Imagine yourself to be a University Dean in the position of creating a new course on blockchains.

To which department would you assign the course?

• computer science or mathematics?
• economics or political science?
• sociology or philosophy?

In fact, any of these departments would be appropriate.

• blockchains today are still cutting edge and mysterious, but one day they will be as ubiquitous as Internet and Web
• one day many academic departments will offer courses on them, each with their own particular viewpoint

• a distributed system
• using cryptography
• to secure an evolving consensus
• about a token with economic value

• mathematics (cryptography)
• computer science (distributed systems)
• economics (exchange of tokens with economic value)
• politics (mechanisms for reaching consensus)

A cryptographic token is a quantified and tradable unit of value recorded on the blockchain.

• fungible tokens are cryptocurrencies (Bitcoin and alternative coins); they are interchangeable and can be split in smaller pieces whose sum makes the whole
• non-fungible tokens represent something unique (for instance, a digital work of art); think of them like rare, one-of-a-kind collectibles. They are not interchangeable and cannot be divided

Blockchains are both technological and social movements, yet very few people have both backgrounds.

• those who come from technical backgrounds sometimes fall in love with the novel technology inside blockchains and ignore the social aspects entirely
• this leads to projects that solve useless problems that no one actually has
• those who come from social backgrounds are sometimes unable (or unwilling) to understand the technological aspects of blockchains
• this leads to projects that are fundamentally unsound

Blockchain was born within the cypherpunks movement, strictly related to libertarian ideals and open source principles.

Cypherpunks write code, but they are equally talented as social agitators.

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. […] Cypherpunks write code. We know that software can't be destroyed and that a widely dispersed system can't be shut down. A Cypherpunk's Manifesto by Eric Hughes (9 March 1993)

If you don't already believe that blockchain was and is also a political project, read the message of Satoshi Nakamoto (creator of Bitcoin) embedded into the very first Bitcoin block:

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks

Considering the context in which they appear – during the bank-driven financial crisis of 2009, the worst after the economic recession of 1929 – these words are calling for revolution.

Here is the original post of Satoshi Nakamoto proposing a peer-to-peer electronic cash system called Bitcoin.

Blockchain is much more than a technology, it is also a culture and community that is passionate about creating a more equitable world through decentralization.

We are now entering a radical evolution of how we interact and trade because, for the first time, we can lower uncertainty not just with political and economic institutions but with technology alone. Bettina Warburg

The numerous components of blockchain technology can make it challenging to understand.

However, each component can be described simply and used as a building block to understand the larger complex system.

1. blocks
2. hash
3. chain
4. proof of work
5. transactions
6. digital signature
7. peer-to-peer

The building blocks of a blockchain are… blocks.

A block is a container for data

In its simplest form it contains:

• an identification number
• a timestamp of block creation
• a bunch of data (usually, transactions)

genesis_block = list(number = 0,
                     timestamp = "2009-01-03 18:15:05",
                     data = "The Times 03/Jan/2009 
                     Chancellor on brink of second bailout for banks")

• each block has a fingerprint called hash that is used to certify the information content of the block
• hashes of blocks are created using cryptographic hash functions, that are mathematical algorithms that maps data of arbitrary size to a bit string of a fixed size
• a popular hash algorithm is SHA-256, designed by the United States National Security Agency (NSA)
• it uses a hash of 256 bits (32 bytes), represented by an hexadecimal string of 64 figures
• \(2^{256} \approx 10^{77}\) is huge (more or less the estimated number of atoms of our universe), an infinite number for any practical purposes

The ideal cryptographic hash function has five main properties:

• it is deterministic so the same message always results in the same hash
• it is quick to compute the hash value for any given message
• a small change to a message should change the hash value extensively
• it is infeasible (but not impossible) to generate a message from its hash value
• it is infeasible (but not impossible) to find two different messages with the same hash value

# load library
library(digest)

# hash a string
digest("Così tra questa immensità s'annega il pensier mio: 
       e il naufragar m'è dolce in questo mare", "sha256")

## [1] "df8a9688de20afa8f42f8d9e42c7b74d4adea9c1b70efaae0227bb4c17cba37a"

# hash a slightly different string
digest("Così tra questa infinità s'annega il pensier mio: 
       e il naufragar m'è dolce in questo mare", "sha256")

