1. 32
    1. 13

      Wait, what? Lobste.rs have a tag for merkle-trees?

      Really nice writeup, thanks!

      1. 19

        At one point it was called cryptocurrencies but it got renamed after one too many nontechnical cryptocurrency story got posted.

    2. 8

      Excellent explanation. A few mathematical notes:

      For blockchains, we use a cryptographic hash function. Those have the requirement that they should be irreversible (it is impossible to guess the block content from the hash)

      Note that this is a putative or optimistic requirement, since one-way functions are not yet known to exist.

      So we pick a nonce and hash the block which contains this nonce. Then we append the nonce to this first hash, and hash that to get a second hash. … If the condition is not fulfilled, the process starts again with another nonce, until the problem is solved…

      This is a description of a brute-force approach. It is not the only algorithm for solving Boolean satisfiability puzzles.

      The difficulty is set by the protocol, and determines how difficult it is to solve the problem. For instance, Bitcoin adjusts it so that the average time between each mined block remains around 10 minutes.

      This difficulty rating only describes the average-case behavior if all miners are using brute-force algorithms.

    3. 10

      The next one should be titled “Freaking blockchains: What are they good for?”

      1. 8

        It’s right there in the last section. Between “See you next time!” and the horizontal rule above the disqus widget any decent browser blocks.

        1. 3

          I had to read the source before I got it.

      2. 1

        Building decentralized currencies, payment systems, and smart contract executors. They may not be good for much else, but those applications are hugely important

        1. 6

          Blockchains are not good for implementing smart-contract execution hosts; they’re wasteful, incapable of holding particular hosts accountable, and not guaranteed to make progress. As an alternative, consider spellservers: Each smart contract is written onto a cryptographically-signed scroll, and the scroll is provided to whichever execution host is desired. There’s no central ledger, but contracts are enforced by each execution host to protect both their users and themselves.

        2. 3

          Depending on the technology used, they can be a lot more flexible. Some folks in my group have been working on a thing that we’re now not calling a blockchain framework; the Confidential Consortium Framework, which hit 1.0 recently. This uses confidential computing environments to guarantee confidentiality and integrity for individual nodes in the network and to guarantee that they’re running the code that they expect. It provides developers with a key-value store, an append-only ledger, and a mechanism for defining the operations that are allowed over both. The programming model gives you a way of running transactions over the key-value store that complete atomically and are logged in the append-only log.

          This is the basis for Azure Confidential Ledger, which provides this as a service to customers. It turns out that there are quite a lot of things that want an immutable auditable log (including some interesting multi-party scenarios) but most of these don’t gain any benefit from allowing random folks to participate in the computation.

        3. 2

          What is the difference between a decentralized currency and a decentralized payment system?

          I work in financial software and these sound like the same thing to me, given that decentralized payments have to be immediate because nobody in their right mind will extend credit.