Blockchain and its Application

Dr. Bishakh Chandra Ghosh

Teaching Assistant
Dept. of Computer Science and Engineering
Indian Institute of Technology Khargpur
Lecture 50
Hyperledger Indy II
Hello everyone. So, today we will be continuing with the from the previous lecture with
Hyperledger Indy.

(Refer Slide Time: 00:23)

And we will see that how we can use Hyperledger Indy for using digital credentials and
through verifiable presentations. So, the concepts covered in this lecture, Hyperledger Indy
verifiable credentials and presentations. So, we will be, we will go through a hands-on
tutorial on how we can use Indy to validate claims from different participants using these
digital credentials.
(Refer Slide Time: 00:51)

So, the key word for this lecture are Indy, Verifiable credentials as well as Verifiable
Presentations.

(Refer Slide Time: 00:59)

So, we will be continuing with the same scenario of three participants the University, Alice
and company. So, here Alice needs a transcript credential issued by the University, which she
wants to present to the company for the job application and Indy will be helping in all of
those steps.
(Refer Slide Time: 01:20)

So, the till the last lecture, we saw that we were able to configure the identities for the
different participants, University, Company as well as the Government. So, in this particular
lecture, we will go through the next steps. So, here we will see that the first step would be to
register a credential Schema.

So, for each Verifiable credential, the format of the credential, the different fields, the
different encoding formats, etc, those have to be fixed. So, for our transcript also, that has
that is supposed to be issued by University that has to be standardized. So, for that, credential
Schemas are used, and here we will be using the transcript credential Schema that could be
issued by the government.

So, that is a reason why in the last lecture, we also initialized a participant called government
and registered its identity using these two. So, the next step, step five would be to create
credential Definitions. So, credential Schemas are basically the structure of a credential or the
Define fields etcetera. Credential definitions are basically for each issuer, there would be a
unique or there would be a separate credential definition.

So, for University A, there would be a specific transcript credential definition that University
A will be using to issue those kinds of credentials. The definition contents the cryptographic
algorithm, that would be used to sign those credentials by the issuer, it might also have the
public keys that would be used in in general to sign those, as well as some other
information’s.
So, the next step would be to issue the credential. So, the University will issue that then
verify presentation from Alice to the company and finally, on Step eight, the company would
be validating the presentation. So, let us go straight to the code and cover all the steps.

(Refer Slide Time: 03:28)

So, we will be using the same main.py and continue writing there. So, we had already
configured the identity of different participants here. And now, we would be extending that
this particular application to complete the digital credential flow. So let us ensure that the
Indy pool is running. So, if you do docker ps you can see that Indy the Indy pool is running
then let us open the text editor.

So, here we will be continuing from step four. So, we would be creating a credential schema
or the government would be creating our credential schema and registering that into the Indi
ledger. So, how do we do that, we have to define a particular credential schema. So, like this,
we are defining the transcript schema it has a name, version number and then several
attributes.

So, you can see that we are giving it to version 1.2 And then the attributes are first name, last
name, degree, status, year, average and ssn. So, actually transcript schemas cannot be deleted,
it can be updated by updating the version number. So, a new one can be registered with
version say 1.3. Then we will be using this particular API we will be using it to register the
transcript schema.

So, we are using anoncreds dot issuer, issuer create schema. So, we need to import anoncreds
also dt is not imported. So, we are adding anoncreds importing it from Indy. So, we are using
issuer create schema and we are passing governments the ID, transcript name, version and the
attributes, in json encoded format.
So, we can go ahead and put into the transcript schema ID which is written by anoncreds dot
issuer create schema So, that would be in transcript schema ID and we are also printing the
actual transcript schema.

So, actually to register the schema and send it to the ledger we have to sign and submit it as a
transaction the steps for doing those are like this. So, we are doing ledger dot build schema
request then we are passing the transcript schema the date of the of the entity which is
registering the government state and Sign and Submit Request. So, data dot Sign and Submit
Request would this would be registering the schema into the Indy ledger.

(Refer Slide Time: 07:09)

So, if we run this, it would print the credential schema so this is the credential schema we can
see that it has the it has one id and then it has the attributes that will be passed. So, at this
point, the transcript credential schema is registered on the Indy ledger. So, the next step
would be to also register a credential definition transcript credential definition by the
University.

So, the University will be the issuer of the transcript schema to Alice, hence, the University
needs to have our initial definition for the transcript credential type adding some new lines
here so that we can see properly. So, I am adding a bunch of print statements here first, so the
University will be sending the transcript schema or receiving credential definition to the
ledger.

So, first step would be that the University needs to get the transcript schema from the ledger.
So, how to get that we can do ledger dot bills, get schema request and pass on this transcript
schema id that we obtained in line 165. So, this gets schema request and we will be using
ensure previous request applied method. So, this is optional, but we will be using this method
so that we It can wait for the schema to be registered.

So, we will just define it above the run function here to ensure previous request applied, it
basically checks if it is available the artifact is available in the ledger or not otherwise it
works. So, what it is doing is it is just trying to fetch the schema transcript schema from the
ledger. And then this particular schema would be used to form the transcript credential
definition.

So, we are parsing it using ledger dot gets parse gets schema response file. So, using that we
would be now defining our transcript credential Definition, that transcript credential
Definition will have only some attributes on its tag. And then there is a type which is written
CL. So, that is the type of the credential definition or the algorithms which would be used for
assigning. So, Indy supports only this one type currently which is CL and we are stating that
it does not support the revocation.

So, support revocation is false. So, Hyperledger Indy can also stored revocation lists using
which these issued credentials can be revoked. Suppose, the University has issued a transcript
to a person or a student and it wants to remove it in future then it has to use revocation lists to
do this, but we have stated that revocation is not supported here.

Now, from line 210, 2, 217, what we are doing is we are calling anoncreds dot issuer create
and store credential definition. So, we are just creating a credential definition from the
schema and all the properties tag type in configuration. So, we are using anoncreds dot issuer
create and store credential to create a new transcript credential definition.

Now, after doing that, we also need to send that. So, we will do ledger dot build cred def
request. So, this would be building the request that we need to send to register the transcript
credential definition and then finally, we have to sign and submit it. So, we are doing await
ledger dot Sign and Submit Request then passing the University's deed valid pool transcript
credential definition payload etcetera.
(Refer Slide Time: 12:16)
So, let us run this and check. So, registering credential depreciation actually takes some time.
So, yes now we can see that it is successful and it is outputting the credential definition id
which is ending with Tag one the last line. So, we have already completed step five. So, we
have credential schema as well as financial definition.

So, step six would be the University issuing the transcript credential to Alice. So, for issuing
the transcript credential actually, the flow is not simply the University issues a credential to
Alice, instead Alice is actually requesting a credential and university is offering a credential
so there is a to and fro request response flow for the credential issuing part.
So, before doing all those first we have to setup Alice’s wallet. So, let us set up Alice’s
wallet. So, we are not going to registered a verinym for at least because that is not required.
Alice is not going to issue a credential to anyone. We are just waiting to set up Alice’s own
did and save it into its own wallet.

So, we are doing create wallet and then DID dot create and store my did that this particular
function or API and this will create Alice’s did and store it into her wallet. Now the flow will
start. So, the University first creates a transcript credential offer. So, the University is offering
Alice the transcript credential. And based on this particular offer, Alice would be able to
create a transcript credential request.

So, the first step is offer, then the next step would be request. So let us complete offer first.
So, we are using this anoncred stored issue, issuer create credential offer, and we are passing
the University's details. So, wallet and the credential definition id that would be used to issue
the credential. So, this particular offer needs to go to Alice.

So, actually, after generating an offer how the University will send this offer to Alice that
would be ideally done over the network or over the Internet. Ideally, these two would be
separate applications Alice would be independent and the University will be would be
separate. So, the University would probably use the network to transfer this message the
transcript initial offer to Alice.

But here we are just assigning two variables in line 246, you can see that we are just
assigning the variables. So, using this offer, what Alice can do is that she can create a
credential request. So, Alice will prepare a transcript credential request. So, first, we will be
destabilizing the transcript credential offer, which was in json.

So, we save it as transcript create offer object and then we extract the transcript schema id
and credential definition id from that offer. So actually, Alice needs to prepare a master secret
in order to create a request for a credential, this master secret actually ensures that the issuer
will be issuing only one credential to Alice. And this would be unique with the help of this
master secret.

So, Alice generates this master secret. And using this master secret, the issuer would be
issuing this particular credential such that without this master secret, no one would be able to
present it. So, for creating the request, Alice’s needs to get the credential definition from the
ledger, so, we need a function to do that. Let us define it here. So, get cred def actually takes
eventual definition id and fetches it from the Indy ledger.

Now, that Alice has this credential definition id from get cred def, it can next do, it can next
prepare this transaction request. So, transcript request. So, Alice now will use anoncred dot
prover underscore create underscore credential underscore request to create a credential
request. And this takes different details about Alice has a input like Alice's wallet DID, the
actual offer, which came from the University then the credential definition id as well as the
master secret.

So, this will give output a transcript credential request and this transcript credential requests
now again needs to go from Alice to the University. So now again, we will have network over
ideally would be going through the network or in some way this message has to be
transferred from Alice to the University. In our case, it is just reassigning the values from one
variable to another and copying the values. So, Alice transcript initial request goes to the
University. So, using this transcript credential requests the University.

(Refer Slide Time: 19:43)

Now can start issuing the credentials okay. It is around this till now. So, we can see setting up
Alice say create transaction credential request for University send transcript credential
request to the University. So, all these steps we have already done. Configuring Alice, the
University getting transcript credential definition, then the request from the University and
then request for offer from the University and then request from Alice to University.

(Refer Slide Time: 20:43)

So, at this point, the University has a transcript credential request. Now using that request, the
University can issue a transcript credential to Alice. So, this is how our credential looks like
in Indy. So, you can see that it is a dictionary and it has the different attributes first name, last
name degree and it has raw values and some encoded strings, the raw value you can see Alice
is a first name, then last name is this and degree Bachelor of Science.

And for each of them, there is an encoded value actually Hyperledger Indy does not specify
any particular encoding scheme. So, it is up to the user that what the encoding scheme would
be. So, you can use any kind of encoding with some restriction, the encoding should have
some format that you can consult the documentation and find out.

So, we are using anoncred stored issuer create credential, and issuing the credential with
respect to the actual transcript credential request that the University received from Alice.
Now, we can print this particular transcript credential and we have to transfer it back to Alice.
So, over the network, Alice will be getting this transcript credential and then it will be using,
it will be storing the credential into its own wallet. See anoncred dot prover store credential.

So, this will take Alice's wallet and the credential the particular credential, and also the
credential request that Alice used to get their credential to finally stored it into its own wallet.
So, we have, we are finally printing our credential, transcript credential Definition. So, we
should match the transcript credential Definition of the University.

So, this very long output is actually the transcript credential which has been issued by the
University to Alice. So, you can see that the Schema id then type CL are there and there are
the actual first name last name, the master secret is also there and then several other
properties. So, till the step, the issuer or the University has issued credential, Verifiable
credential for transcript to Alice.
(Refer Slide Time: 24:23)
Now the next step would be for Alice to make a Verifiable presentation, using this particular
credential to the company. So, here the company is creating a job application through request
first. So, Alice is not sending the presentation directly, instead this job application proof
request as you can see is being created by the company and this particular proof request has
different properties and this is the most important one, requested attributes.

So, you can see attr 1, referent 2, referent attr 2, referent attr 3. So, all of these are basically
the requested attributes that Alice needs to prepare in her presentation. So, the company is
requesting for several attributes and some of them have this restriction field or restriction
property. So, these are actually supposed to be coming from a particular verifiable credential,
those with restriction and then this part is also important, requested predicates.

As you can see that this is a predicate, which has a name, type and a value and also a
restriction. The same restriction, the restriction says, The University's credential definition id
and json of this particular dictionary would be forming the job application proof request. So,
this would be transferred from the company to Alice, ideally over the network. And using this
particular proof request, Alice can generate our presentation.

So, Alice we will be creating the presentation. So, before creating the presentation, of course,
it needs to get hold of the credentials that are needed to form the presentation. So, in the job
application proof request, we saw that there are restriction with particular credential
definition id’s.
So, Alice needs to find out the credentials which can satisfy those requirements of the proof
request. So, for that, we are using anoncred dot prover search credentials for proof request.
So, this API would be used and to search for a job application proof request. So, all of them
in this case would be coming from the same transcript credential issued by the University.

So, Alice would be searching for the required credentials for the proof request. So, we have
to define this particular function get credentials for referent. So, this would be filling up or
finding the credentials which are required to satisfy attr 1 referent 2, to referent all of these
requested attributes. So, let us define this function. So, this would be finding out the
credentials from the wallet and which can satisfy the requested attributes.

So, we can see that these particular, there are different attributes and then there is a predicate
So this predicate is a particular value which will be used to, which can be presented as a
zero-knowledge proof. So, the predicate includes a condition and that could be used for zero
knowledge proof.

So, after the particular credentials have been fished, that can satisfy this proof request, these
credentials can be used to form the proof. So, we are first closing the search for proof request.
And then we are forming Alice’s credentials for job application proof as follows. So, we are
mapping these different credentials to the different referents for all attributes as well as the
predicates.

So, the next step would be to find, fetch some more at artifacts from the ledger, which would
be required to create this presentation. So, Alice would require the schema for this job
application. So, it needs to get the schemas which are required or which are associated with
the credentials that are required for this job application.

So, here it would be actually fetch the transcript credential schema, but we are defining our
new function here. So that it can actually fetch all of the required schemas in one go. So, we
are defining a new function called a prover gate entities from ledger. So, this would take
input, the different required artifacts or basically take input, the presentation request and then
it will fetch all the schemas that are required for creating the presentation.

So, it takes Alice’s pool did and credential for job application proof and then fetches the
different schemas and apart from schema, it actually also fetches credential definition and if
there are any revocation lists then those also. So, finally, from line 467, we are creating the
job application presentation.
So, here you can see 1, 2 and 6 attributes as you can see here 1, 2, and 6. 1, 2 and 6 these do
not have any restriction, but 3, 4 and 5 have restrictions. So, these three do not have any
restriction and these 3, 4, and 5 have restriction. So, these are self-attested attributes 1, 2, 6
and then 3, 4, and 5are actually attributes which are coming from a particular credential and
you can see it is marked as revealed equals true.

So, in the presentation the actual value would be revealed. However, in this predicate in this
particular predicate the actual value will not be revealed. So, the predicate will only check for
the condition. So, then this presentation job application proof will be transferred to the
company over the network and at that point this the company has the presentation from Alice
and then it can be validated. So, we are printing the job application proof here and then we
will be able to see what the company is getting from Alice.

(Refer Slide Time: 32:47)

Let us run this. So, there is some error here. So, get schema is not defined it says, let us check
where the error is and it has fixed that. So, indeed some things are not defined or imported.
So, let us first define get schema function, fine, and we also need to import something. So,
this get schema function is actually fetching schema from the ledger.

So, let us import the other required stuff. So, the block storage and then there is another, so
from os dot path import dir name, now all of the things are imported and now we can try to
run it again. So, this print is a job application presentation which is received by the company
for Alice. So, you can see that they are using a section called proof and then it has all the
different signatures and attesting these different claims. So, this is a presentation.

Now, once the company has this presentation, the next step would be to validate this
presentation. So, we can now move to the final step, which would be step eight. So, step eight
is where the company will be validating the presentation from Alice. So, this will involve
first loading the application proof. So, which is the presentation using json loads.

So, after loading this the verifier needs to get some artifacts from the ledger. So, particularly
the schema credential definitions and revocation list symphony So, this verifier get entities
from leisure function is basically almost same as the prover get entity from ledger function
slightly different.

So, let us go ahead and define that. And after it has the different artifacts required, it can go
ahead and try to validate all of the different claims that are there in the, so it already has the
schema and the initial definitions. Now, it needs to do two things, first, it has to validate the
claims that it wants.

So, it wants to assert Bachelor of Science and marketing in the requested proof attr 3 referent,
similarly other values in other fields. And then for the self-attested fields, it would just be
extracting the values and checking the validating them, finally, line 567 it has anoncred dot
verifier, verify proof. So, this particular function is going to validate all the proofs that are
associated with a particular presentation.

So, if any of the claims are incorrect or claims do not match, then the (())(37:29) statements
will give it up otherwise this executes and will do not, will not give any error. So, let us see if
it gives us an error or not, it should not ideally. Yes, it is successfully completed. So, what we
can do is we can change a particular value and see if it then it gives some error or not.

So, we can change a particular claim, let us change the Bachelor of Science value to
something else and then run it again. So, as we can see that it is indeed giving an error here.
So, it says assertion error and one of the claims did not match the expected value.
(Refer Slide Time: 39:06)

So, we saw that how we can use Hyperledger Indy in an end-to-end flow from issuing
verifiable credentials to verify well presentations and validating claims from a Verifiable
presentation. So, we covered all these steps, and you can access the source code, the source
code of this tutorial and from this link, and then go through it at your own pace.

(Refer Slide Time: 39:31)

So, in conclusion, we saw that we can use Hyperledger Indy for issuing, managing storing
verifiable credentials and we can use it for creating verifiable presentations and validating
them. However, we found that there is a gap of way to transfer these different credentials and
presentations between the different parties.
So, in the tutorial, we were simply copying variables or copying values from one variable to
another, but in the deal what these participants would be running their own separate
applications and they would need to communicate and that communication can be handled by
several other platforms such as Hyperledger Aries, which we would cover in the next lecture.
Thank you.
 Blockchain and its Applications
Professor Bishakh Chandra Ghosh
Teaching Assistant
Indian Institute of Technology, Kharagpur
Lecture 51
Hyperledger Aries
Hello, everyone and welcome to this lecture. So, in the last two lectures, we covered
Hyperledger Indy, which is a blockchain platform that can be used to manage decentralized
identities over the distributed ledger. And in this particular lecture, we will be covering a tool,
which is called Hyperledger Aries.

(Refer Slide Time: 00:37)

And we will go through the overview of the Hyperledger Aries, overall architecture and see how
it is works. And then we will also cover how to install the Aries and see some basic usage of
Hyperledger Aries.
(Refer Slide Time: 00:53)

The keywords for this lecture are Digital Credentials and Hyperledger Aries of course.

(Refer Slide Time: 00:59)

So, in the last lecture, we saw that we can use the Hyperledger Indy platform to manage
verifiable credentials, verifiable presentations. And also, we can use Indy to store decentralized
identifiers. So, Indy actually can be used for managing decentralized identities as well as digital
credentials. But also, we saw that there is a gap where Indy does not specify how two different
participants can communicate and how they would be able to transfer their credentials and
presentations, etcetera.

So, Hyperledger Aries is a project which provides shared reusable and interoperable tools
designed for solutions which are focused on creating, transmitting and storage of digital
credentials. So, using Indy of course Indy provides a wallet in which we can store the
decentralized identities as well as the verifiable credentials and presentations. However, it is very
difficult to use Indy right an application fast that can get credentials and issue, create credentials,
issue credentials and create presentations and also validate them.

So, and there was a particular gap, which is the transport between the two parties, which this
particular project Hyperledger Aries solves to some extent. So, it is the infrastructure for a
blockchain routed peer to peer interactions. So, in Indy also, we saw that the two parties, the
issuer and the holder, and as well as the verifier, so all the three parties are actually
communicating directly without the intervention of any kind of central server or anything.

So, they are relying on peer to peer communications. So, Hyperledger Aries is actually making
this infrastructure available for having this peer to peer connectivity. So, in the hands-on tutorial,
we saw that we would actually copying the value from one variable to another when we were
trying to emulate the transfer of verifiable credentials from one participant to another.

But in the real scenario, of course, we need some mechanism to actually transfer those
credentials from the two parties, which are of course running their independent applications and
their own instances of the Indy clients, etcetera. So, the Aries framework actually provides some
Aries agents, so these Aries agents are actually the instances of the applications that can be used
by a participant to interact with Hyperledger Indy as well as communicate with other participants
who are Aries enabled or running an Aries agent.

So, these are the most popular three Aries agent implementations. The first one is it is cloud
agent, Python, or in short, it is called ACA-Py. So, ACA-Py is the most popular one and it can be
used for any non-mobile application. It also has some production deployment, so it is being used
in production in some cases. The other two implementations of Aries agents are the .NET
framework for Aries and the Aries Static Agent Python. So, if you want to learn more, you can
go to the Aries repository and read about this.
(Refer Slide Time: 04:44)

So, let us take a look at the overall architecture of Hyperledger. So, this is very specific to the
ACA-Py implementation. So, the ACA-Py from this diagram, you can see that it has three broad
modules or three types of modules you can say. So, the first one is the core capabilities. And then
apart from that there are Aries protocols and the REST API module. So, you can see the Aries
cloud is in Python is here and it is trying to or it is communicating with some components which
are there in the internet. So, here the core capabilities is communicating with a distributed ledger.

So, this distributed ledger is actually the decentralized identity store or verifiable data registry
which can be Hyperledger Indy or any other implementation like psychiatry, etcetera. So, this is
basically the verifiable data registry, which also, which is the DID registry that can be used for
resolving DIDs and also verifiable credential schemas and credential definitions, and also reverse
enlists if any. So, the Aries Cloud Agent can communicate with the distributed ledger for those.

This distributed ledger can be anything. So, it might be Hyperledger Indy, it might be something
else. So, currently, the Aries project has support for Hyperledger Indy, but it can be easily
extended to other distributed ledger based verifiable data registry implementations also. So, apart
from interacting with this distributed ledger, it also interacts with other agents. So, these are
other Aries agency, it might be ACA-Py, it might be some other agents also.
But this two or one Aries agent can communicate with other Aries agents in a P2P manner. So,
how do we write applications using this Aries Cloud Agent? So, for that part, we have the REST
API module. So, you can see that the ACA-Py exposes a REST API to access Aries capabilities,
the core capabilities. We have to write a controller to implement the business logic of our
application.

So, when we are developing an application, we need not change the Aries Cloud Agent or the
any Aries agent that we want to use, rather, we would be writing a controller. And this controller
will be using HTTP requests, specifically REST APIs to execute certain commands in the Aries
Cloud Agent. And then when there are some events, those events can be communicated back to
the controller with the help of webhooks.

So, actually, when you are sending HTTP requests, you will be getting responses back through
here also as HTTP responses, but those will be instant responses to certain commands, it might
happen that you are running an Aries agent and your controller is running, and for example,
without issuing any request some other Aries agent is trying to connect to you. And it might be
sending you a credential request or it might be sending a presentation or whatever.

So, suppose a request is coming from other agents, then this request comes to the core
capabilities and then it goes to the Aries protocols. And here Aries actually needs to inform the
controller that there is some event which is coming. So, for that webhooks are used. So, basically
our controller needs to implement an HTTP client to send HTTP requests as well as an HTTP
server to receive these webhooks events.
(Refer Slide Time: 08:43)

So, if we go into this architecture in more detail, then we will see that the Aries agent, so this is
the Aries Cloud Agent and the core capabilities and then there is this controller which has the
REST APIs and these protocols, these protocols are called DIDcomm protocol which are used
which is basically DIDcomm which is coming from an RFC specified by Hyperledger Aries, you
can go and read more detail about it in the Aries documentation.

So, this DIDcomm protocol is used for communicating with other Aries agents. So, now there is
a particular standard which is being defined by Aries for agent to agent or participant to
participant communication for transfer of these digital credentials and digital identities. And this
verifiable data registry is implementing a DID method. So, it can be implemented as a
Hyperledger Indy blockchain.

And it will be implementing a DID method which will be accessed from the core capabilities of
Aries. And finally, as we discussed the REST HTTP requests and the webhooks coming from the
agent to the controller. So, actually the Aries is one single executable that can be configured via
command line parameters, and it interacts with other agents via pluggable transports. So, this
DIDcomm protocol is actually independent of transports. So, you can use TCP or HTTP or
different kinds of transports, you can implement your own transports.
And these are basically pluggable. So, you can choose what transport to use. Then this Aries
agent manages basically the storage and the different kinds of ledgers and wallets. So, you can
use different wallet implementations. For example, if you are using Hyperledger Indy, then you
can use the Indy wallet or if you are using some other blockchain platform, then you can create
your own wallet implementation.

And finally, it is driven by controller. So, basically, when your controller sends it command, then
it processes that and also it manages messages and protocol state. So, it is stateful, it is not
stateless. So, it always maintains a state about for example, suppose it has an active connection
with some other Aries agents, then it manages that state and it keeps the state of the connection.

(Refer Slide Time: 11:34)

So, how do we install Hyperledger Aries? So, the installation steps are very simple for Ubuntu
Linux platform. So, these commands are very specific to the Ubuntu Linux platform. So, all you
need to do is apt key adv then keyserver, so the keyserver needs to be added, then this repository
has to be added. And finally, apt get update and apt get install libindy. So, this first steps are
actually about installing Hyperledger Indy in general, which will be required for Aries because
we want to use Hyperledger Aries with Indy.

So, if you want to use Aries some other blockchain protocol, then first, blockchain platform, then
first, you need to see that if that is supported or not, currently, only Indy supported fully in
Hyperledger Aries. So, after Indy install, you need to install python 3 Indy so the Indy SDK for
python 3 and that could be used by the Aries Cloud Agent. So, this step, pip install Aries Cloud
Agent will be actually installing the actual Aries or ACA-Py tool.

(Refer Slide Time: 12:53)

So, once you have installed the ACA-Py tool, you can check if it is working properly by running
that command ACA-Py and you will be able to see the versions and different help messages
using these particular commands. So, let us check how these work.

(Refer Slide Time: 13:11)

So, what we can do is we can first try to install Hyperledger Aries. So, ACA-Py agent in general
so python 3. So, you can see that it is already installed in my case. So, it is showing that the
requirements are already satisfied.

(Refer Slide Time: 13:42)

So, if you have this installed, ideally you should be able to find it already added in your path. So,
if you write which ACA-Py, then it should show you that the ACA-Py is installed in a particular
location in my case it is in my home directory dot local bin ACA-Py. So, if you do ACA-Py
version then it is showing 0.5.1 version is installed.

So, the most important commands in ACA-Py are provision and start, so provision so this is a
important command which will be provision in the wallets that can be used to run the ACA-Py
agent, Aries Cloud Agent Python. So, we can see the specific help statements for that. So, this
provides the different options that can be used with the provision command.
(Refer Slide Time: 14:44)

Similarly, we can use ACA-Py start help to see the different options which are associated with
the start command. There are many different options and these are well described within this
particular help string. So, if you want to create or run the agent in a specific way or have some
particular configuration then you have to pass the appropriate options to do that.
(Refer Slide Time: 15:13)

So, once we have Aries installed and working properly or ACA-Py working properly, then we
can actually start the Aries agent and we will be doing so using Hyperledger Indy. So, to specify
what kind of platform you are using behind Aries, you can pass this argument wallet type indy.
So, this option hyphen hyphen wallet hyphen type indy specifies Aries that we are using
Hyperledger Indy.

Then it also takes a very important option which is SEED. So, as we went through the last two
lectures about Hyperledger Indy, we saw that the stewards agents can be actually controlled
using the same SEED that were used to initialize those stewards. So, Hyperledger Insy uses a
SEED string to generate private keys. So, and using the same SEED we can use the same SEED
in Hyperledger Aries also to get control of us toward agent.

(Refer Slide Time: 16:22)

So, when starting an agent instance, so when we are starting ACA-Py at least one inbound and
one outbound transport must be specified. So, these two options are mandatory. So, you need to
pass these. For example, we can do ACA-Py start hyphen hyphen inbound transport then we
have to pass the type of the transport we will be using HTTP transport that is why we are
specifying HTTP then the host name and the port and similarly the outbound transport will be
HTTP.

So, for inbound of course, it has to listen for connections, so it has to listen for incoming
connections, hence, you have to specify the port in which it would be listening. And if we started
in with only these two parameters, of course, it will run, let us see if it runs or not. Inbound
transport will be HTTP and it will be we will bind it to 0.0.0.0. So, listening on all interfaces and
then the port and then outbound transport give it the proper transport name, which will be HTTP,
I hope this would work.

So, yes, you can see that the Aries Cloud Agent has started and the inbound transport is this, the
outbound transports are HTTP and HTTPS. And here you can see administration API is not
enabled. So, I will go, I will come to this what is administration API and how we can use it. So,
apart from the inbound transport and outbound transport, we can use more parameters and I
suppose in most of the cases, you would need to use more parameters.

So, there are options for logging, debugging settings, and also the label for the agents specifying
the agent name, then the wallet. As we saw if we want to use the Indy wallet, then we have to
specify Indy, then we can also enable the Admin API. So, there is an Admin API provided by
Hyperledger Aries with which we can easily get a controller. So, Admin API also works kind of
works like a controller.