## [1] "1c5de2ed842d981171451186773e34a2a877f75f44425001a3e57895585a0783"

• blocks are chronologically concatenated into a chain by adding to the block a field with the hash of the previous block in the chain
• it follows that the hash of each block is computed using also the hash of the previous block
• this means if you alter one block you need to modify not only the hash of it but that of all following blocks for the chain to be valid
• the first block of the chain is called the genesis block and represents the initial state of the system (Bitcoin genesis block, Ethereum genesis block)

mine <- function(previous_block, genesis = FALSE){
  if (genesis) {
    # define genesis block
    new_block <- list(number = 0,
                      timestamp = Sys.time(),
                      data = "I'm genesis block",
                      parent_hash = "0")  
  } else {
    # create new block
    current_number = previous_block$number + 1
    new_block <- list(number = current_number,
                      timestamp = Sys.time(),
                      data = paste0("I'm block ", current_number),
                      parent_hash = previous_block$hash)
  }
  # add hash 
  new_block$hash <- digest(new_block, "sha256")
  return(new_block)
}

chain = function(nblocks) {
  # mine genesis block
  block_genesis <- mine(NULL, TRUE)   
  
  # first block is the genesis block
  blockchain <- list(block_genesis)

  if (nblocks >= 2) {
    # add new blocks to the chain
    for (i in 2:nblocks){
      blockchain[[i]] <- mine(blockchain[[i-1]], FALSE) 
    }
  }
  
  return(blockchain)
}

chain(nblocks = 3)

## [[1]]
## [[1]]$number
## [1] 0
## 
## [[1]]$timestamp
## [1] "2019-05-29 14:27:40 CEST"
## 
## [[1]]$data
## [1] "I'm genesis block"
## 
## [[1]]$parent_hash
## [1] "0"
## 
## [[1]]$hash
## [1] "97b8c61a154d920246d675b893af307d7bf22be639b820a57bd56fd17dae20df"
## 
## 
## [[2]]
## [[2]]$number
## [1] 1
## 
## [[2]]$timestamp
## [1] "2019-05-29 14:27:40 CEST"
## 
## [[2]]$data
## [1] "I'm block 1"
## 
## [[2]]$parent_hash
## [1] "97b8c61a154d920246d675b893af307d7bf22be639b820a57bd56fd17dae20df"
## 
## [[2]]$hash
## [1] "ae91283e19f722ddb74dfe83e0721e07ad766e3e70f129b7515deaf543b983b6"
## 
## 
## [[3]]
## [[3]]$number
## [1] 2
## 
## [[3]]$timestamp
## [1] "2019-05-29 14:27:40 CEST"
## 
## [[3]]$data
## [1] "I'm block 2"
## 
## [[3]]$parent_hash
## [1] "ae91283e19f722ddb74dfe83e0721e07ad766e3e70f129b7515deaf543b983b6"
## 
## [[3]]$hash
## [1] "fb6fe0265cba73aac5484d9af0d18d4f8b69189a0e3e7b266d1a469feeb488eb"

• hash alone is not enough to prevent tampering, since hash values can be computed fast by computers
• a proof of work method is needed to control the difficulty of creating a new block
• to mine (create) a new block you have to find a solution to a computational problem that is hard to solve and easy to verify
• this is a cryptographic puzzle that can be attacked only with a brute-force approach (trying many possibilities), so that only computational power counts
• one CPU one vote is blockchain democracy

• typically, the proof of work problem involves finding a number (called nonce) that once added to the block is such that the corresponding block hash contains a certain amount of leading zeros called difficulty
• the average work that a miner needs to perform in order to find a valid nonce is exponential in the difficulty, while one can verify the validity of the block by executing a single hash function
• the amount of energy used for the mining process is not trivial: it is estimated that Bitcoin mining consumes as much electricity as Denmark
• alternative, less resource consuming, consensus mechanisms are looked for, the most promising one is proof of stake

proof_of_work = function(block, difficulty) {
  block$nonce <- 0
  hash = digest(block, "sha256")
  zero <- paste(rep("0", difficulty), collapse="")
  while(substr(hash, 1, difficulty) != zero) {
      block$nonce = block$nonce + 1
      hash = digest(block, "sha256")  
  }
  return(list(hash = hash, nonce = block$nonce))
}

proof_of_work(block, 1)

## $hash
## [1] "0c8536158da57a423750674eaaa1297c511896b82371fdc816e105c273fced41"
## 
## $nonce
## [1] 2

proof_of_work(block, 2)

