Imagine yourself to be a University Dean in the position of creating a new course on blockchains. To which department would you assign the course?

• computer science or mathematics?
• economics or political science?
• sociology or philosophy?

In fact, any of these departments would be appropriate.

• blockchains today are still cutting edge and mysterious, but one day they will be as ubiquitous as Internet and Web
• one day many academic departments will offer courses on them, each with their own particular viewpoint

• a distributed system
• using cryptography
• to secure an evolving consensus
• about a token with economic value

• mathematics (cryptography)
• computer science (distributed systems)
• economics (exchange of tokens with economic value)
• politics (mechanisms for reaching consensus)

Blockchains are both technological and social movements, yet very few people have both backgrounds.

• those who come from technical backgrounds sometimes fall in love with the novel technology inside blockchains and ignore the social aspects entirely
• this leads to projects that solve useless problems that no one actually has
• those who come from social backgrounds are sometimes unable (or unwilling) to understand the technological aspects of blockchains
• this leads to projects that are fundamentally unsound

Blockchain is much more than a technology, it is also a culture and community that is passionate about creating a more equitable world through decentralization.

We are now entering a radical evolution of how we interact and trade because, for the first time, we can lower uncertainty not just with political and economic institutions but with technology alone. Bettina Warburg

• the origins of blockchain go back to the crypto-anarchism and cypherpunk movements of the late 80s
• crypto-anarchists and cypherpunks advocate widespread use of strong cryptography in an effort to protect their privacy, their political freedom, and their economic freedom
• these movements in turn take the roots from anarcho-capitalism, a political philosophy and economic theory that advocates the elimination of centralized states in favor of self-ownership, private property and free markets
• which in turns refers to Laissez-faire (listen), an economic system in which transactions happen between private parties in the absence of any form of government intervention

The Crypto Anarchist Manifesto by Timothy C. May dates back to mid-1988 and was distributed to some like-minded techno-anarchists at the Crypto ’88 conference:

Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. Timothy C. May, Crypto Anarchist Manifesto, 1988

The following excerpt from the Cypherpunk Manifesto by Eric Hughes (1993) is particularly telling since it contains, 30 years before, all ingredients of modern blockchain technology:

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. […] Cypherpunks write code. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down. Eric Hughes, Cypherpunk Manifesto, 1993

• the technical specification of blockchain was proposed in 1991 by Stuart Haber, a cryptographer, and Scott Stornetta, a physicist
• they published their work in The Journal of Cryptography in 1991 under the title How to Time-Stamp a Digital Document and one year later they registered it with a US patent

Haber and Stornetta were trying to deal with the epistemological problem of truth in the digital age:

The prospect of a world in which all text, audio, picture and video documents are in digital form on easily modifiable media raises the issue of how to certify when a document was created or last changed. The problem is to time-tamp the data, not the medium. Haber and Stornetta, How to Time-Stamp a Digital Document, 1991

In particular, they started from two questions:

1. If it is so easy to manipulate a digital file on a personal computer, how will we know what was true about the past?
2. How can we trust what we know of the past without having to trust a central authority to keep the record?

The numerous components of blockchain technology can make it challenging to understand.

However, each component can be described simply and used as a building block to understand the larger complex system.

1. blocks
2. hash
3. chain
4. proof of work
5. transactions
6. digital signature
7. peer-to-peer

The building blocks of a blockchain are… blocks.

A block is a container for data

In its simplest form it contains:

• an identification number

• a timestamp of block creation

• a bunch of data (usually, transactions)

• the genesis block of Bitcoin blockchain

• the genesis block of Ethereum blockchain

genesis_block = 
  list(number = 0,
       timestamp = "2009-01-03 18:15:05",
       data = "The Times 03/Jan/2009 
               Chancellor on brink of second bailout for banks")

• each block has a fingerprint called hash that is used to certify the information content of the block
• hashes of blocks are created using cryptographic hash functions, that are mathematical algorithms that maps data of arbitrary size to a bit string of a fixed size
• a popular hash algorithm is SHA-256, designed by the United States National Security Agency (NSA)
• it uses a hash of 256 bits (32 bytes), represented by an hexadecimal string of 64 figures
• \(2^{256} \approx 10^{77}\) is huge (more or less the estimated number of atoms of our universe), an infinite number for any practical purposes

