https://homeostasis.scs.carleton.ca/wiki/index.php?action=history&feed=atom&title=DistOS_2021F_2021-11-23DistOS 2021F 2021-11-23 - Revision history2026-05-12T23:28:38ZRevision history for this page on the wikiMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS_2021F_2021-11-23&diff=23534&oldid=prevSoma: Created page with "==Notes== <pre> Lecture 19 ---------- - experience 2 is going up shortly - all set, william just has to post - will be due last day of class - but will be accept..."2021-11-24T01:56:22Z<p>Created page with "==Notes== <pre> Lecture 19 ---------- - experience 2 is going up shortly - all set, william just has to post - will be due last day of class - but will be accept..."</p>
<p><b>New page</b></p><div>==Notes==<br />
<br />
<pre><br />
Lecture 19<br />
----------<br />
- experience 2 is going up shortly<br />
- all set, william just has to post<br />
- will be due last day of class<br />
- but will be accepted until a few days before<br />
the final exam<br />
<br />
- Nov. 30: Ethereum (will come out tonight)<br />
- Dec. 2: cryptocurrency critiques, futures<br />
- Dec. 7: present your projects<br />
- looking for volunteers<br />
- ideally 5 minute presentation<br />
<br />
I will ask William about solutions to experience 1 & grading<br />
<br />
<br />
Byzantine Generals problem<br />
- really, the problem of consensus in the presence of bad actors<br />
- so some may send false information, how do we deal<br />
- basically, we don't trust all the "generals" (CPUs),<br />
so how can we achieve consistency?<br />
<br />
<br />
Key assumptions<br />
- assume majority are honest (follow the protocol)<br />
(necessary, not sufficient)<br />
<br />
To have a solution, you have a way to achieve consensus in the face of failure/malicious action (depending on the solution)<br />
<br />
We've seen this often<br />
- node failures are common in distributed systems,<br />
and they can fail in arbitrary ways (not just crashing)<br />
- whenever we see a consensus solution, we're seeing<br />
a kind of solution to the byzantine general's problem<br />
- almost<br />
<br />
In the paxos-type solutions, nodes can fail or behave a bit badly, but they aren't going to flood the network or pretend<br />
to be other nodes<br />
- faulty, not malicious<br />
<br />
Note we can't deal with faked messages<br />
- no cryptographic assurances on node identity<br />
<br />
Bitcoin, what's the goal?<br />
- "digital cash"<br />
<br />
Value is not inherent in any of this<br />
<br />
What is inherent is it is a distributed ledger<br />
- record of transactions<br />
- no trusted third party<br />
- for updates or checks<br />
<br />
Is it for privacy? How private is bitcoin?<br />
- normally, in cryptography, to get privacy you want<br />
perfect forward secrecy<br />
- confidentiality is maintained even if keys are broken<br />
<br />
If someone saves all your communication and later breaks in<br />
and steals your private key, then do they get all your past<br />
communication?<br />
- with forward secrecy, NO<br />
- with bitcoin, YES<br />
<br />
The key to forward secrecy is using ephemeral keys<br />
- so the key the attacker wants isn't on the system long term<br />
- you can't compromise what you don't have<br />
<br />
As long as the algorithms remain secure and you dispose of<br />
ephemeral keys as you should, perfect forward secrecy works<br />
<br />
But Bitcoin can't do it<br />
- public keys are in the permanent record<br />
- and people need them to keep ownership of their money<br />
<br />
You have pseudonyms rather than anonymity<br />
- and the pseudonyms can be compromised anytime<br />
<br />
Advantage is who controls the pseudonyms<br />
- the participant, not a central third party<br />
- but, will need to reveal it when connecting Bitcoin to the real world<br />
<br />
Exchanges are the worst<br />
- they know who you are!<br />
- they can take your stuff!<br />
<br />
You have to trust the exchange<br />
- but bitcoin assumes that you don't trust anyone!<br />
<br />
But is bitcoin really "no trust"?<br />
NO<br />
- depends on the code being correct<br />
- depends on the cryptography being correct<br />
- NO PROOFS HERE<br />
- and depends on 50%+ being honest<br />
- of computational power, not people<br />
<br />
Have there ever been problems with hash functions?<br />
- before SHA-256 there was SHA-1 and then MD5, MD4, MD2...<br />
<br />
What would happen if someone came up with a way to generate<br />
collisions for SHA-256 quickly?<br />
- you could double spend potentially, breaking<br />
everything<br />
<br />
I'm not saying that decentralized finance is inherently bad<br />
- lots of potential benefits!<br />
- but you have to understand the assumptions<br />
<br />
no such thing as zero trust<br />
- something is ALWAYS trusted<br />
- at most, can have checks and balances<br />
<br />
<br />
idea of bitcoin is trust the math/code, not people<br />
- but what happens when bugs are found in the math<br />
or in the code?<br />
- you have to then trust people to update the system<br />
- are majorities inherently more trustworthy than<br />
a centralized authority?<br />
</pre></div>Soma