1.清华大学信息学院DACA区块链开发公开课 区块链技术和应用简介 信任润滑经济,技术驱动变革 吕旭军 Jack Lu



4. What is Bitcoin • A protocol that supports a decentralized, pseudo-anonymous, peer-to- peer digital currency* • A publicly disclosed linked ledger of transactions stored in a blockchain • A reward driven system for achieving consensus (mining) based on “Proofs of Work” for helping to secure the network • A “scare token” economy with an eventual cap of about 21M bitcoins

5. Satoshi Nakamoto • Unknown identity: pseudonymous person or group? • Worked on Bitcoin since probably 2007 • Published the paper in 2008 • Released the code in January 2009 • Stopped involvement mid-2010 • Entrusted the project and a copy of the alert key to Gavin Andresen, effectively his successor • He owns about 1M bitcoins, never spent

6. Precursors • Ecash, David Chaum, 1982 (blind signature) • Hashcash, Adam Back, 1997 (Proof-of-Work) • B-money, Wei Dau, 1988 (distributed database) • Bit gold, Nick Szabo, 1998 (distributed database, sequential money creation) • Anonymous Electronic Cash, Tomas Sander and Amnon Ta- Shma, 1999 (anonymity) • Reusable P-o-W, Hal Finney, 2004

7.Bitcoin Whitepaper – 2008.10.31*

8. The announcement From: Satoshi Nakamoto <satoshi <at> vistomail.com> Subject: Bitcoin P2P e-cash paper Newsgroups: gmane.comp.encryption.general Date: 2008-10-31 18:10:00 GMT I've been working on a new electronic cash system that's fully peer-to-peer, with no trusted third party. The paper is available at: http://www.bitcoin.org/bitcoin.pdf The main properties: Double-spending is prevented with a peer-to-peer network. No mint or other trusted parties. Participants can be anonymous. New coins are made from Hashcash style proof-of-work. The proof-of-work for new coin generation also powers the network to prevent double-spending. Bitcoin: A Peer-to-Peer Electronic Cash System Abstract. A purely peer-to-peer version of electronic cash […] Satoshi Nakamoto --------------------------------------- The Cryptography Mailing List

9. Features of Bitcoin • Essentially it’s “deflationary” – the reward is cut in half every four years, and tokens can be irrevocably destroyed • Nearly infinitely divisible currency units supporting eight decimal places 0.00000001 (known as a Satoshi or Noncent*) • Nominal transaction fee’s paid to the network – Same cost to send $.01 as $1,000,000 • Consensus driven – no central authority • Counterfeit resilient – Cannot add coins arbitrarily – Cannot be double-spent • Non-repudiation – aka “gone baby gone” – no recourse and no one to appeal to return sent tokens

10. Why does it matter? http://coinmarketcap.com

11. Decentralized • The “digital wallet” operates in a peer to peer mode • When it starts it bootstraps to find other nodes – Originally it used the Internet Relay Chat (IRC) network – Now based on DNS and “seed nodes” • The wallet will synchronize with the network by downloading ALL of the transactions starting from the GENESIS block if necessary

12.P2P Network

13.Coins flow from Inputs to Outputs


15. Pseudo Anonymous • Using public key cryptography, specifically Elliptic Curve Cryptography due to its key strength and shorter keys • Transactions are sent to public key “addresses” 1AjYPi8qryPCJu6xgdJuQzVnWFXLmxq9s3 1Give4dry2pyJihnpqV6Urq2SGEhpz3K 15

16. Addresses are like Accounts • The wallet listens for transactions addressed to any of its public keys and in theory is the only node that is able to decrypt and accept the transfer • “Coins” are “sent” by broadcasting the transaction to the network which are verified to be viable and then added to a block • Keys can represent a MULTI-SIG address that requires a N of M private keys in order to decrypt the message

17.Public Ledger 17

18. Arriving at Consensus • Although the accepted chain can be considered a list, the block chain is best represented with a tree. • The longest path represents the accepted chain. • A participant choosing to extend an existing path in the block chain indicates a vote towards consensus on that path. The longer the path, the more computation was expended building it.

19. Transaction Confirmation • Having a transaction provisionally accepted into a candidate block signals that the network has verified that the inputs were viable • Every new block accepted into the chain after the transaction was accepted is considered a confirmation • Coins are not considered mature until there have been 6 confirmations (basically an hour assuming a 10 minute block cadence) • New Coins created by the mining process are not valid until about 120 confirmations • This is to assure that a node with more than 51% of the total hash-power does not pull off fraudulent transactions

20. Consensus Process = Mining • Originally the digital wallet could also participate in the consensus process by attempting to secure the network directly • This process is known as “mining” • Mining involves attempting to find a numerical value, known as a “nonce” that when combined with all open transactions can be “hashed” into a value that satisfies a certain “difficulty” • Custom, purpose built-hardware has long since replaced the function such that its no longer productive for simple CPU based systems to compete in the mining process, and thus it was removed

21. Proof of Work • A publicly auditable cost-function can be efficiently verified by any third party without access to any trapdoor or secret information. • A fixed cost cost-function takes a fixed amount of resources to compute. The fastest algorithm to mint a fixed cost token is a deterministic algorithm. • A probabilistic cost cost-function is one where the cost to the client of minting a token has a predictable expected time, but a random actual time as the client can most efficiently compute the cost-function by starting at a random start value. Sometimes the client will get lucky and start close to the solution.