The ideal cryptographic hash function has five main properties:

• it is deterministic so the same message always results in the same hash
• it is quick to compute the hash value for any given message
• a small change to a message should change the hash value extensively
• it is infeasible (but not impossible) to generate a message from its hash value
• it is infeasible (but not impossible) to find two different messages with the same hash value

# load library
library(digest)

# hash a string
digest("Così tra questa immensità s'annega il pensier mio: 
       e il naufragar m'è dolce in questo mare", "sha256")

## [1] "721956f9e4d4a31524ec94bc9926445c81228b96129132745a362eca8d016154"

# hash a slightly different string
digest("Così tra questa infinità s'annega il pensier mio: 
       e il naufragar m'è dolce in questo mare", "sha256")

## [1] "0095d410ee1935a163891970ee2606f2031238ac7adf839fe02d3353162cf5a0"

• blocks are chronologically concatenated into a chain by adding to the block a field with the hash of the previous block in the chain
• it follows that the hash of each block is computed using also the hash of the previous block
• this means if you alter one block you need to modify not only the hash of it but that of all following blocks for the chain to be valid
• the first block of the chain is called the genesis block and represents the initial state of the system

1. Create a function called mine that mines and returns a new block given the previous block. The function receives as parameteres the previous block and a flag genesis that is TRUE if and only if the block to mint is the genesis block. The new block has the following components:
   • number, the number of the block
   • timestamp, the time of block creation
   • data, a string saying the number of the block
   • parent_hash, the hash of the parent block
   • hash, the hash of the current block
2. Write a function chain that given a positive number creates and returns a blockchain with that number of blocks using the mine function.

mine <- function(previous_block, genesis = FALSE){
  if (genesis) {
    # define genesis block
    new_block <- list(number = 0,
                      timestamp = Sys.time(),
                      data = "I'm the genesis block",
                      parent_hash = "0")  
  } else {
    # create new block
    current_number = previous_block$number + 1
    new_block <- list(number = current_number,
                      timestamp = Sys.time(),
                      data = paste0("I'm block ", current_number),
                      parent_hash = previous_block$hash)
  }
  # add hash 
  new_block$hash <- digest(new_block, "sha256")
  return(new_block)
}

chain = function(nblocks) {
  # mine genesis block
  block_genesis <- mine(NULL, TRUE)   
  
  # first block is the genesis block
  blockchain <- list(block_genesis)

  if (nblocks >= 2) {
    # add new blocks to the chain
    for (i in 2:nblocks){
      blockchain[[i]] <- mine(blockchain[[i-1]], FALSE) 
    }
  }
  
  return(blockchain)
}

chain(nblocks = 3)

## [[1]]
## [[1]]$number
## [1] 0
## 
## [[1]]$timestamp
## [1] "2022-05-20 09:15:25 CEST"
## 
## [[1]]$data
## [1] "I'm the genesis block"
## 
## [[1]]$parent_hash
## [1] "0"
## 
## [[1]]$hash
## [1] "c294f083ac56ea7210d67c994db391dccd9e5f5fb99d08b0a360040fb27fe29e"
## 
## 
## [[2]]
## [[2]]$number
## [1] 1
## 
## [[2]]$timestamp
## [1] "2022-05-20 09:15:25 CEST"
## 
## [[2]]$data
## [1] "I'm block 1"
## 
## [[2]]$parent_hash
## [1] "c294f083ac56ea7210d67c994db391dccd9e5f5fb99d08b0a360040fb27fe29e"
## 
## [[2]]$hash
## [1] "5217e98bcb2acfe3a07b3e9db6f61329e094f0bb0df35639b1884ff25ebb875d"
## 
## 
## [[3]]
## [[3]]$number
## [1] 2
## 
## [[3]]$timestamp
## [1] "2022-05-20 09:15:25 CEST"
## 
## [[3]]$data
## [1] "I'm block 2"
## 
## [[3]]$parent_hash
## [1] "5217e98bcb2acfe3a07b3e9db6f61329e094f0bb0df35639b1884ff25ebb875d"
## 
## [[3]]$hash
## [1] "69d78056ba914d1da9e6b2d828e9120fc50c08b60dd2e18f6e52164516dead3b"