So, but we can use that for testing purposes, but it is not meant for production use then the other
automation flags and laser parameters example genesis URL, etcetera. So, there are many other
options one important one is event webhook URL. So, when we are implementing one particular
controller for Hyperledger Aries, then the controller has to be listening for webhooks. And the
Aries agent needs to know in which address those webhooks would be sent to. So, which address
the controller is listening for webhooks. So, for that, you will need to specify event webhook
URL.
(Refer Slide Time: 19:44)

So, we would be going through a set of options which are very important and which can be used
to set up Hyperledger Aries with Hyperledger Indy as the verifiable data registry. And we would
be enabling the Admin API and show that how it works. So, simply, if aca dot py and start
command is being used here with so many options, so we will go through them one by one, the
first two are already covered the inbound transport outbound transport.

And then the other these two options, so this is repeated at the end also, we can give it once. So,
these two options say that admin insecure mode and admin, hostname and port. So, this option is
for experimental purpose only and for debugging Aries. So, admin insecure mode basically
removes all kinds of authentication from the Admin API. And these hyphen hyphen admin
option tells Aries that the Admin API should be enabled and it should be listening to this
particular host and this port, so 0.0.0.0 and 8001.

So, apart from this, there is this option SEED. So, the SEED is some zeros followed by steward1
just like the one we saw in the last lecture with Hyperledger Indy. And then there is the replace
public did. So, combining SEED and replace public did ensures that the DID obtained from this
particular SEED is being will be used by default by Aries. Then we have wallet type Indy and
the genesis file path.
So, we have this very long path here, but you will need to pass your absolute path or a relative
path to the genesis file, genesis transaction file. Then we can give a name to the wallet you can
give any name here. And finally, the log level and log file. So, Aries will be creating a log file in
this particular path. And the log level we have set it to debug so that it logs all kinds of, I mean
log seeing more detail, debug log. So, let us see that how we can start Aries and start the Admin
API and try to do something from the Admin API.

(Refer Slide Time: 22:18)

So, let me just go ahead and paste the same command which we just saw. So, ACA-Py start with
all these parameters, we can see that we are passing a SEED variable here, and we are setting it
to use Indy, we have to ensure that Indy pool is running before running this command. So, press
enter. So, as you can see, it says the administration API is running on port 80014.

(Refer Slide Time: 22:55)

Let us go to our browser and open that port. So, as you can see, it opens Aries Cloud Agent. So,
this is the admin open API interface. So, here, you will see that there are many options inside of
our basic message. So, all these are different API endpoints. Issue credential, trustping,
introduction, many, many things.
(Refer Slide Time: 23:37)

So, what we can do is, so we can do a get request for this status, so it is slash status, which the
server status. So, this is a get request, let us try to execute it and see. So, we are getting some
output. So, this is the server Aries Cloud Agent version, and these are some other informations
about this particular Aries agent. So, this status, so what this particular interface does is, it
basically sends a HTTP get request to this path. And it does not provide any other payload or
anything.
(Refer Slide Time: 24:19)

As you can see this curl command, so we can go ahead and type it out in the terminal also and
see that it could also work. So, this curl command basically sends a GET request to this
particular address. And it passes a header that it accepts JSON type as written. So, if you execute
it, it will also give you the same output as you can see here, version this and then there are some
other information task done 7, task failed 1, etcetera. So, let us try to do something productive
with this Aries Cloud Agent but for that, let us go ahead and start another agent. So, we will be
working with two cloud agents.
(Refer Slide Time: 25:07)
So, this one is already started with a steward. So, this has the ability to create nym beginnings
with the help of nym transactions. So, let us do one thing, let us start another Aries agent. And
now this one we will not be run as steward. Let us run the same command but as you can see, we
have not passed the SEED like here we are not passing the SEED here. So, let us run this. So, it
is running in a different port 9001 as I passed here 9001, 9001. So, the admin started in 9001.

(Refer Slide Time: 25:54)

So, let us open that in the browser also in a different tab, so the same URL just same hostname
just 9001. So, this is the second cloud agent. So, this is the non-steward one, this is the steward
one. So, let us go to the steward one and try to see its DID. So, if you go to wallet, then it will list
wallet did slash wallet slash did request, try it out, execute and see the output it is showing as a
result this particular DID. So, if you go back to the terminal. So, you will see that it has a public
DID information which is this, so this is matching indeed.

(Refer Slide Time: 26:54)

So, if you go to the non-steward one, then in this non steward one let us try to do the same thing,
execute. Yes, so, indeed it has a DID and it has a verification key and everything. So, this DID is
being, I mean already stored in the wallet of the second participant, which is not a steward. So,
what if we try to execute this, try to fetch this DID from the ledger? For that we have ledger
section, let us go to that.

(Refer Slide Time: 27:38)

Ledger, then we have get verkey for a DID from the ledger. So, this is quiring the verification
key of a DID from the ledger. So, try it out, paste this did, as we can see that we can paste this
verification key from the ledger. So, indeed. So, these DIDs are being stored in the ledger. So,
what if we create another, a nym DID.
(Refer Slide Time: 28:10)

Let us create a DID create a local lead execute after executing we have another DID here. So,
this DID is starting the (())(28:23). So, let us copy this one. And now, let us try to fetch it from
the ledger.
(Refer Slide Time: 28:31)
Again go to ledger, slash did verkey, paste the nym DID. Let us execute, we see that there is
some error, so it could not find out this DID here. So, that is why, that is because this create DID
wallet slash DID slash create only creates this DID in the local wallet and does not register it into
the ledger for registering it in the ledger we need to create, I mean do a nym request. So, send the
nym transaction just like in Hyperledger Indy.

(Refer Slide Time: 29:06)

So, what we can do is we can go to the steward because only the steward can send nym
transactions, we then go to ledger then we can go to register nym and it will take two inputs, the
DID and the verification key. If we hit execute, then you can see it is successful.

(Refer Slide Time: 29:36)

Now, if we take this DID and try to get this verification group from this ledger write out execute
then you can see that indeed it can return the verification key. So, it is already, it is now
registered into the ledger. So, from this admin panel you can easily access different
functionalities of Aries. And from this admin panel, you can see the exact HTTP requests which
are being used for those and you can write your controller easily with those HTTP requests and
write your develop your application.
(Refer Slide Time: 30:20)

So, there are many very useful functionalities, so for example, if you see this connection, in this
connection API can be used to create connections between two Aries agents.

(Refer Slide Time: 30:28)

And then after connections are created, you can use these credentials to fetch credential from
wallet or get credential. So, you can also use Aries to register credential, schemas credentials,
definitions, revocation lists. And it also supports presentation.
(Refer Slide Time: 30:51)

So, if you go to present proof APIs, then these are the APIs using which you can handle
verifiable presentations through Aries.

(Refer Slide Time: 31:00)

And these issue credentials are for issuing credentials.

(Refer Slide Time: 31:05)

So, we saw that using Hyperledger Aries and using this admin panel open API interface Aries we
can play around with the different Aries APIs and find out learn more about the functionalities,
which are being provided by Hyperledger Aries. So, using these HTTP API endpoints, you can
easily write your own controller and develop your applications that can use these decentralized
identities as well as digital credentials in the form of verifiable credentials and presentations with
the help of the Aries agent.

(Refer Slide Time: 31:40)

So, in conclusion, we covered Hyperledger Aries which provides communication between
participants and helps in managing different, managing decentralized identities and digital
credentials. And this in, I mean this in addition to Hyperledger Indy, so the combination of Aries
and Indy can be used to very easily develop applications which are trying to use these
decentralized identities and credentials. So, thank you.
 Blockchain and its Applications
Professor Shamik Sural
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 52
Blockchain Security - I
Hello and welcome to lecture number 52 of our course on Blockchain and its Applications. And
today we are going to take up a new topic, which is about security of blockchains. And this is the
first lecture for this particular topic of blockchain security.

(Refer Slide Time: 00:32)

So, today in this lecture, what we will do is that will start from some of the foundational concepts
in blockchain security. We will first discuss various types of risks that exist in different types of
blockchains. And we will divide these risks into two types. The so-called common risks means
the ones that can exist for different types of blockchains be it Bitcoin, be it Aetherium, be it any
other type of blockchain. And then we will also mention some of the specific risks that are more
pertinent in the context of smart contracts. So, we will look at those aspects in this particular
lecture.
(Refer Slide Time: 01:23)

The key words for today's lecture are as follows. We talk about different types of attacks and
vulnerabilities. One of that is the so-called 51 percent vulnerability. We will talk about the
security aspects of private key. We will also talk about a related concept about the criminal
activities that can happen by you call it using or misusing or abusing the characteristics of a
blockchain. So, we will take a look at some of those. And also, we will talk about two other
types of attacks. One is double spending, which we had touched upon in one of our previous
lectures, we will look at it in a bit more detail. And also, we will talk about transaction privacy.

(Refer Slide Time: 02:15)

So, here in this particular slide, we show the broad two types of categorization of risks in
blockchain. Now, if I go back a little and tell you about what is this blockchain used for, what
were the reasons for setting up blockchains, so some of the foundational concepts there were, of
course, decentralized management of the whole thing. So, there is no central authority.

Also, it is some form of there is some self organization in the sense that we know that the
difficulty level is adjusted from time to time based on how much time was taken on an average
for the last several blocks. And also, the reward that one gets a miner gets the reward for
generating a new block that also is halved every almost four years. So, there is a lot of search self
organization that is done in managing blockchains.

Typically, in the context of Bitcoin, I said, of course, for other types of blockchains there are
other adjustments. And if you look at it, that the purpose of this blockchain was to provide a
distributed ledger that is immutable. So, these are basically the three key concepts distributed,
ledger and immutable. So, that was, what was the application of, or the basic concepts are
blockchain.

And on top of it, we had applications like Bitcoin or other types of cryptocurrencies, of course.
So, the underlying technology is about this, having this decentralized operation or a distributed
ledger, and then immutability of that, and all the different protocols that were developed were to
ensure these properties. So, as such, this was not meant to provide a security beyond ensuring
that if something is written to the blockchain, then that cannot be erased, and anybody who can
especially if it is permissionless, it means everybody.

And if it is permission, it would be some selected few. And they can all get access to the data on
the blockchain. Now, with this also came certain risks. And as we will see that these risks
actually exist, because of the fundamental nature of blockchains as I just now mentioned, so out
of these risks in this particular paper, which is really an interesting piece of work, we does a
survey of security of blockchain systems. So, indeed, there exists a lot of different security risks
in blockchain.
(Refer Slide Time: 05:08)

And this particular paper, which was published in future generation computer systems in June
2020, about a year and a half back in its volume 107. So, this actually does a survey of the
different risks in blockchain. And it also does a nice categorization, which is what we are going
to see. So, I would always encourage you to go through these papers that we are referring to from
time to time. And this indeed is one of those, which will give you a very good overview level
idea about the different security risks in blockchain.

(Refer Slide Time: 05:48)

Now, this categorization that we see here in this particular slide, this was also mentioned in this
paper that I referred to. Now, by common risks, what is meant is that these are related to
blockchain and operational mechanisms and these are applicable to both Blockchain 1.0 and 2.0.
And on the other side, there are some specific risks. And these are more related to development,
deployment and execution of smart contracts. And of course, they pertain more to Blockchain
2.0. In this particular lecture will focus on common risks only. And I leave it to you to go
through some of these other specific risks for Blockchain 2.0.

(Refer Slide Time: 06:42)

But of course, before we leave it at that, we will talk about a few search risks for both the two
types of categories or categories of risks that have been identified. Now, in the blockchain
operation mechanism, as we mentioned in the previous slide related risks, we have quite a few,
some of these are listed here, like 51 percent vulnerability, private key security, criminal
activities, double spending and transaction privacy leakage, and these were they are in our list of
keywords at the beginning of this lecture.

On the other side, we have these different risks that arise out of smart contract execution. For
example, there could be some smart contracts which are criminal in nature. That means, of
course, when smart contracts are deployed, they get checked, but then, because these smart
contracts are written in Turing complete languages, and they might have different types of
vulnerabilities like any other program has like bugs and other types of vulnerabilities and also it
is possible to emit some sort of malware in that smart contract and then that becomes a criminal
smart contract which can be used for some nefarious purposes.

So, other than this intentional search malware that might be embedded in the smart contracts,
there is also possibility of some inherent vulnerabilities in a smart contract like as I mentioned,
that for any program, there could be some bugs. So, similarly, there could be bugs in the smart
contracts, which can be then exploited by the attackers.

There could be some under optimized smart contracts meaning that if you remember, for
example, in the context of Aetherium, for deploying smart contracts and for executing smart
contracts, we need to pay in terms of gas. Now, if you write a smart contract, which is not
optimized with respect to gas, then after you have deployed when this particular contract is
invoked from time to time, a lot of gas might get spent.

So, it is important that we optimize the various types of smart contracts, if not, that is a particular
risk. So, it is not necessarily a risk in terms of something bad happening rather than it is about
that one pays a lot more than that is required unless these smart contracts are written in
optimized manner. And finally, this is something interesting that there could be certain
underpriced operations in smart contracts and under price other reasons good, because then one
has to pay less gas for executing those operations through a smart contract.

But the flip side of that is that because those are very less expensive operations, an attacker can
create smart contract or create one smart contract and make multiple invocations of that where
there are too many of those underpriced operations and if that is executed again and again or
invoked again and again, actually, the attacker does not end up paying a lot of gas and convert it
to ethers and then convert it in dumps of some actual currency.

So, it means that attacker now has at his disposal a lot of those operations that he can execute.
And execution of those will in turn cause the other genuine users not being able to carry out their
transactions because the attacker will be again and again invoking these smart contracts which
have a lot of these underpriced operations, and then that will flood the network, and miners will
be actually spending their time mining blocks containing those transactions, and they are not
going to cost much to that occur.
So, that is no one of the risks that like some of the operations are less expensive in terms of gas
cost than what one would typically expect. So, these are some of the smart contract execution
level risks, but we will not discuss those risks any further. So, now we are going to focus in this
particular lecture only about these types of risks. So, let us see some of these risks one by one as
we proceed.

(Refer Slide Time: 11:07)

So, first of all, we talk about this 51 percent vulnerability risk. So, here, if you see, we discussed
about it also before that the security of blockchains is in terms of the difficulty in mining the
blocks. And then that is why people try to pool in their resources. And you might also try it you
are on your own, but you need to typically deploy in specialized hardware like with a normal
desktop or laptop, it might be too time consuming to be able to crack any one of those norms and
generate the required block hash.

So, you also can, by you I mean any individual can also use some ASIC hardware for trying to
mind the blocks, but typically, it is very difficult because others are actually pulling in their
resources and if one tries on one's own, it will be very, very difficult. So, as we see here, on the
top, we have maybe a group of individuals who from a pool pulling in their resources with some
hashing power.
And on the other side, say the attacker has a lot more hashing power. We show here just through
these icons that the attacker has much more hashing power as compared to hashing power of
these individuals. And if actually the attacker or a group of attackers amas a lot of search hashing
power, then they might now go beyond that threshold of 50 percent. So, which is now do not
raise 51 percent vulnerability.

And then what would happen is that even if the users with that limited resources, let us call them
as maybe genuine users for the time being to differentiate from this attacker. So, even if they
keep mining blocks say 11, 12, 13 or so, the attacker also will be mining the blocks like 11
prime, 12 prime, 13 prime, and because of the higher hashing power this attacker will finally end
up also adding a block foot in crime, which may be the regular users or the genuine users have
not yet been able to mine.

And as a result, what happens is that these 11 primes to 14 prime as mined by the attacker, that
will be attached to block 10 and that will from the main chain and these 11, 12, 13 those will
become orphan after some time and as a result, whatever computing power these people had
used, that will go a waste. So, now letting the attacker gain 51 percent of this computing power is
going to make this network very vulnerable.

In fact, there was a time where when these pools were actually getting created, there was a
situation when one particular group of people ended up in a pool that had more than 50 percent
of the computing power, and because of that, they voluntarily some of them left or we had
withdrawn their computational power, so that they honored this particular property of that
nobody will be able to monopolize the block generation.

But of course, when we have honest people that is what is going to happen, but if there is an
attacker, then of course it is the other way and the attacker indeed would like to do that and once
he gets control, it becomes effectively a centralized network because everything every decision
will be actually taken or it will be influenced by what the attacker is trying to do. So, as we saw
that if the other genuine users ended up even mining these three blocks, finally they will not be
the final blocks and it will be these 11 primes to 14 prime that will form the main chain. So, it is
about this concept of proof of work as we know.
(Refer Slide Time: 15:17)

And not only for proof of work, when this consensus is built using proof of stake like one can be
allowed to mine if the owner is having a certain number of coins or their ability to mine or
generate new blocks is determined by the fraction of total such coins they own. So, that is the
notion of stake so that one who has higher stake will be actually be able to mine near blocks
more commonly.

So, whether it is about computational power or about having this stake, if it is more than 50
percent, then it makes the entire network vulnerable. So, of course, that when it is spread over
the entire world, then someone being able to do that is not very easy. But as I said there have
been instances where this some pool finally ended up being very close to this 50 percent and they
decided to drop out. So, this is one of the vulnerabilities we need to live with.
(Refer Slide Time: 16:21)

The other one is about private key security. As we all know that this whole concept of
blockchain, taking example, again, from Bitcoin for our discussions, of course, one part is about
the consensus and the other part is about these digital signatures, and digital signatures are all
based on the private key. So, if you remember that, as Alice tries to make a payment to Bob,
Alice will have to sign with her private key so that anyone can check the signature with her
public key.

Similarly, it will be made to the public key hash of Bob and Bob while claiming it we will have
to use his private key. So, you see that in this simple transaction itself, we need the private key
public key of combination of Alice, so Alice's private key is important from which the public key
can be derived. And on the other side, we have Bob's private key for making the claim. So, what
it means is that it is all related to this private key and for Alice to claim sorry for Bob to claim
also he will need his private key

So, what the attacker can possibly do is that attacker if gets the private key of Alice that means
that Alice will not have further control on her Bitcoins, because any attacker who has Alice's
private key will can behave exactly the same way that Alice would do. And then the attacker
could make the payment using the cryptocurrencies of Alice. And Bob will simply be using her
public key to verify, and it will always match whether it is used by the attacker or by the Alice
herself.
Now, what it means is that one has to definitely be very careful about the private key, but trying
to attack and somehow get to the private key of any such user is going to give immediate rich
dividend. And indeed, more than anything else, it is more likely that people will lose their private
key or it will be divulged to others and in the process, people will lose their cryptocurrencies.
Also, we mentioned once that it can happen that people just forget or lose their private key.

So, by forget, I means that they might have kept it somewhere and then cannot retrieve it. And
one, of course, will not try to remember such a long key. But one can forget word one keep the
private key. So, it is like that. And also, people have been, it is known that people had died
before they shared their private key with somebody else, and hence, those cryptocurrencies were
also lost.

So, to summarize that, it is very important that private keys are kept secure, we have talked
previously about it, and I am repeating it, that is why one can have some special hardware
devices where the private key can maybe kept, and then it can be attached as an external
hardware to the computer and when one is going to use that private key for signing any message
that will be inserted in the USB slot, and then the signing will be done and once the work is
done, it is taken out. So, it is very important that one keeps the key safe and secure, and also that
the attackers, one of the primary targets in the context of blockchain is to get to the private key.

(Refer Slide Time: 20:27)

There are a few other impacts of blockchain. So, these are not really, I would say, security issues
of blockchain per se. But these are actually causing some security issues in the society. For
example, we know this type of malware like ransomware, which would encrypt some files in
your disk, and then say that oh, I will share you the key only if you pay in Bitcoin, you might
have heard about this ransomware called wanna cry.

So, all these, this affected a lot of people throughout the world, and they could actually get away
with it without being caught or being identified even because they are getting payment using
bitcoins and bitcoins being paid in to anonymous addresses. So, they cannot easily be caught.
Similarly, there are different sites like Silk Road and others.

So, which actually allow selling of contraband articles, items like drugs and other stuff in the
underground market and they get or handle payment through bitcoins or other types of such
cryptocurrencies developed on blockchain technology. So, what happens is that they are because
of the anonymity it is difficult to identify the individual who is involved in it in this process.

And also, even if identified because of this being a borderless currency, then it is very difficult to
catch hold of this type of criminal and then try him or her in a particular country, and it is very
difficult to establish the law of which country will be applicable and so on. So, that is what is one
of the concerns of these type of activities that are making use of blockchains.

Similarly, money laundering that what happens is that one can have some unaccounted-for
money, which can be pushed into this blockchain network and then converted that into some
valid coins and then different types of activities can be carried out using those valid coins, but
the source of that might have been just some unaccounted-for money.

And then what happens is that with that now these criminal activities as I said in the middle, they
can be funded or the ransomware can be funded with that. So, you see that the whole purpose of
maintaining anonymity in payment that was the one of the fundamental plans or targets of the
Bitcoin network, for example, and true for other blockchain networks as also is that the same
property is now being misused, and then it is finally converted into some funding for criminal
activities.
Why it is a risk for blockchains? It is because that, if these become very common, then at some
point of time, different countries will try to take action and then they will not be willing to go for
the use of a particular blockchain based cryptocurrency for any kinds of transactions. Like for
example, in our country, we do not allow Bitcoin based or any other cryptocurrency-based
transactions, although trading is allowed.

So, more countries, if they find that this is being used for funding of criminal or terrorist
activities, then they might also be afterward and they might want to shut down these networks.
So, that way, it will end up being a risk for the blockchain technology itself, because as long as
people are using it for good purposes, it is very convenient, and it can actually be done across
borders, which could be really helpful for different types of applications. But if these criminal
activities flourish, then the faith that people have on the blockchain technology that will go
down. And finally, people will start moving out of these types of cryptocurrencies which are
making use of blockchains.

(Refer Slide Time: 25:00)

Next, we will talk about double spending. We know about this from our earlier discussions, but
this is something we want to highlight. And we will tell you why this still poses a risk is that here
we have this example of the attacker who is trying to get some service from a vendor or buying
something from the vendor. And for that, it creates a transaction, which we show in the top and
we call it as the TXv.
So, we have this transaction to vendor and it has got TXv that means V for vendor. And that is
written into, it goes into the blockchain, and the vendor sees that indeed the attacker, of course,
the vendor at that time know that he will have difficulties later. So, the vendor sees that a
transaction from this person say, let us called this person as, say, attacker, say, X.

So, X has actually created a transaction sending money to me, the vendor sees that and seeing
that the vendor can provide the service that was requested, because the vendor would normally
expect that it will actually go into the blockchain and be finalized, and then the vendor will be
able to use that money for his other purposes. So, the vendor provides a service. What the
attacker has done in the meantime, is that when he sent this transaction to the vendor, on the
other side, he created another transaction. And that is meant for a colluding address.

So, we have TXa, a for this colluding address. So, which also goes into the network. And then if
we have this form of a nexus between the attacker and the mining pool, then what can happen is
that this transaction A that is a transaction to the colluding address that will go into the
blockchain first and get confirmed in a block. And later on, when this TXv is trying to get
included in the blockchain, it will be detected to be a double spending and that particular
transaction eventually will be rejected.

As a result, what happens is that the vendor will be able to detect this misbehavior, but by that
time, the attacker has got the output of the transaction. By the output of the transaction we mean
that whatever the vendor had promised to provide as a service against this particular payment,
the vendor has indeed already done so, and the attacker is now gaining that by not making the
payment to the vendor, the attacker is able to actually get the service.

But you might wonder that then this particular amount has gone to someone who is this at this
address A. Actually, this address A is called as a colluding address, because this address whoever
gets the money is in collusion with the attacker. So, attacker will be able to finally actually get a
hand on that particular money which is here with the colluding address. And as a result, it is
basically as good as the (())(28:28), the attacker sending the money to himself.

So, overall, as you have seen, the steps are this TXv is added to the wallet of the targeted vendor,
the vendor provides the service to the attacker not knowing that it will be eventually dishonored
and TX is minus valid into the blockchain. So, this is where this it has gone into the blockchain
and it has been added to the chain, it has been mined by the spool and it has gone into the chain
as shown here.

And finally, the attacker gets this output before the vendor detects the misbehavior. So, that is
how double spending can be done. But as you can see that it means that if otherwise, things were
not compromised to that extent meaning that the attacker could not make the mining pool, mine
the attackers this colluding address transaction first and not the vendors transaction and without
that the attacker could not go for this double spending.

So, normally it will be protected, it will be prevented and by mistake, if one does it, it will be
blocked, but if there is a collusion with the mining pool, who can be somehow motivated to carry
out this transaction first, also, the vendor instead of waiting for this particular transaction to be
actually confirmed in multiple blocks provided the service.

And sometimes that could happen because if you are checking out at a departmental store who is
allowing payment by cryptocurrency, so there as you are checking out, you will provide your
private key and then make the payment and they will let you take out the items that you
purchase. So, they may not have that type of possibility of further waiting for this transaction to
be confirmed. So, there could be certain situations like that. So, indeed, in those particular
situations, these types of attacks will be successful.

(Refer Slide Time: 30:32)

And finally, we talk about transaction privacy leakage. So, if we see that we talked about these
transactions being made to anonymous, these addresses the public key hashes for example, but
you also notice that any transaction that is made it is only coming from another source
transaction. So, if say one say let us consider an example of 5 bitcoin is being paid by Alice to
Bob, Alice must have got from some other sources bitcoins which should be greater than or
equal to 5 Bitcoins.

So, these 5 Bitcoins that is going to Bob that can be traced back to some transaction, which in
turn came from some previous transaction and then previous transaction and so on, which we
show here by this particular diet diagram, this icon this star is this new transaction and it can be
traced back to this transaction which in turn can be traced back to another transaction and which
in turn can be traced back to another transaction and so on.

So, what it means is that although you do not know the particular identity, but you can trace it
back to the previous transactions. And at some point, of time if one of these identities is diverse,
then you will know that from that person where all it went though you may not know to whom it
went, but at least a linkage can be done. So, that is one of the risks which is leakage of the
privacy of transactions.

So, this linkage graph can be constructed as shown here. Now, in order to prevent that new idea
was promoted which is through the use of a model called chaff coins and these are denoted as
mixins. So, what these do is that these are not real coins in that particular cryptocurrency these
are some kind of decoys or camouflage is so what is done is that when a transaction is created
other than the actual source like this one which is actual source, some modes that other coins
which are shaft coins, they are also included in the transaction as if this transaction that is now
getting generated this is having inputs from these three different other sources.

As a result, what happens is that it becomes very difficult to now chain back this transaction to
the exact path from which it has come because each of them can again be some are linked back
to previous say, shaft coins and real coins and so on. So, these are some of the attempts that have
been made to ensure this transaction privacy leakage does not really affect a lot.

But just as this type of work was proposed, like use of mixins for reducing the stance of
transaction privacy leakage, indeed, there were also some other work after this mixins work was
reported, who also showed some of the vulnerabilities of using these chaff coins. By
vulnerabilities, we mean that it is not really foolproof, let us not consider that this is introducing
a further risk, but rather that it is not enough to stop this transaction privacy leakage.

So, we see that a lot of different such risks exist, they have been identified different solutions like
user mixins for preventing transaction privacy leakages, these have been proposed over a period
of time in the literature. But then again there are other work which further show that not all of
them are indeed foolproof or they still could have certain shortcomings, which are identified and
they need to be again be addressed.

(Refer Slide Time: 34:10)

So, finally, to conclude today's lecture, we have introduced the basic risk types in blockchain, the
two types which are like the common ones, which are valid for both Blockchain 1.0 and 2.0, and
some which are specific to smart contracts. And then we have discussed in detail some of the
common risks. And some of these four or five types of these risks and associated vulnerabilities
and how attacks can actually be executed we have discussed those.
(Refer Slide Time: 34:47)

And we have referred to one paper here and from time to time we keep referring to more paper.
So, it is important that you go through these papers because you may not get a text book or even
a reference book, which already has all these types of different attacks and different security
risks of blockchains in it in one place.

And research papers keep coming out every, in every conference every journal issue and which
are interesting and immediately they can provide you some ideas as to current vulnerabilities and
once these are identified, they will be fixed and electronic may not be able to see those
vulnerabilities. So, with that we come to the end of today's lecture. Thank you very much for
your attention.
 Blockchain and its Applications
Professor Shamik Sural
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 53
Blockchain Security - II
Hello, and welcome to today's lecture on our course Blockchain and its Applications. And this is
lecture number 53 of our course. Today we will continue our discussion on blockchain security.
So, the last lecture was the first one on security aspects of blockchain. And today, we will delve
deep into some of the other types of security risks in blockchain. So, this is the second lecture in
the topic, which is blockchain security.

(Refer Slide Time: 00:48)

So, today, we are going to cover essentially one particular type of attack, which is a very
interesting and important attack, which is called selfish mining attack. What we will do is that we
will talk about various scenarios that can actually occur when this particular attack is carried out.
And we will see that depending on the situation, the attacker can decide to take different actions.
(Refer Slide Time: 01:20)

Today, our key words are selfish mining. As we mentioned, here, the attack itself is called selfish
mining attack. So, we will try to understand what is meant by selfish mining. Also, we will see
that this attack actually makes an assumption about a pool of computing resources that is
available with the attacker. Of course, as we will discuss that other than the attacker, there will
also be other miners in this entire blockchain network.

