TU Wien:Cryptocurrencies VU (Maffei)

Aus VoWi
Zur Navigation springen Zur Suche springen

Daten[Bearbeiten | Quelltext bearbeiten]

Vortragende Simon JeanteurMatteo Maffei
ECTS 6,0
Letzte Abhaltung 2023W
Sprache English
Mattermost cryptocurrenciesRegisterMattermost-Infos
Links tiss:192065, tiss:184789
Masterstudium Logic and Computation Modul Logic, Mathematics, and Theoretical Computer Science (Gebundenes Wahlfach)
Masterstudium Software Engineering & Internet Computing Modul Advanced Security (Gebundenes Wahlfach)

Inhalt[Bearbeiten | Quelltext bearbeiten]

Basic knowledge about cryptocurrencies, including cryptographic primitives like hashing and digital signatures. Further, material about altcoins, Ethereum, Smart Contracts, off-chain payments, routing.

Ablauf[Bearbeiten | Quelltext bearbeiten]

WS 2022/23 (6 ECTS)[Bearbeiten | Quelltext bearbeiten]

  • 10 weekly lectures
  • Two written exams (midterm and final)

WS 2021/22 (6 ECTS)[Bearbeiten | Quelltext bearbeiten]

  • 11 weekly lectures + 3 Q&A sessions + 1 Tutorial
  • 3 assignments (Bitcoin in SQL, Ethereum Smart contract security, Lightning network)
  • One written exam + 1 retake

WS 2018/19 (6 ECTS)[Bearbeiten | Quelltext bearbeiten]

  • 13 weekly lectures
  • Two written exams (midterm and final)

WS 2017/18 (3 ECTS)[Bearbeiten | Quelltext bearbeiten]

  • 11 weekly lectures
  • Two assignments
  • Written exam at the end of the semester

Benötigte/Empfehlenswerte Vorkenntnisse[Bearbeiten | Quelltext bearbeiten]

  • no real requirements
  • basic SQL is helpful but a cheatsheet gets provided for that assignment
  • interest in the technology and also theory and not just riding the hypetrain

WS 2022/23[Bearbeiten | Quelltext bearbeiten]

  • being proficient in at least one programming language
  • basic networking, canonical JSON
  • simple Dev-ops (setting up a node on a 3rd party hosting service)

Vortrag[Bearbeiten | Quelltext bearbeiten]

The lecture is quite difficult to follow: The slides aren't really good and it's hard to understand Prof Maffei. (Better read the book)

WS 2021/22: The Bitcoin related parts of the lecture were outsourced to recordings of Princeton's lectures on the topic. There were Q&A sessions where questions were answered. The parts on Lightning/Ethereum/Altcoins were held by the lecturers depending on their particular area of expertise. The quality of presentations ranged from bad (Very thick accent, "I know this slide is messy", hard to follow) to outstanding.

WS 2022/23: The first few lectures were very hard to follow due to the combination of unclear handwriting and the presenter not using the microphone (we even asked him to use it but he ignored it, I recommend watching Tim Roughgarden's lectures on Youtube which allows you to skip the first 3 lectures). I think writing by hand makes the lecture different but not when it is messy and basically forces me to transcribe the slides and not focus on the lecture itself (which defeats the whole point of attending the lecture). The lectures had powerpoints (with no handwriting) and were easier to follow compared to the 2nd and 3rd lecture. Attending the lectures is recommended as there is no livestream nor are there recordings of it.

Übungen[Bearbeiten | Quelltext bearbeiten]

  • WS 2017/18: There are two exercises to be done by each student. Collaboration or better said discussion is allowed and has to be disclosed in the submission paper.
  • WS 2018/19: Two assignments, the first one is done in groups of up to three students. Assignment 1 was equal to WS 2017/18. Assignment 2 consisted of exploiting 4 smart contracts.
  • WS 2022/23: There were 5 assignments which all built on top of each other, which can be done in an optional cooperation with 2 group members

Assignment 1:[Bearbeiten | Quelltext bearbeiten]

There are three parts to be done, all of them on a subset of the blockchain.

Part one has to be performed on the first 100.000 entries of the bitcoin blockchain. There are invalid blocks which would not pass the bitcoin validation algorithm. Goal is to find the invalid blocks and present them. All of this is one in sql, you get a basic representation of the blockchain as an sql file which has to be loaded into postgresql. There are only three tables which reference each other and several queries have to be made to find all the invalid blocks.

Part two is on an even smaller part of the blockchain which also gets provided by an initialization sql script. The goal here is to find unspent transactions which is fairly simple.

Part three is a de-anonymization attempt based on a clustering function which gets provided. Before using the provided function one has to insert in a given table all potential transactions based on joint control and serial control. After that it is possible to use the given function and finish the task with some basic queries based on the output.

