book

Mastering Ethereum

by Andreas M. Antonopoulos, Gavin Wood

December 2018

Intermediate to advanced

422 pages

11h 8m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
How to Use This BookIntended AudienceConventions Used in This BookCode ExamplesUsing Code ExamplesReferences to Companies and ProductsEthereum Addresses and Transactions in this BookO’Reilly SafariHow to Contact UsContacting AndreasContacting GavinAcknowledgments by AndreasAcknowledgments by GavinContributionsSources
Quick Glossary
1. What Is Ethereum?
Compared to BitcoinComponents of a BlockchainThe Birth of EthereumEthereum’s Four Stages of DevelopmentEthereum: A General-Purpose BlockchainEthereum’s ComponentsFurther ReadingEthereum and Turing CompletenessTuring Completeness as a “Feature”Implications of Turing CompletenessFrom General-Purpose Blockchains to Decentralized Applications (DApps)The Third Age of the InternetEthereum’s Development CultureWhy Learn Ethereum?What This Book Will Teach You
2. Ethereum Basics
Ether Currency UnitsChoosing an Ethereum WalletControl and ResponsibilityGetting Started with MetaMaskCreating a WalletSwitching NetworksGetting Some Test EtherSending Ether from MetaMaskExploring the Transaction History of an AddressIntroducing the World ComputerExternally Owned Accounts (EOAs) and ContractsA Simple Contract: A Test Ether FaucetCompiling the Faucet ContractCreating the Contract on the BlockchainInteracting with the ContractViewing the Contract Address in a Block ExplorerFunding the ContractWithdrawing from Our ContractConclusions
3. Ethereum Clients
Ethereum NetworksShould I Run a Full Node?Full Node Advantages and DisadvantagesPublic Testnet Advantages and DisadvantagesLocal Blockchain Simulation Advantages and DisadvantagesRunning an Ethereum ClientHardware Requirements for a Full NodeSoftware Requirements for Building and Running a Client (Node)ParityGo-Ethereum (Geth)The First Synchronization of Ethereum-Based BlockchainsRunning Geth or ParityThe JSON-RPC InterfaceRemote Ethereum ClientsMobile (Smartphone) WalletsBrowser WalletsConclusions
4. Cryptography
Keys and AddressesPublic Key Cryptography and CryptocurrencyPrivate KeysGenerating a Private Key from a Random NumberPublic KeysElliptic Curve Cryptography ExplainedElliptic Curve Arithmetic OperationsGenerating a Public KeyElliptic Curve LibrariesCryptographic Hash FunctionsEthereum’s Cryptographic Hash Function: Keccak-256Which Hash Function Am I Using?Ethereum AddressesEthereum Address FormatsInter Exchange Client Address ProtocolHex Encoding with Checksum in Capitalization (EIP-55)Conclusions
5. Wallets
Wallet Technology OverviewNondeterministic (Random) WalletsDeterministic (Seeded) WalletsHierarchical Deterministic Wallets (BIP-32/BIP-44)Seeds and Mnemonic Codes (BIP-39)Wallet Best PracticesMnemonic Code Words (BIP-39)Creating an HD Wallet from the SeedHD Wallets (BIP-32) and Paths (BIP-43/44)Conclusions
6. Transactions
The Structure of a TransactionThe Transaction NonceKeeping Track of NoncesGaps in Nonces, Duplicate Nonces, and ConfirmationConcurrency, Transaction Origination, and NoncesTransaction GasTransaction RecipientTransaction Value and DataTransmitting Value to EOAs and ContractsTransmitting a Data Payload to an EOA or ContractSpecial Transaction: Contract CreationDigital SignaturesThe Elliptic Curve Digital Signature AlgorithmHow Digital Signatures WorkVerifying the SignatureECDSA MathTransaction Signing in PracticeRaw Transaction Creation and SigningRaw Transaction Creation with EIP-155The Signature Prefix Value (v) and Public Key RecoverySeparating Signing and Transmission (Offline Signing)Transaction PropagationRecording on the BlockchainMultiple-Signature (Multisig) TransactionsConclusions
7. Smart Contracts and Solidity
What Is a Smart Contract?Life Cycle of a Smart ContractIntroduction to Ethereum High-Level LanguagesBuilding a Smart Contract with SoliditySelecting a Version of SolidityDownload and InstallDevelopment EnvironmentWriting a Simple Solidity ProgramCompiling with the Solidity Compiler (solc)The Ethereum Contract ABISelecting a Solidity Compiler and Language VersionProgramming with SolidityData TypesPredefined Global Variables and FunctionsContract DefinitionFunctionsContract Constructor and selfdestructAdding a Constructor and selfdestruct to Our Faucet ExampleFunction ModifiersContract InheritanceError Handling (assert, require, revert)EventsCalling Other Contracts (send, call, callcode, delegatecall)Gas ConsiderationsAvoid Dynamically Sized ArraysAvoid Calls to Other ContractsEstimating Gas CostConclusions
8. Smart Contracts and Vyper
Vulnerabilities and VyperComparison to SolidityModifiersClass InheritanceInline AssemblyFunction OverloadingVariable TypecastingPreconditions and PostconditionsDecoratorsFunction and Variable OrderingCompilationProtecting Against Overflow Errors at the Compiler LevelReading and Writing DataConclusions