• the Byzantine Generals Problem is a computer-related problem consisting in finding an agreement by communicating through messages between the different components of the network
• this is a problem that was theorised by the mathematicians Leslie Lamport, Marshall Pease and Robert Shostak in 1982, who created the metaphor of the generals
• several generals are on the verge of attacking an enemy city during a siege. They are located in different strategic areas and can only communicate via messengers in order to coordinate the decisive attack
• however, among these messengers, it is highly probable that there are traitors. The traitors carry messages that contradict the army’s strategy
• the problem, therefore, lies in the ability to carry out the attack effectively despite the risk of treason. This is known as decentralised consensus
• the problem faced by the Byzantine generals is the same as that faced by distributed computing systems. How to reach a consensus on a distributed network where some nodes may be faulty or voluntarily corrupted?
• proof of work is the solution proposed by Satoshi Nakamoto for Bitcoin

• hash alone is not enough to prevent tampering, since hash values can be computed fast by computers
• a proof of work method is needed to control the difficulty of creating a new block
• to mine (create) a new block you have to find a solution to a computational problem that is hard to solve and easy to verify
• this is a cryptographic puzzle that can be attacked only with a brute-force approach (trying many possibilities), so that only computational power counts

• typically, the proof of work problem involves finding a number (called nonce) that once added to the block is such that the corresponding block hash starts with a string of leading zeros of a given length called difficulty
• the average work that a miner needs to perform in order to find a valid nonce is exponential in the difficulty, while one can verify the validity of the block by executing a single hash function
• miners tend to organize themselves into pools whereby they work together in parallel and split the reward
• available computing power increases over time, as does the number of miners, so the puzzle difficulty is generally increasing, so that the mining frequency is approximately constant
• this implies also a consumption of a not trivial amount of energy

1. Create a function called proof_of_work that given a block and a difficulty number solves the proof of work for the block with that difficulty and adds the found nonce and hash to the returned block
2. Modify the mine and chain functions to work with the proof of work function

proof_of_work = function(block, difficulty) {
  block$nonce <- 0
  block$hash = digest(block, "sha256")
  zero = paste(rep("0", difficulty), collapse="")
  while(substr(block$hash, 1, difficulty) != zero) {
      block$nonce = block$nonce + 1
      block$hash = digest(block, "sha256")  
  }
  return(block)
}

proof_of_work(genesis_block, 1)

## $number
## [1] 0
## 
## $timestamp
## [1] "2009-01-03 18:15:05"
## 
## $data
## [1] "The Times 03/Jan/2009 \n               Chancellor on brink of second bailout for banks"
## 
## $nonce
## [1] 1
## 
## $hash
## [1] "00ef85cbfa77651a0a6427b6c46b3c2b6459e5f20a3f4ad20b89ef391d7bd798"

proof_of_work(genesis_block, 2)

## $number
## [1] 0
## 
## $timestamp
## [1] "2009-01-03 18:15:05"
## 
## $data
## [1] "The Times 03/Jan/2009 \n               Chancellor on brink of second bailout for banks"
## 
## $nonce
## [1] 1
## 
## $hash
## [1] "00ef85cbfa77651a0a6427b6c46b3c2b6459e5f20a3f4ad20b89ef391d7bd798"

proof_of_work(genesis_block, 3)

## $number
## [1] 0
## 
## $timestamp
## [1] "2009-01-03 18:15:05"
## 
## $data
## [1] "The Times 03/Jan/2009 \n               Chancellor on brink of second bailout for banks"
## 
## $nonce
## [1] 8247
## 
## $hash
## [1] "00089cd735e72ecc00173e16086ff6dcfb090d76a87c17035dadd8d933202e9e"

proof_of_work(genesis_block, 4)

## $number
## [1] 0
## 
## $timestamp
## [1] "2009-01-03 18:15:05"
## 
## $data
## [1] "The Times 03/Jan/2009 \n               Chancellor on brink of second bailout for banks"
## 
## $nonce
## [1] 184240
## 
## $hash
## [1] "0000b99f1fe7172de3ea0ee1bcb232f5d75336d999af9894396714ba881d5823"

mine <- function(previous_block, difficulty = 3, genesis = FALSE){
  
  if (genesis) {
    # define genesis block
    new_block <-  list(number = 0,
                       timestamp = Sys.time(),
                       data = "I'm the genesis block",
                       parent_hash = "0")  
  } else {
    # create new block
    current_number <- previous_block$number + 1
    new_block <- list(number = current_number,
                      timestamp = Sys.time(),
                      data = paste0("I'm block ", current_number),
                      parent_hash = previous_block$hash)
  }
  