So, it is important to keep in mind that it is not only the attacker who will be mining or its pool
will be mining, there will be other normal, genuine, good, benign users who are also going to
actually keep mining the blocks. So, we will talk about, of course, public blockchain and
generally our focus is on Bitcoin. So, as you might have noticed, that most of these attacks that
we are talking about, they have some connotation that relate to Bitcoin.

This is because that this is bitcoin is the one which is most expensive, if we call it
cryptocurrency, and hence, always the attackers who try to attack the Bitcoin network. So, one of
the keywords that we have is of course public chain, but this public chain by that we do not only
mean that it is a public blockchain, but as we will see that there will be an attackers private
chain, and there will be one which is known to everybody, which we will denote as public chain.
So, that is one of our key words.
And also, we will see that these attackers, what they would do is that they would carry out the
attack by suppressing the blocks they are mined. So, that is something very interesting. So, let us
look at this particular selfish mining attack, which indeed, you will find very, very interesting.

(Refer Slide Time: 03:19)

So, first, this attack that we are talking about, we are going to cover most of the material from
this particular paper, which was published in the financial cryptography conference in 2014. And
that is when a lot of activities were happening and people who are trying to figure out whether
Bitcoin indeed is very useful or it has got any kind of vulnerabilities.

So, what I would always recommend and encourage you to do is to take a look at the papers that
we are referring to from time to time, and this indeed is a very interesting paper. So, I would
advise that you please take a look at this paper. And this will supplement your understanding of
what we are covering in the class. Also, this paper talks about the scenarios in a lot more detail.
We are going to cover the basic ideas here in this lecture.

And beyond that, not only this paper you can search for the selfish mining attack and you will
get lots of other materials on the internet. So, please take a look at those. But this is the paper
where they talk in detail about the selfish mining attack. So, coming back to the slides. Let me
first tell you what this attack is all about what the attacker does.

So, let us assume here that we have a particular status of the chain and say initially we start with
this block number 10 which was a public block, everybody knew about it that this is the latest
block. And when I say everybody we mean that there are these people like others we have shown
on the top and they are the people who are honest users, they are possibly miners they might also
be pulling in their resources to mine the blocks.
So, that is perfectly fine with these miners, which we denote as others. On the other hand, so
these are others as mentioned here. And on the other hand, we have this one on the bottom,
which we denote as the mining pool. And that actually belongs to the attackers, as we will see in
subsequent slides. So, what we denote in these slides as the mining pool basically that is the
mining pool means computing power that this attacker has been able to put together so that is
what we will denote as the mining pool.

So, first is understanding what is this others and what is this mining pool, others as the honest
people mining pool what we denote here, these are the attackers but of course these others also
include many mining pools so let us not be confused in any means that these mining pools up all
those who are in mining pools are indeed causing some trouble, it is not absolutely like that, but
it is the attackers who have formed some mining pool because they need the attackers also need
to come together and have sufficient amount of computing power.

So, that is why we are saying it is mining pool. So, what is happening if you note, so quick
understanding of the icons we have. So, whatever we show here like these type of bold
rectangles, these means that these have been published and these are unknown to everybody. And
what we show here as a dotted as you can see or dashed these rectangles, they denote that these
are they are these have been mined that but these have not yet been published.

So, you understand that or you can think about it like this that say the latest block in the
blockchain was block number 10. And you started mining. So, you yourself can do it. So, you
have some computing power, you got some transactions and you started generating a block and
suppose you got this block number 11. So, what your options are there, you have two options,
one is that you publish the block 11 and then others will validate it by checking whether the hash
indeed is created as per the requirement that difficulty (())(07:57) and the nonce is correct.

And based on that the others will also be now agreeing to treat that as the most recent block head
that is block number 11 added up to block 10. And then people will try to mine after that. So, the
new blocks will try to add after that block 11 and then become blocked well as is shown on the
upper set of rectangles. Also, you had this other option that even though you could mine that
block number 11 which we did not say as block 11 prime, but you do not make it public.
So, you just keep it to yourself. But you could have mined it and if you know that you have
mined it, even though you have not made it public, what you can also do is that you can keep
adding subsequent transactions as a block that will refer to this block 11 prime of yours. And you
can have this next block which is blocked will prime but this is private to you this is not
something that has been made public and likewise block 13 prime and block 14 prime and so on.

And that is what the attacker does. Of course, you will wonder that if it is not made public, then
the blocks that we are denoting as 11 prime, 12 prime and so on that will not go as part of the
main chain of this blockchain. And hence, actually the block reward will not be paid to the
people who are keeping it to themselves like if I did it or you read it and kept it to yourself, that
definitely would not pay you anything because it is not added to the main chain and of course,
you will not get back that this block reward.

But we will see that that is the whole point that the attackers will be actually using this concept
that they can make, that they can create the blocks but still keep them private, till the time when
they feel that it is worth now publishing it, so that is what this selfish mining attack is all about.
So, it is actually mining selfishly in a way that it will be trying to ensure that the others who are
giving honest effort, they initially might find that they are actually adding blocks to the chain.

But later on, what the attacker will do is that attacker will publish a number of blocks together.
And as a result, what will happen that attacker’s chain will be the longest chain that is the target
of the attacker. And then once that becomes the longest chain, even though initially say 11, 12
and 13, were actually generated by or mined by the honest users. And they initially were
performing part of the chain.

But later on, this attacker mines these four blocks 11 prime to 14 prime. And now suddenly,
together, the attacker publishes all these four blocks, then what will happen this now we will
have four blocks added after block 10 while the existing one will have three blocks added after
block 10. So, this one will now become the longest chain.

And as a result, this will supersede what was created by the honest users. So, that is what we will
see in the very next slide, that in selfish mining attack the once it has been generated, then once it
will be published by these attackers, this will become the longest chain.
(Refer Slide Time: 11:30)

So, what is the attacker going to do? So, the attacker is going to pull these resources for
intentionally forking the chain and then keeping the discovered blocks private. So, once this
block has been mined, and the attacker knows that parallelly somebody also has mined a block.
So, instead of following that block, attacker will still keep this block to himself without
publishing it.

So, the attacker has intentionally forked the chain and still keeps the discovered blocks private.
Now, the honest notes what they will do is that they will continue to mine on the public chain.
So, public chain is the one that is known to everybody. But the pool, the white pool means these
attackers pool keeps on mining on its own private branch till certain conditions are actually met.
And what they will do is that, if the attacker can discover more blocks by its own pool, it will
develop a longer lead on the public chain.

And then it continues to keep these new blocks private. So, the attacker can keep on using its
pool to elongating the chain and keeping it private. And as we will see when the attacker is going
to publish its own blocks. So, that is last point we show here is that when the public branch
approaches the pools private branch in length, so the honest people will be adding to the public
branch, the new blocks, and the selfish miners, they will be adding to their own private block.
And then the honest users will not know how many blocks have been actually created and kept
private by the attacker, but the attacker knows how many blocks have been made public. So,
what these attackers will do? Under certain circumstances, they will make their private chains
diverge to the public, and then they will try to ensure that they get more revenues. Now, why
would these people be doing like this, and what are the certain assumptions in it?

First of all, remember that even these though they are selfish miners. So, we of course, do not
assume that they have more than 50 percent computing power, because if it was possible, then
they would not need to do all these things. So, that would be part of that 51 percent mining attack
that we talked about. But these people, what they have is that they have sufficient computing
power, but not really more than 50 person. So, they could be able to mind different blocks from
time to time.

And overall, the other people are likely to mind more number of blocks in an overall given
amount of time as compared to these ones, the so called selfish miner, so that is also quite well
understood. But by playing with the time when the blocks are diverged to the public by the
selfish miners, they are likely to get more revenues.

And the point is that if general people are honest people even if they say that, Oh, there is this
pool who is actually adding more to the chain and then they are generating revenues and even
though if we had earlier mined certain blocks, eventually we are losing out with respect to them,
then what will happen is honest people will start joining that particular pool, and as a result, their
computing power would be increasing.

And finally, they will be even if they do not have more than 50 percent computing power, they
will have a lot of computational power and they will be getting a bigger share of these blocks
mined by their pool as compared to the others. So, what it means is that by initially trying to do
this selfish mining, the attackers will end up giving an impression that Hey, you come and join
our pool and you will get a better revenue. So, that is the whole goal of the attackers when they
carry out this selfish mining.
(Refer Slide Time: 15:54)

So, let us see that what can happen. So, we consider some initial state and we see what the
attackers do and then what we see in the state after the transition. So, what we see here is that say
initially in the diagram for our understanding is that we have the state that is shown here. So, the
initial state is like this as is shown here. And then the other part is that, it is also possible the
initial state is the one that is shown here.

So, that is what we mean by all. But let us first focus on the first state. So, initially what we had,
initially there was this latest block, which was block number 10. So, the attacker knew about it,
the general public also knew about it so that is the only part of the public chain there was no
chain of the attacker. Now, of course, the honest people are also trying to mine and the attacker is
also trying to mine and assume that attacker mined block which is denoted by 11 pool to mean
the attacker spool has mined it.

So, which the attacker knows is attaching to block number 10. And the public has not yet been
able to add anything to the chain had they been able to make one they would have published it.
The same situation it is only that it was not just one particular note that was there, it might be
possible that, for example, this 10 and then from that maybe 11 was the public, 11 pub was the
public's block which was known to everybody.
And attacker by that time had already mined up to 14 pools so from 11 pool all the way to 14
pools these are also with the attacker, but attacker if you see that these are all being shown with
dashed rectangle means the attacker has not made it public. So, from starting from there, so, one
condition is starting from this 10 only in the attacker generating 11 pool the other this or that we
denote here it means that the other possibility is the starting state is this one, where attacker had
these 11 to 14 already generated and now attacker has been able to add this 15 pool.

So, that is what happens, but still, this is one possible scenario. So, we will be showing some
eight possible scenarios. So, this is the first possible scenario where if it occurs either from this
one it goes to this one or from this one it goes to this one, the attacker does not do anything and
till attacker make something public.

So, there is no question of attacker getting some revenue out of it. So, what will happen to these
revenue will be determined depending on the later stages which we will discuss. So, it only
shows that if this was the initial state and attacker gets one additional block, the attacker just
does not do anything and keeps it to himself. So, that is what we intend to do. So, in this
particular slide.

(Refer Slide Time: 19:12)

So, now, we move on to the next slide, where if you see that the initial state is that there are two
branches of length 1, so there was these 11 pubs which was known to everybody and this 11 pool
which was known only to the attacker. And then what has happened is that the pool finds a block.
So, we are referring to what happens in this, this is a state that we denote and this is what
happens.

So, if you see that this was one such block that the attacker had and then attacker has mined one
more which is 12 pool, and the attacker sees that there is this 11 pub which is there in the public
part of the chain. So, what the attacker does is that the attacker spool they publish its secret
branch of length 2. So, now you see that what we have shown here the secret branch has been
published and these dashed rectangles have been converted into these bold lines. So, that means
these have been published.

So, whatever has been put in this dark or continuous rectangles, so they denote that it has been
published, but as soon as this is published, you see what that this block this chain, now it has got
a length of 2 and this has got a length of 1 and it means that this is a longer chain and hence the
general public's that 11 pub which was there here before now it is colored in green meaning that
this is not going to fetch any block generation revenue for the public or whoever had mined that
particular block.

So, that miner is not going to get the payment because of generating that particular block. So,
effectively what happens is a pool obtains a revenue of two, so the pool gets this revenue which
is there for generating each block like it is 6.25 bitcoins or whatever it is currently valid. And this
particular pool or the attacker will now get the revenue for two of the blocks. So, why we are
explaining that is that you will then be able to follow when the attacker is going to diverge its
chain and try to get the revenue.

You might wonder that why did this attacker now actually published both 11 pool and 12 pool
because the attacker as I said that attacker does not have a lot of pool of this computing power.
So, attacker might think that see if the general public now adds one more after 11 pub and
eventually if it becomes more whatever I have mine this 11 pool and 12 pool that will go waste.

So, in order to get that revenue, what it does is that it publishes these two and then it is negative
the effect of 11 pub and this becomes a longest chain and mined it. Everybody now knows about
this particular chain. So, everybody will now be trying to add blocks after this 12 pool. So, that is
what is going to happen at this stage.

(Refer Slide Time: 22:28)

Now, look at this one. There were two branches of length 1 and others find a block after the pool
head. So, you see that this 11 pub and 11 pool were there. And also note that this 11 pool that we
show here, this is also with this bold rectangle meaning that both were made public. So, that
means that after 10, the general public had added 11 pub and the attacker had also mined 11 pool
and also had made this public.
So, now you see that everybody will be trying to mine and based on who got Which one first or
got how many of these blocks from their peers as we had explained before, the miners will either
try to mine the next block by adding after 11 pub or they will be mining to add another block
after 11 pool because they do not know that it is coming from the attackers or something they see
that two such blocks were added there was a fork after 10, 11 pub and 11 pool whatever the
names we give, and then they will be trying to add the next block some of them after 11 pub and
some after 11 pool.

Remember what the attacker will know that I will not try to add after 11 pub. So, attacker will be
trying to add after 11 pool, but people will be divided some of them will be adding after 11 pool
some of them will be adding up to 11 pub. And in this example, what we are saying is that if the
others find a block after pool head, pool head means the attackers this particular block which is
11 pool, and then what will happen that you see that this remember that it has been found by
others.

So, what it means is that those who found others, they will get revenue for this, but now because
it has been added after 11 pool and not after this 11 pub hence the reward for 11 pool will go to
the attacker. So, that is what it says that the pool and the others obtained a revenue for one
(())(24:34), the others for the new head which is 12 pub and the pool for its predecessor, which is
11 pool. So, now by this time, you must have got a feeling of what the attacker is doing, how the
attacker is playing with the blocks that it is generating and then diverting it, when it feels that it
makes sense to diverge and get some revenue.
(Refer Slide Time: 24:54)

So, now, we will continue with the other scenarios that we explained the first few in more detail
for your understanding. So, if you see that it is just something very similar to this third scenario,
but in this fourth scenario, what happened was although there was already a fork with 11 pub and
11 pool, but then others they got this 12 pub but that they added after 11 pub in the previous one
they had added after 11 pool, but in this example they added after 11 pub. So, that means that of
course the revenue for 11 pub as well as for 12 pub that will go to others and the pool will not be
able to get anything. So, that is fairly straightforward.

(Refer Slide Time: 25:42)

Then the other one is even simpler that the pool could not actually mine a new block. So, there is
no private branch others find a block. So, it means that this was the status there was no private
branch. So, this was the only branch or that was the current head of the chain and others found a
block. And others found a block means what they found is 11 pub which was attached to 10. So,
it means that the others will get a revenue for this one which is equivalent for whatever bitcoin is
there for this one block. And now this of course is ahead of the chain and now the pool as well as
the others will start mining on this new head. So, that is fairly straightforward.

(Refer Slide Time: 26:39)

Now, what we see here is that there was a lead of 1. So, we had these 10 and then the starting
scenario was that as we mentioned here that there was a lead of 1 as we see here after 10 this
attacker has this 11 pool, but there is nothing here in the public's chain. So, at this time, so the
attacker was having a lead of 1, but then others found a block and which we show here that this
11 pub was found and it has been added to 10 and of course the others are not keeping it to
themselves so they are making it public.

So, there are two branches of length 1 now. So, the attacker finds that I better now publish my
blog also. So, that is what we see here that the attackers pool has also published its blog and then
this the public also is 11 pub, but as soon as attacker publishes it, we have changed the color
from on blue to green meaning that now it is not determined whether the 11 pub will be part of
the longest chain or 11 pool will be part of the longest chain.

So, that revenue that can be received from this situation cannot yet be determined. So, it will
depend on what happens next. And those situations are actually handled in the previous scenarios
or in the next scenario. So, what we are doing is that the time when these blocks are published by
the attackers, we are trying to see what could happen to the revenue.

Also, you can remember that even in this situation, others will try to add blocks after 11 pub or
after 11 pool because they will be selecting these based on how many of these came as blocks by
from its peers for each of the nodes which are trying to mine which we discussed previously
during our basic elements of blockchain. So, the attackers again has got some advantage,
meaning the attacker will only be trying to add after 11 pool.

But the general public some of them will be trying to add after 11 pub and some of their after 11
pool. So, if the next one gets added after 11 pool, then attacker will get revenue out of this 11
pool. So, that is what we have already discussed in a previous scenario.

(Refer Slide Time: 29:15)

Now, we take a situation with the there is a lead of 2 and others find a block. So, if you see here
we have a lead of 2 and others find a block. So, here 11 pub was there and lead was 2 means that
the attacker knows that I already have 3 with me. And then what has happened is that others have
found a blog. So, after this 11, the others have found a block which is 12. So, the pool what it
does is that it publishes its secret blocks causing everybody to start mining at the head of the
previously private branch.

So, when the attacker sees this attacker will feel that oh, what would happen is that now if I do
not publish it yet, because this is not known at all to anybody, this is only known to the attacker.
So, what the attacker would do is that instead of waiting any further, attacker will immediately
go and then it will publish it. And that is shown here that all these three are now published.

And if you look at this example, those of the public that was 11 pub and blue pub, which are
shown in blue, now that has become green meaning those are the ones which are not going to
generate any revenue. But because 11, 12, 13 pool that is now part of the longest chain, hence the
attacker will be able to get the revenue out of it, because what will happen is that these 11, 12, 13
this is going to be longer than the chain with 11 pub and 12 pub.

And as a result, what will happen is that the next block, people will try to mine after these block
number 13 pool and not after, of course block number 12 pub because they know that this is the
one which is the longest chain. So, as you see here, what we have written is that the pool
publishes its secret blocks, causing everybody to start mining at the head of the previously
private branch.

So, that is what is going to now start and pool obtains a revenue of two. So, now, what happens is
that as mentioned that everybody will start mining at the head of the previously private branch.
So, previously private branch was this 13 pool. So, now everybody will try to mine after this.

(Refer Slide Time: 31:39)

So, with that, we covered seven of the scenarios and then we have this 8th scenario and the last
one, that lead was more than 2 and now others win. So, here we see that the lead was more than
2. So, if we look at this example, that here on the upper side, at the starting situation, the lead
was more than 2. So, you see that here there was nothing in the public view and attacker had
more than two leads. So, attacker already had these 3, and the public had only 1.

So, attacker had this lead of 3, and now the public could mine one more and made it available for
everybody. And we do notice 11 pub. As soon as it done what happens is that the attacker does
not reveal all its blocks. So, what the attacker is trying to do is that attacker is trying to frustrate
the others who are trying to mind something, spend their resources spend their money,
computing power, electricity and all and then even after they got one or two, they finally see that
they are ending up being losers and that one particular pool is always winning.
So, what this attacker is trying to do is they are trying to frustrate them and ensure that more and
more people from those groups actually join its own group. So, what happens if you see in this
situation the pool now we will see it is i-th blocked. So, pool only reveals this one you see that
what we had here that this was dashed line and this is in bold means that this has now been made
public.

So, the attacker actually knows that I still have a cushion of two more blocks. So, even if this
public can mine one more, then I will make all my blocks public that is what was shown in the
previous example, that was scenario seven. So, what it is doing is that one by one it is making
public and why it is doing that, because that it is ensuring that the other party that also will not be
able to get ahead of the attacker, even if it continues mining at the same pace.

So, what it does is that it makes it public and then now you see that it is now a situation where
the lead is 2. Now, depending on who does what it will actually go back to one of the other
scenarios. So, it could be either like this one or like one of the other ones that it keeps on adding
more. So, we go back to one of those states and it will keep on adding more blocks. So, after this
particular scenario number eight, what we have done is that we have covered all the possible
scenarios. And as we have seen that that occur will strategize based on where it sees itself with
respect to the public view of the blockchain.
(Refer Slide Time: 34:43)

So, that is about the selfish mining attack, which is very interesting and of course, that causes
that many other people to join these miners group. So, we discuss that in detail. And we have
seen how the attacker takes various types of decisions under different condition and that is the
interesting part of this particular attack.

(Refer Slide Time: 35:02)

And of course, you please refer to the web links that we have given the paper. And as I
mentioned, there are other papers also related to it or other websites. So, you are encouraged to
go through those sites from that we have mentioned from time to time these resources and that
will of course, complement whatever we have discussed in the class and we will get into more of
the details in depth of this particular data. So, that brings us to the end of this particular lecture.
Thank you very much for your attention.
 Blockchain and its Application
Professor Shamik Sural
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 54
Blockchain Security 3
Hello and welcome to this lecture number 54 of our course on Blockchain and its
Applications. Also, this is the third and final lecture on the particular topic of Blockchain
Security.

(Refer Slide Time: 00:31)

So, the topics that we plan to cover the basic concepts that will be included in this particular
lecture are essentially two types of attacks. One is what we call as Front-running Attack, and
the other is Eclipse Attack, we will first discuss about the eclipse attack and then we will go
into the details of front running attack.
(Refer Slide Time: 00:47)

And, of course, other than eclipse attack and front running attack as the key word we also
have these two other key words like peer to peer network, which will show that it is
something that is of importance in the context of eclipse attacks. And for front running
attacks. We will talk about different types of front running attacks, which we denote as
displacement, insertion and suppression.

Just to give you the context, once again, that in this particular topic of blockchain security, we
are discussing different set of, general types of attacks, some of which could be the or in
general for as we mentioned, that it could be for like 1.0 and 2.0, these generations of
blockchain and of course, we are not talking about specific types of attacks that bought into
this blockchain 2.0, like the smart contract. So, that is the context.

Also, in the first lecture on security, we talked about the different types of attacks, we
mentioned the different types of risks like 51 percent vulnerability, and like privacy, leakage
and so on. So, in that context, we are actually talking about two such new types of attacks,
which we have not yet discussed. And if you remember, in the last lecture, we talked about
selfish mining attack, which was again, another type of attack.
(Refer Slide Time: 02:18)
So, here, what we will do is that will first a talk about eclipse attack, and see how it is carried
out and what it is all about. Before we start the discussion on it, I would like to remind you
that it is best to take a look at this particular paper, which is on eclipse attack, and it was
published in one of the top security symposiums which is called USENIX security
symposium. And it is very well written paper. And it is very important that you go through
this to get more details about what we are discussing the class.

One point that we must make when we talk about eclipse attack. If you see that most of the
other attacks that we have talked about, and also the next one called front running attack that
we will discuss today, these are at the higher application level protocol of blockchain,
meaning that they are not really going to attack the basic way the peer to peer network is set
up for a blockchain.
If you remember that. We said blockchain is a distributed ledger, it is completely running on a
peer to peer network. So, this particular attack this eclipse attack, this is going to make use of
some, call it vulnerabilities are some characteristics of this setting up and maintenance of the
peer to peer network that is embedded in these blockchain protocols.

So, it is going to actually attack those types of vulnerabilities and that is why it is completely
different from the all other types of attacks that we are talking about here. What is done here
in this eclipse attack. So, there is identified victim, the attacker has identified a particular
victim which is shown here, there is a to be victim node.

So, in normal situation, how do we generate this particular network of these peers that when a
new node joins, if you remember, we discussed it in our discussions in the context of
elements of blockchain, where we said that when a new node joins of course, it installs the
software like the Bitcoin software then it tries to reach out to different other nodes and then
set up those nodes from its peers.

So, we have in this example, that this node in the middle that has got a number of such peers
and initially let us assume retaining is really nice and then we do have this particular situation
where these are all normal or honest nodes and this is a node which does not know it is going
to be a victim. And of course, that through its peers like say this one, this one, this one and
this one, this particular node can communicate with this one and again through another hop
maybe through this one and so on. So, that is how it is actually connected with the entire
blockchain network.

(Refer Slide Time: 05:35)

Now, what happens is that now in eclipse attack there is an attacker node, what it will try to
do is that it will try to ensure that it and it is controlled other nodes, they only be the peers of
this victim node, that is the whole goal of this attack. So, the what attacker will do is that it
will now try to join this victim node as its peers. So, what you see here is that initially, we
have these two attacker nodes that also have become peers of this particular victim node.

And then, so, it starts with that and slowly what it will do is that, it will ensure that it gains
full control over that information about who are its peers or its neighbors. So, the attacker
starts with maybe one or two nodes first being peers of this could we victim node, which now
is going to be the victim and then after that, it will ensure that this victim node will not be
able to communicate with the outside world except through these peer nodes, which are all
controlled by the attackers.

So, if as we can see now, in this example, that if this victim node wants to communicate with
this, it has to go through this attacker node and if it has to go through this attacker node and
also if it has to receive anything from its this particular node, then also it is passing through
this attacker node.

And in that case, what will happen is that the attacker now decide what part of the
information which part or which state of the chain to be made available to the victim node
and which part of the chain it will not make available to the victim node, it can control
whether the transactions from the victim node will indeed reach the rest of the network to be
included in the in any other block.
So, if some of these attacker nodes are also doing the mining, what they will do is that they
will selectively may drop some of the transactions of this victim node or they may decide to
include something depending on what is going to benefit them. So, that is what this attacker
is actually trying to do when it is carrying out this type of attack.

And after some time, when it has actually completely covered this victim note that it will be
able to manage the entire flow as is shown here in an abstract way that now the victim has
been isolated from the rest of the network and the attacker node is sitting in between and that
is why it is called an eclipse attack, well like eclipse.

Now, this attacker is shadowing the entire victim node and then it is not letting it actually
communicate with the rest of the network without it being able to mediate whatever it wants
to go either from the victim node to the rest of the network or from the rest of the network to
the victim node. So, once the attacker is able to control the victim node, so, what it does is
that it is it is actually controlling the path from the victim node and the rest of the network it
is not actually completely devastating the full infrastructure between the victim and the rest
of the Bitcoin network.

So, it is letting things pass, but it can selectively decide which part to maybe suppress and
which is not to be suppressed. So, that is why it is not a full key network infrastructure that is
actually completely blocked or made unavailable to the victim node it is just that it is coming
in between in the path between the victim node and the rest of the network.

(Refer Slide Time: 09:24)

So, the question would be that what why would the attacker do this. So, this is the interesting
part that if you see that if the attacker could actually get 51 percent of computing power it
could control the entire network. But in this example, as you can see, that say the attacker
does not have 50 percent, it has got only 40 percent of hashing power.

So, what as we write here is that the benefit is that 51 percent attack can be carried out with
say as an example with 40 percent mining power. So, do not take it literally that it is only
with 40 percent in, in this example it is like that, but it could be depending on the computing
power of the eclipse node and the rest of the network. So, what we show here in this example,
say this particular victim nodes, suppose it had got 30 percent.

And then the rest of the network had got 40 percent, I am sorry, that had got 30 percent
hashing power and this attacker node has 40 percent power. So, if you see overall, this, the
rest of the network and the victim node together had 60 person which was more than 40
person.

But by successfully separating out this particular victim node, what is happening is that now
it is one to one head to head between the attackers hashing power of 40 percent of the overall
and the rest of the network's hashing power of 30 percent. So, basically, the attacker can now
control what it otherwise would have required 51 percent of computing power to control. So,
the attacker is partitioning the miners so that they cannot build on each other’s blocks.

So, it is not possible for these victim nodes to add after the block that was mined by the rest
of the network or the rest of the network cannot add block after the one that was mined by
this victim node. So, instead, this attacker can now have more control as to which one is
going to be added because it has partitioned the computing power of the entire network. So,
the attacker can now outcompete each of the partition miners individually.

So, together if they could join or keep continuing mining, so remember that they are not
necessarily going to join hands and pooling their resources, they will independently try and
then sometimes this will succeed, sometimes that will succeed. But by doing this partitioning,
attacker is ensuring that it will always be more likely to succeed. Of course, there is always
an element of randomness in it, but the chances are, of course, now much higher for the
attacker to actually do the mining.

(Refer Slide Time: 12:00)

So, how it is done, the attacker populates the victims notes, peer tables, of course, for setting
up the peer to peer network, it will need some appear tables where the IP addresses are there.
So, the attacker will populate those tables with its own IP addresses. And when the victim
node starts, it will lose its current ongoing connections which are with the honest nodes.

And then as we had shown pictorially here that initially it was like these with the honest
nodes or normal nodes, then attacker is slowly taking charge and, in these diagrams, whatever
we have shown that is like what we are talking about here now is it is now going to change or
update the list of peer nodes in that peer table by its own addresses. So, finally the victim will
establish all the new outgoing connections to the attackers IP addresses.

(Refer Slide Time: 12:54)

So, what it does is that first populates the IP address. So, each node when it is trying to
communicate with its peers picks its peers from IP addresses stored in two tables. One is
what is called the, so called new table. The IP is the node has heard about and are tried table,
which is IP is the node peered with some point. So, the tables also store a timestamp for each
IP. And each stable stores this IP is in the form of buckets.

