CS290B Lecture notes -- Show me the Money
How does Money Work?
That's a loaded question, to be sure, but as you might expect there is some
fairly well-defined structured thinking about how money functions,
particularly at scale.
- The Gold Standard
- Gold "backs" local currency
- self correcting with respect to price stability
- trade surplus causes influx of gold which causes
inflation which raises prices relative to trade deficiet
- in practice
- works as long as there is a way to move gold
- uncertainty caused by externalties (e.g. WWI) can freeze
the exchange mechanism
- Fiat currency
- exchange rates "float"
- the money market (and not trade surplus/deficiet) controls
exchange rates
- monetary policy manages inflation
Alan Greenspan
As articulated by a young Alan Greenspan in 1966, gold is the only thing that
fulfills all the requirements of money: It is scarce, it cannot be fabricated
or produced in large quantities, it is durable, it is homogenous and divisible
(so each unit is of comparable quality to the next), and it is widely
acceptable as money. Obviously, printed money can’t meet these criteria. Only
gold can.
Bitcoin
- no mechanism to make payments over a communication channel without a
trusted party
- trust has a cost => transaction fee
- fee limits the minmum practical transaction size
- cost does not scale with transaction size
- goal: electronic bilateral exchange scheme for transactions (no
trusted third party)
- seller: computational intractability offers fraud protection by
making a "reversal" hard.
- buyer: requires an escrow service to prevent fraud
- escrow service is a trusted service that adds a
transaction fee
- the paper is addressing only the double-spenind problem
- coin: a chain of digital signatures
- transaction: transfer of ownership
- payer is the source
- payee is the destination
- payer adds the payee's public key to the end of the transaction
and signs the new chain with private key
- trust: before a transaction a potential payee can verify
the chain of ownership leads to the potential payer
- requires that the public keys of all owner's signatures
be available
- double-spend: need a way to prevent a payer from using the same
coin in multiple transactions
- trusted mint: coins transact through a trusted
third party
- each transaction generates a new coin and the mint
invalidates the old coin
- transaction timestamps:distributed solution to double-spend problem
is to
- broadcast all transactions to all parties in the economy
- timestamp each transaction forming a three-tuple: (time,src,dst)
- for each transaction, the earliest is the non-fraudulent one
- global timestamp achieved through majority consensus
- timestamp server and proof-of-work
- server collects items to be timestamped into a block, hashes them, and then
publishes the hash
- the publication time (newspaper, Usenet post, etc.) is the
timestamp but the entity doing the publishing must be trusted
- a chain of time stamps "reinforces" the trust
- for a distributed solution
- entities in a network must perform a proof-of-work
that cannot take zero time
- if the proof-of-work takes the block as input, then the
block cannot be altered without redoing the work
- if the blocks are chained, then the effort to alter a
block requires that all blocks in the chain be redone
- the longest chain defines the most trusted result
- if the majority of CPU power is honest, most
trusted chain is the "true" chain
- timestamp network:
- transactions are broadcast to all timestamp servers
- new transactions are aggregated into a block
- proof-of-work applied to the block
- block with new proof of work is broadcast to all timestamp servers
- a timestamp server receiving a block must
- verify that all transactions in the block are valid and
not already spent
- attempt to find a proof-of-work to add to the chain for
a block consisting of valid, unspent transactions
- broadcast the chain once a new proof-of-work is made
- consistency requirements: timestamp servers must be able to determine the longest chain of blocks for each transaction
- each transaction must reach some timestamp server
- timestamp servers must see all blocks to know which is the
longest chain associated with each transaction
- must store the longest chain length (at a minimum) for
each block
- payment verification:
- transaction verifier must have access to the longest block
chain containing the transaction
- run a timestamp server
- query multiple timestamp servers for longest proof-of-work
chain of headers
- with longest chain, find transaction and its
Merkle branch
- not definitive as the headers do not contain the
keys necessary to verify the transaction
- value splitting: extend the payer notion to be multiple payers (aggregation) and
the payee to multiple payees (splitting)
- privacy:
- public keys are anonymized
- only reveal public key ownership in a dispute (via challenge) or
through trusted third party