  # add nonce and hash with proof of work
  new_block <- proof_of_work(new_block, difficulty)
  
  return(new_block)
}

chain = function(nblocks, difficulty = 3) {
  # mine genesis block
  block_genesis = mine(NULL, difficulty, TRUE)   
  
  # first block is the genesis block
  blockchain <- list(block_genesis)

  if (nblocks >= 2) {
    # add new blocks to the chain
    for (i in 2:nblocks){
      blockchain[[i]] <- mine(blockchain[[i-1]], difficulty) 
    }
    
  }
  
  return(blockchain)
}

chain(nblocks = 3)

## [[1]]
## [[1]]$number
## [1] 0
## 
## [[1]]$timestamp
## [1] "2022-05-20 09:15:32 CEST"
## 
## [[1]]$data
## [1] "I'm the genesis block"
## 
## [[1]]$parent_hash
## [1] "0"
## 
## [[1]]$nonce
## [1] 3476
## 
## [[1]]$hash
## [1] "000cd4fd973996089cea1548897b5cc5e94e00cf5f7cd96b6854e83baceb6db7"
## 
## 
## [[2]]
## [[2]]$number
## [1] 1
## 
## [[2]]$timestamp
## [1] "2022-05-20 09:15:32 CEST"
## 
## [[2]]$data
## [1] "I'm block 1"
## 
## [[2]]$parent_hash
## [1] "000cd4fd973996089cea1548897b5cc5e94e00cf5f7cd96b6854e83baceb6db7"
## 
## [[2]]$nonce
## [1] 343
## 
## [[2]]$hash
## [1] "00038c8e72f307c35c5a885d5671e8877dd9b0d66744c45e38d47d0e0d454741"
## 
## 
## [[3]]
## [[3]]$number
## [1] 2
## 
## [[3]]$timestamp
## [1] "2022-05-20 09:15:32 CEST"
## 
## [[3]]$data
## [1] "I'm block 2"
## 
## [[3]]$parent_hash
## [1] "00038c8e72f307c35c5a885d5671e8877dd9b0d66744c45e38d47d0e0d454741"
## 
## [[3]]$nonce
## [1] 4353
## 
## [[3]]$hash
## [1] "00063d187474501299b815e3f21db6bbd7b029dd75d17aad4b6afe1151b8c568"

• a block contains a header with metadata (like block number and timestamp) and a data field with a certain number of transactions
• a transaction represents an interaction between parties, typically a transfer from sender to receiver of cryptocurrencies or of any other token
• each transaction has a fee that must be paid by the sender
• each potential miner includes in its block a subset of pending transactions
• the miner of the block gets the fees of all blocked transactions plus a fixed, newly minted amount of crypto coins (this is how new coins are introduced in the blockchain economy)
• here is a transaction on the Ethereum blockchain selling an artwork against cryptocurrency (2.5 Ether)

• blockchain uses asymmetric cryptography (also known as public-key cryptography) to implement digital signatures of transactions
• asymmetric cryptography uses a pair of keys: a public key and a private key
• the public key is made public, but the private key must remain secret
• even though there is a mathematical relationship between the two keys, the private key cannot efficiently be determined from the public key

• asymmetric cryptography enables a trust relationship between users who do not trust one another
• it provides a mechanism to verify the integrity and authenticity of transactions while at the same time allowing transactions to remain public
• each transaction is signed with the sender’s private key and anyone can verify the authenticity of the transaction using the sender’s public key
• this contrasts with symmetric cryptography in which a single pre-shared secret key is used to both encrypt and decrypt, which implies a trust relationship between the parties

• RSA (Rivest–Shamir–Adleman) is one of the first asymmetric cryptography algorithms and is widely used for secure data transmission
• in RSA, the asymmetry between private and public keys is based on the practical difficulty of the factorization of the product of two large prime numbers, the factoring problem
• there are currently no published methods to defeat the system if a large enough key is used