So, to find an IP to make an outgoing connection to choose new or tried table to select from
select an IP with newest timestamp and then attempt an outgoing connection to that IP. So,
what happens is that attacker typically populates the tried table with its own IPs and the new
tables with a bunch of some junk IPs. So, what will happen is that if the victim node first
picks up from the new table, it will get a junk IP and where it cannot communicate with so
then it will again try and now it will pick up from the tried table. And now, actually the
attackers IPs will be there in the tried table. So, eventually the victim will be picking up the
attackers IPs to communicate with so what it does is that it ensures a selection bias that more
of attackers IPs will get picked up.

(Refer Slide Time: 14:16)

And if there is a restarting of the node and the restarting can happen many times due to
security or software updates or that there are some denial of service attacks, there is of
course, could be a network failure and or a power failure or ISP outages, we all know that
from time to time we often restart our machines because we find something is not working or
we update something and then get a message that oh now you need to restart your machine.
So, of course there is always a need for restarting a machine and when it is restarted, then all
these tables will now get actually filled in with the IP addresses of the attacker.

(Refer Slide Time: 14:53)

So, this what happens is that these as I said that these IP addresses will be filling in in those
tables. So, that is through this, as we said that the IPs are stored in the form of buckets in
those tables. So, a table will have certain number of buckets and each bucket will have a
certain number of IP addresses.

So, when the bucket is full, then some of these IPs are to be evicted. So, packet is full and an
IPs also to be inserted, then it randomly selects a number of IPs, 4 IPs, and then they delete
the oldest IPs and insert new IPs. So, what we will do is that the attacker will ensure that the
IPs that it has, so it will be having newer timestamp so these new IPs will get added to the
bucket of the peer tables of this particular victim node.

So, what can be done is an attacker IP replaces another attacker IP and so on, an attacker
keeps refreshing the timestamp so that all these will get added or get updated in the particular
peer table of this victim node. So, if we want to ensure protection against these attacks, so
there are of course, the authors of these research papers, while they show the how the attack
can be carried out, they also try to explain that why this attack is being carried out, why, what
vulnerabilities are being exploited by the attacker.

And hence, they also explain how one can actually try to guard against it. So, there are certain
suggestions which are given as mentioned here that eventually so that the IPs are replaced by
honest IPs. So, there are ways in which they can slightly change the protocol in which these
buckets of IPs are actually updated.

So, what people do is that the research community, they try to identify these vulnerabilities,
different types of attacks, then they make it known to the developers like Bitcoin developers,
and also suggest how these vulnerabilities can be fixed so that they cannot easily be exploited
by the attackers. And as they do this, then the developers, what they do is like say Bitcoin
developers, they will ensure that they possibly modify the protocol a little bit, or they try to
fix a bug in their program, which is causing that vulnerability to be there, which is being
exploited. And then they will make a next release of their software.

So, this is similar to any other software where there are people who try to detect the
vulnerabilities and then they report and then they also provide fixes for that. And the
developers actually come up with a new patch or new release altogether and which all of us
typically download and then we are able to fix those bugs. So, that is what is also done. And
the researchers they indeed did the same for this type of eclipse attack for these blockchain
networks.

(Refer Slide Time: 18:03)

Next, we talked about the final attack, which is what is called front running attack in front
running attack what happens is like this, so in front running attack, I will explain what the
steps are. But once again, I would like to remind you that for this block, this particular front
running attack, please refer to this particular paper as is shown here, which is written on the
screen. And this again explains this concept of front running attack in real detail and it is very
easy to read and also to understand. So, what we will do is that will explain what is front
running.

Front-running basically is a concept that if somebody knows that something is going to be

done in future, and based on that, based on that special knowledge, which normally the others
will not have this one, let us call that as attacker takes certain steps so that it gets benefited
out of it.

For example, that here the attacker sees that Alice is going to buy, say some 1000 units of say
ethers in the Ethereum network, and the attacker feels that if so, many things are purchased
by say one party, then the cost of this ether might go up. So, if it goes up, then if attacker
letters around tries to buy 1000, it will have to buy this at a higher price, because attacker
knows this particular information.

So, as we see here, that attacker somehow gets to know about this information that this Alice
is going to buy this particular, Alice is going to buy this particular number of ether. So, this
attacker immediately what it does is that it creates a new transaction that actually purchases
those 1000 ethes. And if you see that maybe Alice was willing to pay a gas price of 5 Gwei,
but the attacker says, I will pay 50 Gwei and then because it is willing to pay more for the
transaction as the transaction costs, the miners will be willing to include the attackers
transaction before Alice’s transaction.

As a result, what will happen is that it is assumed that 1 ether was just just to take an example
was say 100 rupees, then if at least purchase maybe the price would go up to 110 rupees. So,
before it goes up to 110 rupees attacker is going to push in its transaction to buy it at 100
rupees. So, instead of paying this 110 into 1000 rupees, it got it at 100 into 1000 rupees and
that is what is called front running because it is running in front of that other transaction and
how it could do it it could actually do it by pushing the fact that it is now going to get its
transaction before the other transaction.

(Refer Slide Time: 21:14)

This particular paper as we showed, that classifies these front running attacks into three types
one is what is called displacement the other is insertion and finally, the third one is
suppression. So, in the displacement type of front running attack, after the attackers run, so,
attacker has carried out some transaction with you denote as attackers run, Alice’s function
call is not important to the attacker. A typical example is like this that say there is a website
which is up for sale and Alice has said that I want to buy that website.

But the attacker now gets to know that Alice is going to buy that at least this attacker is aware
of the transaction, what the attacker does is that attacker now instead purchases that particular
website address and of course, how can the attacker do it, because the attacker knows and
because it knows means it has already been done by say Alice.
So, Alice has done means that transaction is there but it is not yet confirmed in one of the
blocks. So, it is there in in the pool of transactions which are yet to be finalized, but the
attacker knows it. And then attacker carries out the same transaction for it is in its own name
say for buying that website address.

But this of course, by definition it comes after it is known that Alice had started that
transaction. So, the attacker will front run it and try to ensure that its transaction of buying
that website address goes before Alice’s transaction and it is to be ensured that it goes in a, it
gets mined in a block before the Alice’s transaction and then what will happen is that once
the attackers transaction is executed, attacker gets that website address when Alice says
transaction will reach so that address is no longer up for sales, Alice's transaction will fail.

So, whether Alice's function call is made or not, it is not important to that occur in insertion
after attackers run the state of the contract is change. So, Alice's function call is needed to run
on this modified state it is same as this example, we said that say Alice was willing to buy
1000 ethers and then so, she was expecting to buy it at 1000 into 100 rupees say at 100,000
Indian Rupees it was planning to buy and she was planning to buy but then attacker now
purchase those 1000 at 100 rupees by paying 110 or 100,000 but then the price is shot up to
110. Now, Alice will be forced to buy at 110 and buy for that she has to pay more.

So, what it says is that the Alice’s function call it will be required to run on this modified
state the state was 1 ether equal to 100 rupees the modified state is 1 ether to 110 rupees. So,
Alice’s function call will be now required to run on this modified state. And in suppression
the attackers run after the attackers run.

So, what it does is that the attacker tries to delay Alice's function call and after a certain
amount of delay, it does not really matter whether Alice's function call really gets executed or
not. So, the sufficient type of attack, it is not very common, but we will talk about once it is
sufficient type of attack and you will be able to follow why that is also an interesting type of
attack.

(Refer Slide Time: 24:35)

So, this front running attacks also can be just as we divided into these three types
displacement, insertion and separation. They also can be divided into two types, asymmetric
and bulk. So, all of these three types could be again further divided. So, like if there are these
displacement, insertion, separation, you can also have these differences or these two types of
categorization, asymmetric and bulk.

So, for example, asymmetric is Alice is trying to cancel an offer an offer is an attacker is
trying to fulfill it first, say Alice initially made a transaction that I am willing to buy, say 100
ethers. And later on, she decided she will cancel it. So, attacker has enough ethers to sell so
attacker can sell 100 ethers, but once the taker sees that, Alice is going to cancel that order,
then the attacker will not be able to sell his 100 ethers. What it does is that, it will try to front
run Alice's that cancelled transaction and ensured that he's offering of these 100 transactions,
which is what we have written here as fulfilling that order.

So, the attacker will ensure that his 100 ethers are indeed actually purchased by Alice because
this is first transaction was willing to purchase and the second one was about to cancel that
order. So, what the attacker is doing is that he is front running he's offered to sell before this
Alice’s transaction of canceling that particular order.

So, now, this attacker has come in between these two transactions, it is front running the
second transaction and then attacker will be able to gain out of it in bulk is that the attacker is
trying to run a large set of functions, and Alice is trying to buy a limited set of shares offered
by a form on a blockchain. So, what can happen is that these purchase of the attacker will
cause the prices to go up and it will force Alice to actually carry out her transactions and in a
different state, but then it is because of this large set of functions that the attacker is actually
trying to carry out.

(Refer Slide Time: 26:46)

So, we look at this particular example for our understanding that in the context of these
markets and exchanges, as we mentioned just now, that there is this on the left, there is
unordered mempool that pool of transactions, which is now going to be included in the block
but not yet they are in the block. So, it is done in the mempool and it will eventually be added
in the context of Ethereum network as you can see here.
So, what we have here is that remember that these attackers could be miners themselves and
the miners can decide which all transactions to be put in a block we discussed about that in
detail previously. So, these attackers what they will do is that they will selectively decide
which of those particular transactions will go in and in which particular order.

So, we see that say there were the set of transactions like cans and then it was followed by
what is of interest to us is this particular transaction about canceling this order, and then we
had something else after this as is shown here. And then what is happening is that the attacker
sees that, this Alice is going to cancel the order. So, what Alice, what the attacker will do is
that it will now introduce this particular transaction before that cancellation of the order.

And as a result, what will happen is this particular order of 100 that will satisfy the initial
decision to actually carry out the transaction by Alice and then this will fulfill it and then
finally, this cancel order that is not going to happen. And of course, there are more
transactions buy order 101 and so on, which are going to be there. So, there is no problem
with that, remember that in normal other financial transactions, like in share handling, share
markets exchanges and all this type of front running is usually considered to be illegal and if
somebody does such front running, then there are legal actions that can be taken.

The positive side of blockchain is being decentralized as we have discussed on its virtues, the
flip side is that there is no central authority. So, because there is no central authority, that if
some attacker does this front running and you lose out then you cannot complain to anybody
and also because it is spread across the globe and it is not that one particular such country's
laws will be applicable.

So, even if front running is done, then there is no way you can come out of it and then try to
get some compensations. So, it is easier that is why to carry out such front running attacks in
such a decentralized set cryptocurrencies, like say in Ethereum or in in the context of Bitcoin
or other types of such and cryptocurrencies.

(Refer Slide Time: 29:57)

Then finally, we will take an example here, which is, as I had mentioned that only one type of
the suppression attack that the authors of the paper had noticed, and this is less frequent, but
this is also very interesting. So, it was this game Fomo3D what it did was that it is it is very
interesting, it said that there is a target time when it will close. And any user who purchase
the last ticket will win the money.

So, let us call that winning the money to be saved getting the jackpot, let us just use the term.
So, if say it was a case that on 1st January, 2022, at 10:00AM, the entire game will close and
whoever purchased the last search ticket will get the money. But as soon as any such user or a
player buys a ticket, the deadline is extended by some time, say 3 minutes, as is mentioned, I
am sorry, it is not about three minutes, it extends by about 30 seconds.
So, if one person purchases a ticket, instead of 10:00AM, 1st January 2022, it will be 30
seconds, past 10:00AM on 1st January 2022, if another person purchase a ticket, then it will
extend by another 30 seconds. So, it will be 1-minute past 10:00AM on 1st January 2022, and
so on. So, you see that if someone tries to purchase a ticket just before it is supposed to close
now, it itself will get extended, and then another person can buy the ticket.

So, this way, it will keep on continuing. And there was a feeling that it will actually continue
forever, because always someone will try to buy it at the last moment, and then it will get
extended and then again, someone else will try to buy it in the last moment of that extended
period, it will get extended again and so on.

But then it was found that this actually closed and one particular person or a group they
actually won it. But you see that the common logic would try to say that it will it will go on
forever. So, how did that happen? Why, why was it the case that after that person who won,
purchase the ticket, nobody else purchased and extended it which in the process would have
superseded the claim of this particular person that we are talking about.

What this person did is that is what was actually not figured out is that this person, just before
when the timer was going to timeout, so it was within 3 minutes of that what the winner did
was, winner bought 1 ticket. And then what it did it send multiple such high gas price
transactions to her own DApps.

So, this attacker had all these DApps as shown here. So, these are all attackers, DApps. And
then the attacker purchase 3 minutes before it was going to close. Now, remember that the
attacker did it. And then in order that somebody else purchases the next ticket and extends the
deadline, it is important that that transaction also has to go in in one of the blocks.

What the attacker did was attacker ensured that no other transaction actually gets committed
in a block. That is a trick that that attacker played. How could it do it, it actually flooded with
a lot of such DApps, and then made multiple calls to those and which caused the network to
be congested. And only the attackers transactions through these DApps, those who are now
getting committed to the blocks.

And other users who are also willing to purchase the ticket in the last moment and then
possibly would have extended this game, they could not actually get their ticket purchase
transactions, including the block, and then the timeout occurred. And as the timeout occurred,
this attacker was the last person to buy the ticket, and hence this particular attacker won. So,
of course, it might be as mentioned bribing the miners to prioritize them ahead of any new
ticket purchases.

So, whether depending on the amount of money that was to be won in this game and so on,
the attacker could take some more unfair means beyond flooding with his own DApps
transactions, or he could have actually spent more gas so that the miners will be more than
willing to include his transactions in the blocks. If you remember we talked about some of
these underpriced operations in these smart contracts.

So, it is possible to do a combination of these types of attacks by ensuring that no other such
legitimate ticket purchase transaction will go into the block before that timeout reached. So,
you will see that this is an example where the whole goal was to delay Alice’s transaction as
was mentioned in our context of this very first slide, that this suppression that the attackers
after the attackers run, the attacker tries to delay Alice's function call and after the delay
Alice's function call is indifferent.

So, even if Alice created that ticket purchase transaction after the delay, the attacker does not
really care. So, these are some of the interesting types of front running attacks that one can
carry out there are actual instances of these been carried out.

(Refer Slide Time: 35:26)

So, this actually takes us to the end of this particular lecture of ours today. And to summarize,
we have described two types of attacks namely eclipse attacks and front running attacks, we
have identified the importance of these attacks to be detected on a blockchain by the
researchers and suggesting remedies so that this can be fixed in subsequent releases.

And of course, we have seen that how different such attacks can be combined, like one can
have eclipse attacks and then 51 percent vulnerability or we have talked about these front
running attacks, and which can actually be made use of in then carrying out other types of
attacks, which we already discussed.

Once again, please refer to the web resources that we have mentioned these two particular
papers that we have used in this lecture. And also, there are other more detailed material as
well, that came after these papers are published and they possibly refer to these two papers,
which will provide you with a lot of information.

And that will help you get much more insight about these attacks that we have so far
discussed and more types of attacks. So, because this is the last lecture on blockchain
security, so we also conclude about the entire this particular topic of security of for
blockchains, where we talked about different types of risks and attacks, and then we went
into detailed discussions of some of those attacks.

Of course, this is by no means the exhaustive list, there are other types of attacks which get
detected from time to time. There are some very interesting such papers even published in
2021 USENIX conference, you can go through those papers and other materials to get a more
insight into this very interesting area of security for blockchain. So, that brings us to the end
of our lecture today and also of this particular topic of security in blockchain. Thank you very
much for your attention.
 Blockchain and its Application
Professor Sandip Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 55
Use Cases
So, welcome back to our course on Blockchain and its Applications. So, till now, we have
covered most of the technical topics that we intended to discuss as a part of this course. So, in
the last 6 lectures, we are going to talk about how you can design a use case for blockchain
and certain application aspects that you can think of where blockchain would be potentially
interesting and those particular problems you would be able to solve with the help of
blockchain. So, before going to that, let us first try to understand that what constitutes a good
use case for applying blockchain.

And today's lecture actually covered that part that what can be the potential use cases of
blockchain and to think of whether you can solve your problem with the help of blockchain
or not, what questions you should ask yourself and you can think of putting up sufficient
argument for establishing your logic of using blockchain for solving certain potential
problems.

(Refer Slide Time: 01:37)

So, these are the concepts that we are going to cover we are broadly look into that, what are
the potential use cases of blockchain and then we are going to discuss about what makes a
good blockchain use case.
(Refer Slide Time: 01:52)

So, these are the keywords. So, we are going to highlight the use cases for enterprises of
blockchain and then we are going to discuss in detail study requirements which are there for
defining a problem which can potentially be solved with the help of a blockchain. So, we are
particularly looked to going to look into the understanding that how you can constitute a
blockchain network who are the potential people who are going to use your blockchain based
solution what are the assets that you want to maintain with the help of blockchain and what
are the possible forms of transactions that you can define for your application that can be
utilized or that can be logged on our blockchain based platform.

(Refer Slide Time: 02:39)

Now, to start to let us highlight some of the simple use cases by industry, where people have
already explored blockchain as a potential technology to solve their problems and there are
multiple startups multiple companies who are there who have invested or designed solution to
solve the particular problem in blockchain.

So, obviously, as we, as we discussed that the idea of blockchain became popular because of
this concept of cryptocurrencies that actually in the financial domain. So, how you can do
cross product trading with a digital currency that is not in the control of any government or
any bank or any third party. So, that was the kind of source from where people have started
thinking about blockchain.

Now, the question comes that what can be the potential application beyond cryptocurrencies,
where we can possibly use blockchain because as we already know, that there are lots of
debates which are going on cryptocurrencies, people are debating whether cryptocurrency
should be banned or not, and that is particularly because the legal aspect of cryptocurrencies,
because it is something that is not tractable, you cannot track who is doing what with the help
of cryptocurrencies.

You cannot prevent potential malicious user maybe a terrorist can buy materials that can
possibly be used for doing certain kinds of terrorism or doing certain kinds of attacks and the
government we will have no way to track that, who has actually bought up brought that those
materials. So, these are the kinds of possible dangers of cryptocurrencies and no government
or no bank want to have a currency that is not controlled that is that is completely open,
because, open market always brings certain kinds of illegal activities.

So, you can you can buy illegal items with the help of cryptocurrencies and no one will be
able to track you, no one will be able to even track that, who is selling the items and who is
buying the items. So, these are the potential dangers associated with using cryptocurrencies
and that is why there are these legal aspects which are associated with cryptocurrencies.

But, as we mentioned earlier as that there are different types of applications which are beyond
cryptocurrencies, where you can apply idea of blockchain for developing different types of
financial services. And, in this context these are the list of services where people have
explored possible use of blockchains like trade finance, called cross currency payments,
mortgages, KYC, cross border tax and so on.
So, in the context of trade finance, there are popular blockchain solutions like trade lens. And
we trade such kind of such kind of architectures which are such kind of platforms which are
debt, which are actually very much prominent different banks are part of it, which makes
system automated with the help of a blockchain.

So, you remember that for such kind of applications, where multiple banks are involved and
you need to do that transactions from one bank to another bank and every bank need to
maintain their own asset, so for such kind of applications, such kind of use cases blockchains
is very much suitable. So, later on we are going to discuss about how you can solve such kind
of problems such kind of applications with the help of blockchain, but these are some of the
example use cases.

Then another, another potential area where blockchain can be very, very useful are in the
domain of public sector. Say for example, asset registration. So, in the next lecture, we are
going to discuss about land registration as a possible use case of blockchain and then the
citizen identity management you have already learnt about the idea of distributed identifier
deeds and self sovereign identities.

So, that kind of identity management solution can be used to maintain the identity
information of the citizens of a country. And that way there can be a kind of verification of
the identities and sharing of identity information, obviously, these applications are kind of
very much cross domain that is related to KYC verification, automated KYC verification and
so on. And then, we can have medical records where we can possibly help multiple different
hospitals to share information among themselves.

So, this is one of the potential use case of blockchain where blockchain can be very much
important in the context of medical record sharing, because as you already know, that medical
record is something like a very sensitive data. So, typically the governments or the hospitals
do not want to share that data with others so, one, one hospital will not agree to share the data
with another hospital.

But obviously, if we can have a kind of common platform where everyone can share the data,
then you can have solutions, you can have applications, where you can use techniques like
machine intelligence, to learn patterns from that data and have applications like automated
diagnosis of diseases and so on.
That can, that can be very helpful, but at the same time, the problem comes that whenever
you are going to think that I am going to share the medical data from my territory, and that is
something like a sensitive data. So, that are the data that you have collected from your
patients. So, people may not agree to share their private data with others.

So, the question comes up how we can develop techniques to support such kind of difficulties
which are having direct data sharing. So, in the machine intelligence domain into machine
learning domain people have developed techniques like say federated learning, or distributed
learning now to do distributed learning, blockchain can potentially be a back end to or a kind
of platform to support such kind of architecture where blockchain can potentially log that,
that can that can work like a front end and from that front end, it can log that.

These are the applications which has access to data for this purpose at this amount of time
and so on and you are you are actually not sending the data outside your boundary or outside
your territory, rather you are doing certain kinds of local computation on your system and you
are taking help of smart contract to export the outcome of that analysis on a blockchain based
platform.

So, for example, you want to extract certain patterns from a set of data. So, what you can do
that you can learn that or you can, you can run that local computation on your machine on
your territory, and then whatever be the output from your execution that information is
getting exported in the form of a blockchain. So, that way, you are not sending the raw data
outside rather you are doing partial computation and that partially computed information is
exported outside.

So, that way, the sensitive data is not getting out rather the information out of the data is
getting out with the help of a blockchain and on blockchain you can track that for what
purpose that data is getting accessed and who has access to that data, what type of
computation have been done on that data and so on.

So, that way, you can think up multiple different interesting applications in the medical
domain into medical data shareability, shareability and in developing that, eMedical, eHealth
applications with the help of such kind of blockchain based system also, in the retail domain
blockchain have been utilized there are supply chain which is, which is a kind of prominent
example of blockchain. So, there are techniques or there are solutions like IBM Food Trust,
which uses blockchain to have a food supply chain architecture. And then there are other
detail applications like the loyalty program the information sharing among suppliers and
retailers and so on.

So, whenever there are multiple different parties, who have a kind of common business goal,
but they are kind of competitive to each other they are they are they are competing with each
other to meet their business goal, but if they can share the data among themselves, if they can
share the information among themselves, all of them can potentially be benefited for such
kinds of applications, you can utilize blockchain and blockchain is potentially the more
prominent use case for such kind of applications.

Then, in the insurance domain like claim, processing, risk provenance, asset usage, history
claims file. So, all these things can be automated with the help of blockchain and as I
mentioned that there are different startups who have explored blockchain for developing such
kind of architecture for developing such kind of solutions.

And as I mentioned earlier, that supply chain had been a prominent use case for blockchain,
so, supply chain and logistics. So, there are multiple applications that can be developed on
top of the entire end to end supply chain management architecture. And at the beginning of
the course, we have started our discussion by giving an example of a supply chain if you
remember that we talked about this petroleum supply chain at the beginning.

So, with that, we can have different kinds of applications like supply chain financing,
maintenance tracking, a provenance, then supply chain compliance, all these things be can be
developed on top of a blockchain based architecture. So, there are, as I mentioned that there
are a plethora of applications where blockchains are useful, but the question comes that what
you should think of to effectively utilize blockchain for such kind of applications.

So, we can think up that we can use blockchain for such kind of applications, but from the
implementation perspective, they are not very straightforward. It is not like that you can
blindly take the data and put it over a blockchain and you are done. it is not as simple as like
this. So, there are multiple different things that you need to think of you need to argue you
need to talk about before thinking or before, before deciding whether blockchain is
potentially the best solution for these applications or not. So, what I would always say that
there is no freelance. So, every technology comes with its potential power as well as its own
limitation.
So, this analysis of power and limitations that is very important for deciding whether that
particular application best suites, or that particular technology best suites for your use case or
not. So, it might always happen that apparently you think of that, blockchain can be the best
solution for your use case.

But later on, it might turn out that by implementing your use case with the help of a
blockchain the amount of overhead that you that that gets associated that is much more
compared to the benefit that you are getting with the help of a blockchain. If that is the case,
then no one is going to use it. So, if you remember that whenever we talked about
cryptocurrencies, so initially we had cryptocurrency like eCash that was, that was proposed
and we had that industry counterpart of it, but that was not very successful. That was by
David Chaum.

So, that was not very successful because people found that to use the digital cash the amount
of overhead that they have to think or they have to pay that is much more compared to the
benefit that they are getting. So, how frequently you are going to lose your money or how
frequently you are going to get turn node.

So, it is it is not like that at every moment, you are getting a turn node, every moment you are
having a big pocket so that was the kind of thing they are like, although we understand the
benefit of digital currency, but we also need to have a system aim to ensure that while the
benefit is much more compared to the overall rate, which is associated with the system. So,
same applies to the blockchain.

So, whenever you are thinking of designing certain application on top of blockchain, you also
need to do such kind of trade off analysis and we are going to learn in the next few lectures
that how you can do such kind of trade analysis or what are the different questions that
should come in your mind whenever you are thinking of designing an application, so, with
the help of blockchain.
(Refer Slide Time: 15:29)

So, today I am just going to give you a kind of high-level idea about what are the different
questions you should ask yourself whenever you are thinking of to develop a use case or use
blockchain for a potential solution of an application. So, as I mentioned that identifying a
good blockchain use case is not always easy. You will see that there are millions of research
papers that talks about using Blockchain for IoT, using blockchain for health record
management using Blockchain for blah blah, blah and so on.

But for many of the things as we actually discuss in the next lectures and the subsequent
lectures, that they have overlooked many of the things and because of which, those research
papers are just like a research paper and they are never, never have been the potential to get it
applied in the real environment, because whenever you are going to apply it on a real
environment, you need to think of a lot of different things which are associated with your
problem.

Now, to think of that, what can be a potential blockchain use case you need to concentrate of
three things. So, the first thing is that you should have a business problem that needs to be
solved. So, the business problem means there needs to be a kind of business network, and a
business problem that you are going to solve, that cannot be more efficiently solved data
technology. So, this is somewhere, I want to point out, because, we have seen in the last few
years that people are thinking of applying blockchain for certain problems where we could
have potential, much more potential technologies, that could work better.
So, blockchain is not the optimal solution for those problems. And we are going to see such
kind of problems in the subsequent lectures. But, the thing is that this is something very
important that you need to think or you need to argue that blockchain is something that is the
only solution or that is the best solution for the business problem that you are talking about.
So, that is the kind of first requirement.

The second requirement is that you should have an identifiable business network, so,
blockchain is a decentralized solution, it works over a network. if you just think of
implementing something on your room with the help of blockchain that is that is complete,
unnecessary and overkill of the technology because in your room, everything is your control.
So, when everything is under your control, you do not need a blockchain.

So, you only need a blockchain whenever you are going to collaborate with someone else.
And at that case, both of you find out that while there is no trusted third party, who can
potentially manage your problem, which can potentially manage your data, so whenever there
is a kind of identifiable business network with associated participants assets and transactions,
then only you should think about applying blockchain for that particular problem.

That third requirement is there is a need for trust. So, when we always keep on talking that
blockchain provides a secure architecture that is true in one hand, but at the other hand, the
major benefit comes from blockchain is light, we are bringing inherent trust in the system.
So, you do not have the concept like a trusted third party.

So, you are you are not trusting anyone else for doing your job. So, for example, whenever
you are running something on a cloud-based system, you are actually relying on the cloud
service provider, you are trusting the cloud service provider that that cloud service provider is
not stealing your data. So, so that way, a trust is associated with that.

So, for example, whenever you are purchasing something from an E-commerce website, you
are trusting the corresponding seller or you are trusting the corresponding E commerce
website that they are going to so if you are if you are going to buy a smart phone from that
E-commerce website, you are going to get a smart phone and not a set of bricks.

So, this is this is something that is there in your mind, you are whenever you are going for a
business deal, you are trusting the other party that what the other party is actually claiming
that claim is correct. But blockchain provide to an interface where there is a question on that
trust, you cannot, if you cannot blindly trust someone else, then blockchain is a potential
solution for those kinds of problem.

If you find that you have a trusted third party in your architecture, who can help you to do
that. Say for example, if it is something like that, say all the hospitals under government, they
want to share the data among themselves. Now, if all the hospitals under the government
wants to share the data among themselves, all of the hospitals are managed by the
government, and government is a potential trusted third party, because this hospital authority
they need to trust a government.

So, if they do not trust the government then, then that society cannot run. So, you need to at
least trust your government. So, if the hospital are under government control, then the
government can potentially set up a data repository where all the hospitals is going to put up
their data. So, when such kind, such kind of architecture, you really do not need a need a
blockchain.

So, requirement for blockchain comes when there are multiple other private hospitals, say
one hospital which is another say X, another hospital which is where authorities say Y and so
on. If that is the kind of case then you need a need to think of that. these two are the business
competitors. Mr. X and Mr. Y are the business competitors, and it might happen that to make
the their business more profitable, Mr. X same some wrong information to Mr. Y or cheat Mr.
Y or vice versa.