## $hash
## [1] "00e97789484d40519da718f435a117b6120914cb4ab2554a65ba00dc602e1982"
## 
## $nonce
## [1] 297

proof_of_work(block, 3)

## $hash
## [1] "00026e5eb7139396d50dd199846a65eb8328dfa926d2faf68d12832ceba0b1c1"
## 
## $nonce
## [1] 5318

proof_of_work(block, 4)

## $hash
## [1] "0000a090c57f694adaa44159d78608faf4232d89e4adc21d6e8e4aee1a77a9dd"
## 
## $nonce
## [1] 41873

mine <- function(previous_block, difficulty = 3, genesis = FALSE){
  
  if (genesis) {
    # define genesis block
    new_block <-  list(number = 0,
                       timestamp = Sys.time(),
                       data = "I'm genesis block",
                       parent_hash = "0")  
  } else {
    # create new block
    current_number <- previous_block$number + 1
    new_block <- list(number = current_number,
                      timestamp = Sys.time(),
                      data = paste0("I'm block ", current_number),
                      parent_hash = previous_block$hash)
  }
  
  # add nonce with proof of work
  new_block$nonce <- proof_of_work(new_block, difficulty)$nonce
  
  # add hash 
  new_block$hash <- digest(new_block, "sha256")
  return(new_block)
}

chain = function(nblocks, difficulty = 3) {
  # mine genesis block
  block_genesis = mine(NULL, difficulty, TRUE)   
  
  # first block is the genesis block
  blockchain <- list(block_genesis)

  if (nblocks >= 2) {
    # add new blocks to the chain
    for (i in 2:nblocks){
      blockchain[[i]] <- mine(blockchain[[i-1]], difficulty) 
    }
    
  }
  
  return(blockchain)
}

chain(nblocks = 3)

## [[1]]
## [[1]]$number
## [1] 0
## 
## [[1]]$timestamp
## [1] "2019-05-29 14:27:43 CEST"
## 
## [[1]]$data
## [1] "I'm genesis block"
## 
## [[1]]$parent_hash
## [1] "0"
## 
## [[1]]$nonce
## [1] 1149
## 
## [[1]]$hash
## [1] "0006a32699f68d2c994c4589251193d4765a797462cca3f1b805f4a66c3cca77"
## 
## 
## [[2]]
## [[2]]$number
## [1] 1
## 
## [[2]]$timestamp
## [1] "2019-05-29 14:27:43 CEST"
## 
## [[2]]$data
## [1] "I'm block 1"
## 
## [[2]]$parent_hash
## [1] "0006a32699f68d2c994c4589251193d4765a797462cca3f1b805f4a66c3cca77"
## 
## [[2]]$nonce
## [1] 3159
## 
## [[2]]$hash
## [1] "000f1a210b967a0b9762e8f3874e6d331f01c110ba00f63d3bf6b92eda95cbee"
## 
## 
## [[3]]
## [[3]]$number
## [1] 2
## 
## [[3]]$timestamp
## [1] "2019-05-29 14:27:43 CEST"
## 
## [[3]]$data
## [1] "I'm block 2"
## 
## [[3]]$parent_hash
## [1] "000f1a210b967a0b9762e8f3874e6d331f01c110ba00f63d3bf6b92eda95cbee"
## 
## [[3]]$nonce
## [1] 4372
## 
## [[3]]$hash
## [1] "0006b7133ad010fe0efb3f36a966b69a8145f5649bafbdd9120d724a26d45cc6"

• a block contains a header with metadata (like block number and timestamp) and a data field with a certain number of transactions
• a transaction represents an interaction between parties, typically a transfer from sender to receiver of cryptocurrencies or of any other token
• each transaction has a fee that must be payed by the sender
• each potential miner includes in its block a subset of pending transactions
• the miner of the block gets the fees of all blocked transactions plus a fixed, newly minted amount of crypto (this is how new coins are introduced in the blockchain economy)
• here is a transaction on the Ethereum blockchain selling an artwork against cryptocurrency (2.5 Ether)

• how can we be sure that transactions are authentic?
• blockchain uses asymmetric cryptography to implement digital signatures of transactions
• in asymmetric cryptography each user has a public key (that can be distributed) and a private key (that need to be kept secret)
• each transaction is signed with the sender's private key
• anyone can verify the authenticity of the transaction using the sender's public key

# load library
library(openssl)

# generate a private key (key) and a public key (pubkey)
key <- rsa_keygen()
pubkey <- key$pubkey

# build a transaction
trans = list(sender = "A", receiver = "B", amount = "100")

# serialize data
data <- serialize(trans, NULL)

# sign (a hash of) the transaction with private key
sig <- signature_create(data, sha256, key = key)

# verify the message with public key
signature_verify(data, sig, sha256, pubkey = pubkey)

## [1] TRUE

Finally, the blockchain ledger is distributed over a peer-to-peer network.

