Blockchain eyes of the developer

Why this story? When I studied the blockchain on open sources, such as Wikipedia, the information seemed fragmentary and incoherent. Time passed before it formed into a coherent picture. It seems I know in what order and words to describe the introduction to the blockchain, so that any professional developer can understand the big picture in 1-1.5 hours. There will be some simplifications in the text. It is clear that in any topic there are many details where you can, if you wish, dive.

Let's start. Asymmetric cryptography has long existed. Let me remind you, there are public and private keys. Encrypt open, decrypt closed. Or vice versa. It is impossible to get one from the other. Thus, already using only asymmetric cryptography, I can send someone a message, for example: “I transferred 100 rubles”, while everyone will know that I sent it and that it was delivered without changes.

Let ten people agree that each of them has a million new currencies. Each of them can make sure (and everyone can make sure) that it was he who sent 300 thousand of this currency to another. In this case, it is not known whether he had at his disposal these 300 thousand or not. To get this knowledge, you can find out the balances of each. To do this, you just need to mathematically add up all the receipts of money and subtract all the expenses of a person. Thus, all incoming and outgoing operations are required. Hence the public ledger, a public ledger. It will tell if a person can send 300 thousand.

Bitcoin: the beginning

One problem remains: what if I send all my money to both of you at the same time? This is double spending, or double-spending. Of course, these two should not simultaneously receive an amount equal to my balance before the operation. And to find out among themselves who still got the payment, they are also uncomfortable. To focus on time stamps (look to whom I sent the money before) is unreliable. There is a solution: streamline transactions. Then it will be clear for sure that the first payment went to Vasya, and I simply can’t make the second: no money. But now it is not clear who will say in what order the transactions go. In banks and other centralized systems there is an attorney - the bank itself, a single point of failure and a point of trust. The bank says to whom my money went. There is no single trustee on the blockchain. This can be a large part of the network (it is clear that absolutely the entire network, because each participant can not be trusted: there are probably fraudsters among them). It is assumed that it is not controlled by one person and that the majority of participants act strictly in their financial interests.

But the problem of streamlining transactions is still not resolved: we need the so-called consensus among network participants. One of the key algorithms for each particular blockchain, the consensus algorithm, deals with solving this problem.

Before we talk about a specific consensus algorithm, I’ll say a few words about the blockchain’s notorious blocks. Blocks - a technical measure, batch processing (batching), to consider the consensus “bundle” and “smear” the other overhead costs of network operations in several transactions. The order of transactions within a block is determined by one member of the network - the one who forms the block (miner). But the order of the blocks is already determined by the algorithm of consensus. Algorithms of a consensus exist for a long time. For example, Paxos and Raft algorithms in multimaster -NoSQL-systems. But for a network with a million equal participants, they are unlikely to fit.

In Bitcoin, a revolutionary at the time algorithm was proposed - consensus through proof of work (PoW). New blocks are formed simultaneously by many network members - miners. It is necessary to decide which block to take as the next one. In order for the block to become the next block of the chain, the miner must produce specially selected very labor-intensive hashing. The block (along with the nonce increment) is hashed until the hash, when considered as a large number, satisfies certain conditions, for example, until it contains 10 zeros at the beginning. This will require billions of hashes, namely, the work with which the miner “proves” his unit. And it is very easy to check the correctness of work: you only need one hashing. It is important to understand that the work is chosen so that the entire network (that is, among thousands of miners!) Appears on average only one block per ten minutes (the average interval of occurrence of blocks in Bitcoin). Under such conditions, the probability of collisions, i.e., the simultaneous presentation of two or more blocks as the next, is extremely reduced.

However, the probability of collisions still remains. In this case, there is the following rule: network members accept the block that forms the longest chain (one of the alternatives will be longer when another block appears).

In fact, there is not a chain, but a directed graph without cycles (DAG) with many branches and chains, and the chain is usually called the “common history” - the chain with the greatest length. Since consensus can not be reached immediately, but in a few blocks, you should wait. To be sure that you will not be given double-spending, six blocks are usually waited (in Bitcoin - an hour, in Ethereum - a few minutes).

In the block, besides transactions, there is a hash of the previous block. Thus, it is impossible to fix something in the past: all subsequent hashes will be incorrect. At the same time, together with the block, a reward for mining is issued - hence the new money! Otherwise, it would be unclear how, in principle, to introduce money into the system: someone needs to give it out, which makes this special and contradicts the idea of ​​decentralization. Mining money for mining seems a logical and acceptable solution.

Speaking of mining. You need to understand that the main work of the miner is the fierce hashing of a new block, asymmetric cryptography is not there, it is only needed to verify transactions before adding to the block. Bitcoin uses SHA-256 hash, and Ethereum uses Keccak-256. If you mine alone, you will have to live on rice and water for a very long time, on average, before you get a block (a block - every ten minutes, competitors - hundreds of thousands!). Therefore, miners are combined into pools. In a pool, the reward is somehow (there are different approaches) distributed among the participants, i.e., you often get money (of course, less than the reward for the block). That is, both the risk and the benefit are “smeared”. When time tends to infinity mat. Waiting for profits from mining in the pool (if the pool commission is neglected) is equal to mat. Waiting for profits from single mining.

So far, we have talked a lot about the exchange of data between network members, but did not touch on the details. And do not touch. It is important to remember that data exchange occurs through a certain network peering, that our transaction through it will reach miners.

So, we got the bitcoin blockchain technology.