## Digital signature

# load library
library(openssl)

# generate a private key (prikey) and a public key (pubkey)
prikey <- rsa_keygen()
pubkey <- prikey$pubkey

# Write keys in Privacy-Enhanced Mail (PEM) format
write_pem(pubkey)

## [1] "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l3ZYWvtPl/yDOtVaYcr\nnkM6PaejA/XlISLSemVAjl2q7hWhflFYIyPiQa41XC57Q6Mjrdy/jYGaqBagpM4q\nMSmCN3+Q6ysTpHOGce8HuaFewuMvh0lGlrM4Y5drsWdQ9p358zZaf1AsL2xklCER\nJRK9Q20rMlKr1/GyU0hWwZ6NnjG72rW/pFbOQ9rU2R4CXxZYzVq3JVKULTq40I5Q\n3rmIcOij1jkgvnaAD3lbipan9o1EfpddX6PezcZvEFJ//gyjIbslXVUajLAEdBu3\nY8tI5ZquWwRNCnVYA1oIIphSCdDcJTwI8dc3KcjXro+onOXEWc/XN3FbvWfBIF87\nHQIDAQAB\n-----END PUBLIC KEY-----\n"

write_pem(prikey)

## [1] "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDaXdlha+0+X/IM\n61VphyueQzo9p6MD9eUhItJ6ZUCOXaruFaF+UVgjI+JBrjVcLntDoyOt3L+NgZqo\nFqCkzioxKYI3f5DrKxOkc4Zx7we5oV7C4y+HSUaWszhjl2uxZ1D2nfnzNlp/UCwv\nbGSUIRElEr1DbSsyUqvX8bJTSFbBno2eMbvatb+kVs5D2tTZHgJfFljNWrclUpQt\nOrjQjlDeuYhw6KPWOSC+doAPeVuKlqf2jUR+l11fo97Nxm8QUn/+DKMhuyVdVRqM\nsAR0G7djy0jlmq5bBE0KdVgDWggimFIJ0NwlPAjx1zcpyNeuj6ic5cRZz9c3cVu9\nZ8EgXzsdAgMBAAECggEAdyM08r4blihquzm6Q/UHizVKlVDc09BYzpddFoIfkozw\nMS2ECpL+700oqIUPf9esUN61HKqPp/jKFGMkCkahJmlrLjRfMK8z7ElLVOYA5Ppx\n5QpmZ/1Gkfn+DfgTPZsMxUCzmkpRXZy0Prt4tIjF/eAXeq4ZHz+TmiG4FVAmZUPF\nf2nVre7etP0ys2YsO1Y9iJbvjtb6GSyb243cPnMO2X6FZjWiwB/8qg5F4pVd5yFi\n7Obwy41IgqdBiE88xXmm0XnD+n+XdHzQ+EMRF+Hn7kmfIMJpSE6vjZajfIdoisX1\nyTBkfjLiAGjVaMGl0K6RbNwyDcFk7EDj+iNQySEvUQKBgQD+BSgkGbwpxckzki54\nKlmLn3G5A48sHCn3FjiohnQsqZeMYPU6vN+vY6rpaM+2qq8dKtgvAvL5IYPyE5bL\nQkKVJMoXx1YXMvQXw1srlvtI/3f/S8mId8kZvkC6vR3e19iBxSpJOcYGaf6SJMGa\nJQhygR39ri67ML/NqXIA0t62rwKBgQDcEY2jJ1M/hm7ZQ9aT8bw9BYvhIPPjWyGl\nptGNJr0OjYe3d75sH0IKGRsllHQzdmBh04MnnzmZFM0LHavAaOS6dK1bEQ3zlqF3\nQHBb69qj8dE6zmo8LXZtB/G0/jeK9mQNN5NuamuOLWKrXbMyS1KPAbUrNNcwQwWi\n2Q43WZod8wKBgH4M/wtS/e1YqWv+6TJWCZNgbqVZn81KuIRVMY5nEfUrvvk5D9ey\n6+jzs1cZ3KEPd9Aod5h0hS+dMwWINPbuDW5HEEXWc+EVNs0n8vDhfhaONvSnnf0r\nO86bezFvMQho4ZYbyc0Gbz61kE7jEHM2V0fCzKgarDPVkAg1Qk4oVb4fAoGAD5nW\n9qgFCM3Y8eITRi2u8IyCHBWf9JAzVHD9DgqfAHccFe+ROk0E+35IJGPf0P4lWwoJ\nlDd/d9C3sIAL+vn0rRs0Zu5QlOIq1C9nR7zypQixkn+rnFSEvrn/cptLCLjq4tz7\nwKoesdeZ1RgxafFZCvZOB6AZWTyHG8JTda0Ode0CgYAhCuo2oyWclj6IKm2p0+d6\nLFyfGVcvxEY4Jyky7Ud2AqA+a12ep6dWKFtLyRN1pIUlMcI7zuc+fLYAsphgNb1M\n6mc26tfVduqqjsw1DCyiQqhG/Oe6AClc29ybgPmTAI+ezzt3VkRIGMciI1gXcBio\n231wuSOMXzazYZ5sAVcoJw==\n-----END PRIVATE KEY-----\n"

