DistOS 2021F 2021-11-23

From Soma-notes
Jump to navigation Jump to search


Lecture 19
 - experience 2 is going up shortly
    - all set, william just has to post
    - will be due last day of class
    - but will be accepted until a few days before
      the final exam

 - Nov. 30: Ethereum (will come out tonight)
 - Dec. 2: cryptocurrency critiques, futures
 - Dec. 7: present your projects
     - looking for volunteers
     - ideally 5 minute presentation

I will ask William about solutions to experience 1 & grading

Byzantine Generals problem
 - really, the problem of consensus in the presence of bad actors
    - so some may send false information, how do we deal
    - basically, we don't trust all the "generals" (CPUs),
      so how can we achieve consistency?

Key assumptions
 - assume majority are honest (follow the protocol)
    (necessary, not sufficient)

To have a solution, you have a way to achieve consensus in the face of failure/malicious action (depending on the solution)

We've seen this often
 - node failures are common in distributed systems,
   and they can fail in arbitrary ways (not just crashing)
 - whenever we see a consensus solution, we're seeing
   a kind of solution to the byzantine general's problem
    - almost

In the paxos-type solutions, nodes can fail or behave a bit badly, but they aren't going to flood the network or pretend
to be other nodes
  - faulty, not malicious

Note we can't deal with faked messages
 - no cryptographic assurances on node identity

Bitcoin, what's the goal?
 - "digital cash"

Value is not inherent in any of this

What is inherent is it is a distributed ledger
 - record of transactions
 - no trusted third party
    - for updates or checks

Is it for privacy?  How private is bitcoin?
 - normally, in cryptography, to get privacy you want
   perfect forward secrecy
    - confidentiality is maintained even if keys are broken

If someone saves all your communication and later breaks in
and steals your private key, then do they get all your past
 - with forward secrecy, NO
 - with bitcoin, YES

The key to forward secrecy is using ephemeral keys
 - so the key the attacker wants isn't on the system long term
 - you can't compromise what you don't have

As long as the algorithms remain secure and you dispose of
ephemeral keys as you should, perfect forward secrecy works

But Bitcoin can't do it
 - public keys are in the permanent record
 - and people need them to keep ownership of their money

You have pseudonyms rather than anonymity
 - and the pseudonyms can be compromised anytime

Advantage is who controls the pseudonyms
 - the participant, not a central third party
 - but, will need to reveal it when connecting Bitcoin to the real world

Exchanges are the worst
 - they know who you are!
 - they can take your stuff!

You have to trust the exchange
 - but bitcoin assumes that you don't trust anyone!

But is bitcoin really "no trust"?
 - depends on the code being correct
 - depends on the cryptography being correct
 - and depends on 50%+ being honest
    - of computational power, not people

Have there ever been problems with hash functions?
 - before SHA-256 there was SHA-1 and then MD5, MD4, MD2...

What would happen if someone came up with a way to generate
collisions for SHA-256 quickly?
 - you could double spend potentially, breaking

I'm not saying that decentralized finance is inherently bad
 - lots of potential benefits!
 - but you have to understand the assumptions

no such thing as zero trust
 - something is ALWAYS trusted
 - at most, can have checks and balances

idea of bitcoin is trust the math/code, not people
 - but what happens when bugs are found in the math
   or in the code?
   - you have to then trust people to update the system
 - are majorities inherently more trustworthy than
   a centralized authority?