Smart contracts and ICO

Go ahead. In Bitcoin, over each account, two operations are performed: addition and subtraction, and they are checked by everyone, above all by the miners. But what if you add internal variables to your account (storage), and add operations, for example, comparisons? Suppose I want to stop accepting money to my account when I type 10M on it - that is, it turns out not just adding money to the account balance, but adding it provided. Developing an idea, we get a Turing machine, and a deterministic one — that is, everyone can still check the account status — and we get a smart contract. Further, under smart contracts we will understand the Ethereum network (Ethereum) smart contracts as the most popular at the time of this writing.

Deterministic means that for the same transaction arguments and the same initial storage state, we get the same result and the same changes made in storage. Only under these conditions can the network reach a consensus on each transaction. It should be understood that the smart contract is rather isolated from the outside world due to the requirement of determinism, verifiability and decentralization. For example, he cannot pull the Web API in a decentralized style (there are solutions, so-called oracles, but everything is not easy there, and this is a separate topic). In addition, contract control over the outside world is also extremely limited, for example, it is difficult to rent an apartment through a smart contract, exchanging a cryptocurrency for an electronic key (despite the enthusiastic prospectuses meeting on the Web): I still have to trust the landlord to know that when go to the door, on top of the electronic lock will not hang a large barn.

In order to get the results of the contract (new balance or storage changes), the nodes of the network have to perform the operations specified in it. Computing on a set of nodes cannot be free, so the concept of gas (gas) is introduced in Ethereum - in order not to hardcod the commission for calculations in cryptocurrency, but to allow the user to calculate the amount of calculations and set their price. This design is an additional level of indirection; it gives the user a choice between a cheap transaction and a fast transaction.

When money is sent to a contract as to an account (i.e. just to the address), the default entry point is triggered: the fallback function. Unlike an account, a contract with more than one entry point is a method that can take parameters. To change a contract (no matter what the entry point is), you will have to send a transaction to the network: it must commit the changes. And just something to look in the read only mode is possible locally, having the current blockchain. Also, unlike accounts, contracts do not have a private key. Directly from their balance does not withdraw funds - this is done using explicitly prescribed methods, which, of course, need to impose security restrictions, such as checking the address of who calls them.

Total on top of the blockcoin in the bitcoin style, we got the technology of smart contracts.

A lot of cryptocurrencies, or so-called tokens, are based on Ethereum smart contracts. Yes, usually such a cryptocurrency is just an ethereal contract (one!). Balances are records in the storage of the contract in the form of a map, and the transfer of currency from one to another is:

map[Alice] –= payment;
map[Bob] += payment;

They do not need their own mining and their network: they use the infrastructure of Ethereum. ICO / ITO on Ethereum is the exchange of ether (aetherium cryptocurrency) for cryptocurrency (tokens). The ERC20 standard says which methods should be defined for a cryptocurrency contract, due to which many cryptocurrencies can be supported by exchanges and immediately supported by electronic wallets that work with Ethereum.

Further development

Above the basic idea of ​​the blockchain, in addition to smart contracts, there are many other ideas, for example, the so-called zero disclosure or network self-regulation.

Zero disclosure is based on the eponymous family of cryptographic protocols, the essence of which is to prove ownership of the object without showing it completely. For example, I can prove that I own a specific 1 GB file if I can answer ten questions about bytes in different random positions of this file. In this case, obviously, I will transfer a total of 10 bytes from 1 GB, which the relying party probably knows. Since exponentiation is performed during RSA encryption, and

$$

$$(Y * X) ^ {a} == Y ^ {a} * X ^ {a},$$

it turns out that

$$

$$encrypted (Y * X) == encrypted (Y) * encrypted (X).$$

Thus, for example, anyone can verify that the balance of my account has been correctly multiplied, and there is no need to disclose how much money I had in my account! Continuing this idea, you can create a cryptocurrency with closed information about balances and payments (and it already exists - Zcash ) and generally hide the calculations arguments in a smart contract.

Blockchains have network-wide parameters recorded in the program code of the network clients themselves, for example, how many transactions to include in the block. Usually, changing them requires the community to accept these edits (which is expressed in the code update) and threatens to fork the network (when some participants decide not to accept the edit, they simply continue to work on the “old” code). Self-regulation is trying to solve these problems, for example, Tezos blockchain. The bottom line is that you can vote for each edit by your own means (without losing them, of course).

Conclusion

Total technology has gone the following way:

transaction signature (asymmetric cryptography) + transaction openness + transaction ordering + expansion of operations to the Turing machine + (zero disclosure | self-regulation | ...)

A few words about the blockchain landscape. It has already been said that there are many cryptocurrencies that are ethereal contracts, that is, those using the Ethereum blockchain. But there are projects in addition to Bitcoin and Ethereum - they may differ in details (for example, forks), and quite strongly, trying to create fundamentally new blockchains, for example, EOS .

Bonus

On the study of smart contracts Ethereum. The infrastructure is damp in places (it is not very convenient to use), but reliable enough. Here is a set of links on which I studied the writing and security of smart contracts (I do not forget about security! Money is at stake!). I recommend reading in the following sequence:

• Bitcoin: A Peer-to-Peer Electronic Cash System - sections 1–8
• Just Enough Bitcoin for Ethereum
• Ethereum white paper
• If you just want a little practice right away: The Hitchhiker's Guide to Smart Contracts in Ethereum
• Solidity documentation
• Ethereum Natural Specification Format
• contracts / in Zeppelin Solidity
• Onward with Ethereum Smart Contract Security
• Ethereum Contract Security Techniques and Tips
• Only relevant from Hacking, Distributed