# build a transaction
trans = list(sender = "A", receiver = "B", amount = "100")

# serialize data
data <- serialize(trans, NULL)

# sign (a hash of) the transaction with private key
sig <- signature_create(data, sha256, key = prikey)

# verify the message with public key
signature_verify(data, sig, sha256, pubkey = pubkey)

## [1] TRUE

## Encryption

# load library
library(openssl)

# generate a private key (prikey) and a public key (pubkey)
prikey <- rsa_keygen(512)
pubkey <- prikey$pubkey

# message
msg <- charToRaw("HODL!")

# cipher the message with public key
ciphermsg <- rsa_encrypt(msg, pubkey)

# decrypt the message with private key
rawToChar(rsa_decrypt(ciphermsg, prikey))

## [1] "HODL!"

• the cryptographic algorithms utilized within most blockchain technologies for asymmetric pairs (digital signature) will need to be replaced
• the hashing algorithms used by blockchain networks are much less susceptible but are still weakened

Finally, the blockchain ledger is distributed over a peer-to-peer network.

The steps to run the network are as follows:

1. new transactions are broadcast to all nodes
2. each node collects some transactions into a block
3. each node works on finding a difficult proof of work for its block
4. when a node finds a proof of work, it broadcasts the block to all nodes
5. nodes accept the block only if all transactions in it are authentic and not already spent, this avoids the double-spending problem
6. nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash (hence notice that uncompleted proof of work of miners is lost and all miners need to restart a new proof of work)
7. the reward of the miner is inserted as a first transaction of the mined block; in this way the miner has an incentive to be honest

• an attacker might garner enough resources (more than half) to outpace the block creation rate of rest of the blockchain network
• she can now play with her rules, for instance defraud people by stealing back her payments
• why is this attack deemed to fail?

The incentive of rewards may help encourage nodes to stay honest.

If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins.

He ought to find it more profitable to play by the rules (generate new coins), such rules that favor him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth. Satoshi Nakamoto (Bitcoin white paper)

• it is possible that multiple blocks will be published at approximately the same time
• this can cause differing versions of a blockchain to exist at any given moment
• these must be resolved quickly to have consistency in the blockchain network
• blockchain nodes will wait until the next block is published and use the longer blockchain as the official blockchain
• blocks leading the shorter chain are called orphan blocks on Bitcoin and uncle blocks in Ethereum

• a hard fork is a change to a blockchain implementation that is not backwards compatible
• at a given point in time (usually at a specific block number), all nodes will need to switch to using the updated protocol
• nodes that have not updated will reject the newly formatted blocks and only accept blocks with the old format
• this results in two incompatible versions of the blockchain existing simultaneously
• a popular hard fork separated Ethereum blockchain from Ethereum Classic after The DAO scam

• an alternative, less energy-consuming consensus mechanism is proof of stake (PoS)
• the proof of stake model is based on the idea that the more stake a user has invested into the system, the more likely they will want the system to succeed, and the less likely they will want to subvert it
• stake is an amount of cryptocurrency that once staked is no longer available to be spent
• the likelihood of a user mining a new block is tied to the ratio of their stake to the overall staked cryptocurrency
• with this consensus model, there is no need to perform resource intensive computations
• however, the rich gets richer phenomenon may arise
• you can participate in proof of stake in two ways:
  • staking an amount of cryptocurrency (at least 32 ETH on Ethereum 2.0) and becoming a validator node. In this case you have the chance to be chosen for the mining of a block and get the rewards
  • delegating any amount of stake of cryptocurrency to some validator node. In this case, you get an interest on the delegated amount from the validator node