Assignment 2:[Bearbeiten | Quelltext bearbeiten]

You are provided access to a private ethereum blockchain where a DAO contract ( decentralized autonomous organization) is hosted. Each student has his/her own contract and has to exploit a known bug on this contract. For this example you need to install geth and the solidity compiler and write some simple solidity code. The exploit and the respective code are presented to you in a paper that gets linked in the exercise instructions, so it is not that hard. Goal is to exploit the DAO and steal all the coins on your personal part of the ethereum blockchain.

WS 2022/23:[Bearbeiten | Quelltext bearbeiten]

The Deadline was around 2 weeks each for each assignment.

Assignment 1:[Bearbeiten | Quelltext bearbeiten]

  • Create a TCP-Server, which can handle multiple connections at the same time
  • Create a Database layer for the server to store peers
  • Read, write and verify canonical JSON-Strings
  • Implement a basic handshake protocol

Assignment 2:[Bearbeiten | Quelltext bearbeiten]

  • Storing objects send over the network and verify regular transactions

Assignment 3:[Bearbeiten | Quelltext bearbeiten]

  • Block validation and maintaining a UTXO-Set

Assignment 4:[Bearbeiten | Quelltext bearbeiten]

  • Chain validation and implementing Longest Chain Consensus

Assignment 5:[Bearbeiten | Quelltext bearbeiten]

  • Maintaining a mempool with help of the UTXO

Prüfung, Benotung[Bearbeiten | Quelltext bearbeiten]

WS 2022/23: 50% of the grade comes from the assignments (10% each assignment), 25% each for the exams, and 5% for optional scripts.The first exam is way harder as it covers the topics of 7 lecturers compared to the 2nd exam which only covers 3. Both exams had single choice (+1 correct, -1 incorrect, 0 nothing), MC-Questions with only on correct answer each (First exam: +3 correct, -1 incorrect, 0 nothing; Second exam: +4 correct, 0 incorrect or nothing). The first exam has way more in depth questions and is generally harder, both exams are technically optional because you could get the 50% necessary to pass only from the assignments (Imo passing by only doing the assignments is impossible, see Kritik). The grading of the task was done by an automated grader, which logs were then send to you so you could check for potential errors and remove them as they could influence the grading of the next task. When your node crashed due to some error in your code, you got an email from one of the TAs with the logs and you could resubmit your code without losing points for a late submission (which is a very kind decision). There was the option to hand in scripts by students which could register for certain lectures but this idea was abandoned by the team after realizing that many of the transcripts by the students contained errors, which was only said in a lecture (there was no announcement post in TUWEL about this topic).

WS 2021/22: The grading scheme is extremely odd in this lecture. Half your grade comes from a single test covering all lectures, which isn't that unusual. The other half, however, is. There are three group-exercises you need to solve, however starting from the second one they are literally one-person tasks (you need a personalized environment that is mailed to you). In practice that means your grade is highly dependent on the performance of (often random) team members without even the possibility of compensating for their performance (or rather lack thereof). The exercises are also highly outdated (the Ethereum exercise shipped with 4 year old libraries) and, although thematically interesting, not relevant anymore in practice. The exam had a strong focus in Bitcoin (payment channels in particular), to the degree that the class could reasonably be renamed to "Bitcoin and a splash of Ethereum". A large portion of the test also had to do with Bitcoin scripts and required writing and debugging them. Although this was technically part of the material, it was never brought up in any lectures; so unless you went out of your way to read the additional literature you had to figure it out on the spot, which was criticized by many participants.

WS 2018/19: Two exams which should not be underestimated. The first exam covers about 2/3 of the material of the whole LVA (about 9 slide sets + 2 tutorials), the final exam covers the rest (about 4 slide sets + 2 tutorials). The tutorials cover important topics, especially the first tutorial covers a lot of important cryptographic concepts which were very relevant for the test. The final exam covered only 4 slide sets and was probably underestimated by some people. However, a deep understanding of the topics was required to be able to answer the questions which the slides did not really bring across.

It was possible to retake one or both exams about three weeks after the final exam (mid/end of February). The early date for the retake led to student complaints which were ignored.

WS 2017/18: Relativ grundlegendes Wissen abgefragt, nichts über Ripple oder LN (siehe auch Prüfung).

Dauer der Zeugnisausstellung[Bearbeiten | Quelltext bearbeiten]

WS17: Prüfung 02.02. - Zeugnis am 26.03. (7 Wochen; Übungspunkte wurden auch erst am 02.03. bzw. 09.03. eingetragen, die LVA-Leitung hat nicht mit so vielen LVA-Teilnehmern gerechnet und daher (zu) wenig Kapazitäten eingeplant, war auch die 1. Abhaltung der LVA).

