diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-04-30 01:59:45 +0200 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-05-03 01:38:57 +0200 |
commit | dd15e37e214904e1f9dc9f9bd0a57d247cca653f (patch) | |
tree | cbc4e16880e8111b13333013c725094b970eb850 /introduction.tex | |
parent | b5d0fa21679e889a458f7d43afeef5c90dbd891c (diff) | |
download | dold-thesis-phd-dd15e37e214904e1f9dc9f9bd0a57d247cca653f.tar.gz dold-thesis-phd-dd15e37e214904e1f9dc9f9bd0a57d247cca653f.tar.bz2 dold-thesis-phd-dd15e37e214904e1f9dc9f9bd0a57d247cca653f.zip |
editing WIP
Diffstat (limited to 'introduction.tex')
-rw-r--r-- | introduction.tex | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/introduction.tex b/introduction.tex index abeec66..edadde7 100644 --- a/introduction.tex +++ b/introduction.tex @@ -45,7 +45,7 @@ This thesis covers both categories of payment systems: GNU Taler is an official package of the GNU project\footnote{\url{https://gnu.org/}}, and the BSC protocol was implemented in the \textsc{CONSENSUS} subsystem of the GNUnet -framework\footnote{\url{https://gnunet.org}}. Our Free Software +framework\footnote{\url{https://gnunet.org}}. Our free software implementations are freely available from the GNU mirrors. @@ -185,7 +185,7 @@ supports the more highly ranked goal is preferred: \item \textbf{GNU Taler must foster competition.} It must be relatively easy for competitors to join the systems. While the - barriers for this in traditional financial systems are rather high, the the + barriers for this in traditional financial systems are rather high, the technical burden for new competitors to join must be minimized. Another design choice that supports this is to split the whole system into smaller components that can be operated, developed and improved upon independently, @@ -238,7 +238,7 @@ double-spent. In an offline e-cash system, the detection of such an event is greatly delayed compared to systems with online spending, which can immediately detect when more coins are spent than were issued. -Thus in GNU Taler, we decided that all coins must be immediately +Thus, in GNU Taler, we decided that all coins must be immediately deposited online during a purchase. Only either merchant or customer need to be online, since one of the two can forward messages to the payment service provider for the other. @@ -265,7 +265,7 @@ wallets and the communication cost of withdrawals. The current state of the art for divisible e-cash~\cite{pointcheval2017cut} achieves constant-time withdrawal and wallet storage cost for coins that can be split into an arbitrary but fixed (as a system parameter) number of pieces. A -continuous ``chunk'' of the smallest pieces of coin can be spent with +continuous ``chunk'' of the smallest pieces of a coin can be spent with constant-time communication complexity. While this sounds attractive in theory, these results are mostly of academic @@ -337,7 +337,7 @@ of a coin. Atomic swaps (often called ``fair exchange'' in the e-cash literature) are a feature of some e-cash systems that allows e-cash to be exchanged against some service or (digital) product, with a trusted third -party ensuring that payee receives the payment if and only if they correctly +party ensuring that the payee receives the payment if and only if they correctly provided the merchandise. GNU Taler supports Camenisch-style atomic swaps~\cite{camenisch2007endorsed}, @@ -541,17 +541,17 @@ aware of any other treatments of income transparency and conservation. \section{Distributed Ledgers} \label{sec:intro:blockchain} -The main purpose of Blockchains, including those implementing +The main purpose of blockchains, including those implementing cryptocurrencies, is to maintain a distributed ledger that holds state, together with rules on how this state can be updated. The name -``Blockchain'' derives from its structure: A list of updates +``blockchain'' derives from its structure: A list of updates (``transactions'') is bundled into a so-called block, and each block contains a hash of the previous block. Cryptocurrencies use -Blockchains to remember the amount of currency controlled by a +blockchains to remember the amount of currency controlled by a particular account ($\equiv$ private key). Thus, while cryptocurrencies use the term ``coin'' (creating potentially misleading associations with cash), they actually realize a decentralized register-based -payment system with the Blockchain storing the register\footnote{% +payment system with the blockchain storing the register\footnote{% Anonymous cryotocurrencies such as ZeroCash \cite{bensasson2014zerocash} have special accounts (called shielded addresses) that can ``hide'' their balance, and require the owner to prove in zero knowledge that their balance is sufficient for a transaction. @@ -560,7 +560,7 @@ are closer to value-based systems. However, currently only a small percentage ( all funds in ZCash, the most widely used anonymous cryptocurrency, belong to shielded addresses (\url{https://explorer.zcha.in/statistics/value}).