Writing Smart Contracts Dionysis Zindros Smart Contracts Day - - PowerPoint PPT Presentation

writing smart contracts
SMART_READER_LITE
LIVE PREVIEW

Writing Smart Contracts Dionysis Zindros Smart Contracts Day - - PowerPoint PPT Presentation

Jan 16, 2024 297 likes •812 views

Writing Smart Contracts Dionysis Zindros Smart Contracts Day Athens, March 2017 We talked all about what smart contracts are... ...but what does a real smart contract look like? Lets talk about writing actual Smart Contracts with code

slide-1
SLIDE 1

Writing Smart Contracts

Dionysis Zindros

Smart Contracts Day Athens, March 2017

slide-2
SLIDE 2

We talked all about what smart contracts are...

...but what does a real smart contract look like?

  • Let’s talk about writing actual Smart Contracts with code
  • Using the first ever blockchain: Bitcoin

In this talk, we’ll get slightly more technical :)

slide-3
SLIDE 3

Outline

  • The bitcoin blockchain
  • The transaction graph
  • Inputs and outputs
  • Unspent transaction outputs
  • Digital signatures
  • Creating and resolving encumbrances
  • The stack-based bitcoin computer
  • A first contract: Paying someone some money
slide-4
SLIDE 4

Enter bitcoin

  • Very simple “smart contract” capabilities
  • Expressibility very limited

○ Can express ideas such as a “payment contract” ○ We’ll go through that in this talk

  • Good introductory example to practical smart contracts
  • Significantly extended by blockchains created after Bitcoin

○ e.g. Ethereum, Cardano ○ Darryl will talk more about this in a bit

slide-5
SLIDE 5

Transactions

  • Bitcoin’s basic structure: A transaction (tx)
  • A transaction transfers money from an old owner to a new
  • ne

tx from to

slide-6
SLIDE 6

tx Alice Bob

slide-7
SLIDE 7

Transaction edges

  • I’ll illustrate a transaction as a node (circle)
  • It has incoming and outgoing edges (lines)
  • The incoming edge shows who pays
  • The outgoing edge shows who is paid
  • The nodes do not illustrate owners, but transactions
  • The edges have owners
  • Each edge has a weight (number associated with it)

which is its nominal monetary value

slide-8
SLIDE 8

tx Alice Bob 15€ 15€

slide-9
SLIDE 9

tx Alice Bob 15mBTC 15mBTC

slide-10
SLIDE 10

tx input

  • utput
slide-11
SLIDE 11

The transaction graph

tx

  • A graph is a group of edges connecting various nodes

together

  • Payments are made by connecting transaction nodes
  • Money is a chain of transactions

Alice Bob 1 BTC 1 BTC

tx

Charlie 1 BTC

tx tx

Dionysis 1 BTC

slide-12
SLIDE 12

1 BTC

Unspent money

  • Money that can be spent is unspent money
  • It is the dangling outgoing edges of transactions (utxo)

tx Alice Bob 1 BTC tx Charlie 1 BTC tx Unspent transaction output

slide-13
SLIDE 13

1 BTC Alice tx

slide-14
SLIDE 14

1 BTC Alice tx utxo

slide-15
SLIDE 15

1 BTC Alice tx tx

slide-16
SLIDE 16

1 BTC Alice 1 BTC Bob tx tx

slide-17
SLIDE 17

1 BTC Alice 1 BTC Bob not utxo any more new utxo tx tx

slide-18
SLIDE 18

Proof of ownership

  • Digitally sign the UTXO that I want to spend with the new tx details
  • This ensures I’m the true owner of the UTXO
  • The new transaction must include the tx
  • This way I ensure I give permission to the new owner and my signature

cannot be forged towards a wrong owner with just copying it

slide-19
SLIDE 19

1 BTC Alice tx 1 BTC Bob Alice signs tx

slide-20
SLIDE 20
slide-21
SLIDE 21

Bitcoin script: The original smart contracts

  • People talk about Smart Contracts in Ethereum
  • The original Smart Contract language is bitcoin!
  • Bitcoin provides a language for expressing simple smart

contracts

  • What can it express?

○ Alice owns some money ○ Alice and Bob own money together ○ Micropayments - continuous transfer of value

slide-22
SLIDE 22

Bitcoin script: Encumbrances

  • The owner of an edge on the bitcoin tx graph is not just

bitcoin address!