If that is the case, then then blockchain is potentially provide a solution for those kinds of
problems. So, this is this way the need for trust is the important aspect and that trust can come
through consensus can come through immutability can come through consensus finality or
provenance, whatever property a blockchain typically supports.
(Refer Slide Time: 22:14)

Now, the first requirement that understanding the business problem, so, you should ask this
set of questions to yourself to understand the business problem. First, what is the specific
business problem or challenge that the project will address? So, you need to put the scope of
the business challenge up front. Then, what is the current way of solving this business
problem? So, if a problem exist, then there would be certain potential solution to solve that
problem, it cannot happen that there is no solution, it might happen that a solution is not so
good, that solution is ad hoc.

That solution is something that we call as jugad. So, that can that can always happen, but it is
not like that. There is no solution of that problem. So, you need to clearly study that what is
the current way of solving that problem. And then, third requirement is that assuming that the
business problem is large, what specific aspects of this business problem will be addressed.
So, you will cannot solve everything on a day you are going to solve a part of it. So, you
should ask the question that which part of it I am going to solve. So, that is important thing to
explore.
(Refer Slide Time: 23:32)

The second requirement is that after you have understood the business problem, the second
requirement is to understand the participant of that business. So, who are the business
network participants or organizations and what are their roles. So, if there is no business
network involved, then it is not a good use case for blockchain as I have mentioned earlier.

So, you cannot simply run blockchain for the IoT devices which are deployed in your home
you can just think of a potential application that I have multiple different IoT devices, I have
an Alexa, you have the smart door lock, I have the smart lights, I have the smarty ACs, smart
fan and so on.

And, I would, I would connect all of them with the help of a blockchain. So, that is that is a
kind of extremely bad use case for blockchain. Because all of those devices are ultimately in
your control. And when all of these devices are ultimately in your control, then you do not
need a blockchain for solve that problem. You will need a business network to solve that
problem. So, you need to understand the key users in your business network.
(Refer Slide Time: 24:41)

So, to understand the participants, so you need to ask these questions to yourself, that who are
the participants, how many different types of participants that I have. It might happen that I
have different kinds of participants. For example, in an E-commerce website, you have this
buyers, the sellers, at least this to a broad group of participants, then how will they access and
interact with the blockchain. So, this is very important. So, in many of the cases, I have seen
that people just think of that I will take that that take this data and put it on the blockchain.

But the question comes that how the individuals are going to interact with the blockchain,
what is going to be the interface that you are going to use on top of blockchain. Then, the
participants that are there will they be peer nodes. If it happens that will they are not the peer
in a overlay network, then you cannot run blockchain here.

So, do you need web apps or mobile apps? Are gateways needed? Do you need to integrate to
external data sources? So, whenever you are integrating the external data sources, then you
need to think about interoperability and all these different aspects of blockchain. Then comes
the important question that, who will operate the blockchain. So, it is not like that, that
magically it will happen. So, someone needs to build that solution, someone need to manage
that solution, need to distribute to it other need to bring the participants and the system and so
on.

So, this is a very, very, very important question that who will operate the blockchain and who
will govern and regulate the blockchain. Because you need to also ensure that whatever
information that individuals are claiming that information’s are also correct and people are
not putting up certain junk information in the blockchain and the information that are being
getting inserted in the blockchain, they are publicly verifiable if you are just putting an
information that is not publicly verifiable, then there is no potential use case of blockchain.

So, let me give you an example in this context, in many of the use cases, I have seen that
while people are taking the data from a sensor and putting it that data on the blockchain,
again, that is the kind of stupid use outsets or stupid use case where blockchain unless you are
thinking of that, how to validate that data.

So, when certain data is being generated on the blockchain, and you are putting that data on a
blockchain, a generated from a sensor and putting that data on a blockchain, on what basis
you are going to validate that data. So, you need to have a kind of strong validation logic, you
need to say that this sensor has generated certain data, which is a potential interest and that
particular journal generated data is the correct data.

Not a data which has been generated by some external attacker who has taken a control of
that sensor node and generated some falsified data. So, how you are going to validate that
data? So, as we seen earlier that the financial transactions can be validated by looking into the
history. But sensor data, can I validate it by looking into the history?

So, we need to ask these questions ourselves. So, unless you have a way to validate the data,
that is not at all a potential transaction that you can include within a blockchain. Then, comes
another important question that what is the value or incentive for each participant to join the
network. So, unless you have certain kind of value or incentive associated with it, people are
not going to join on that new platform, there need to be certain incentive. So, that needs to be
thought of that need to be designed.
(Refer Slide Time: 28:16)

Then comes the important aspect of identities. So, do you need to know who are your users?
Say for example, the pseudo-anonymous blockchain like bitcoin does not require user
identities to be verified.

(Refer Slide Time: 28:30)

But on the other hand, in most of the business use cases, some form of identity is required. If
it is a public blockchain, there is an identity oracle linked to a trusted database that could
provide such information sources, the sources can come from governments financial institutes
or utility providers. So, for example, for your Aadhaar verification, you need to rely on the
government database. And, in private blockchains or gateway, your controller ensures that the
identity is verified before credential are issued to the user.
And in that context, we have seen that there are ways to do identity verification in a
decentralized way. So, you have learnt about the concept of decentralized identity
management and that may be the preferred way for such kind of private blockchain
applications.

(Refer Slide Time: 29:22)

Then comes to important requirement of understanding the assets and transactions. So, you
need to ask this question that what assets are involved, and what is the key information
associated with the asset. So, the example that I have given here that you cannot simply put
up the sensor data from a room temperature sensor and put it over the blockchain, that would
be a stupid use case.

So, that sensor data is not actually a kind of very strong assets that you need to maintain with
the help of a blockchain. So, you need certain meaningful information that you can put up on
a blockchain that can be verified by others. So, if a sensor data is being put in this corner of
the room and it takes up certain data and put it up on the blockchain there is no way to verify
that this corner of the room has that temperature. If it is beyond certain threshold that like, if
the sensor says that that room temperature at that corner is 100 degree Celsius.

So, that is that is possibly (())(30:21) but you do not know it might happen that certain fire
has caught at that corner and it is sensing that that data and sensors are also in will faulty. So,
that can be multiple things that might happen. So, you cannot reliably say that that data is
something which is legitimate which carry certain important information that you can store
on the blockchain.
Then, the second question is that what are the transactions involved, and between whom and
what assets are associated with such kind of transactions. So, you need to understand under
what business or contractual conditions assets are under task to transfer from one owner to
another. So, how that asset transfer is happening on top of your business network?

(Refer Slide Time: 31:08)

Then comes defining transactions like what type of processes need to take place in your
blockchain network like that can be invoke accents like add, delete change transfer, also that
can be the possible actions that you want to take and there can be associated transactions,
there can be certain queries that you are making on a blockchain network. So, the thing is that
do you need to control access to this function based on participant type or roles. So, is it like
that you want to make everyone to add or delete something on your blockchain or not? So,
based on that your design would be, you need to design the system accordingly and from that
perspective.
(Refer Slide Time: 31:53)

So, there are a few other additional points that also you need to think of like what are the
main steps in the current workflow and how are these executed by the business network
participants, then what is expected benefit of applying blockchain technology to the business
problem for each of the network participants. So, that is very important. So, you need to
understand that what benefit the participants are getting is the benefit is same for all the
participants are different participants are getting benefited in a different way.

If there is a kind of differential treatment, if such kind of differential treatment, whether it is

going to be important or whether that is going to have certain kinds of adverse effect on your
system or not. And, what legacy systems are involved? What degree of integration with the
legacy system is needed? So, these are the kinds of interesting questions that are important
questions that you need to ask for defining a potential blockchain use case.
(Refer Slide Time: 32:48)

So, in conclusion, what we have seen today in this lecture that we need to think carefully
before applying blockchain directly on a problem, we need to carefully think of that, do we
really need to use blockchain? And what are the pros and cons of using blockchain to solve
this problem. As I have mentioned that this trade off analysis is very, very, very important.

If you blindly apply blockchain for a certain problem, it might happen that the overhead
which is associated with it is much more compared to the benefit that you are getting and you
need to also think of can there be a better technology? Can I use a central database? Do I
have access to a trusted third party, if I have access to a trusted third party did that centralized
solution is the best I do not need decentralized all the time, it is not like that I need to
distribute or decentralized everything. So, it is directly a meet. So, we have a meet that
centralized is very bad and distributed is very good.

And believe me, that is just a bit there are many cases where a centralized store much more
better compared to a distributed system for having a decentralized or distributed architecture,
you need to think of the use cases or you need to think of the applications where actually the
centralization is not possible. So, to argue against centralization, many of the time we put up
an argument that while it is having a single point of failure, but single point of failure does
not mean anything.

So, because we have replicated database, we put we can say so for example, whenever we are
keeping data to a government server, do you think that it is a single server it is not a single
server, while it uses some kind of technologies like rate, there are replicated database, they
are depends your replicated database.

There are a disaster management system which are associated with it so that if the system
fails, even one system fails you have a backup system from where they will be able to
provide you that data. So, that was single point of failure does not mean anything you need to
really think of whether single point of failure is important or you have sufficient backup
support to support that single point of failure or not so that way it is it is very important to do
such kind of analysis.

And finally, that we need to think of that can we define the entities like the business network,
the participant assets and the transactions and so on. So, if you think of by doing all this
analysis that blockchain is potentially the best solution for this use case being go for it.
Otherwise, think of what can be the potential technology for your application.

So, this particular lecture give you an idea that how you can or what you should think of what
you need to think of before applying blockchain for a potential use case. And in the next
lecture, we are going to look into one such use case and going to do such kind of critical
analysis or that use case to see whether we can develop a blockchain based solution to solve
that problem or not. So, that is all for this particular lecture. See you all in the next lecture.
Thank you.
 Blockchain and its Applications
Professor Sandip Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture: 56
A Potential Use Case – From a Critics Perspective

Welcome back to this course on blockchain and its applications. So, in the last lecture, we
have started our discussion on analyzing different use cases or rather potential use cases that
can be developed with the help of a blockchain. And we touched upon several questions that
one should try to find out the answer if they want to design a nice use case or a good use case
of blockchain.

So, the question comes that whenever you have certain problem and you feel that well, the
problems or the requirements that the blockchain can solve, like the transparency, security,
immutability, so all these problems can be helpful for solving your application or solving
your problem. Then also, you need to think of whether blockchain can be the right solution to
solve that application or not.

Because, even for using Blockchain, as I mentioned earlier, we have certain pros and cons,
we have some tradeoffs that we have to think of we have to analyze. And based on that
tradeoff, we have to take decision whether we can possibly use blockchain to solve that
particular problem or not.

(Refer Slide Time: 01:35)

So, today, we are going to look into a potential use case of blockchain from that critical
perspective where we will try to see that what are the advantages that we get if we solve the
problem using Blockchain. And we will also touch upon several open questions that we
should also think of, if we try to develop that application with the help of blockchain.

(Refer Slide Time: 01:59)

So, the broad concept that we are going to cover today is maintaining the land registry
records. So, if you just start with Google, like tense Taylor's application of blockchain or the
potential use cases of blockchain, you will find out that almost all the websites or almost all
the blocks talk about solving this land registry record problem with the help of blockchain.

But today, we are going to be a bit of the will surfocate so, we will try to see from a critics
perspective, what advantages do we get if I try to solve the problem of land registry record
with the help of a blockchain and what are the additional issues that come if I try to solve it
with the help of a blockchain and try to see that what different things, we need to follow up or
what different things we need to understand if I try to develop a solution of maintaining land
registry record with the help of blockchain.
(Refer Slide Time: 03:04)

So, these are the broad topics that we are going to cover today, we are going to understand the
requirements of solving this problem followed by the analysis, the trade-off analysis of
solving this problem with the help of blockchain.

(Refer Slide Time: 03:20)

So, this land registry record, so traditionally or historically, it was paper-based like you had
the paper-based deeds that contained ownership of a particular property or a particular land
and you keep that date for with you forever, not only you but also your next generation or
your parents, they have kept that document with them. And it is mostly a kind of paper-based
deed or paper-based document that contains the ownership information.
Now, with this kind of paper-based registries or the paper-based deeds, the basic problem that
we have is that the information can be lost or that the paper can be lost, it can be destroyed, it
can be falsified, it can also be manipulated. Now, the question comes that if you lose your
deed, if you lose the land registry record for which you are the owner, then you have a long
process to find out a duplicate of it from the registry office, from the government side, get
that information again, get a duplicate information to prove your ownership. And that is a
kind of manual and the tedious process.

Now the problem becomes much more complicated whenever you are going to sell a property
or a land. While going to sale for a property or a land you need to prove the ownership of that
land that you are the owner of the land or you are the sole owner land or the property and
again that is maintained with the help of that deed, if you somehow lose that deed, if you if
that deed got destroyed, then again you need to follow up with government land registry
office to get that duplicate, before you can sell your land or before you can sell your property.

Now, because of such reason and maintaining those things for paper-based and you just think
that this kind of papers, people use possibly once a day or sometime never in their lifetime,
because that is a kind of might be a hereditary property, the land was in the name of one’s
father, and you have just put up that paper in some trunk somewhere kept it and then there is
some kind of natural disaster and everything got washed off.

So, these kinds of things are very common in the context of even our country that many
people they do not have any record of the ownership of a particular land. And typically, this
loss of information or this absence of information, that actually work as a source of different
kind of scams or fraudulent behavior.

So, another problem can be that my ancestor that say, my grandfather had some land in his
name, and that land has not been transferred that was still now in his name. Now, that my
grandfather had 5 sons, and each of those 5 sons, now, they have 2-3 or 4 sons or daughters.
And that too, if you just think of that the entire land which was possibly in the name of one
person, because of that hereditary ownership, it now need to be divided among 20 or 30
different parts and if you do not know or you cannot trace all the owners of that particular
land so that you can come to a common agreement.

So, typically, the malicious realtors, the fraudulent people, they take advantage of such kind
of things. And they try to the deceive people by doing certain kinds of scam certain kinds of
fraud with the landowners to get the information, get the details of the land, or get the land
transferred by their name.

So, this is a kind of very complex business network we have multiple realtors, inspectors,
appraisers, escrow different middlemen in the center end-to-end business. So, these Realtors,
inspectors, appraisers, escrow they basically claim that they are going to help people to do the
best purchase or sale of the property, but at the back end such kind of fraud or such kind of
scam that keeps on going on.

(Refer Slide Time: 07:52)

Now, if you just try to look into the newspaper, you will see that lots of such news has come
almost every day, and these are some of the snapshots that I have taken very recently it was in
last couple of months in 2021 in July, August, September or October. So, you can see that
there are many such incidents indeed, a recent news is that SBI ex-chairman held for fraud in
selling one hotel, below the market price.

So such kind of scams keep on happening and it is not only in India but also in all different
countries where people face such kind of problems, such kind of scams or frauds in the real
estate business and real estate business is known to be one of the rather I would say one of
the pioneer in doing such kind of frauds or such kind of scams because of that fuzzy or gray
information which is available regarding the property or regarding the ownership of a
particular land or a particular property.

Now the question comes that, can blockchain help to solve this problem? So can blockchain
help in maintaining information base, a secure information base, through which we can trade
the lands in a secured and transparent way. And we can possibly be able to reduce the amount
of scams amount of frauds that we see on our day to day life? Now to think of whether
blockchain can help or not the first thing that we need to focus on the set of questions that we
talked in the last lecture.

Well, we need to find out that what is the business network? Who are the participants in that
business network? Who will maintain the blockchain? And what are the transactions that are
going to happen on this blockchain? Well, now in this perspective, there are multiple different
fronts from which we can start looking into the problem.
(Refer Slide Time: 10:09)

So, let us try to focus or let us try to touch up on all these different aspects of the problem
where we are going to see whether this particular problem can be solved with the help of a
blockchain. So, just to start with, let us try to divide the problem into 2 front. So, I have the
land registry that I want to maintain.

So, there are two aspects one is, maintaining the record, that means, I am going to maintain
that land record and second aspect is that, land or property trading. So, these are the kind of
two basic problem or the two broad problem in this enter into in front. So, in one hand, I need
to keep the information that was traditionally paper-based in certain digitized form.

And the second aspect is doing the trading doing the business that means, transferring the
ownership of the land from one person to another person, sell the land, sell the property, buy
a land or property, and so on. Well, now come to this first problem that is maintaining the
land record. So, the question is that, can I use a blockchain to maintain the land record?

Now, here comes one interesting tradeoff. So, first of all, to maintain the land record using
Blockchain. The question is that, who are the stakeholders? Well, so if I just try to list out a
stakeholder, so, one stakeholder is obviously the government, and a second stakeholder is the
landowners.

Now, who are these landowners, the landowners are typically the citizens of the country. So
that means I need to keep up this business among the government and the landowners or the
citizens. So if I just think of that I am going to put up this land registry record on blockchain.
Then comes an interesting problem or an interesting use case. What is that? That is like say,
for example, I am holding a land? Well, I have a piece of land in my name.

That means I am going to put up that information on a blockchain. Now, this is something
which you carefully think of, has a significant trade-off, what is the trade-off? The trade-off is
that blockchain is a world-readable and world writable database. Well, so I am just noting that
this point, so blockchain is world-readable and world writable database.

So what is mean by world readable and world writable? So, world readable and world
writable means, anyone can read from the database and anyone can write from the database.
Now, if I am a part of that database, if I am going to store the information in the blockchain,
that necessarily means that I am not only going to keep my land record on the blockchain, but
I have to keep that data for all other people in the country with me.

Well, because blockchain is nothing but a replicated database. Now, whenever it is a

replicated database, that this basically means if there are 5 persons and everyone is going to
store the land their land record on blockchain, then everyone need to keep up the entire
blockchain with them. Everyone need to keep one blockchain with them, and this blockchain
contains the land record of all these different 5 people.

That means this individual people it is not only keeping its own record, but it is going to keep
the record of all other people who are going to use blockchain for keeping the land record.
Now, this if you just think of carefully this is a kind of very stupid solution. Why this is a
stupid solution?

Because what effectively happening what or what necessarily happening that I am going to
use that information maybe once in my lifetime, that I am going to sell the property or I am
going to buy another property and add it in my record. For one of that lifetime business, I
need to keep up that entire database of millions of people with me, because I have to be a full
node in the blockchain I have to be a part of the blockchain.

Now, this actually makes the entire problem entire solution have a high cost for storage
perspective. And there is another aspect of it. What is that? The aspect of is that whenever I
am putting up that land registry record on blockchain and you know, that the blockchain
typically used pseudo-anonymity of the individual participants where the participants
identities not directly revealed with that kind of database, obviously, the government will
have problems why that is so, because government will always try to keep record or keep
information about the land within that country.

So, it should not happen that one piece of land in India that is owned by a person who is not a
citizen of India, so, the person have to be the citizen of India to have certain ownership or
claim certain ownership on land of India. So, that is that is a kind of typical scenario that we
face. And there are there are lots of such rules regulation, it is not only about the
country-specific, but it is also about the region-specific you cannot buy land in all the regions
in a country.

So there are there are restrictions on that, this kind of restrictions every government would
like to monitor well. So, that means land registry records storing up this database that
ultimately need to be government-controlled. So, when that need to be
government-controlled, that means, from all this discussion, what we can conclude that
blockchain is not potentially a good use case for maintaining the land records.

Well, possibly the government can digitize the information. Well, obviously, digitizing that
digitizing the information is one of the primary requirement. And once the information had
been digitized, then storing that digitized information in some central database, that is the
kind of second requirements.

So, we need to ensure that the information is stored in some secure database and ideally,
because that is government control. And we consider that government is the trusted party
who can maintain that information in a secure way. So, government can provide a central
database, a secured central database on which this land registry record can be kept and that
will have a kind of less over it.

I whenever I need access to that information, I can just log into that system and get access to
that information. So I do not need to put up or I do not need to store that information entirely
with myself that is not only about only my information, but the information of millions other
peoples in the country.
(Refer Slide Time: 19:09)

Well, so, that was the first problem the second problem comes to land and property trading.
Now, let us look into that later we can possibly think of using Blockchain for land and
property trading. So, going back to our discussion on that particular aspect, if you just think
of that, who are the people in that business network whenever you are going to do the
landlord property trading.

So these are the people in the business network, obviously, the government, the real estate
agents like the realtors, the buyers and the sellers, and there also comes 2 other participants,
which are actually a kind of interesting front from where we can try to think of this problem
like the investors and startups. So what are the startups? The startups that the small
companies which are coming to this real estate business.

Now, whenever they are coming to this real estate business assume that they do not have
sufficient funds with them. So what they do, they participate in such kind of crowdfunding
environment, and in that crowdfunding environment, there are multiple people who can
provide fund to them, who can invest fund in that business, and they can take that fund and
then they can use that fund to buy a land and then build up a property on top of that, and then
whenever they are selling that property, the profit that they are going to get from that property
selling that property, that can be distributed among the crowd funders who have funded that
business well.
So, that is the kind of entire idea behind including the investors and the startups in this
business and that actually makes this problem really interesting and provide us a sufficient
motivation behind using this blockchain for solving the problem well. So, the idea is
something like this so assume a small business that comes up and that person is going to buy
some land well, so, this is the corresponding land that the person is going to buy, and a person
does not have sufficient money with him or her.

So, what it does, so, it actually participate in a crowdfunding environment, and in that
crowdfunding environment, there are multiple other people who can fund that person. So,
these people can fund a person, and that way, they can collectively get the fund. So, this is the
kind of crowdfunding environment.

So, these peoples are going to invest in the business and they provide the fund to this
business, and whenever they are getting going to get the fund, buy the land to build up once a
shopping mall on that land and going to sell it now, whenever this person is going to sell it
the profit that that person is going to get this profit is going to be shared by these individual
funders who are there.

So, that way the money gets flown in the entire business network. So, it is coming from the
crowdfunding to the startups who are going to invest in the real estate business and from the
startup, the profit that they are going to get that profit is getting shared again among all the
investors who have invested through that crowdfunding environment.

Now, these parties possibly that we can take help of a blockchain to solve the problem
because again, this is some business which has which need kind of transparency because
obviously, this investors who are investing they need to know that in what price the property
has finally be sold so that they can find out that well, this is the amount of profit that has
happened.

So, it is not like that I can simply tell Hey, I have done this much profit I have done property
X, but with that profit takes I have to also submit a proof that I have actually did profit X
well, and this kind of transparency can be brought if I think of using a blockchain-based
solution to solve this problem.
(Refer Slide Time: 23:15)

Now in this way, the assets that are there in this entire end to end business that the lands the
properties that are built up on that land like the buildings, the shopping malls, any other
properties that can happen and the money. So, the flow of the money in the entire system.

(Refer Slide Time: 23:33)

And the different kinds of transactions that can happen like buy land under properties, sell
lands under properties, crowdfunding an investment or return from a crowdfunded
investment. So, these are the possible transactions that can happen.
(Refer Slide Time: 23:47)

Now, the question comes that whether I should go for a public blockchain or a private
blockchain. So, that is again another decision factor that we need to think of. Now, if we are
going to use a public blockchain the advantage is that it is an open network, anyone can
invest or participate as a startup, well, you do not need any kind of pre-authentication or
pre-authorization to participate in the system, but the problem that you have like you do not
know whom you are investing, because in a public network, anonymity is being preserved
and as a consequence, you do not know that whenever you are going to find some particular
people, whether the real identity of that particular person has been verified or not. So, that is a
kind of open problem, which is there if you are going to use a public blockchain.
(Refer Slide Time: 24:34)

On the other hand, if you are going to use a private blockchain possibly you are in a more
safer environment because you know, the identity of those startups, and that way you can find
out data identity has been verified. So, something like KYC can be incorporated to verify the
identity of that person. So, you are in a closed network with verified identity of individuals,
but the problem is that the question comes that is a kind of chicken and egg problem, that
who is going to verify your identity?

Well, now to verify your identity, you can say that well, the government is going to verify the
identity, the moment you say that a government is going to verify the identity, or some trusted
third party is going to verify the identity. That means you are bringing a trusted third party in
the loop. And the question comes that why cannot that trusted third party help in hosting a
centralized database or a centralized website to which you can do such kind of business?
Well, so that is the kind of open problem that we have. Data as I have mentioned, it is a kind
of chicken and egg problem.
(Refer Slide Time: 25:39)

Now, as I mentioned that if you are going to use blockchain to solve this particular problem,
the advantages that you get are that it provides a decentralized platform and a marketplace, it
can avoid intermediaries, it can bring liquidity in the business, ideally, this land records or the
properties have been considered as a liquid-based business where it takes a lot of time to
validate the ownership and so on.

But here with the help of blockchain, you can make it liquid, can be traded readily. You can
have fractional ownership and crowdfunded investment, it might happen that well, a
particular property is not owned by a single person, but rather, it can be owned by multiple
people. So it can happen that multiple startups can come to a common business well, so it is
something like that, rather than a single startup, there are multiple startup who joined hands
altogether, and they collectively, try to buy a land and while they are joining altogether, there
are multiple other investors and that investors are going to collectively, going to collectively
fund this entire business.

So you can have actually mapping from multiple people to multiple people, multiple
investors to multiple startups, and that way you can whenever the land is being bought, it can
have a kind of fractional ownership, depending on how much has been invested by
individuals. And once they are putting up certain property on that land, like as shopping mall,
and going to going to sell it, then the accordingly the share can be divided among these
individuals. Then you can have reduced cost of transaction and obviously, you can get better
transparency.
(Refer Slide Time: 27:35)

But as I had mentioned that there are many important questions that we need to think of even
I do not have the answer of many of these questions at this stage. I am just opening up it to
you so that you can get some food for thought, where you can think of yourself and try to
debate that whether I can consider these individual systems, or this particular problem to get
solved with the help of a blockchain or not.

So the first question comes down to who are going to be the full node of the system? Well,
whether it is government, investors, startups, the buyers or the sellers, obviously, if you think
that the buyers and the sellers are going to be the full node, that means they need to keep the
information of the entire blockchain with them.
(Refer Slide Time: 28:19)

Now, if you just think of that everyone is a full node, then this question comes, that I am
going to sell my property for once, then why should I download the entire blockchain? To sell
my property, I need to have a huge storage, I need to have a huge computation power to
participate in the business. Then comes the question that say I have sold my land. Now once I
have sold my land, then should I sign out? Once I am done.

Now, if I sign out from that blockchain, how do I resolve a query that comes later on, because
in this real estate business claim might come on after 20 years or 30 years can how that is
going to get resolved? Well, and in that question, context, a question comes to do I need to
keep my keys forever? So this is the kind of digital keys that means the public key and the
private key.

And what if I lose the key? Well so is it like that if I lose the key then I lose the entire my
record and that is something very severe so it might happen that are own a land I have my
own key. Now somehow I have died. Now, what will happen to my son and daughter who
does not know that key?

Well, and in the if you just think about from a bitcoin perspective, there are multiple Bitcoins,
which does not have any kind of ownership just because the owner or the original owner of
those Bitcoins have actually forgot their wallet, the key of their wallet, and as they forgot the
key of their wallet, they will never be able to claim those Bitcoins.
Well, even I am also a victim of that, to be very frank like, in the initial days of Bitcoin I
opened up an wallet and I created a few Bitcoins, although it is a very small fraction that was
in the year of 2013 2014 around that time, but then I just tried it out and then I simply forgot
that wallet key right now, well, because I have forgot the key, I have no way to claim those
bitcoins and those bitcoins now, do not have any honor with them.

So, with Bitcoin, well, I can still tolerate that, because if I just think about the Indian
currency, the equivalent currency is something like 100 rupees or something. And even
nowadays, bitcoin trading, there are lots of debates, whether it is legal or not, and such kind
of things are there, but what happens to a land, because that is something a serious thing. And
if I just forget the key through, which I had an ownership on our particular land, then how I
am going to retrieve it, and that is remain the kind of eternal questions and a very important
question.

(Refer Slide Time: 31:03)

Then come straight if I am not the full node. So if I am not a full node, so the question is that
whom I am going to trust, because if I am not a full node, I have to connect to certain peer,
who is a full node, so whom I am going to get connected to, so that again, kind of open
question.
(Refer Slide Time: 31:19)

Then this particular problem, I mentioned earlier, that blockchain by default is world readable
and world writable. And this is always a kind of privacy concern. That means that I am
trading that I am actually doing, it is open to others, everyone can know that how much
money I have invested or which particular land I have bought, for what amount and so on.

And I might think this is a private information, then I do not want to reveal it to my
competitors, I do not want to reveal it to my to the other people, that might be from a security
perspective as well. So you might claim that, well, I can possibly use the keys to secure this
channel, a particular channel, I will use something like a blind signature, so that people can
know that, well, I have participated in the business, but what particular land I have bought for
how much money that remains hidden.

But again, in this case, the question that remains that who is going to provide the key? How
those keys are going to get generated? And with the keys, there is always this debate that
what happens if I lose the key? And this is some business where I need to maintain the keys
and for individual transaction, whether I can use the same key or whether I need to use a
different key. If there is a different key, then comes this question of maintaining the key and
so on.