} using private keys to authenticate account owners. -Cryptocurrencies based on Blockchains gained immense popularity over +Cryptocurrencies based on blockchains gained immense popularity over the last years on the promise of a universal, global and decentralized payment system that is independent from country boundaries and legislations. In practice, however, current incarnations of these @@ -568,7 +568,7 @@ technologies can only handle a handful of transactions, have high transaction fees and are surprisingly centralized \cite{beikverdi2015trend,bohme2015bitcoin}. Bitcoin, the most popular cryptocurrency, can handle around 3-7 transactions per second, -globally. While there are various plans to make Blockchains more +globally. While there are various plans to make blockchains more scalable~\cite{green2016bolt}, there is no concrete evidence that any of them will work without further sacrificing % the existing advantages of decentralization. @@ -576,15 +576,15 @@ decentralization. \subsection{Consensus in Decentralized Blockchains} -In decentralized Blockchains, multiple parties must agree on the current state of +In decentralized blockchains, multiple parties must agree on the current state of the ledger by agreeing on a ``head'' of the chain of blocks. How to advance this head to include new transactions is thus a critical design choice. -With proof-of-work Blockchains such as Bitcoin, each block contains +With proof-of-work blockchains such as Bitcoin, each block contains the solution to a computationally expensive puzzle that is derived from the contents of the block. The block that, together with its ancestors, contains the most expensive accumulated work (and respects -the rules of the Blockchain with regards to what transactions are +the rules of the blockchain with regards to what transactions are valid) is considered the head of the chain. All participants of the network can ``mine'' a block by collecting transactions and trying to solve the corresponding computational puzzle. Successful miners are @@ -598,9 +598,9 @@ remains secure as long as an adversary has less than 1/4 of computational power \cite{eyal2018majority}---it consumes a huge amount of energy to provide for computation of the proof-of-work puzzles. -After Bitcoin popularized the concept of Blockchains, alternative consensus +After Bitcoin popularized the concept of blockchains, alternative consensus mechanisms were proposed to replace or augment proof-of-work. In -proof-of-stake Blockchains, a single node is selected as a validator. The +proof-of-stake blockchains, a single node is selected as a validator. The validator must provide a safety deposit (the ``stake''), and if any misbehavior is detected, the safety deposit is destroyed. If the validator behaves correctly, they earn transaction fees and get back their safety deposit. @@ -609,16 +609,16 @@ falling back to other consensus mechanisms in certain situations. \subsection{Permissioned Blockchains} -Permissioned Blockchains have a known, relatively small set of participants, +Permissioned blockchains have a known, relatively small set of participants, and can rely on more traditional and cheaper consensus algorithms. When resilience against actively malicious members is required, a so-called Byzantine consensus protocol must be used. Byzantine consensus protocols typically agree on a single value at once. In Chapter~\ref{chapter:consensus} we introduce a Byzantine consensus -algorithm that can be used to agree directly on a (super)set of all +algorithm that can be used to agree directly on a (super-)set of all transaction that honest peers proposed. This allows for -implementations of permissioned Blockchains where transactions are +implementations of permissioned blockchains where transactions are accumulated into blocks, and the transactions within a block are agreed upon in a way that's asymptotically faster than agreeing on every transaction sequentially. @@ -631,10 +631,10 @@ system, with GNU Taler e-cash as the value-based layer above it. \subsection{Blockchains and GNU Taler} Blockchains today fail to satisfy most of our design goals for payment -systems. While most Blockchains are implemented as Free Software, +systems. While most blockchains are implemented as free software, they often manage to both fail to adequately protect the privacy of buyers {\em and} to enable the state to crack down on illegal -activities: With most non-permissioned Blockchains, the transaction +activities: With most non-permissioned blockchains, the transaction history of all participants is publicly available, creating serious privacy risks.~\cite{meiklejohn2013fistful,jawaheri2018small} At the same time, as accounts are simply private keys, states have a hard time @@ -642,19 +642,19 @@ tracking down users.~\cite{luu2016challenge} Design variations that do offer reasonable privacy generally have even more atrocious performance characteristics and create additional traceability problems for law enforcement.~\cite{bensasson2014zerocash} -Additionally, Blockchain-based cryptocurrencies suffer from usability +Additionally, blockchain-based cryptocurrencies suffer from usability and performance problems. With our BSC protocol, we focus on improving the performance of the -consensus protocol for permissioned Blockchains. Permissioned -Blockchains can be given rules that enforce Know-Your-Customer (KYC) +consensus protocol for permissioned blockchains. Permissioned +blockchains can be given rules that enforce Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) regulations.~\cite{shrier2016blockchain} When deployed in the context of centrally banked fiat currencies, such a permissioned -Blockchain can then effectively recreate the semantics of a classical +blockchain can then effectively recreate the semantics of a classical distributed banking system. As mentioned before, GNU Taler's value-based protocol can be integrated with any kind of register-based -banking---including those based on Blockchains---improving +banking---including those based on blockchains---improving performance and privacy for value-based transactions. % block structure |