22.What is Bitcoin Mining

23.Inelastic Money Supply Deterministic Decreasing Rate


25.Smart Contract




29. The Byzantine Generals' Problem • Generals can communicate using messengers, cannot have a summit • There are traitors amongst them • Must decide unanimously whether to attack • Success (i.e. fault tolerance) is achieved if the loyal generals can agree on their strategy, whatever it might be



32.区块链的本质 账本 存储模式 流通网络 交易规则 交易与记账分 按类型存储 信息流与价值流分 规则不 离 中心化存储 离 同 传统模式 按时间轴存储 交易与记账同 信息流与价值流同 按同一规则运行 分布式存储 步 步 区块链模式 减少重复工作 篡改成本加大 减少中间环节 降低交易成本 提升效率 提升交易效率 降低管理成本 减少错误 降低交易成本 避免人为造假

33.区块链的本质 规则统一 交易与记账统一 分布式价值流通网络 提升记 防止人 降低交 促进价 账效率 为造假 易成本 值流动

34.区块链的类型与选择 公链 私链 联盟链 适用场景不同 无接入限制 机构内部接 相关机构接 入 入 技术的要求不同 算力、利益机制 共识算法、权限隐私 共识算法、权限隐私、吞吐量 优劣势不同 公信力强、完全透明 公信力弱、私密性强 介于公链和私链之间 链的压力大 节点部署不同 开放节点,越多越好 内部部署节点,保证 授权节点,保证公平性 不可篡改性即可 随着技术的成熟 根据业务需求选 不需要把所有业 链的强弱取决于 技术成熟度不够 可以让链和链衔 择 务放到一个链上 接 业务的发展

35.区块链智能合约 标的无法跨中心流 标的不唯一,易篡改 需要中介实体 通 公信力弱 很难扩大交易网络 无法降低交易成本 中心化智能程 序 唯一性 流动性 标的可执行 标的 (交易) 区块链智能合 约 公信力 数字化






41. 存证源的不同类型 不同的信息类型 存证后的作用 存证后的价值 FAKE 虚假信息 假话录音机 增大作假成本 多方共识信息 永续记录 降低信任成本 区块链存证 自证信息 单方举证 有力证明

42. 存证的其他应用场景 存证后的作用 存证后的价值 假话录音机 电子合同 档案 证书 信用记录 病历 授权证书 永续记录 法律存证 交易数据 著作权 区块链存证 单方举证 溯源

43. 基于区块链的数据溯源生态 著作 权 + 追溯 医疗数 据追溯 + 证书 追溯 商品数 个人信 据追溯 多方不同 用追溯 产权 时点的数 追溯 据源 区块链数据链条

44. 存证的完整流程 存 验 Step 1 Step 2 身份确认 身份确认及授权 待验证数据读取及Hash 源数据读取或写入 链上数据提取 源数据存储及Hash 源数据与待验证数据比对 返回验证结果 源数据上链 验证过程证明

45. 产品化的存证功能应该具备的要素 支持多种源文件形式 多维度存证结果 结 本 远 普 加 按用户、业务类型、存证版本 构 地 程 通 密 等多维度体现存证结果 化 文 文 文 文 数 件 件 本 本 据 支持源文件存储 源文件分布式存储 多 数据存储于区块链 种 数据加密存储于区块链 标准API 存 与现实系统对接 证 文件Hash存储于区块链 模 文件Hash存储于区块链的同时, 友好的用户界面 式 文件存储于分布式存储中 让区块链技术不在冰冷

46. 资产流动需要解决的问题 执行层面 技术层面 资产上链 交易速度 链上唯一 系统安全 资产流动需要 解决的问题 多方协同 隐私及权限 政策法规 链链衔接 应用开发

47. 资 政府决 资 产 数字货币 支付 资 策 产 产 提升资产流 交易 动性 制度建 媒介 点对 虚拟货 设 点交 提升流动效 币 易 区 资 溯源 公开 率 数字化 产 资 出版物 块 交易 产 减少中间环 资 链 数字 节 虚拟及 Iot 资 产权 货币 产 实物资 产 产 租赁 监管 公正透明 法规调 金融资 整 网 资 资 产 产 络 产 便于监管 证券 电子门 模式创 预售 化 新 使用权 票 凭证 商业创新 技术进 资 资 智能资 及钥匙 产 产 资 步 产 产

48. 资产流动——供应链金融应用场景 卖方 合同 应收款 订单 买方 发货单 物流企业 发票 仓单 应付款 合同 信息流 货物信息 货物流向 订单 商 物 数据获取 数据获取 信用分析 流 流 信用分析 质押抵押物 质押抵押物 区块链 保理 银行 资金流 P2P 融资租赁 小贷 信托 供应链金融平台

49. ¥ 物物交换时代 ¥ ¥ # ¥ 区 块 链 小商品时代 ¥ 网 某宝 络 ¥ ¥ # % ¥ ¥ ¥ ¥ ¥ ¥ ¥ 工业时代 互联网时代 区块链时代



52. 我们的理念 信任润滑经济 让区块链加速中国经济 技术驱动变革 如果一个系统能让人和人之间的信任成本降低,就算是很小的应用场 景,也将带来巨大的价值