Ethereum White Paper, Explained. Part 1

In the following blog posts, we will be dissecting the Ethereum white paper by describing it in layman terms. As the paper is too long to fit into one blog post, we will be dividing it into several sections. We will try to explain the niche details mentioned in the Ethereum white paper in the simplest terms possible.

Introduction and Existing concepts

We all know that Satoshi Nakamoto’s development of Bitcoin gave rise to the monumental technology known as — Blockchain. Hopefully, you already know what Blockchain technology is, thanks to our previous posts.

There are numerous other applications for Blockchain technology some of them include: coloured coins, smart property, namecoin, smart contracts or DAO (Decentralised Autonomous Organizations). These applications are complex to build on top of the Bitcoin blockchain. To address this issue, Ethereum proposes a Turing-complete programming language that can be used to create smart contracts or encode complicated functions. A Turing-complete language can essentially be used to simulate a Turing machine. A Turing machine is a model that can simulate any computer algorithm regardless of the complexity.

The Ethereum foundation proposes that all of the above can be achieved effortlessly in a few lines of code. We will validate this claim further in this blog and future posts.

History

Digital currencies as a concept have been prevalent for decades. In the 80s and 90s, a cryptography technique called Chaumian Blinding was used. However, they relied on a centralised intermediary which was a clear deal breaker. Then came B-money which proposed a decentralized consensus system but how that would be achieved was debatable. This was followed by

Satoshi Nakamoto collated all of these concepts along with other established primitive technologies for managing ownership through cryptography techniques. The consensus algorithm used by the Bitcoin Blockchain to keep track of the coins is called proof of work.

The proof of work consensus mechanism was a major breakthrough in this area as it solved two main problems.

1. Nodes in the network could now easily agree on using the consensus algorithm to enter transactions in the distributed ledger.
2. The problem of who gets to decide the entry into the distributed ledger was solved by using the computing power each node is willing to spend.

For miners, this essentially means — More computing power = More blocks mined = More crypto rewards.

Another concept called proof of stake calculates the weight of a node in the voting process based on the number of coins it holds and not just computational resources.

State transition systems

The ledger of any cryptocurrency is essentially a state transition system which at any given point in time holds information about how many coins are there in individual wallets and the transactions done by these wallets.

In the below diagram there are three main blocks to be considered

State — This consists of all ownership information contained in the ledger which is cryptographically encrypted.

Transaction — Transaction block defines the amount of the transfer that is initiated in the system. It also includes a signature which is defined by the sender.

State’ — This state consists of the final ownership information that is distributed across all nodes. This State’ will then act as State in the next transaction.

In a traditional fiat banking setting, the states are individual balance sheets and when money is sent from A to B, their individual records get updated.

Obviously, using traditional banks we cannot send more money than we have in our individual accounts, a similar logic has been applied here which is defined by the following function.

APPLY(S,TX) -> S’ or ERROR

To illustrate this in the context of the banking example, we can translate it into the following expression.

CRYPTO

APPLY(S,TX) -> S’

BANKS

APPLY({ Alice: $50, Bob: $50 },”send $20 from Alice to Bob”) = { Alice: $30, Bob: $70 }

Here S is the initial state where both Alice and Bob have $50 in their accounts.

TX is the transaction which defines “send $20 from Alice to Bob”

S’ is the final state which reflects the updated balances of Alice and Bob

Before moving to the next scenario, we must understand how the possession of coins in individual accounts is calculated.

A bitcoin “state” has the collection of all coins that exist along with the public key of their owner. The collection of these coins are determined by total UTXO associated with the address. UTXO is Unspent Transaction Outputs, which as the name suggests have not been spent by the owner. These outputs are measured by checking if the coins that came from the previous owner were also UTXO, to begin with. This is confirmed by checking the previous owner’s UTXO and pairing it with the cryptographic signature produced by the previous owner’s private key.

Now let us analyse what happens if you try selling coins that you don’t have?

CRYPTO

APPLY(S,TX) -> ERROR

BANKS

APPLY({ Alice: $50, Bob: $50 },”send $70 from Alice to Bob”) = ERROR

1. Check the value mentioned in TX ($70)

a. If this value is not verified by UTXO of the owner, then it is not present in their account. Return an error.

b. If the mentioned cryptographic signature does not match the signature of the owner, return an error.

2. If the sum of all UTXO of the owner is less than the figure mentioned in TX, return an error.

3. If the transaction is valid, transfer funds to the receiver. This transfer happens by removing the input UTXO from the sender and adding it under the receiver’s public key address.

Step 1a prevents the sender from sending coins that do not exist and step 1b prevents senders from sending other people’s coins.

Step 2 makes sure that there are enough coins with the sender before proceeding with the transaction.

Step 3 completes the process by subtracting values from the sender and adding it in the receiver’s wallet.

Now, these steps might look easy to visualize but behind the scenes, there is a lot going on.

The following example should help you better understand.