Well, and with this key the problem there is that if I forget the key, the information got lost
forever, because we are in a decentralized system that remember, we are not having any
trusted third party who is going to maintain the information. And if I lose something, then I
can go to that trusted third party to reclaim the information that luxury is not here with us.

So typically, in our standard day to day business, what happens that we have the government,
we have the panchayats, the municipalities if I forget something, I believe that the
government has a corresponding records. So I go to the government to get back that record by
proofing our identity. But here, I do not have any kind of such trusted third party or
centralized control. So if I forget the key, everything is lost. So the question comes to how I
am going to manage the key from that particular perspective.

(Refer Slide Time: 33:24)

Then comes the question again, like what should be the credential to participate as an investor
or startup? Who is going to validate my identities, whether I am a fraud or I am a valid
person? Well, so as I mentioned that, we can you can use different techniques, we can use a
trusted third party to validate that information.

But the moment I say that there is a trusted third party then it everything boils down to the
question that if there is a trusted third party, let that trusted third party solve this problem,
rather than making it decentralized, where everyone has to manage their own information,
and if they forget the key, then they lose the information.
(Refer Slide Time: 34:09)

So that way, as we see that there are many fundamental questions, particularly regarding the
ownership, regarding the keys, which are kind of open question and we do not have a kind of
solution or rather than convincing solution of that. And that way there are multiple open
scopes as a blockchain developer, you can also come in to think of to find out whether I can
design an architecture which can possibly take care of all these questions.

Where I would be assured that even if I die with an accident, then my son and my daughter,
they will have the right information so that they will be able to claim the ownership of the
property that I had, well. So, such kind of debate keeps on going on. And we need to think of
a solution to solve these kinds of fundamental problems before putting up the information on
a blockchain.

And as I believe that digitizing the information so, the main source of problem comes from
the fact that meaning of such informations are paper-based. So that way digitizing the
information might solve many of this problem. But then we need to think of that even after
digitizing the solution, what problem remains and whether we can use blockchain to solve
this problem.
(Refer Slide Time: 35:26)

And also finally, I would like to touch upon this point that we have discussed about this
concept of decentralized identity management. And this decentralized identity management
might answer many of these questions that I have put forward. In this particular lecture,
maybe I can use a decentralized identity management solution to design an architecture
which is completely decentralized where the identities of individuals can be proven and at the
same time, as I mentioned, the main problem remains that if I have an accident, and I die,
while losing the keys, my private key, then there would be a method to transfer ownership
from ownership of the property from myself to my children.

So this is that kind of architecture that we need to think of. So, as I mentioned that it is not
very straightforward or very simple to put up the problem directly on blockchain, we need to
think of a lot of additional parameters, additional surrounding problems in this
implementation in this entire design. And we should really put up our mind to solve these
problems so that these kind of questions can be answered and we can design a system which
is usable, and which people can use without any fear on the technology or any fear of losing
the information.

So, that is all for this lecture. In the next lectures, I will come back with a few other use cases
that we will touch upon to give you a kind of pointers about in which direction you should
think of, while design a particular problem with the help of blockchain. So, that is all for this
lecture, thank you for attending, see you all in the next class.
 Blockchain and its Applications
Professor Sandip Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture: 57
Blockchain in Financial Services

Welcome back to this course on blockchain and its applications. So, in the last lecture, we
have debated or rather we have became the will survocate to critically analyze whether we
can utilize blockchain for maintaining the land registry record and we have seen that there are
multiple pros and cons that we need to think of while designing an end to end solution.

(Refer Slide Time: 00:39)

So, today, we are going to be a little bit favorable towards the design of blockchain, we are
going to learn a potential use case or rather a set of potential use cases of blockchain in the
financial sector where people have done pilot implementation and they have tried to see that
whether blockchain can solve the problems that are associated with this particular use case,
and what are the kind of optimized way of implementing a blockchain-based solution. So, in
this context, we are going to learn about the potential blockchain use cases in financial
services.
(Refer Slide Time: 01:19)

And these are the set of concepts which we are going to cover today, we are particularly
going to highlight on cross border payments over blockchain. And we are going to talk about
one practical pilot project that have been taken up by the Singapore government that is called
a project Ubin. So, we are going to learn about the different phases of project Ubin, and how
the project Ubin has been implemented. So, support financial services on top of our
blockchain based distributed ledger technology.

(Refer Slide Time: 01:51)

So, these are the key words for today's talk, we are going to learn about these stellar protocol
and network as well as the ripple protocol and network. So, these are the two protocols,
which are have been widely designed and used for supporting cryptocurrencies for
cross-border trading. And then we are going to talk about this project Ubin.

(Refer Slide Time: 02:11)

Now, coming to this problem of cross-border payment, so, this cross-border payment was the
classic use case for which Bitcoin was created. So, that you can do payments or you can do
trading across different continents, different countries, different zones, without having any
control of the government or any control of the banks or any intermediaries, well.

And this idea that well, you can do that trading without the explicit control of anyone else,
that made this idea of blockchain much more popular and from there, many other
cryptocurrencies have been invented well and till now, we have over 6000 such
cryptocurrencies, not only the Bitcoin, so, although Bitcoin was something which was very
popular, but now, we have many other such cryptocurrencies that support different properties.

Now, when there are So, many cryptocurrencies, there are about more than 6000
cryptocurrencies, obviously, a question comes that what qualifies as a currency? Well, now, if
I just try to look into the definition from the economics, it says that, for some particular token
to be recognized as a currency, this set of criteria must be satisfied, the first thing is that, you
need to have a medium of exchange, whether the merchants are willing to accept the currency
in exchange for goods and services, well, so, that is one primary requirement.

The second requirement is the unit of account. So, we need to think of whether is it a measure
of the real value of goods and services. Say, for example, whether would a merchant be
willing to accept the same value regardless of the relative currency fluctuations, well, and the
third is a store of values well, like you can have a mode of investment on that particular
token.

So, if these three properties are satisfied, then we call it as a currency and typically, the
different cryptocurrencies that have been invested that have been designed in the market they
tried to follow they tried to satisfy these three primary criteria. So, that this particular
currency can be utilized for trading goods and services. Among different merchants or
individual buyers and sellers. So, it can be used in a b2b network, it can be used to or b2c
network and So, on. So, that way as I mentioned that there are different currencies that have
been evolved over time and out of them.

Today in this lecture, I am going to touch upon two of such a prominent cryptocurrencies
which are primarily designed for such cross border trading, while overcoming some of the
limitations of Bitcoin like that require huge computation power and So, on. And from that
aspect we are going to touch upon on those two currencies, which are even pretty much
popular nowadays. So, they are called as stellar and ripple. So, these two particular
cryptocurrency and the corresponding network.

(Refer Slide Time: 05:37)

So, first let us try to discuss about the Stellar protocol and network. So, this stellar is a
decentralized hybrid blockchain platform with open membership. It was launched in 2014.
And it uses this lumens as the native assets, So, lumen system unit or that coin that is being
transferred in the stellar network for exchanging the goods and services. So, this Taylor uses
a concept of Federated Byzantine agreement or FBA, which is the underlying consensus
protocol.

So, I am going to touch upon that consensus protocol very briefly in the next slide. So, this
federated Byzantine agreement or FBA in that particular consensus protocol, so, the quorums
are formed based on participants individual trust decision. So, it is something like that I can
see that there are multiple different informations and both of the information or all of the
informations are correct.

So, my preference will go to one of the information and based on that I would form of a
quorum and then this individual quorum and try to see that where majority of the participants
are participating so, which is the largest quorum based on them gradually the system tends to
move towards consensus, well, so, we basically set up an agreement among those quorum.

So, this particular consensus protocol which is widely known as the stellar consensus
protocol, and that protocol got published in SOSP, a prominent conference in the operating
system domain. Now, with this stellar consensus algorithm, it is again highly scalable it takes
around 2 to 5 seconds to clear a transaction. So, in the stellar network, we use something
called the anchors, which act as bridges between a given currency and the stellar network.

So, that the task of the anchors are basically to make exchanges like say for example, you
want to trade using INR over the stellar network. So, with respect to INR, you need to get the
lumens and participate in the business. So, that transaction is basically done by these anchors,
and as a consequence, it has a distributed exchange. So, in that distributed exchange, you can
pay in Euro with INR balance in your wallet, and the network will automatically convert it at
the lowest rate for you, So, on that distributed exchange network.
(Refer Slide Time: 08:17)
So, here is the link for this stellar network, you can actually go to the corresponding website
to get an idea about the stellar network. So, broadly, this stellar network, it provides a
platform for this kind of cross currency exchange. So, it is a kind of open network as I
mentioned, that anyone can participate anyone can join in the network and in participate in
the cross border payment. So, you can browse to this site, you can find out that the different
transactions that is happening on this stellar network.

And consequently, there are multiple document which are also available. So, you can go to
this learn tab and there you can actually try to understand try to get an idea about what is
stellar, how this stellar network is designed. And what are the individual components in the
stellar network. So, I would suggest all of you to browse through this website to get an
understanding about the stellar network.

(Refer Slide Time: 09:26)

Now, in this particular context, as I mentioned that stellar uses this federated Byzantine
agreement as the underlying consensus algorithm, and this idea got published in a SOSP 2019
paper and this is the title of the paper, fast and secure global payments with Stellar, this is this
article, you can also look into to understand the internals about the consensus protocol of
stellar. So, as I mentioned that it uses that federated Byzantine agreement and in that
federated Byzantine agreement.

One of the interesting idea that it uses it is called a federated voting. So, what is federated
voting? So, in federated voting, nodes try to agree on abstract statements by first voting, then
accepting, and finally confirming statements. So, that means, while they are doing the voting
they follow multiple quorums, and finally, there is an agreement among the quorum. So, the
nodes they keep on voting any valid statements.

So, remember, they can vote any valid statement that the nodes belief to be valid, then it
accepts when a majority votes for that statement, So, that way it forms a quorum, and the
statement is confirmed when quorum anonymously accept the statement.
(Refer Slide Time: 10:47)
So, here is an example about how the quorum are being formed in a stellar network. So,
assume that this is a stellar network and I have these different nodes that are 4 plus 3, 7 nodes
in this network. So, 2 end, So, here, one node starts with voting X, and another node starts
with voting Y. And that way the information gets propagated. So, a part of the node a vote x
and another part of the node a vote y. So, here you can see that the network has been
partitioned.

So, a part of the network they are voting X a part of the network that is voting Y. So,
basically, there are two quorums that have been formed one quorum is on these 4 nodes,
another quorum is on that 3 notes. And at this stage, the individual node starts to accept a
particular statement, when they say that their neighbors have also accepted that statement. So,
in that context, say some node starts accepting X.

So, whenever they see that majority of the nodes have start accepting X. And in the other
quorum, that means in the green quorum, when we see that well in red that is a larger quorum
where the nodes have started accepting X, they also start accepting X, So, this information
gets propagated to the other quorum and eventually, all the members in the network are the
majority of the members in the network, they accept on a single statement, that means they
basically come to an agreement among the quorum to finally accept X.

So, that way the information gets propagated in this federated Byzantine agreement protocol
and this federated Byzantine agreement protocol is actually a very interesting protocol that
runs Byzantine agreement in an open network. So, in an open network, as I mentioned earlier,
it is difficult for all people to know each other. So, because it is difficult for all people to
know each other So, that way they form or they have they form these individual quorums that
I might know few of my neighbors, So, I tried to form a quorums among my neighbors, and
that way, the quorum gradually get increased.

And eventually, it happens that multiple quorums can start interacting with each other and
eventually they actually agree on a particular view of the system. So, that is core idea behind
this federated voting. So, if you want to know more details about this federated voting, I
would suggest you to look into the SOSP paper that gives the internal technical details and
the formal proofs of that federated voting idea which is used in the stellar consensus protocol.

(Refer Slide Time: 13:19)

Now, if you just think about the stellar protocol under network safety and the liveness
property, so, stellar works with a partially synchronous assumption, again, we are bound by
the FLP impossibility theorem here, we cannot support safety and liveness together on a
synchronous environment.

So, first stellar ensures that it ensures safety under asynchronous assumption. So, where the
liveness in stellar it requires a synchronous network. So, whenever stellar finds out that the
network is synchronous, it moves from current view to the next view. So, that way the
protocol make progress in the system. Now, if I just try to look into the performance of stellar
you will see that this x-axis shows the transactions per second and the y axis shown the
latency.
So, you see that with different component in the stellar protocol like the ledger update
balloting and a nominationso, let us focus on that ledger update part which is actually the
time that it takes to update a transaction in the ledger. So, here you will see that we get
around 350 transactions per second, the transaction latency is something near 1000 seconds
1000 milliseconds, that means it is around 1 second.

So, within one second I support around 350 transactions per second. So, that is obviously way
more compared to Bitcoin. And obviously it is not as close as Visa or PayPal, but still it
provides a maximum more scalable way of supporting consensus in a decentralized network.

(Refer Slide Time: 15:09)

Now, let us try to highlight on the second protocol for cross border payment, that is the ripple
protocol and Ripple network. So, ripple was a protocol for the banks to clear and settle
payments in real time through a distributed network. So, ripple was something that intended
to replace RTGS. So, RTGS I think many of you know it the Real time gross payments, so, it
is basically to settle the payments, settle the large valued payments among different banks.

So, ripple uses a consensus mechanism which is called XRPL, XRPL ledger XRP is a default
currency for ripple it allows the payment exchange and remittance to happen without need for
a centralized clearinghouse well. So, typically RTGS involve a central bank of a countries
like for India, the RTGS happens to the Reserve Bank in the while I will discuss about project
Ubin, I will come to that specific points about this consensus about this RTGS and how the
settlement is being done.
But broadly you can think of that, well, you need a central bank like a reserve bank, which
will done that settlement and what ripple does ripple helps in doing that settlement without
the involvement of any centralized clearinghouse. So, it takes on average 5 seconds for
confirmation, it does not have any mining, it uses a custom protocol.

But the interesting fact is that this custom protocol that means XRPL, it has not been
validated for correctness and fault tolerance well, and people also have some gateway nodes.
So, these gateway nodes convert the fiat currency, fiat currency Minister government
provided currencies to XRP. So, XRP as I mentioned that it is the currency in ripple.

Then market makers convert from one currency to another over the Ripple network. Ripple
has a centralized governance. But, because you can actually see that what transactions are
going on over the Ripple network and ripple still holds a large fraction of the cryptocurrency.

(Refer Slide Time: 17:35)

So, you can go to this website ripple.com to see the Ripple network and different properties
that is being supported over the Ripple network. So, here also just like I have shown you for
the stellar you can you can browse to this website, to understand that what are the different
features that are being provided by ripple. And here also you can have under Resources,
different blogs and different materials, which actually talks about these internals of ripples.
Well, so, you can go to this ripple net to understand that, what the network is and how to join
the network, what are the things that you can do over that network and So, on.

(Refer Slide Time: 18:23)

So, as I mentioned that one of the important aspect of ripple is that the correctness has not
been proved, or correctness has not been validated. Indeed, there is a paper research paper
like the title of the paper is analysis of the XRP ledger consensus protocol, which actually
shows that XRPL violates safety and liveness. Indeed, if you just browse over the internet,
you will see that layer there are lots of debates about the correctness of the ripple consensus,
and people are not fully convinced whether ripple provide necessary safety and liveness in its
end-to-end transaction. Now, these are the kinds of two prominent network which are
developed to support such kind of cross border payment.

(Refer Slide Time: 19:13)

And now I am going to talk about this project Ubin, So, this project Ubin is a multi year,
multi institute project that have been taken up by the Singapore government. Basically, this
Monetary Authority of Singapore or MAS is something you can think of it as the central
agency, just like our Reserve Bank, which governed the monetary principles and regulations
in Singapore.

So, MAS, along with different other participating enterprises and industries and governing
bodies they had taken this project Ubin, So, the idea of this project Ubin was that to enable
interbank transfer in on top of the distributed ledger to support Singapore dollar on top of a
distributed ledger.

So, as I mentioned that it is a collaborative project with the industry to explore the use of
blockchain and distributed ledger technology for clearing and settlement of payments and
security. Securities means that goods and services that you are going to get with respect to
certain payments, that means during your trips, so, this was taken up by the MAS in
November 2016. And it concluded around the end of 2020, just at the end of last year, in the
MAS website that detailed reports are available.

So, you can browse to this detailed report to get an idea how that entire end-to-end
architecture have been taken up and what are the things that MAS along with other industries
they have explored to support cross border payment on top of our DLT based platform.
(Refer Slide Time: 20:50)

So, this project Ubin was a 5 phase project. There was from phase 1 to phase 5. Individual
phase had different names, Phase 1 was named as, Tokenized SGD, then phase 2 was
Re-imagining RTGS, phase 3 was delivery versus payment DVP. Phase 4 was cross-border
payment versus payment, PvP and phase 5 was enabling broad ecosystem collaboration on
top of DLT.

(Refer Slide Time: 21:16)

So, let us try to see the highlights of this individual phases of the project Ubin. So, phase 1
was tokenized SGD. So, MAS it formed a consortium of financial institution to conduct
interbank payments using the blockchain technology and these are the set of different
organization which had participated in phase 1 of project Ubin. Bank of America, Merrill
Lynch, Credit Suisse, DBS bank, HSBC, JP Morgan, Mitsubishi UFJ, OCBC, R3, Singapore
exchange or SGX, United overseas bank.

So, these are the organization collectively with MAS they tried to export or explore whether
DLT can be used for managing the interbank payments and interbank securities. So, it
includes the DLT based payment in MEPs. So, MEPS is Singapore's Central Bank's payment
system. So, the full form is mass electronic payment system MEPs.

So, typically in MEPs what happens that for interbank transfer, the participant banks deplete
cash into a custody account held at MAS well. So, this is the custody account or this is the
kind of reserve account in MAS. So, what MAS does that depending on the interbank
transfer, there is no physical fund transfer, but what they do, they keep on updating the
individual bank account that this much amount has been transferred from this account to this
bank to that bank.

So, that way they just maintain the registry rather than doing any kind of physical money
transfer and, in RTGS, so, same kind of things happen. So, in your RTGS you have a central
authority or you have a kind of central bank kind of system.

(Refer Slide Time: 23:18)

So, in RTGS, you have the central bank. So, the central bank maintains a reserve account for
individual banks, So, B1 B2 like this, and now, I have individual banks say B1 and B2. Now,
say one of you want to make a transfer from bank 1 to bank 2, now, whenever you are going
to make a transfer from bank 1 to bank 2, so, this needs to be a kind of huge money a large
sum of money for small money transfer, you cannot use RTGS for that you will have to use
NEFT or other things.

For large body fund transfer say assume that you want to transfer some 2 lakh. You want to
transfer these 2 lakh from bank 1 to bank 2. Now, whenever you are going to transfer this
amount from bank 1 to bank 2 what happens that bank 1 just send that information to the
central bank and the central bank it deduct this 2 lakh from the reserve account of bank B1
and add it up to the reserve account of bank B 2.

So, for bank B1. It deduct raise 2 lakh and from bank B2 it add raise 2 lakh. And that way the
amount is being transferred from B1 to B2. So, there is no physical money transfer that is
happening here, it is just like the updating of the record well, and a central bank is going to
manage that. So, these things in Singapore RTGS system that equivalent RTGS equivalent
system is Singapore that is called these MEPs plus mass electronic payment system plus So,
they are for this interbank transfer the individual banks they contact the MAS and MAS
update their records in this particular way.

(Refer Slide Time: 25:35)

So, that is the kind of broad idea in this interbank payment methodology. And what happens,
in turn, that this project, Ubin been actually focused on digitizing this transfer over
distributed ledger technology, so, that individual bank can directly do the transfer from
themselves without waiting for the MAS to settle the payment.

Well, so, it is something like that, whenever you have this bank a system so, whenever you
are making such kind of transfer or bank a system, that information is automatically updated
in DLT that is being maintained in project Ubin and the amount is getting transferred from
bank A to bank B and the information is also readily available to MAS. Well, so, you do not
need to go through this RTGS system anymore.

So, the RTGS system that legacy RTGS system was also interconnected over this DLT
connector, if you do not want to use this project, you will be not DLT you can use that
traditional RTGS system or the MAS will the central bank will do that settlement. But
otherwise, if you use that distributed ledger technology, immediately the information will get
updated to all the participating banks. So, that was the kind of code idea in the phase 1 of
project Ubin.
(Refer Slide Time: 26:54)

Now in phase two, it tries to solve one of the important problems in RTGS which typically
happens and that is known as gridlock. So, this phase two of project Ubin, it was led by MAS
and association of banks in Singapore or ABS. So, it developed a proof of concept
architecture of supporting DLT based RTGS or other MEP s plus using three DLT platforms
Ethereum, fabric, and R3 Corda, the project has been open source, so, the link is given you
can go there and you can browse the project.

So, as I mentioned, it solved a typical problem in gridlock. So, what is this gridlock lock
problem. So, gridlock problem is that so, assume that three parties in individual banks, they
are doing the transaction in the same way that from bank 1 there is a transfer of 100k dollar
from bank 2, then from bank 2 there is 130k dollar transfer to bank 3, and from bank 3 there
is a 50k dollar transfer to bank 1.

Now, if you just think about the individual assets available with individual bank, bank 1 have
50k dollar, bank 2 had 100k dollar and bank 3 had 20k dollar. Now, here you can see with
this balance which is available with these individual banks, you cannot do these transactions
you cannot do a transaction of 100k dollar from bank 1 bank 2, because bank 1 had 50k
dollar you cannot transfer 130k from bank 2 to bank 3, because bank 2 had 100 dollar.

You cannot transfer 50k dollar from bank 3 to bank 1 because bank 3 had 20k dollar but if
you just try to do a net transfer you will see that this net transfer is successful that the transfer
can be succeed because, if you just eventually think of that, well bank 1 is going to transfer
100k and bank 1 will maintain a balance of dollar 50k once they are transferring this 100k.

Then bank 2, the balance of bank 2 becomes 200k and then bank 2 to transfer 130 k so, the
bank 3 two’s balance becomes 70k and this 130 k gets added to bank 3. So, the balance or
bank 3 becomes 150k now, in this bank 3 can transfer 50k, so, effective balance becomes
100k and this 50k can gets added up to bank 1 and bank 1 had negative 50k balance. So, this
50k gets added up and effective balance becomes 0 for bank 1.

Well, so, if I just tried to think about the net transfer assume that a negative balance is
possible then these transfers can be done well. So, what the phase 2 project Ubin does project
Ubin tries to realize that on top of a DLT platform and this is the kind of architecture which is
being done there. The effective team things, I have just shown you that this effective transfer
of 50k from bank 1 to bank 3 happens and 30k from bank 2 to bank 3 happens by computing
the date of these transfers, these three transfers, and that data transfers become successful.
And that way it solves the particular gridlock problem which can happen in large scale RTGS
transfer.

(Refer Slide Time: 30:26)

And then comes the phase three of project Ubin. It uses this delivery versus payment. So, the
delivery versus payment DvP. In summary, it means that the cash payment for a purchase
security occurs prior to or upon its delivery. That means whenever I am trading with you, you
are going to deliver whatever I have purchased and then only I am going to transfer the
money.

So, this confirmation that this delivery of the goods followed by the delivery of the money.
This needs to be atomic and that is being supported by the phase 3 of project Ubin. So, the
counterparties or the traders meet at an agreed time to exchange the agreed assets. So, in this
phase MAS and STX collaborated to realize domestic DvP settlement on two separate
blockchain platforms.

(Refer Slide Time: 31:14)

So, what did this? This is a kind of broad architecture of the system. So, you had a cash
ledger between the buyer and seller which handled cash transfer from buyer to the seller and
then a securities ledger which transfer which maintains the goods transfer from the seller to
the buyer. And then these two network has been implemented with 3 different platform.

Like in prototype 1, quorum was for cash ledger and one permissioned blockchain for
security ledger for prototype 2 Etherium was cash ledger, hyper ledger fabric as the security
ledger. In prototype 3, hyper ledger fabric Nasdaq cash ledger and chaining Nasdaq security
ledger. So, they developed a predefined set prototype for doing these atomic transactions for
Dvp payments.
(Refer Slide Time: 31:58)

Then Phase four was focused on this cross border payment. So, it was a joint initiative by the
Bank of Canada, Bank of England, and MAS, it was initiated in November 2018. So, it
supported that transparency in payments data availability of cross border payments services,
reduced time for payment processing with reduced cost, it consider three different payment
models and analyze their respective impact and scale.

And here I am just trying to highlight on the Module 2, in module 2 here you see that
individual countries they maintained three different currencies and I have multiple banks for
individual three countries. So, here are the three countries and individual banks for the three
countries and they maintain different currencies now I am going to transfer using one
currency to another currency and this information is getting transferred over the traditional
RTGS.

Now, when they are going to get where traditional RTGS what can happen the central bank at
these different countries that central bank at country A, at Country B and country C they have
to ensure that the total currency the total balance that is getting in the outflow and in the
inflow domain So, that that they have to maintain and this maintenance of that information
that can be put forward on top of a blockchain.

So, that individual central banks of different countries they can collaborate with each other
and without the help of any any global bank or something like that, which can make that
coordination. In traditional face basically, this is time consuming, because individual bank
need to transfer the proof manually and that proof needs to be verified and then only the
transfer happens but with the help of a DLT based platform this can be initiated rapidly
without involving any any third party.

(Refer Slide Time: 33:50)

Then finally, in Phase 5, it enables a broad ecosystem collaboration that means adds up
additional services on top of this payment network. So, it provides technical insight into the
blockchain based multi currency payment network prototype that was built. It describes how
the network could benefit the financial industry and blockchain ecosystem.
(Refer Slide Time: 34:10)

So, in summary, this project Ubin it developed this multi currency blockchain based payment
network, and they are multiple services can take help of this payment network as you can see,
So, at the end users you can have different wallets that contain news or information, then you
can support this cross border currency exchange with different currencies like USD or
Singapore dollar.

And that can be supported by different applications like influenance financing, trade finance,
supply chain trade, property, titles, capital market markets, STX bonds and So, on. Well, so,
different different industries can be connected all together with this multicurrency blockchain
based payment network. So, basically, with the help of blockchain project, you can had tried
to realize multicurrency network in a simple way, which was otherwise much more
complicated in their practical implementation.
(Refer Slide Time: 35:04)

So, here is a kind of example that how does multicurrency network work? So, you can use
this b2b network So, that was developed by Digital venture it is called a blockchain for
procure to pay network. It does this automated document verification and payment
processing. Now, assume that the buyer is in Thailand and the seller is at Singapore.

Now whenever they are exporting goods and submitting the necessary document to this b2p
network, So, this b2p network can directly connect to the Ubin payment network to transfer
the money from Thai buyers wallet to the Singapore sellers wallet. Well, So, as and when the
goods will be exported, and thing will be reported on the b2p network, immediately the
payment can be settled on EB network. So, that way, by making interoperability among
multiple blockchain, you can make the entire end-to-end life easier.
(Refer Slide Time: 35:59)

So, in summary, what we have seen that financial services have been one of the key use cases
for blockchain. And we have broadly touched upon this project Ubin, which develops
multi-currency payment network. This project has been open-sourced and you can look into
the project reports the detailed reports in the different 5 phases of the project that does a nice
study about comparing the financial services that can be developed on top of project Ubin.

And at the same time the implementation sources are publicly available, you can also browse
through those implementations sorts to look that how they have been, actually achieved it.
So, that is all for this particular lecture, which highlights the financial use cases on top of
blockchain. In the next lecture, we will discuss about another use case on top of blockchain.
Thank you and see you in the next lecture.
 Blockchain and its Application
Professor Sandip Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 58: Public Sector Use Cases

Welcome back to our course on Blockchain and its Applications. So, for the last few
lectures we are talking about the different applications and use cases which are developed
on top of blockchain. So, today we are going to discuss about another use case that is the
use of blockchain in public sectors or primarily for the government use cases.

So, in the last lecture we have talked about how blockchain can be utilized in financial
domain, particularly for the applications like cross border payment and in this particular
lecture we are also going to point out few other applications which are much more
prominent for the public sectors or the government policy management or the
government information management.

(Refer Slide Time: 1:08)

So, let us go through the details of that, so this is the topic that we are going to cover
today, the government use cases of blockchain and these are the corresponding keywords
so we are going to talk about public data management or how data management is done
for the government databases, how that can be envisioned on top of a blockchain based
architecture.
Then the concept of public taxation like the GST, how blockchain can simplify the
taxation procedure and then we will talk about few of the national strategies that have
been taken up by different government, particularly the government of India and will also
consider the national strategy that have been taken up by the government of Australia as a
use case study and that way we will try to get a kind of good understanding of what are
the applications or use cases of blockchain.

(Refer Slide Time: 2:02)

So, if you just think about how blockchain is useful for different governmental
applications, so typically the government needs to maintain different types of data, either
in digital form or in traditional paper format. So, I think a couple of lectures back we
have talked about one of such problem that is the land registry management.

