt, he would be able to spend his own bitcoins several times overheen, and to deny service by refusing to validate certain transactions. If this were to toebijten, nothing would prevent miners involved ter the 51% from hopping ship if they did not find the situation to be te their rente. No miner—unless he wants to lose all the money he has invested from the beginning—has any real incentive to make the entire system collapse.
Spil of 2013, some users of the bitcoin toneel have attempted to write information unrelated to financial transactions into the blockchain. Why? Because once written on the blockchain, it will remain there ad vitam eternam. It is not difficult to imagine some types of information, such spil the terms of a contract, that wij would like to always have available, from anywhere te the world, and maintained ter a way that they cannot be tampered with. The bitcoin blockchain wasgoed not designed for this purpose, but with a little ingenuity, it is nevertheless possible to implement this type of functionality. This has pleased some people, because it demonstrates, if this is still necessary, the potential of the blockchain. It has not pleased others, who see this type of gegevens spil contaminating the protocol at two levels. On the one mitt, it can greatly increase the size of the blockchain and, on the other arm, transaction outputs (UTXO) are created that can never be unlocked but will remain consigned forever to the group of all UTXOs. Ter 2014, a fresh instruction for the bitcoin script language appeared, OP_RETURN, suggesting a compromise. With this instruction, it became “legal” to deposit up to 40 bytes vanaf transaction and the problem of non-unlockable UTXOs also bot resolved.
Many websites permit real-time visualization of the bitcoin blockchain. Three Consider the transaction whose hash is
Wij can see that it wasgoed validated on June 30, 2014 but wij can also see that the very first output script is
Behind the instruction OP_RETURN hides a message written ter hexadecimal. A conversion from hexadecimal to utf-8 Four exposes the message
charley loves heidi.
A declaration of love inscribed forever te the bitcoin blockchain!
Smart-Contract or PayPal?
Imagine three mathematician friends who would like to explain to a broad audience the fourth dimension, or the butterfly effect. Five After much labor, thesis friends finish a filmrolletje, using synthesized pics, about each subject. Since they wish to distribute their two films spil widely spil possible and for free, a toneelpodium like YouTube would suit them well. 6 Suppose also that they determine to burn a puny batch of DVDs to offerande to teachers and students ter countries where access to the internet is limited. They determine to sell a dual DVD containing the two films at a relatively modest price, covering printing and shipping costs, but that will also ensure that one out of every three DVDs is free. On their webstek, they create a pagina for orders.
To collect payments, they determine to use PayPal, an online payment service that permits users to pay for purchases, receive payments, and to send and receive money. PayPal takes a commission (not negligible, te fact) from each transaction and pays the remainder into the account belonging to the three friends. The system works well and our three friends are, on the entire, content.
All the same, they have two puny regrets. The three friends give regular lectures, which are flawless opportunities to distribute their DVDs. This is a little awkward, ter practice, because they have to collect money from buyers, either ter contant or checks, and then deposit it te a bankgebouw. Not leaving behind, of course, buyers who want to pay via a credit card. Additionally, the three mathematicians had hoped that, for every hundred DVDs sold, they could suggest the next order free of charge. This type of bounty is not effortless to arrange via PayPal. While our friends have no intention of cheating, their foot aim being to make their DVDs available to the fattest audience possible, buyer have to trust them regarding the precies number of DVDs sold. Buyers have no way of verifying that their order wasgoed not the (n + 1)th purchase, n being a numerous of one hundred.
The three mathematicians released their films ter 2008 and 2013, so they could not have known about the Ethereum toneelpodium, available only since 2015. Ethereum solves both thesis problems: payment without intermediaries and without constraint (suggested, since 2009, by the bitcoin blockchain) and the bounty that cannot be intentionally forgotten.
Ethereum: the Fresh Generation
Te a sense, Ethereum is a decentralized pc that runs on many knots. This “world rekentuig,” if one could describe it spil such, is accessible from anywhere, no central authority controls access, and the operation of the programs it executes are assured to be free from alteration or interruption. Introduced te this way, it looks fantastic. 7 And it is! There are, however, two caveats: this world laptop is hardly more powerful than a mobile phone of the 1990s, and it is necessary to “pay” to execute a program. Te any blockchain-type toneel, there is always a balance inbetween economy and technology.
The philosophy behind a verhoging like Ethereum is that of a truly decentralized internet network. Today’s web, on the other palm, often offers us access to centralized services, whether ter the form of a canap, a social network, a music toneelpodium, or a carpooling podium. Te many cases, it is not unreasonable to limit the level of trust one places te thesis “central authorities,” which levy not insignificant fees for services rendered and which can generate immense profits from user gegevens. If the server hosting the service abruptly becomes inaccessible, there is no recourse available to users. A list of grievances against the platforms wij use on a daily poot could be extended, but that is not the point here. Keeping ter mind that the internet is nothing but an immense network of public and private subnetworks, one can appreciate why the governing role played by certain knots is not to the liking of the most liberal minds. 8
Spil I have attempted to illustrate, using the example of the DVD project by our three mathematician friends, the boundaries of Ethereum are fairly different from those of Bitcoin. That said, both platforms permit users to record financial transactions, ter ethers and bitcoins, respectively. But, of the two, the ether is oriented more towards paying for the operation of the system. Te other words, users pay using ethers for smart-contracts they want to run. The Ethereum blockchain is structured around the idea of accounts and, te a way, is simpler than the bitcoin protocol, because one has onmiddellijk access to an account’s balance. This point is an significant difference inbetween the two blockchains. Te the Ethereum specimen it is not necessary to recalculate the entire transaction tree to know the balance of an account—all the more interesting for light clients who, spil discussed previously, do not keep a copy of the entire blockchain, only the headers.
