Lecture 2: Creating a digital currency

Desirable properties of a good digital ledger

  1. No deletion
  2. Temporal ordering
  3. Global consensus
  4. Semantic correctness
  5. Live – writable, no DOS, no censorship

Attempts to create a digital currency in the increasing order of sophistication.

  1. A signing key based approach can confirm the authenticity of the transaction but cannot prevent double-spend.
  2. Append-only ledger with signing keys ensures a temporal ordering and global consensus, thus, prevents double-spending. Sign “new transaction + hash of the previous transaction”.  But if there is a single trusted signing authority, it can still give different signing blocks to the different parties and engage in double-spend. Or it can append invalid transactions to the ledger.
  3. To reduce the risk, we can have n signers and require k <= n signers required for a transaction to be a valid part of the ledger.
  4. Further safety can be ensured by rotating the trusted signers. The signers will build on (one of the) longest valid chain. The signer will reject any chain with a bad block in it. If the majority of the signers is honest, this works. Otherwise, it does not. A malicious actor can perform a Sybil attack on the system by generating tons of signers who are participating in the system and hence, a majority of signers might end up representing a single entity.
  5. Bitcoin (Nakamoto consensus) treats everyone as a trusted signer. The signer in round n is the first signer to solve a proof-of-work (PoW) puzzle. There are no signing keys anymore. The random nonce of the block which leads to H(block) <2256 – d suffices as the valid proof of signing. Two signers can end up signing simultaneously, but eventually, one of the chains will become longest and wins. Each block ~ 1MB and each transaction ~512 bytes. After your transaction ends up in a block, wait for up to 6 blocks to ensure that a different chain won’t become the longest one. Majority of the mining power should be honest though, 51%  attack is possible on Bitcoin.