And we have seen that well there is a plenty of scope of utilizing this blockchain
technology for land registry management, particularly the trading of lands and land like
properties and we have done a kind of critical review of that particular use case and try to
see what are the different challenges that we can face if we try to build up a blockchain
based architecture like that and we have just pointed out that what we should think about.
So, we highlighted several open challenges or open problems in that aspect.
Now, apart from the land registries or the land records there are several other data that are
typical government need to maintain, like the daily operations and activities of the
government, the different kind of assets, obviously land record as I mentioned it is one of
such asset, then the building, the properties, the roads and so on.

Then the details of its people, organizations, study the different institutions, the records of
people, the business transactions that are done by the government and so on well. So, that
way it is a kind of plenty of data that actually characterizes the current economy, the
current status of a particular country, so this government data is much more important
from that perspective.

(Refer Slide Time: 3:58)

Now, if you think about this governance architecture, means if you just think about take a
case study of countries like India, you will see that by nature it is multi institutional and
multi organization. So, in a democratic country like India you have different states and
then different states have different districts and under different districts you have the
village, panchayat and cities and so on.

And there is a kind of hierarchy of governance that comes from the central government to
the lower level governance, like we have the central government which has their own
duties, own responsibilities, then every state has its own government and under that state
government there are the different districts and every district also has the district level
administration and then comes the villages, the panchayat, the cities they have their own
governance to handle, the day-to-day activities of their people and so on well.

So, that way we have a kind of clearly demarcated hierarchy of governance and in this
governance there is a requirement of strong coordination between individuals because
say, for example, if you think about one particular use case that the money disbursement
across a different level of governments, so it is something like that the central
government some part of their money they directly give to the state government, then the
state government disburses to the district administration or the city panchayat level
administration.

Then sometime it happens that the central government directly send the money to the
district administration. So, there is a kind of complex flow of information, complex flow
of assets and so on and as a consequence what we see that because it is a kind of complex
multi institutional, multi policy, multi people architecture, we also have a lot of complain
about its day to day operations, the transparency in the process and so on.

So, there is there is a lot of questions about that, there is no traceability or rather there is
no information to the public that how the money is flowing from the top level
government to its different hierarchies. So, there is always a claim that well the
government money comes from the tax that is given by the public and because the public
is giving the money to the government in the form of tax.

So, those money is accountable and the publics, the general common people, the citizens
of a country have the right to understand, right to know that what is going to be the flow
of the money and how that is being disbursed across different organizations, different
institutes and so on.

Also there are lots of debates around that we do not want to go to that debate but what we
broadly understand that it is a kind of complex system, so at some level if we can bring
up transparency in the system that is also good, mean that is also good for the
government perspective, that is good from the citizens perspective and that is also good
for the neighboring country and kind of society perspective.

So, that way we need to really carefully think of that how we can bring up transparency
in this process and inherently whenever I talk about the use cases of blockchain one point
that I have always mentioned or tried to convey you that blockchain is best suited when I
do not have a single point of trust in the system, right.

So, this complex hierarchical government is one of such example where again we do not
have a single point of trust. So, say for example, there are multiple people who are
collaboratively participating in this government procedure, now if certain corruption
happens at some level it is very difficult to catch it because it is also encapsulated or
hidden by the surrounding space. So, that way there is a clear demand that we need to
bring transparency in the system, so that such kind of corruption, such kind of misuse of
the asset can be minimized.

(Refer Slide Time: 8:15)

So, let us see that how we can utilize blockchain for this particular purpose. So, as I
mentioned that the entire system is multi institutional or multi organization and there is a
kind of hierarchy of governance and every level builds its own ledger or data, so and in
every level you have different access management policies, you have role based access
control on access management, you have different way of hiding the data, you have
information that well this part of the data can be shareable and this part not, that way
there is a kind of very, very, very complex hierarchy or complex policies that are being
imposed on the entire end to end system.

And the data that is being flown or the assets that are being flown in this entire system
they have different priorities, so there are certain information that is of highly sensitive,
so that have the kind of high priority or highly secure data assets, so it has some kind of
restricted access.

So, for example, if you just think about a simple information like the AADHAAR data,
we have also mentioned about this earlier, in the AADHAAR data some part of the
information well you can make it public there is possibly no harm of it, again it is
debatable, so I am not going to that precise definition of privacy that what is private, what
someone should reveal to others and once someone should not, but one thing I clearly
understand that well in my AADHAAR database there are certain information which is
very much sensitive.

For example, my address, my phone number that kind of details which are there, as well
as my biometrics. So, this kind of information is very much sensitive and someone should
not copy that information or someone should not steal that information, so that way I
need to ensure the privacy of the information at a required level and at the same time I
need to bring up transparency in the system and as I mentioned that apparently there is no
single point of trust on this kind of hierarchical system.
(Refer Slide Time: 10:23)

So, if I just think of that how blockchain can help, so in this management of government
data different level, so we can possibly think of different applications or use cases around
it. So, there are also multiple different questions that I need to think of or I need to
answer.

So, for example, well it is good that we are saying that we are going to put all this data or
the asset information on blockchain so that it becomes transparent, say for example, if
you think of the money as an asset, what can possibly happen that whatever takes you are
giving that information is put up on a blockchain and at the same time the way the money
is getting disbursed at different level of governance.

And from there different people, different contractor for building the road or property
something like that, so that entire flow is recorded on a blockchain and that way the
entire thing become transparent and that becomes good. But immediately the question
comes, if you think of that that is a kind of huge amount of transactions that happens at
the government level.

So, how you are going to maintain the data or how we are going to store that data, so
there is concept like some part of the data is put up off chain and you just put up the hash
of the data or a part of the data, digest of the data on blockchain to ensure that integrity of
the information, so that you can use the blockchain to track the information and
accordingly keep the data in a second database, in a kind of secured way.

So, that way there are multiple different options that we need to explore, that whether we
should put up the data directly on the blockchain or we should have such kind of off
chain data storage and then on chain data digest storage that kind of architecture. So, an
important question that I asked earlier that who are going to be the participants, so
whenever I am talking about distributed ledger technology, so the distributed ledger
means or decentralized ledger means every participant they need to keep a copy of that
ledger with them.

So, the question comes that who is going to maintain the copy of the ledger, is it like the
citizens of the country is going to maintain that copy of the ledger or is it something that
it is at some higher order where the citizens will have access? So, that way this core
architecture, thinking about this code architecture is very much important.

So, if you just browse over Google and try to find out try to see the different use cases,
you will see a lot of people, there are lot of blogs, lot of websites, lot of technical
documents, research papers and so on which will tell you that well you either put up the
data directly on the blockchain or have the off chain data and put up the digest on the on
the blockchain, but what they really cannot answer or what they really do not answer that
who is going to maintain the node.

Well so, I can apparently think of that well by using blockchain I can build up
transparency, I do not need a single point of trust, all those advantages are there, there is
no doubt in it, but from the implementation perspective there is a big question, that how I
am going to maintain the decentralized ledger, who are the node of that ledger, who are
going to keep that information with them, well because it is at the end of the day a kind of
replicated system where everyone need to keep the entire copy of the ledger with them,
so who will going to keep that, is it the citizen, is it some special node, some special
organizations, something like that.
If it some special organization then who are those organizations you are going to keep a
copy of that. So, that way I have different options that can be possibly explore for
developing such kind of applications and we still need a careful thought process on this
system to understand that how I am going to interconnect the different people in a public
domain with the help of a blockchain.

(Refer Slide Time: 14:27)

Now, as I mentioned earlier that we understand that why the technology is required, so
there is no doubt on the motivation and as I mentioned that government data is always a
kind of major target for the hackers and there are multiple different cases like that, say for
example in 2020 there are around 1001 cases of data breaches that affected 155.8 billion
individuals in USA, so that is a source which is available from Statista and then there is
this concept of Cyber War, so which is the kind of actions by a nation state to penetrate
another nation's computers or network, to extract their data, to extract their information
out of it.
(Refer Slide Time: 15:20)

And you will see that there are lot of news which comes about the theft of government
data, breaches of information from the government data, so these are some of the
information that or some of the newspaper article that I have just captured before
recording ah this lecture today.

So, most of this news are from October 2021 and you see that there are multiple such
cases like this Argentinian government database containing ID card information of the
entire country made available on dark web forum, well then info of 4.39 crore investors
exposed twice within 10 days due to data breach at CDSL sales KYC arm well, so that
that is the information leak from KYC, then FBI warns of fake government sites that used
to steal financial or the personal data.

Also that way you will see that there are lots of such incidents of data breaches which
happen, so the question comes that how I can prevent it, how I can store the data in a
secure form so that whenever I am sharing the data, the data sharing architecture in such
a way so that no one would be able to authorized or access my data in an unauthenticated
way, right, so that is the kind of core behind the problem.
(Refer Slide Time: 16:42)

So, as I was mentioning that the major problem of government data is that the data is
shared among multiple organizations at different level of government structure and
whenever the data is shared among multiple organizations, so this problem of data
breaches come or data breaches increases at every level, because of data duplication, data
multiplicity for such kind of problem.

Say for example, with your AADHAAR data, so whenever you are submitting your
AADHAAR data you are submitting the KYC document and multiple places, so that way
the data gets duplicated or data get multiplied at multiple places and that way it becomes
very easy to steal those part of the data. Then that way whenever there is such kind of
data duplication, data multiplicity happening protection of data gets diluted if I have such
kind of multiple copies of data exist, multiple copies of same data exist.
(Refer Slide Time: 17:46)

So, from that particular aspect possibly blockchain can help, so here is one example of
sharing of passport data. So, passport data again it is considered to be a highly sensitive
data, so typically the ministry of foreign affairs they have this passport data management
system which ideally contains the passport data but then whenever you are going to
airport for say travelling to another country.

Say you are going through the custom check which contains your passport data keep a
copy of that, then the national army defense agency they sometime ask for the citizens
passport to keep the data to differentiate a citizen from an imposter or from an from an
unauthenticated person, then the national police agency CBI, CID, the crime department
they maintain, they sometime take the passport data say for example when your passport
verification happens, that happens to this national police agency such kind of
environment.

The income tax department, National Intelligence, National Audit agency there is a kind
of periodic check of the data to see that whether you have traveled, what happened at the
customs whether you have imported something and so on. Then this ministry of public
service they also take this public passport data as a kind of your identity, your unique
identity to maintain it in their identity database to provide the public services. So, that
way the data gets duplicated at different places and it increases the chance of data
breaches from the environment.

(Refer Slide Time: 19:22)

So, this is basically a typical government information sharing system, so what we say that
well the government data stores in a central directory like a data directory service or
agency directory service which has its own applications the APIs for searching retrieving
data and you have the service broker through which different organizations access the
data.

But the question comes that who is going to store the data with them, so typically what
happens that whenever certain organization or the civic service system or any kind of
institutional organization they access the data from that central database they also keep a
copy of that with them, so and whenever they are keeping that copy of with them that that
actually increases the possibility of data breach from the system.
(Refer Slide Time: 20:11)

So, the question comes that how blockchain help? So, as I mentioned earlier that you can
have this access and verification of the central data where typically the data is put in a
central database and this access to the database can be thought of the transactions. Now,
every such transactions, that means access to the data is locked in a blockchain.

So, the data can be accessed only via the blockchain, so whenever you are or someone is
accessing the data, the access is happening on top of blockchain. Now, that way anyone
can verify who has accessed the data and for what purpose, so that is the advantage that
we get.
(Refer Slide Time: 20:51)

Now, the question comes from sharing of data. So, you can either put the data in the
blockchain. So, putting the data directly on the blockchain as I mentioned earlier that
might not be the ideal solution at all the time, so we need to think of alternate solution but
if you are putting the data on directly on the blockchain then it becomes transparent so
everyone can verify which data has been shared and that way the data cannot be altered
because you have the data at a blockchain based system, so no one would be able to
change the data and can share it somewhere else.
(Refer Slide Time: 21:26)

Then you can also share the data and access control that means keep both the data and
access at the blockchain but again it depends on the size of the data in that case anyone
can verify the data as well as the access of the data, so it can verify that what is the data
that is being shared and who has access the data for what purpose that way neither data
nor the access can be altered and access also cannot be denied. So, if someone has access
the data via blockchain then there should be a kind of access log to which you can prove
that this particular people has accessed the data for some purpose.
(Refer Slide Time: 22:04)

Now, apart from this management of the public data there are other case studies for the
government, like processing the tax payment, so this good and service tax like the GST, it
is the indirect tax covering various good and services during the production and the
service stages, as you all know that the use of GST for our common procurement or the
purchase.

So, whenever you are going to purchase something you have to give the GST and in our
country there are three different type of GST like IGST, SGST and CGST. So, the IGST
is typically the interstate GST whenever the goods is transferred from one state to
another, SGST is the state part of the GST and CGST is the central part of the GST that
goes to the central government.
(Refer Slide Time: 22:58)

Now, the entire workflow of the GST is pretty complex, well so let us see that how
blockchain can help in that aspect. So, here is an example say you want to purchase a
dress, now whenever you are going to purchase a dress it has multiple workflows at its
production stages, that means the corpus is being produced, from the corpus there are the
raw materials which are being taken up not only from the corpus from other source, then
those individual components are integrated to finally prepared the dress and then it goes
to the end user.

Now, at different level what typically happens that for example, the people who build up
the dress they buy the raw materials and sew the dress and then it goes to the market but
whenever they are buying the raw material they are paying the GST for buying that raw
material, again whenever they are preparing the dress and selling it to someone else that
person is also providing the GST.
(Refer Slide Time: 24:03)

So, that way the GST is actually levying in different stages of the production. Now, if you
if you just think about that how GST is handled without blockchain, so typically a GST
invoice is issued by the seller and the buyer pays the bill with GST and the seller register
that information to the GST portal.

And finally the seller they pays it to the supplier who has supplied the raw material, then
they also paid the GST and put it up in their portal, register that information and that way
final tax goes to the government, but in this entire procedure there are lots of
complications like there are certain organizations who do not need to pay the GST, they
are exempted from paying GST, sometime the things gets duplicated, like you are
procuring items and then further selling it, now whenever you are procuring an item and
further selling it that GST is levied twice.

So, that way this kind of complication comes and in those kind of complication you can
redeem the GST and there is a option of filing GST return through which you can get
back the extra money that you have given.
(Refer Slide Time: 25:19)

Now, if I just think of the GST with blockchain, so what we can do that this entire
settlement part of this taxation and then return, this part can be implemented with the help
of smart contract that automatically calculates that how much GST need to be paid and
whether that much of GST has been paid at every level of the production stage or not and
it can automatically find out that whether the GST liability meets the amount of GST that
have been paid, so that way it can possibly simplify the entire end to end process.

(Refer Slide Time: 26:02)

So, as I mentioned earlier that during the payment for good or a service this blockchain
smart contracts can calculate the invoice based on the tax amount that is already levied
during the production process and this smart contract directly transfer the tax amount to
tax authority like CGST or SGST and if there is a refund then it is directly paid to the
customers account. So, that way rather than having a kind of manual auditing process,
you can have a smart contract which can possibly automate the entire process. So, that
way you can you can think of visualizing it.

(Refer Slide Time: 26:38)

So, that way the advantages of using blockchain that we typically have is like the
administrative burden for accounting services drastically reduced and all the transactions
are done in real time, no return filing is required as such because this smart contract they
can immediately find out whether there is a requirement of providing the tax or not and
that way it can possibly avoid this kind of return filing and all the transactions remain
transparent, that way it reduces the risk of fraud or mistakes and immediate auditing can
be done from the transaction log.
(Refer Slide Time: 27:16)

So, that way it can actually significantly help the entire process but as I mentioned that
although we can understand the advantage of using blockchain but for its real
implementation we need to carefully think of that how the system would be maintained,
implemented that who is going to be the participant in the system, who is going to
maintain the copy of the ledger and so on.

So, in a GST based system again the same question come is it like that all buyers and
seller need to maintain a copy of the ledger and immediately the question comes that if I
am going to maintain a copy of the ledger it is not only about the transactions that I am
performing but rather it is the transactions of the all the people across the country they are
performing who are the part of the system.

So, whether I have enough resource to keep that much of data and what is going to be the
size of that ledger, so these are the kind of critical questions which we need to think of as
an computer scientist or as an index engineer as a designer of blockchain based
application.

Now coming to this ah point of different initiatives that have been taken up by the
government. So, I think we mentioned it earlier as well in another lecture that this
Ministry of Electronics and Information Technology in January 2021 they have published
this draft National Strategy on blockchain which actually highlights the vision of the
Indian government towards utilizing blockchain for different services in India.

(Refer Slide Time: 28:47)

And that draft national strategy of blockchain in India it actually enumerates a number of
use cases or highlights a number of use cases which are of potential national interest that
includes the transfer of land records, the digital certificate management, pharmaceutical
supply chain, E-notary service, farm insurance, identity management, power distribution,
duty payments.
(Refer Slide Time: 29:11)

Agriculture and other supply chains, E-voting, electronic health record management,
digital evidence management system, public service delivery, IoT device management
and security, vehicle life cycle management, chit fund operation administration, micro
finance for self-help groups and that way it highlights these are the kind of potential
applications that people can think of building up a blockchain based solution on top of it.

But as I mentioned that logically we can visualize that well we can possibly use
blockchain to solve different kind of problems, fraudulent behaviors, scams associated
with the such kind of system and we can bring transparency in the system but at the same
time we need to carefully think of how much blockchain can help.

Because ultimately you need to implement it and from the implementation perspective
you need to carefully think of that who is going to be the node of this individual services
and whether it would be fine for them to keep an entire copy of the distributed ledger
with them, so that is the kind of primary questions that we should always ask for
whenever we are thinking of applying blockchain for any kind of service.
(Refer Slide Time: 30:24)

Then these things we have mentioned earlier just a recap like this draft National strategy
of blockchain in India that also highlights the development of a national blockchain
infrastructure which should have the support of different blockchains on different type of
platforms including Hyperledger, Ethereum, Corda and so on.

And on top of that different applications like finance, governance, health, smart city,
insurance all these things can build up and this blockchain based system can integrate it
to it the standard identity management like the AADHAAR, E-Praman that kind of
website or Digi locker to automatically fetch the information and show it to you to do the
verification automated through the help of a smart contract.
(Refer Slide Time: 31:10)

Now, similarly in national blockchain roadmap Australia that is another document that
have been published by the Australian government that actually highlights the different
use cases that the Australian government is thinking of having potential interest for
implementing on top of blockchain.

And interestingly it actually highlights the different industries and their share of
blockchain activities. So, obviously you can see that financial and insurance services
have the maximum interest in blockchain activities but apart from that professional
scientific and technical services, retail trade, health care, rental, hiring and real estate
services, information, media, telecommunication, arts and recreational services,
electricity, gas, water and waste services, all of them has a good amount of interest in
different blockchain activities.
(Refer Slide Time: 32:02)

Now, in conclusion what we see that there are various scopes for applying blockchain, we
can understand that well not relying on a single point of trust or bringing transparency in
the system can help us while we agree to that but an important question that always
remain that how you are going to implement the system.

Because at the end it is a distributed ledger technology, so you need to carefully think of
that who are the participants in the system and how you are going to store the data in
DLT so that it becomes much more easy for the end participants to maintain a copy of the
DLT with them and that does not put up additional burden on the system, it should not
require that my mobile or my computer should have 1 terabyte of storage to store a DLT
and that is possibly the major bottleneck that we have today for implementing the
blockchain based services or blockchain based application.

So, we should be very careful about such kind of possible side channels which can
happen, which can actually launch attack on blockchain based systems, so accordingly
we should plan designing the service. So, that is all from my side for this lecture, thank
you all for attending the lecture, see you all in the next.
 Blockchain and its Application
Professor Sandip Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology, Kharagpur
Lecture 59
Blockchain for Decentralized Marketplace -1

Welcome back to the course on Blockchain and its Applications. So, in the last few
lectures we have learnt about different possible use cases which can potentially use this
blockchain technology for providing an useful solution out of it and we have also
highlighted what are the challenges in the design and as a designer, as an engineer or as a
blockchain practitioners so what we should think about and what we should focus on
while developing such kind of services.

Now, in this particular lecture and the next lecture that means in our last two lectures of
the course, we are actually going to discuss about one of our experience in developing
one such use case on top of blockchain. So, I am going to highlight that what was our
thought process behind that and why we have taken up, why we have decided certain
primitives behind this design and how finally we approached to design a solution for that
particular problem.

So, this is one of the use cases you can think of and this is something our experience, the
experience from our lab that we gathered while developing this particular application.
(Refer Slide Time: 1:52)

So, this particular application talks about having an blockchain based solution to design a
decentralized electronic marketplace. So, let us look into that in details, so the broad
concept that we are going to cover as I mentioned that blockchain application for
developing a decentralized marketplace.

(Refer Slide Time: 2:00)

And these are the keywords which we are going to cover in this lecture, the design of a
blockchain use case and analyzing the requirement and in the next lecture we are going to
see that how we are going to achieve a solution for this particular problem.

(Refer Slide Time: 2:16)

So, this problem comes around the different online service providers which we regularly
use in our day to day business they offers different kind of services to the consumers or
the end users and it typically use a web interface or mobile apps for communication with
the customers, say there are multiple examples of such kind of service providers in
different domain like the E-commerce, the cloud service providers, the media service
provider, logistic provider and so on.

So, I can pick up a few examples like this for example this Amazon or eBay, so they are
the kind of E-commerce service providers, so in Amazon and eBay it is a kind of
centralized marketplace where different sellers they can come with their product and then
there are buyers who can choose a particular product from different sellers, find out
which seller is providing the minimum cost or the best price.

And providing the best guarantee of the service or the product and then buy the product
from that particular seller, so this is the kind of e-commerce commerce marketplace or
B2C marketplace what we can say, where different e-commerce site, different sellers
come together to sell their product. There are also different B2B marketplace where
different service providers can exchange goods and services among themselves.

Another such use cases is like in the logistic provider like Make my trip or Trivago or this
Booking dot com that is the kind of consortium of the hotels, the logistic provider like the
different kind of flight services and they actually provide you to compare between
different service providers and help the buyers to choose the service, choose the product
which provide the best price guarantee, so that way we are very much habituated of using
such kind of services.

(Refer Slide Time: 4:33)

Now, these online service providers as I mentioned that multiple service providers come
into an agreement to collaborate with each other it gain access to the common larger set
of end users, so you have a common platform where every user is coming and it is a kind
of marketplace, so the users are getting the service from that marketplace.

It offer wide range of services under the same platform, like Make my trip it provide total
services, the bus ticket, the airplane ticket and so on similarly, Amazon it helps in selling
different kind of products ranging from electronic accessories, the home accessories, the
day to day goods and so on.
So, there are multiple examples of such cases as I was mentioning like different sellers
under eBay or Amazon, the cloud infrastructure provider side are OnApp federation, so
OnApp federation is a cloud marketplace where different small cloud service provider
they can come together and they can provide common services to the end user.

So, it can happen in this way that you can buy the resource from one service provider and
the storage resource from another service provider in a federated cloud architecture. Then
the hotels under Trivago or Booking dot com where different hotel they come together to
have the service for the common people. So, that way we have different such type of
online service providers.

(Refer Slide Time: 6:14)

As I mentioned by e-commerce platform, the trade logistics network, so there are plenty
of examples of those.
(Refer Slide Time: 6:20)

Now, all these existing consortia which we have those are the kind of centralized in
nature, like either you have a common e-commerce platform where the different seller
come together and the consumer buy the product from that or you have a centralized
marketplace where the marketplace is under control of some centralized governance
agency which actually facilitate the interface to which different service providers can
collaborate with each other. So, it is mostly a kind of centralized architecture.

(Refer Slide Time: 6:54)

Now, the limitations of the centralized architectures are as follows, that usually they are
governed by a single authority like a service broker or a marketplace. So, whenever you
have a single authority you can have this unfair business advantage to the broker, so for
example you will see there are various recent studies which highlight such kind of
unfairness and biases in the platforms like Amazon which possibly knowingly or
unknowingly give bias to certain sellers, then only the service broker or the marketplace
provider is responsible for communicating with the end user.

Then the sellers need to share their profit with this central broker, as I mentioned that
there can be bias of the broker towards a particular service provider or a particular seller
and there is that way the risk of manipulation and unfair dispute resolution, this
everything is under the control of a single party whom you are trusting that part is going
to provide the service in a fair way, but what happens that that party does not provide a
fair access to the service.

(Refer Slide Time: 8:05)

So, the objective of this particular work that we have targeted that our objective was to
design a transparent decentralized architecture for such kind of service providing
consortium, while eliminating any centralized broker marketplace, so that way in
between I do not want any kind of trusted third party which will control the entire
platform, like Amazon, Flipkart, eBay, Trivago, Make my trip, Booking dot com and all
these different individual middle men who actually brings up the buyers and sellers of the
service providers and the service consumers together on a common platform.

So, this is the title of this work which was published this year in IEEE Infocom, the title
of this work was Blockchain Interoperability for Service Decentralization this work was
primarily done by my PhD student Bishakh Ghosh, so I think you have also heard about
few of the tutorials from Bishakh, one of our undergrad students Tanay Bhatia along with
my collaborator at NIT Karnataka Sourav Kanti Addya and myself, so we are the authors
of this paper, so I am going to just seamlessly discuss this paper with you to share our
experience of designing such kind of service in the system.

(Refer Slide Time: 9:34)

So, as I mentioned that our broad objective was to move from a centralized marketplace
to a decentralized marketplace, something from this left side centralized architecture to
have a common decentralized architecture where I will have a decentralized interface
through which the consumer will be able to interact with the service provider.
(Refer Slide Time: 9:53)

Now, if I try to design such kind of architecture let us first understand that what are the
requirements. So, the primary requirement is that while eliminating the central broker or
the marketplace we need to carefully design the architecture in such a way so that all its
functionalities must be preserved in the decentralized consortium architecture as well.

So, my interface or my architecture should not look very different from Amazon or eBay
but at the same time it should have free from any kind of centralized control, so that was
the kind of thought process behind this one. Now, first of all I would just like to highlight
that these are the kind of Amazon, eBay all these things I am just providing a kind of
example and this was a kind of academic research.

So, there are multiple different other challenges which might come from the legal aspect,
from the aspect of dispute resolution and aspect that who is taking the charge, who is
taking the control of it, say for example, in a decentralized marketplace it might happen
that a buyer does not provide the sufficient service to, a seller does not provide the
service guarantee to a buyer.

Say for example, you have put up the order for a smartphone and in return you just get
some empty smartphone box, if this happens well the system can possibly identify if you
put up a complaint the system can possibly throw out that particular seller from the from
the network but how this dispute will be reserved that who is going to pay your money,
who is going to catch the buyer, catch the seller and going to refund your money that we
do not address in this particular work.

So, these are the kind of open challenges which are still there, we have not thought of that
dispute resolution part, what we have thought of that how we can possibly integrate these
components together to design a decentralized marketplace but this kind of legal aspect
all these things are there because in typical use case of Amazon, eBay or Booking dot
com if such kind of problem happens.

Then you can give a call to Amazon, you can give a call to Booking dot com and they can
they can resolve your problem immediately, possibly they will refund your money by
taking the risk with them or they can provide an alternate supplier, alternate hotel to you.
But in such kind of decentralized architecture if you get cheated from one of the service
providers then how the dispute resolution is going to be done that that we have not
thought of that, that is possibly a open problem for you, so I would like to acknowledge
that part at the beginning itself, so we are just concentrating on the design of such kind of
platform.

So, coming back to our discussion that what is requirement from our site is first of all we
need a unified interface, so the consortium should have a unified interface to its customer
and the interface should be without any centralized broker or agent and consumer should
be able to view catalog, query price, request for resources, get resource access
information and credential, make the payment etcetera, through that interface. So, all
these services should be available with that interface.
(Refer Slide Time: 13:33)

Now, the challenges that we have in this system. So, the first challenge is that there can
be byzantine behavior of the consortium service providers, so the participant service
providers might be byzantine faulty, the service provider can maliciously try to affect the
pricing, scheduling and policies of the consortium. And the service providers can be
biased towards certain users and also might try to block certain users request by affecting
the consortium agreement.

Then the consumer can also be byzantine faulty, they can generate multiple identities to
create problem in the system, so that way the end user or the consumers can also exhibit
byzantine fault and each user request must be agreed upon by the consortium participants
to process it correctly and these consumers can create as many identities or accounts as
the one introducing the risk of cyber attacks, so the possibility of cyber attack can be
there.

And the third challenge is the verifiability and confidentiality of the information from the
consortium, so as I mentioned that there is no single trusted spokesperson of the
consortium, so the results of the consortium which is generated based on certain
agreement of the service providers that need to be transferred back to the end user. So, the
question come that how this agreement will be manifested outside this federation and
how the end user will verify that this agreement has come from such kind of federated
agreement architecture and the final challenge is that the sensitive consortium responses
must remain confidential between the consumers and the service providers.