The Ethereum blockchain is much swifter than that of Bitcoin. The delay inbetween two blocks te the bitcoin system is around 12 seconds. The propagation time of a block through the network, understandably, poses den facto fresh challenges. The Ethereum protocol provides solutions ter both cases. Moreover, and this is the good innovation of this toneelpodium, one can arbitrarily store gegevens on the blockchain—by which I mean smart-contracts—that are, ter fact, programs written ter a accomplish Turing language. There is thus no confinement on the complexity of programs that can be deposited on this particular blockchain.
Smart-contracts are programs stored and executed ter the Ethereum blockchain. A financial transaction, spil is the case ter the bitcoin toneel, is an elementary example of a smart-contract. If the author of a smart-contract has provided a user interface, or front-end, the smart-contract can be seen spil the back-end of a decentralized application. A mined transaction is ultimately a public record that a certain smart-contract has bot executed with specific inputs and that it has produced specific outputs. This can be verified by any network knot. Everything is public on the blockchain and a smart-contract is filed for eternity.
It is significant to understand that a smart-contract is a ordinary program stored ter the blockchain, but that this program is also able to modify the state of the blockchain. When one wants to interact with a smart-contract function, one sends transaction request to the network indicating the address of the brainy contract spil well spil the gegevens required to perform the function ter question. Ethers are included spil payment for the transaction. Ter the previous sentence, “one” is te italics because it can designate a user spil well spil another smart-contract. Ter other words, nothing prevents smart-contracts from interacting with one another. Imagine, for example, an active investment contract which is, on the one mitt, a securitization contract that itself recovers the repayment ter a loan contract, and on the other forearm, a rating contract charged with recovering information about repayment te a list of loans, etc. When Ethereum miners receive the transaction, they retrieve the corresponding smart-contract, execute it, and thus stir the blockchain from one state to the next.
What are the constraints or limitations of Ethereum? Firstly, the execution of a wise contract is necessarily initiated “from the outside.” Ter other words, a smart-contract cannot determine, autonomously, to be executed. It is not possible to program a “scalper” smart-contract that would spend its time monitoring a share price, to buy or sell spil the case may be. Strafgevangenis can a smart-contract use a web service, that is to say, outer gegevens provided by a web service. There are at least two reasons for this: on the one arm, this would be a problem if, at the time of execution for the smart-contract, the gegevens service wasgoed unavailable and, on the other forearm, if one dreamed all the knots of the network to rigorously perform the same task, which would require them all to have access to the same program inputs. At the heart of the protocol is the principle that “the executer pays.” Payment voorwaarde be made, ter ether, of course, for the execution of a program and invoicing (which is established ter gas—the execution toverfee) is directly related to execution time and the size of the inputs. It automatically thresholds the capabilities of any pranksters who might attempt to “saturate” the verhoging by asking it to execute anything and everything. A final point: nothing prevents the use of the Ethernet blockchain for gegevens storage, spil a kleuter of decentralized Dropbox, since all the knots of the network store the gegevens ter question. But, spil you might have gathered by now, payment would be required. And it would be enormously expensive. Thus the best way to immortalize the lump of music you just composed, or the novel you just finished, is not to store the entire work, only its hash.
The Escapade Starts
Te this vision of a decentralized web, Ethereum represents an significant very first step, and one that has sexually aroused a superb overeenkomst of enthusiasm.
Ter the near future, wij should expect to use, alongside our traditional web browsers, a browser such spil Waas for managing a connection to Ethereum knots, managing one’s identity, making payments, activating smart-contracts, and so on. The back-end of the application will hold the corresponding smart-contract and, eventually, one imagines that both front-end and back-end will be found on the blockchain. 9 All this is still just a fantasy, but every day fresh developers join an enthusiastic and active community. Wij can already see how this technology might significantly influence entire sectors of the economy, from music to health to the “internet of things.” Not to mention even fatter upheavals, promised by some, ter all kinds of organizations, including at the state level. Science and technology may now be placing ter our forearms the instruments to invent fresh forms of democracy.
My thanks to Aurelien Alvarez for this letterteken, which rounds out my article by focusing on a series of points which are all very interesting. There are, of course, many other aspects that deserve to be described ter such detail about the revolution commenced by Satoshi Nakamoto. but then it would no longer be an introductory article, but a book!
Aurelien Alvarez is a mathematician at the Universite d’Orleans.
Jean-Paul Delahaye is a mathematician and professor emeritus te rekentuig science at the University of Lille.
Translated from the French by the editors.