WS 2018/19: About two weeks between the exam and the publishing of the results: Midterm exam on 30.11., results online on 17.12. Final exam on 24.1., results online on 8.2.

Zeitaufwand[Bearbeiten | Quelltext bearbeiten]

WS 2018/19[Bearbeiten | Quelltext bearbeiten]

The first assignment is a group project and takes about one to two days per person if done carefully. The second assignment consisted of exploiting 4 contracts which took me about 3 days. I studied about 40 hours for the first exam and about 30 hours for the second exam, the assignments took me about 40 hours as well. All in all I would say that I didn't need the full 150 hours (6 ECTS).

WS 2017/18[Bearbeiten | Quelltext bearbeiten]

For the assignments one or two days should be enough.

Other opinion: One or two days is not enough. The first assignment needs some reading and understanding, the second can take more time depending on the network. We executed the right commands with no success until one day before end they told us we need to sync it..
Other opinion: If you are familiar with the respective tools and know what you are doing, the first assignment takes ~4-8 hours and the second one ~1-2 hours plus time for writing the report. I agree that not knowing the tools/techniques and needed theory knowledge can add at least 1-2 working days per assignment.

WS 2022/23[Bearbeiten | Quelltext bearbeiten]

Most of the assignments take around 2 days+ depending on how well you understand the topic of the assignment (some assignments could have been done in 2 days but also see Kritik)

Unterlagen[Bearbeiten | Quelltext bearbeiten]

Princeton: lecture book and videos

Foundations of Blockchains Tim Roughgarden Lectures

Lectures on Mixing, ZeroCash and ZeroCoin (6.*)

Payment-Channels #1 (Lightning Network)

Payment-Channels #1.5 (Security + Privacy in PCN + High Level description of Fulgor)

Payment-Channels #2 (Sleepy Channels)

Payment-Channels #3 (Blitz)

Tipps[Bearbeiten | Quelltext bearbeiten]

  • I strongly suggest attending the lecture since they do not record and it's very hard understanding the slides without it
  • Don't start too late, with the first assignment was my main challenge figuring out the basic structure and what refers to what and not even the SQL writing. There is normally an easy way for the SQL queries.
  • I would suggest looking for the Princeton book "Bitcoin and Cryptocurrency Technologies" online (there is a free PDF) and just read it. They explain everything very good. There are also some videos online. The book covers everything (the lecture is basically the book) so you will be fine with only reading it.
    • Note: The book covers a lot of the material for the exam and it helps to read it, it doesn't cover the lecture material in full anymore as of WS 2018/19.
  • The course is not too bad, requires not too much effort but if one doesn't know much about the Cryptocurrencies it's probably also not the best way to get into this topic. I would rather recommend attending Smart Contracts VU and Seminar aus Security (Kryptowährungen) SE first (which give a much better introduction to the the topic) and then attend this lecture.
  • For WS23, attending the lecture helps for understanding the topics, because the slides alone aren't enough; Reading the important parts of the papers they provide, is however most of the time sufficient to understand the topics. For the first half of the lecture the Foundations of Blockchains by Tim Roughgarden is pretty good and for the second half I provided links (see Unterlagen) to recorded explanations of the PCNs and Security, which were done by the group for conferences.

Highlights / Lob[Bearbeiten | Quelltext bearbeiten]

noch offen

Verbesserungsvorschläge / Kritik[Bearbeiten | Quelltext bearbeiten]

  • The quality of the slides should be improved. Mathematical formulas are typeset in running text which makes them hard to comprehend. The slides could be a bit more formal in terms of definitions etc. because the tests ask for a deeper understanding as well.
  • The retake exams where scheduled for mid February (18.02.) and the points of the final exam were only announced about a week before the exam which lead to a lot of protests from students.

WS 2022/23:[Bearbeiten | Quelltext bearbeiten]

  • Stop using handwriting instead of premade lecture slides as it may not be readable for everyone
  • Use the microphone so everyone can hear you, even in the back rows (this only applies to the lecturers which never use it)
  • Post one coherent announcement which covers all the errors and changes regarding one task an not 100 posts in the discussion forum which I have to browse through before I can even start programming (This is obviously an exaggeration but you get the point)
  • Add more verbose test cases for the assignments with the corresponding JSON-Messages to reduce the time it takes to test nodes, instead of just descriptions of the test cases which may be checked by the grader node
  • Provide valid blocks and valid transactions in one place (emphasize on valid as some of the blocks in the test block database were not valid which was discovered by some students ~1 day before the deadline, which was only discussed in the discussion board but there was no announcement)
  • Improve the descriptions of the assignments as many of them contained flaws such as typos and very vague descriptions

Because many of the announcements were rather late, and mistakes where found a few days prior to the deadline, most of the tasks could not be finished in advance and had to be done in the last few days before the deadline which was really stressful.