  • It is a computer program which decides whether the

edge can be spent

  • It is written bitcoin script
  • A dangling edge is an encumbrence
  • This program is called a scriptPubKey
  • This is the program the verifier runs
  • This allows us to express more complicated ownerships
slide-23
SLIDE 23

tx Alice Bob 36 mBTC 36 mBTC

slide-24
SLIDE 24

1FdtUtvK5vZxwo8jzjzid5EwGAB7paqX4n 128MZKqUsvg2kYJQ5LCVDx8Mdn8xrijzQY

tx 36 mBTC 36 mBTC

slide-25
SLIDE 25

tx

OP_DUP OP_HASH160 128MZKqUsvg2kYJQ5LCVDx8Mdn8xrijzQY OP_EQUALVERIFY OP_CHECKSIG

36 mBTC

OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5EwGAB7paqX4n OP_EQUALVERIFY OP_CHECKSIG

36 mBTC

slide-26
SLIDE 26

Bitcoin script

  • The script runs on a stack machine
  • It contains simple serial commands without loops
  • It runs on every network computer when a utxo is spent
  • The output of the execution is 0 or 1
  • This is part of transaction validation
  • If the output is 1, the input is valid and can be spent
  • Otherwise the input is not valid
  • And the tx is not valid
slide-27
SLIDE 27

Bitcoin script

  • When a tx spends a UTXO, the creator of the tx has to prove that the script
  • utputs 1 successfully

○ i.e. that the output edge is spent fairly

  • For this purpose, it supplies some parameters for the scriptPubKey program

(the program = the encumbrance) so that when the scriptPubKey program runs with these parameters, it outputs 1

  • The execution parameters of scriptPubKey are called scriptSig
  • These parameters are given as part of the new tx which the old UTXO is

connected to

slide-28
SLIDE 28

Bitcoin script execution

  • 1. We put the scriptSig parameters on the stack
  • 2. We run the commands of scriptPubKey one by one
  • 3. Each of these commands can change the stack
  • 4. We check if the stack ends up with just a 0 or 1 in the end

for failure or success

slide-29
SLIDE 29

Pay-to-pubkey (p2pk)

  • The simplest smart contract
  • And the first ever written
  • Expresses the notion that some money rightfully belongs

to an owner

  • Similar to a physical bank check
  • Except it doesn’t need a central trusted third party like

bank or government

  • Security is provable
  • Unlike “security by call-the-cops” of traditional checks
  • So it can work pseudonymously
slide-30
SLIDE 30

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ

slide-31
SLIDE 31

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ σ

slide-32
SLIDE 32

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ σ

slide-33
SLIDE 33

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ 045a5f526dfe5d5995bf95f12 σ

slide-34
SLIDE 34

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ 045a5f526dfe5d5995bf95f12 σ

slide-35
SLIDE 35

Pay-to-pubkey

scriptPubKey: 045a5f526dfe5d5995bf95f12 OP_CHECKSIG scriptSig: signature σ 1

transaction completed successfully

slide-36
SLIDE 36

Pay-to-pubkey-hash (p2pkh)

  • The way payments are done in bitcoin today
  • Again a contract that ensures someone owns money
slide-37
SLIDE 37

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ

slide-38
SLIDE 38

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ pubKey signature σ

slide-39
SLIDE 39

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ pubKey signature σ

slide-40
SLIDE 40

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ pubKey pubKey signature σ

slide-41
SLIDE 41

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ pubKey pubKey signature σ

slide-42
SLIDE 42

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ H(pubKey) pubKey signature σ

slide-43
SLIDE 43

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ H(pubKey) pubKey signature σ

slide-44
SLIDE 44

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ 1FdtUtvK5vZxwo8jzjzid5Ew H(pubKey) pubKey signature σ

slide-45
SLIDE 45

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ 1FdtUtvK5vZxwo8jzjzid5Ew H(pubKey) pubKey signature σ

slide-46
SLIDE 46

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ pubKey signature σ

slide-47
SLIDE 47

Pay-to-pubkey-hash

scriptPubKey: OP_DUP OP_HASH160 1FdtUtvK5vZxwo8jzjzid5Ew OP_EQUALVERIFY OP_CHECKSIG scriptSig: pubKey signature σ 1

transaction completed successfully

slide-48
SLIDE 48

Pay-to-pubkey-hash

  • Most payments in bitcoin today are Pay-to-pubkey-hash
  • Pay-to-pubkey was used at the beginning of bitcoin
slide-49
SLIDE 49

A more complicated contract

OP_SIZE OP_NIP 16 OP_NUMEQUAL OP_NUMEQUAL OP_IF ALICE_PUB_KEY OP_ELSE BOB_PUB_KEY OP_END_IF OP_CHECKSIG OP_2DUP OP_HASH160 BOB_HASH_CONST OP_EQUALVERIFY OP_HASH160 ALICE_HASH_CONST OP_EQUALVERIFY OP_SIZE OP_NIP 16 OP_NUMEQUAL OP_SWAP

slide-50
SLIDE 50

How can one argue about the security of these?

  • These scripts are complicated and unreadable
  • How can we know they do what we want?