The steps to run the network are as follows:

1. new transactions are broadcast to all nodes
2. each node collects some transactions into a block
3. each node works on finding a difficult proof of work for its block
4. when a node finds a proof of work, it broadcasts the block to all nodes
5. nodes accept the block only if all transactions in it are authentic and not already spent
6. nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash

• odometers, Bosch IoT Lab
• digital voting, Agora
• food supply chain, IBM and Walmart
• global trade platform, IBM and Maersk
• digital art, Pixura

Crypto art (or rare digital art) is limited-edition, collectible, and tradable art registered with a token on a blockchain.

We illustrate the typical workflow of crypto art with a real example from the digital gallery SuperRare.

1. an artist creates a digital artwork (an image or animation) and uploads it to the gallery
2. the smart contract of the gallery creates a non-fungible token on the Ethereum blockchain associated with the artwork and transfers the token to the artist's wallet
3. also, the gallery distributes the artwork file over the IPFS peer-to-peer network
4. collectors can place valued bids on the artwork by transferring a bidden amount to the smart contract of the gallery (the collector can withdraw bids at anytime)
5. eventually the artist accepts one of the bids: the smart contract of the gallery transfers the artwork's token to the collector's wallet and the agreed cryptocurrency to the artist's wallet
6. the artwork remains tradable on the market

Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke

• Bitcoin: A Peer-to-Peer Electronic Cash System, Satoshi Nakamoto, 2009
• Blockchain Technology Overview, National Institute of Standards and Technology, 2018
• Why It’s Hard to Get Bitcoin: The Blockchain Spectrum, Dhruv Bansal, 2017

• the proof of stake model is based on the idea that the more stake a user has invested into the system, the more likely they will want the system to succeed, and the less likely they will want to subvert it
• stake is an amount of cryptocurrency that once staked is no longer available to be spent
• the likelihood of a user mining a new block is tied to the ratio of their stake to the overall staked cryptocurrency
• with this consensus model, there is no need to perform resource intensive computations
• however, the rich gets richer phenomenon need to be controlled

• it is possible that multiple blocks will be published at approximately the same time
• this can cause differing versions of a blockchain to exist at any given moment
• these must be resolved quickly to have consistency in the blockchain network
• blockchain nodes will wait until the next block is published and use the longer blockchain as the official blockchain

• an attacker might garner enough resources (more than half) to outpace the block creation rate of rest of the blockchain network
• she can now play with her rules, for instance defraud people by stealing back her payments
• why is this attack deemed to fail?

The incentive of rewards may help encourage nodes to stay honest.

If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins.

He ought to find it more profitable to play by the rules (generate new coins), such rules that favor him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth. Satoshi Nakamoto (Bitcoin white paper)

• the traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party
• the necessity to announce all transactions publicly precludes this method
• but privacy can still be maintained by keeping public keys anonymous
• this is similar to the level of information released by stock exchanges, where the time and size of individual trades, the tape, is made public, but without telling who the parties were

• a hard fork is a change to a blockchain implementation that is not backwards compatible
• at a given point in time (usually at a specific block number), all nodes will need to switch to using the updated protocol
• nodes that have not updated will reject the newly formatted blocks and only accept blocks with the old format
• this results in two incompatible versions of the blockchain existing simultaneously
• a popular hard fork separated Ethereum blockchain from Ethereum Classic after The DAO scam

The term smart contract dates to 1994, defined by Nick Szabo as:

A computerized transaction protocol that executes the terms of a contract. The general objectives of smart contract design are to satisfy common contractual conditions (such as payment terms, liens, confidentiality, and even enforcement), minimize exceptions both malicious and accidental, and minimize the need for trusted intermediaries.

The user issuing a transaction to a smart contract will have to pay a fee proportional to the complexity of the code executed.

• the cryptographic algorithms utilized within most blockchain technologies for asymmetric-key pairs (digital signature) will need to be replaced
• the hashing algorithms used by blockchain networks are much less susceptible but are still weakened