Suppose you go out to buy a bunch of Bananas. Now for some vague reason, 1 banana costs $75. In a traditional setup, to see if you can afford this precious overpriced banana, you will open your wallet and check the balance. You have two notes of $50 each totalling $100 (50+50=100, duh!). These two notes were given to you by your mom to buy Bananas.

To be able to afford this Banana you have to give away both your $50 notes to the Banana seller and he will return $25 using a combination of USD note denominations. You are now a proud owner of this super expensive Banana. The real problem that now lies ahead of you, is explaining to your mom the price of 1 Banana.

This is reasonably simple to understand, now let us see what happens in a typical cryptocurrency transaction.

Consider Alice wants to send 75 BTC (yes, Alice is filthy rich) to Bob. To proceed she will first check if she has 75 BTC in her wallet. To check this, she must sum up all of her UTXO (value inputs). Consider this UTXO as the two notes of $50 in the previous example. However, Alice has two UTXO values in her wallet of 50 BTC each. This implies that Alice has received two transactions into her wallet. Each UTXO is worth 50 BTC.

Now, we know that you cannot cut a $100 note into two parts to divide into two $50 notes, that would render the $100 note worthless. However, in cryptocurrency, you can do microtransactions by dividing 1 coin into ten 0.1 coins. This division is, however, not straightforward.

To transfer 75 BTC to Bob, Alice will create a transaction with the two 50 BTC inputs to give out two outputs. One output will be given to Bob, another balance will be transferred back into Alice’s wallet.

50BTC + 50BTC → 75BTC to Bob + 25BTC to Alice

In this scenario, Bob is not entrusted with returning the balance as compared to the previous example. Rather the transaction handles the return of the remaining balance output to Alice.

Mining

In an ideal society where we could trust a centralized system with all transactions, this step would be totally unnecessary. But we are trying to create a decentralized consensus system that has the potential to disrupt the monopoly that banks have over our economies. Mining is a method by which we can combine the state transition system with a consensus system such that all nodes in the network agree on the transactions. These transactions are combined and packaged into blocks as shown in the below figure.

The Bitcoin network produces 1 block every 10 minutes. Each block has a timestamp, a nonce (an arbitrary non-repeatable number), a reference to the previous block mentioned as Prevhash in the above diagram and the list of all transactions that have taken place after the previous block is mined. This never-ending chain of blocks always represents the latest state of the distributed ledger and thus acquires its name — the Blockchain.

The following steps check the validity of a block:

1. Check if the previous block referenced by the block exists and is valid.
2. Check that the timestamp of the block is greater than that of the previous block and less than 2 hours into the future.
3. Check that the proof of work on the block is valid.
4. Let S[0] be the state at the end of the previous block.
5. Suppose TX is the block’s transaction list with n transactions. For all i in 0…n-1, set S[i+1] = APPLY(S[i],TX[i]) If any application returns an error, exit and return false.
6. Return true, and register S[n] as the state at the end of this block.

Points 1 to 3 are straightforward. However, the next 3 points might sound a bit confusing. Let us understand how that works.

As mentioned in point 4, let S[0] be the state at the end of Block 5624.

In point 5 it is mentioned that for each n transaction, there is a particular state as follows:

So by the function → S[i+1] = APPLY(S[i],TX[i])

We have the following:

S[1] = APPLY(S[0],TX[0]) ← First transaction

S[2] = APPLY(S[1],TX[1]) ← Second transaction

.

.

S[n] = APPLY(S[n-1],TX[n-1]) ← nth transaction

If you remember the function that we read about in the previous topic. We should be able to backtrack the value of S’ based on the Apply function.

APPLY(S,TX) -> S’

This is predominantly used to link various transactions and blocks. So each transaction in the block defines a valid state transition using the above functions from one transaction to another. The state, however, is not stored anywhere in the block and is calculated correctly only by starting from the genesis state of that particular block, for every transaction in that block. This finally gives an output of S[n] which will act as S[0] for the next block.

The order of the transactions is of prime importance because if B creates a transaction involving funds (UTXO) that have been sent (created) by A, then the transaction done by A must come before B for the block to be valid.

The condition of proof of work required is that the double-SHA256 hash of every block which is a 256-bit number must be less than a dynamically adjusted target. These dynamic targets vary from time to time so that the miners provide ample computational power to confirm their proof of work. Also, since the SHA256 function is completely pseudo random and unpredictable, the only way to crack it is by simple trial and error or brute force.

Suppose the dynamic target is set at ~2150 , then the network must achieve an average of 2(256–150) which equals 2106 tries before a valid block is found. This dynamic target is reset every 2016 blocks and calibrated to new target value. A new block on an average is produced every ten minutes on the Bitcoin network. For all the heavy lifting that miners do by facilitating our transactions and solving complex math problems, they are given Bitcoins as reward. The initial reward was 25 BTC per block mined. Currently, the reward is 12.5 BTC per mined block. This is how bitcoins come into circulation. The Bitcoins awarded to miners are new bitcoins that are being unlocked from the 21,000,000 Bitcoins which is the hard limit of Bitcoins that can ever be in circulation.

WHAT HAPPENS IN THE EVENT OF AN ATTACK?