• blockchain users must manage and securely store their own private keys
• instead of recording them manually, they often use software, called wallet, to securely store them
• if a user loses a private key, then any digital asset associated with that key is lost, because it is computationally infeasible to generate the private key from the public one
• if a private key is stolen, the attacker will have full access to all digital assets controlled by that private key
• on blockchain there is no central authority to restore a lost password
• here are some Bitcoin wallets and here are some Ethereum wallets
• a seed phrase is a list of words which store all the information needed to access to a wallet
• an example of a seed phrase is: witch collapse practice feed shame open despair creek road again ice least

• a wallet can generate many accounts
• each account is associated with a pair of keys (public and private)
• the seed phrase of the wallet can be converted to a seed integer that generates all the key pairs (accounts) used in the wallet
• an address is a alphanumeric string of characters derived from the public key of an account using a cryptographic hash function; it publicly identifies an account of a wallet
• addresses are uses as the to and from endpoints in a transaction
• if you loose the seed phrase, you’ve lost access to all associated accounts; if you loose one private key, you’ve lost access only to the associated account
• metamask if the most popular wallet for Ethereum and compatible blockchains

• the traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party
• the necessity to announce all transactions publicly precludes this method
• but privacy can still be maintained by keeping public keys (addresses) anonymous
• moreover, a person can possess many wallets and a wallet can generate many accounts
• hence the concept of identity is shredded across multiple addresses and accounts
• this is similar to the level of information released by stock exchanges, where the time and size of individual trades, the tape, is made public, but without telling who the parties were

• how blockchain will comply with General Data Protection Regulation (GDPR)?
• any company storing personal data of EU citizens should follow the regulation
• mind that your digital wallet address might be personal data because it can link to your identity if for instance you bought crypto currency using a credit card or a digital exchange using the Know Your Customer (KYC) process
• there are three articles in the GDPR that conflicts with blockchain:
  1. Article 16: right to rectification
  2. Article 17: right to be forgotten
  3. Article 18: right to restrict processing
• but who is the data controller (the company that stores the personal data and is responsible for it) on the blockchain?

1. encrypt the personal data before you store it on blockchain
   • however encryption is in theory reversible
2. store the personal data in a permissioned blockchain, where access is restricted to only few trusted parties
   • we can comply with Article 18 (right to restrict processing)
   • but a permissioned blockchain is still immutable, hence we can’t comply with Articles 16 and 17
3. store the personal data somewhere else, on a secure server, and put on the blockchain the hash of the personal data
   • you partially centralize the blockchain
4. use zero-knowledge proofs (ZKP), which allows you to prove that something is true without revealing the actual data, in case of blockchain you can prove that the transaction has happened without disclosing the data (parties and amount)

1. the amount of energy used for the proof-of-work mining process of blockchains like Bitcoin and Ethereum is large; nevertheless, consider the following arguments…
2. crypto mining can happen anywhere and hence is attracted to renewable and waste energy that cannot be distributed or used in a cost-effective manner
3. energy consumption is not necessarily equivalent to carbon dioxide emissions and environmental pollution. For instance, one kilowatt-hour (kWh) of electricity generated by a coal-fired power station has a substantially different environmental footprint than one kWh of electricity produced by a solar park
4. even when assuming that Bitcoin mining was exclusively powered by coal, total carbon dioxide emissions would roughly correspond to 0.17% of the world’s total emissions
5. at the moment proof-of-work method has been proved the most secure: even if one owns 100% of hash power they cannot rewrite blockchain history without a proof of work, that is, without spending energy and resources; hence energy is spent to guarantee security of the protocol
6. many blockchains are being created with or are switching to alternative consensus mechanisms than proof-of-work such as proof-of-stake which do not imply energy consumption for the mining process, although these methods have not been proved as secure and proof-of-work so far
7. layer 2 scaling solutions are more and more popular on top of Ethereum. These solutions are designed to help scale applications by handling transactions off the main Ethereum chain (layer 1). This in turn might decrease gas fees, and hence of profitability and quantity of miners
8. dig deeper: How Much Energy Does Bitcoin Actually Consume?