(Refer Slide Time: 15:28)

Now, with these challenges the trade models that we consider are as follows. First as I
mentioned that we consider that at most one third of the service providers may be
byzantine faulty and non faulty consumers control majority of the computing power, then
there is a possibility of cyber attacks, that means the end user consumers can create
multiple accounts or identities for accessing the consortium services.

There can be impersonation attacks, that means it is a decentralized consortium so it does

not have a single spoke person, so a malicious service provider might try to deceive a
consumer by posing as the consortiums spoke person and there is can be leakage of
sensitive information, like sensitive information of the consortium as well as users might
be exposed while passed over the decentralized network.
(Refer Slide Time: 16:20)

Now, these are the kind of architectural requirements that we have, so we have these
consumers, this consumers are generating the service request and when the consumers are
generating the service request, that service request is going to the service provider, so the
service provider in a decentralized way they process the request and finally generate the
response and this response need to be again sent back to the consumers.

Now, in this case we need to have two different requirement, the first requirement is to
design this interface between the consumer and the service provider which we called as
the decentralized consortium interface. So, this decentralized consortium interface should
support an agreement on each user request and the ordering of the user request and the
service responses must be verifiable by the end users.

And the confidentiality of the response need to be preserved and on the other hand at the
middle we have this multiple service providers and among multiple service provider we
need to have a decentralized consortium collaboration, so that they can collectively
generate or process the request and can generate the response, so there need to be an
agreement on the pricing, catalog and policies, there should be a requirement of
scheduling the request, the confidentiality of the service provider for information also
need to be preserved.
(Refer Slide Time: 17:50)

So, with this requirement we need to design such kind of to service provider interface
where the service providers will act in a decentralized way, may be on top of a private
blockchain and the consumer can broadcast the request to the service providers and the
service providers will collectively take the decision and send back the request to the
consumers.

(Refer Slide Time: 18:16)

Now, while designing such kind of architecture the question come that how the user
request will reach to the consortium, because we need to keep in mind that there is no
single spoke person for the consortium, so you do not have a single web portal or address
available for communication. Now, you can think of simple solution like broadcast from
the consumers to the closed network, network of service providers.

But that does not work because certain messages might be lost and the messages might
also arrive out of order, so I need to have some kind of ordering logic on the messages, so
that is one of the primary requirement. And as I mentioned earlier that consumers might
be byzantine faulty and they can partition the consortium, so that way I have several
challenges that we need to address while designing such kind of architecture.

(Refer Slide Time: 19:10)

And the guarantees that we need to provide in this design are as follows. First the
consortium interface safety, that means the non-faulty service providers should receive
the same set of consumer request and in the same order so I need to run certain kind of
ordering service which will order the service request which are coming from different
users, so that ordering need to be maintains and the second requirement is that
consortium interface liveness.

So, all non faulty consumer request are eventually received by the consortium, so the
earlier diagram that I had shown so in that earlier diagram, so it should ensure that
whenever the consumers are sending the request to the service provider I should have an
ordering of this request from different consumers and whenever the service providers are
going to receive this request there need to be a kind of agreement among the service
providers to guarantee the service. So, these are the kind of primary requirement that we
have to ensure.
(Refer Slide Time: 20:57)

Now, let us think of that how we can design this interface, the interface between the users
and the service providers. So, I have two different users, as I mentioned earlier that we
need to think about the network, so the network is clear, it is a network of consumers and
the service providers and if I think of that who are the participants in this network, so I
have two type of participants in the network, one is the consumers and second one is the
service providers.

So, it is basically a network of consumers and the network of service providers and they
are going to interact among themselves. Now, interestingly you see that this consumer
network it is mostly a kind of open network, so anyone can participate as a consumer, I
can browse the catalog, I can see that what products are being sold and then I can decide
that which particular product I want to buy, so that is a kind, we need a kind of open
interface.

So, we can use the public blockchain for designing this open interface, so any user can
join the network and avail the services by issuing the transactions and smart contract
having a fixed logical address they can act as the single point of contract, so through
smart contract the consumers can interact with the service providers.
So, what is public blockchain network and I can have a background mining process
which will mine the blocks with the transactions and that way the network will have
consensus on each block indicating that consensus on each user request, so that means
whenever one consumer generates one request that request goes through this consensus
procedure and each block also has a fixed ordering of transactions which actually
guarantee the consensus on the ordering of the request.

So, if I have multiple users which are generating the request, so the blocks which are
generated on the blockchain in that block, the requester in some particular order and this
order actually ensures me the ordering of the request or the request need to be processed
by the service providers in the order they have been added in the blocks of the public
blockchain, so that way we can use a public blockchain to generate this interface between
the consumers and the service providers. So, that way the first problem that I was
mentioning that how to design that interface this particular problem gets solved.

(Refer Slide Time: 23:55)

So, this is the way we can design the interface, so the consumers they generate the service
request, this service request contract or the smart contract that mined up request from the
consumers and add them in a public blockchain. So, I have this service request smart
contract that execute the corresponding transactions and this transactions gets propagated
in the public blockchain network.
So, the transaction is flooded among the participants and the block mining process is
getting executed, that block mining process can be on proof of work, proof of stake or
other whichever mining procedure you want to use on your public blockchain network
and the moment the block gets a confirmation, so this mine block is flooded in the
network and everyone can see that the transaction has been added in the blockchain. So,
that way whenever a consumer request is generated, that consumer request is added in a
public blockchain, through this public blockchain mining procedure.

(Refer Slide Time: 24:55)

Now, comes the important question, the two important problems that we have. So, the
consumer has generated the service request, this service request has been added to a
public blockchain. Now, as I mentioned earlier that the service providers they construct a
private blockchain among themselves because the service provider network is a kind of
closed network.

Now, because it is a kind of closed network, on that closed network the service provider
can come to an agreement among themselves and remember that why do you want the
service provider as a closed network because in the consumer network there can be
multiple different consumer, you can be a consumer, I can be a consumer, I do not need to
know you.

But whenever I am getting certain service from a service provider I need to know the
identity of the service provider, right. So, that way I need to have a kind of identity
validation there, so that way the service providers they cannot use pseudonymous
identity, they have to reveal their identity to provide the service, so that the consumer can
choose a particular service provider.

And because of that particular reason we thought of that while the service provider
network can be a private blockchain network from where the service provider comes to
certain external validation mechanism. Again how this external validation will be done
that we have not thought of, that is possibly a kind of I can mark this problem as a kind of
possible open problem that we have we have not thought of in this work, we have just
assumed that there would be an external validation procedure through which the service
provider will come to this private blockchain network.

And they will form a private blockchain network among them and then the question
comes that the consumer request have been added to this public blockchain through the
public blockchain consensus mechanism, that is good. But how these consensus will get
transferred from the public blockchain to the private blockchain, now for this purpose we
need some way of interoperability mechanism that we talked earlier, right. So, this is one
of the research question that we have and that actually we have tried to address in this
work, this is the first one. The second one is the reverse thing.
(Refer Slide Time: 27:35)

Transferring of consensus from the consortium to the end user. Now, to transferring of
consensus to the consortium as I have mentioned that the consortium service providers
cannot simply pick the request from the permissionless blockchain and start processing,
so some consortium members might not get the mined block in time and thus cannot
participate in the scheduling.

Then there can be malicious consortium members who may introduce and schedule
invalid consumer requests that are not mined at all and consensus protocol like proof of
work they often generate temporary forks, so that way the network might be partitioned,
so we cannot simply pick up those transaction from the public blockchain, all right.
(Refer Slide Time: 28:23)

The second problem was a see somehow I have picked up a transaction from the public
blockchain and that request has been processed among the service provider, they come to
an agreement and they return back the response to the public blockchain. So, the question
comes how they are going to return this information from the private blockchain to the
public blockchain.

And how the consumer will believe that the response that have been appended to the
public blockchain that actually came through the consensus mechanism of this private
blockchain network.
(Refer Slide Time: 29:02)

So, these are the kind of two open problems that I have, so on that direction, yes the
problem is that a single service provider cannot simply post a response on the consortium
back to the user because that service provider might be malicious, so the consortium
response is always based on a consensus on the same.

So, the consortium consensus has no manifestation outside the private blockchain, so that
way the consortium risk consensus and response must be verifiable by the end users and
sometime the confidentiality of the response has to be preserved while transferring across
the public blockchain network, say for example, you have booked a ticket, so the ticket
should come to you or not to anyone else, so that is the requirement that we have.
(Refer Slide Time: 29:49)

So, in the next lecture we are going to see about how do we solve this particular problem.
So, that is all for this particular lecture where we have tried to highlight the problem
overall. So, we have seen that there is a kind of requirement from transferring the
information from the public blockchain to the private blockchain and then return back the
response from the private blockchain to the public blockchain. So, in the next lecture we
are going to see that how we have approached to solve this particular problem, so thank
you all, see you all in the next lecture.
 Blockchain and Its Applications
Professor Sandeep Chakraborty
Department of Computer Science and Engineering
Indian Institute of Technology Kharagpur
Lecture 60
Blockchain for Decentralized Marketplace-II

(Refer Slide Time: 0:17)

So, welcome to the last lecture of the course of the course of Blockchain and Its Application.
So, in the last lecture, I was introducing you with one of the problem that we are trying to
solve at our lab and I were just sharing our thought process of approaching that problem. So,
we discussed about that what are the challenges that we have and the open research questions
that we had and in this particular lecture we are going to see that how we have solved those
problems, those two problems.
(Refer Slide Time: 0:52)

So, we will continue with the topic where we stopped in the last lecture. So, the concepts
covered and the keywords are pretty much similar that was during the last lecture.
(Refer Slide Time: 1:00)

So, in the last lecture, we are we are talking about these two particular problem. We have
understood that we can model the consumer with the help of a public blockchain and the
service providers with the help of a private blockchain but the requirement is that the
consensus information needs to be transferred from the public blockchain to the private
blockchain.

So, that the service providers in the private blockchain, they come to consensus on consumer
request as well as the ordering of the consumer request and then once the service provider
process that request generates some response out of it, there needs to be a kind of verifiable
way to transfer that response back to the public blockchain where these consumer be able to
validate that the responses which have been posted on the public blockchain that is, that came
through the consensus mechanism of the private blockchain.

Additionally, certain response from the service providers might be private like once you have
booked up a hotel or booked an airplane, the corresponding ticket of it. So, you need to
ensure a mechanism through which will guarantee that only the intended participant would be
able to access that response. So, these are the kinds of requirements that I have.

(Refer Slide Time: 2:28)

Now, let us discuss or let us let me try to highlight that how we have approached these two
problems. So, the first problem that means transferring information from the private
blockchain to the sorry the public blockchain to the private blockchain, for that we designed a
mechanism which we call as the consensus on consensus.

What is that? That is a method to propagate the consensus information from the public
blockchain to the private consortium blockchain. So, the consensus on consensus mechanism
works like this that each service provider also participate in the public blockchain to receive
service requests from the consumers.

When a transaction is committed in the public ledger, it is verified by the service provider
through simplified payment verification. SPV is a standard protocol that we utilize here. And
for each service request a service providers collect endorsement through a smart contract
which we call as a propagation contract.
And each such endorsement goes to a BFT consensus and when a service request receives
more than two-thirds of the service providers endorsement, that is our typical requirement of
Koura Mina Byzantine faulty environment, it is marked as confirmed.

(Refer Slide Time: 3:44)

So, let me explain all these steps with the help of a simple diagram that shows this consensus
on consensus mechanism. So, the consumer, they generate the service request transactions.
Say T1 is the service request transaction for the consumer. So, this transaction gets
propagated in the network. It reaches to the miner. So, the miner mine the transaction and add
that transaction to the public blockchain network.

Now, in the public blockchain network, the transaction gets added to a particular block. Say
the block ID is B10 which is the block number and I have an offset value, O1 which actually
denotes the ordering of that transaction that in that block B10 in which order the transaction
T1 appears. Now that way the transactions from individual consumers get appended to the
public blockchain and it form a public ledger.

Well, now whenever it is forming this public ledger, then as I mentioned that there is this
SPV mechanism, Simplified Payment Verification Mechanism which where this particular
transaction is being picked up by individual service providers.

Now, when individual service providers pick up this transaction, then what they does that
they initialize this propagation contract and send an endorsement along with this transaction.
So, basically tells that, well, this is a particular transaction that was added on the public
blockchain which needs to be serviced. And this is being done by every service provider to
come to a consensus.

And that way, this propagation contract, it runs a BFT consensus mechanism So, that every
service provider collectively picks up a particular request and picking up the request from
that public blockchain is not random.

So, this BFT consensus mechanism, it adds up this endorsement in a private ledger or the
private blockchain that is being maintained by the service provider. And that way, for every
individual service provider, the endorsement is getting added and that we checked that when
at least two thirds of the service providers have endorsed this transaction and the transaction
got added to the private blockchain.

So, when two third of the transaction, two third of the service providers have endorsed that
transaction, standard transaction becomes ready for scheduling. So, here are the interesting
fact that you can see that why we call it as consensus on consensus that is primarily because
that the consensus information which were there in public blockchain that have been picked
up by the service provider, and that information went through another round of consensus on
the private blockchain.

So, that way, the service providers, they cannot independently just pick up the information
from the blockchain. But all those information need to go through another consensus
mechanism among the service providers which ensures that a malicious service providers
cannot simply pick up our transactions and start processing it.

So, to process a transaction, to transfer a transaction from the public ledger to the private
ledger, the service providers, they need to collectively endorse them well, and that
endorsement works as a BFT consensus mechanism and which demand for a two third
quorum. And when a two third quorum is formed, then only that transaction is being picked
up and sent for further processing within the consortium.
(Refer Slide Time: 7:26)

Now comes the second part which is the verifiable response transfer. Well, So, two kinds of
information need to be transferred from the consortium to the consumer once the processing
of the service request is being done.

So, the first one is the consortium information such as catalog, pricing, etcetera. These are not
sensitive information but the second type of request like the responses correspond to the
request. So, the results of scheduling and processing the consumer requests such as digital
document that is to access credential, ticket, invoice, all these things. Those are the kinds of
sensitive information.

Now both of these kinds of data generated collectively by the service providers to private
blockchains consensus process and these consumers being outside the permission network or
the private blockchain network, they cannot verify the correctness of this data. So, we need a
separate protocol for validation of the consensus response by the consumers.
(Refer Slide Time: 8:25)

Now, to do that verification, we use this concept of collective signal signing or CoSi. The
idea of CoSi we talked earlier. We have seen these different different ways these collective
signing is procedure possible. So, in this particular work, we use this BLS cryptosystem for
aggregating the signatures of individual service providers.

So, using that BLS signature, we compute a particular message digest and then find out the
signature of that message digest where this H is the cryptographic hash function and Sci is the
secret key of the service providers, Ci. So, that we compute the message and we generate the
aggregated multi signature by combining the signature of individual participants.

So, this earlier in the context of CoSi, you have seen this Schnorr signature. Here it is another
form of multi signature which the BLS multi signature. I am not going to the mathematical
details behind BLS signature technique.

If you are interested, you can just Google it and there are many materials which talks about
this BLS cryptosystem that BLS cryptosystem just like this Schnorr multi signature that we
had studied earlier. It helped us to design multi signature scheme. So, that way, we generate a
multi signature out of it.
(Refer Slide Time: 9:52)

And so, what happens that this consortium response is accepted as valid only when you have
again a two third quorum on the service provider signatures. And we have seen earlier that
this CoSi actually emulates the behaviour of PBFT. So, with this two third quorum on CoSi,
you can also ensure that the Byzantine faulty correctness against Byzantine faulty behaviour.

Now, the second requirement come to preserve the confidentiality. So, to preserve the
confidentiality, a response to a consumer is encrypted using the public key. Well, now to
collect a signature we this multi signature collection is carried out off-chain to improve the
latency.

To collect our signature, we generate a communication tree like tree kind of structure that we
have seen in the standard CoSi protocol earlier. So, each node of the tree, it aggregates the
signature collected from its descended similar to CoSi we have seen earlier. So, fallback to
smart contract based signature collection in case of dataset denial of service attack by some
service provider.
(Refer Slide Time: 11:05)

So, here is the mechanism for this verifiable response transfer. So, I have the private ledger.
In the private ledger, I have these individual transactions. So, once a particular transaction
receives two third endorsement the required endorsement, then it is sent to this scheduling
contract.

This scheduling contract, schedule the request and once the scheduling contract schedule a
request and response is generated, the response again goes to BFT consensus within the
service provider. Then these responses added to the blockchain. Now, once this response is
added to the blockchain, I need to transfer that response to this multi signature scheme.

Now for this multi signature scheme, we use this tree kind of structure among the service
providers, So, as I mentioned. So, through this tree kind of structure over the service
provider, the signatures, the message is being propagated from the service provider to the
other node and again following the standard CoSi protocol, the signature is being generated.

And once the signature is being generated, then this signature is collected in the reverse
direction. So, this part is pretty similar to our standard CoSi protocol. So, that way, we get the
aggregated signature. So, once we get the aggregated signature, that signed information is
sent to the public blockchain.

Now in the public blockchain, the miners will mine that information. While mining that
information, they will verify the corresponding information and after verification of the
corresponding information, that response is transferred back to the public ledger.
Now, once the response is transferred back to the public ledger, then a particular consumer, it
can pick up the response from the public ledger and it can validate the aggregated signature
and if required, if it is a confidential document, it can decrypt it to get the final outcome out
of it. Right?

So, this is the way we do we implement a verifiable response transfer where the procedure
goes through this multi signature generation and the multi signature collection mechanism
through which we ensure that information is securely transferred from the service provider to
the consortium to the consumers. The information is actually being transferred from the
private blockchain network to the public blockchain network.

So, in case some service providers deny or some service provider fails, then we use a separate
BFT consensus mechanism and through that separate BFT consensus mechanism, it fallback
to the on chain signature collection mechanism. So, that is the way means it is a kind of
fallback mechanism when certain service provider behaves maliciously.

(Refer Slide Time: 14:03)

Now, what we did that we have implemented a use case of cloud federation. The idea of the
cloud federation, I was talking to you initially. So, in case of cloud federation, multiple cloud
service providers come together and they collectively share the cloud resources. So, OnApp
federation is an example of such kind of federated cloud architecture.

So, in a federated cloud architecture, there can be multiple or more service providers. So, one
service provider they provide the computing service, another service provider, they can
provide the storage service.
Now, what you can do that you have certain service requests that you have and that service
request might go through such kind of consensus and one, one particular consortium member,
it agreed to provide computing resources where another consortium member may agree to
provide storage resource and with that they can they can collectively decide that well this
response might be sent back to the to the corresponding customer.

So, it provides such kind of federated cloud architecture. It provide, provides cloud
infrastructure resources to the end-users, It is like infrastructure as a service kind of
architecture. So, what we do, did? That we implemented a fair scheduling algorithm for
allocation of consumer request among service providers.

So, that fair scheduling algorithm actually goes through the consensus mechanism. The
consensus mechanism ensures that the requirement of fair scheduling is satisfied and the
service providers generate the output of the request or generate the response of a particular
service request based on executing that fair scheduling algorithm in a decentralized way
through a blockchain consensus procedure.

So, the fair scheduling algorithm typically dictates like this that each service provider will be
allocated the number of consumer requests proportional to its infrastructure contribution in
the federation. So, that way the participant which will provide more amount of infrastructure
contribution in the federation, they will be able to handle more number of customer requests
or the consumer request.

So, we have done a small scale test bed implementation using Ethereum and hyperledger
Fabric and hyperledger Burrow. So, the public blockchain interface was implemented using
Ethereum and the private blockchain interface was implemented using two different
techniques, hyperledger Fabric and hyperledger Burrow.

And to test a scalability we have used one emulator framework which is called mininet.
Mininet is basically a network emulation toolbox that provide a kind of interface to which
you can do large-scale emulation.
(Refer Slide Time: 16:59)

So, this was our general architecture of the flow. So, the consumer will request for a VM and
the service providers in that cloud federated consortium, they will run this fair scheduling
algorithm, and will decide that which service provider is going to handle this VM request and
that response will be sent back to the consumer. And for that we use this kind of blockchain
based interfacing that I have just described.

(Refer Slide Time: 17:29)

So, this was our testbed setup. We have considered three different service providers, CSP1,
CSP2, and CSP3. They typically run this Docker Swarm Overlay Network. So, this public
blockchain network was implemented using Ropsten and Rinkeby test network over
Ethereum.
So, we have implemented this Geth client and event listener, the interface. The interface was
simply implemented using Web3.js. We also implemented this multi signature verifier and
provided a web-based GUI through which the consumer can submit the request.

And then the cloud service providers, they will run this we fair scheduling algorithm in a
decentralized way to come up with a final solution of it and send back the solution to the
consumer.

And at the CSP site, we have this Virtualbox VM manager through which the VM request
will be satisfied. And then we have these different components of this CollabFed architecture
like the multi-signature collector, the Fabric/Burrow peers, Fabric/Burrow JS SDK, the Flask
server, the Web3.js interface, Geth client and event listener. These independent components
have been implemented.

And as I mentioned that we consider three different servers. So, these are the specification of
the three service that we have consider that have different resources with them. And they
actually collectively run this, this CollabFed architecture through which one, one consumer
can request for a VM and then these three service providers they come to an agreement about
who is going to host that VM and that response is sent back to the to the corresponding
consumer.

(Refer Slide Time: 19:29)

So, here are some results from the testbed. So, if you just look into the latency, So, we tested
over two Ethereum test network Ropsten And Rinkeby. So, here you can see that the latency
of Rinkeby was much less compared to Ropsten. So, here, it shows the latencies for number
of parallel requests on hyperledger Fabric and hyperledger Burrow.

You see incidentally Burrow worked much better in our case and that was actually the way
the Fabric and Burrow does the scheduling. Well So, So, they are independent nature and that
scheduling is very much a particular problem specific. So, for our problem we have observed
that Burrow works better but for some other problem it might happen that Fabric can also
work better. So, it entirely depends on how the problem has been formulated.

(Refer Slide Time: 20:25)

And finally, this shows the latency for multi-signature collection. So, here you can see that
well, that latency is something in the order of seconds and if you just compare between these
individual latencies, So, for blockchain network the latency was in the order of few minutes
some time.

So, some 60 second or 40 seconds something like that and for multi-signature collection, it is
some 4-5 seconds maximum at max. So, that way this this component is not very significant.
Rather the significant component is was that consensus running consensus on top of this
public blockchain network and the private blockchain network.

And on average, we have found that once a consumer request is being made, within a few
minutes you can get a corresponding response. So, the response is not very immediate but
you can you can get the response within a few minutes.

Well obviously, you can ask the question that whether these few minutes latency is tolerable?
So, it is something like that, I have requested for a VM and the system process that request
and send me back the response. Possibly for a VM allocation, this request this kind of delay
is tolerable.

But if you are thinking about ecommerce website or Booking dot com kind of Trivago kind
of hotel booking services, there possibly you need to think of other techniques to reduce this
latency further. They are possibly this kind of latency in the order of minutes, it is not
acceptable.

(Refer Slide Time: 22:03)

So, in conclusion, what we see that there are interesting research and design problems in the
blockchain space. But you need to think of applying the right technology at the right place.
So, as I mentioned that in this particular problem, where I have shared our experience, we
have looked into this problem entirely from that technical perspective, from an academic
research perspective.

We have tried to come up with a consensus mechanism through which you will be able to
facilitate transfer of information from a public blockchain to a private blockchain and then
get back the response from the private blockchain and send it back to the public blockchain.
But there are multiple different questions which remain that say for example, you have paid
the money in say for example, you use such kind of architecture to generate ecommerce
website. Now in that ecommerce website there is one service provider.

Apparently that service provider looks good. They have not done any kind of malicious or
fraudulent behaviour yet and what you do that you place your order to that particular service
provider and then that service provider starts doing their malicious behaviour. The example
that I have given you earlier that you have ordered for a smartphone but you receive an empty
box.

So, the question comes that what you are going to do after that? One possibility is like you
can you can lodge a complaint to the consumer forum because you have the identity of that
particular seller where do you have put up the contract. So, and the seller identities have
already been verified as we have assumed. So, there are certain trusted way of verifying the
sellers identity.

It might be through another identity network in a blockchain or through some trusted party,
trusted third party. But that identity is verified that you can assume. But then you have to
lodge up a complaint in the consumer forum. The consumer forum will validate that you have
to prove that you have received an empty box, not a mobile. So, the question comes that how
you are going to validate that? How you are going to put up a proof for that?

So, this kind of questions remains and typically in our day to day life, in our day to day
experience what we have seen that if such kind of problem occurs that you have booked
certain service over Amazon, over Trivago or over Booking dot com, and some problem
happened and you call the service provider, they immediately solve the problem.

So, for example, in case of Booking dot com it actually happened to me once. I was traveling
to some place in Italy, in Sardinia. I booked a hotel in Booking dot com and when I reach
there, I found that the hotel is closed. Something happened. So, some legal cases, something
happened with that hotel and they suddenly closed it and they have not informed that to the
Booking dot com owner.

So, at that point of time, immediately, I had made a call to Booking dot com and Booking dot
com take up my request and they have immediately allocated me another hotel and indeed
indeed a better hotel. So, it was it was a 3-star hotel and I got a better hotel out of it and they
may have not taken extra money from me. So, that way, I got my service somehow.
Obviously I have to wait for some time, for a couple of hours but I somehow I have been able
to manage it.

But in this case, if you if you just think of that it is a kind of complete decentralized
architecture, right? And you have booked a hotel, you got a confirmation and when you reach
that destination, you found that the hotel is locked. What you are going to do? You have no
one to complain at that time, right?
You do not have any phone number where you can complain because there is no one
centralized who is managing that entire service. So, that is the kind of practical challenge,
practical implementation kind of challenge for this kind of problem. And if you think
carefully for many of the blockchain based solution whenever we are talking about such kind
of decentralized marketplace, decentralized way of managing the stuffs, it looks good but
some time it might put up more over it from an end user’s perspective.

So, that way, I think it is a good time, we have we have already understood that what type of
services or what type of applications can be built on top of blockchain. And there are millions
of documents which actually describe that. But then what are the real challenges that can
come while you are going to practically implement it?

So, I think it is the high time that we should think about that and we should try to find out a
solution of it. So, unless we are able to find a solution of it, possibly none of these
applications can be implemented on top of blockchain. We need to carefully think of such
kind of problems.

So, that way as I mentioned earlier that whenever you are thinking to build up a solution on
top of blockchain, you should remember such kind of fundamental questions that we have
talked about earlier. That who are your network? What is the network? Who are your
participants? What are the assets that you are going to transfer on top of blockchain? What
are the transactions that you have? What are the keys that you are going to own? How to
obtain those keys and how to share those keys?

Do we have any kind of trusted party third party in the system? So, what is the limitation of
the trusted third party? What level of trust or what level of service it can provide? And
finally, that why people are going to join in your blockchain network? And at the same time,
you need to think of this question that well, whether there can be any side channel in my
blockchain based system through which particular customer gets suffers or a particular user
gets suffers?

So, in that case, if the user does not have any guarantee, So, today, we book a hotel from
Booking dot com or book a airplane ticket from Make My Trip thinking about that well if
some dispute happens with me that then Booking dot com or Make My Trip is going to
resolve that dispute.
But in such kind of decentralized marketplace, if such kind of dispute happens, then we do
not have any kind of identified authority who can resolve that dispute on an immediate scale.
And as the example that I have given regarding hotel booking, such kind of dispute resolution
sometimes need to be very fast.

You can say that the consumer forums you can put up a complaint but that will take its own
time. So, the question comes, how can I get immediate dispute resolution in case I face such
kind of problem over a decentralized marketplace because I do not have any authority or
someone who can lead the system, who can take over the system whenever required.

So, these are the kinds of open questions that we have and as I mentioned that you should
always think of whether blockchain is the best solution to solve a problem, solve the use case
that you are thinking about.

If you feel, if you strongly feel that blockchain is the best solution and if you can answer all
these questions, if you can find out that well such kind of problems, such kind of side
channels does not appear if you are developing a solution with the help of blockchain, then I
would suggest go ahead with it.

Otherwise, you need to really think of an alternate solution. Maybe you can think of
blockchain coupled with something else and accordingly, you can have a low cost solution
which can possibly balance between all these requirements.

(Refer Slide Time: 29:55)

So, with that, I conclude this lecture as well as conclude this course. So, I hope that you have
enjoyed this course and you are being able to learn the basics of blockchain, its internal
structure as well as got an idea that what blockchain can deliver and more importantly what
blockchain cannot.

Well, as I mentioned multiple times during the course that you do not have a free lunch
anytime. So, every technology that comes it has its own limitation. So, rather than jumping
behind the hype of blockchain or jumping behind this kind of buzzword, you should carefully
think of what this particular technology can deliver. What is the advantage that we will get?

And at the same time, I should carefully think of what is its limitation and by doing a trade of
analysis between this advantage and the limitation, we should finally decide whether we
should approach it or whether we should take this particular technology to solve the problem
that we are facing or not. So, that is all from my side. Thank you and I hope that again, you
have you have enjoyed this course. See you again. Take care.