9. Smart Contract Security
Security Best PracticesSecurity Risks and AntipatternsReentrancyReal-World Example: The DAOArithmetic Over/UnderflowsReal-World Examples: PoWHC and Batch Transfer Overflow (CVE-2018–10299)Unexpected EtherFurther ExamplesDELEGATECALLReal-World Example: Parity Multisig Wallet (Second Hack)Default VisibilitiesReal-World Example: Parity Multisig Wallet (First Hack)Entropy IllusionReal-World Example: PRNG ContractsExternal Contract ReferencingReal-World Example: Reentrancy Honey PotShort Address/Parameter AttackUnchecked CALL Return ValuesReal-World Example: Etherpot and King of the EtherRace Conditions/Front RunningReal-World Examples: ERC20 and BancorDenial of Service (DoS)Real-World Examples: GovernMentalBlock Timestamp ManipulationReal-World Example: GovernMentalConstructors with CareReal-World Example: RubixiUninitialized Storage PointersReal-World Examples: OpenAddressLottery and CryptoRoulette Honey PotsFloating Point and PrecisionReal-World Example: EthstickTx.Origin AuthenticationContract LibrariesConclusions
10. Tokens
How Tokens Are UsedTokens and FungibilityCounterparty RiskTokens and IntrinsicalityUsing Tokens: Utility or EquityIt’s a Duck!Utility Tokens: Who Needs Them?Tokens on EthereumThe ERC20 Token StandardLaunching Our Own ERC20 TokenIssues with ERC20 TokensERC223: A Proposed Token Contract Interface StandardERC777: A Proposed Token Contract Interface StandardERC721: Non-fungible Token (Deed) StandardUsing Token StandardsWhat Are Token Standards? What Is Their Purpose?Should You Use These Standards?Security by MaturityExtensions to Token Interface StandardsTokens and ICOsConclusions
11. Oracles
Why Oracles Are NeededOracle Use Cases and ExamplesOracle Design PatternsData AuthenticationComputation OraclesDecentralized OraclesOracle Client Interfaces in SolidityConclusions
12. Decentralized Applications (DApps)
What Is a DApp?Backend (Smart Contract)Frontend (Web User Interface)Data StorageDecentralized Message Communications ProtocolsA Basic DApp Example: Auction DAppAuction DApp: Backend Smart ContractsAuction DApp: Frontend User InterfaceFurther Decentralizing the Auction DAppStoring the Auction DApp on SwarmPreparing SwarmUploading Files to SwarmThe Ethereum Name Service (ENS)History of Ethereum Name ServicesThe ENS SpecificationBottom Layer: Name Owners and ResolversMiddle Layer: The .eth NodesTop Layer: The DeedsRegistering a NameManaging Your ENS NameENS ResolversResolving a Name to a Swarm Hash (Content)From App to DAppConclusions
13. The Ethereum Virtual Machine
What Is the EVM?Comparison with Existing TechnologyThe EVM Instruction Set (Bytecode Operations)Ethereum StateCompiling Solidity to EVM BytecodeContract Deployment CodeDisassembling the BytecodeTuring Completeness and GasGasGas Accounting During ExecutionGas Accounting ConsiderationsGas Cost Versus Gas PriceBlock Gas LimitConclusions
14. Consensus
Consensus via Proof of WorkConsensus via Proof of Stake (PoS)Ethash: Ethereum’s Proof-of-Work AlgorithmCasper: Ethereum’s Proof-of-Stake AlgorithmPrinciples of ConsensusControversy and CompetitionConclusions
A. Ethereum Fork History
Ethereum Classic (ETC)The Decentralized Autonomous Organization (The DAO)The Reentrancy BugTechnical DetailsAttack FlowThe DAO Hard ForkTimeline of the DAO Hard ForkEthereum and Ethereum ClassicThe EVMCore Network DevelopmentOther Notable Ethereum Forks
B. Ethereum Standards
Ethereum Improvement Proposals (EIPs)Table of Most Important EIPs and ERCs
C. Ethereum EVM Opcodes and Gas Consumption
D. Development Tools, Frameworks, and Libraries
FrameworksTruffleEmbarkOpenZeppelinZeppelinOSUtilitiesEthereumJS helpeth: A Command-Line Utilitydapp.toolsSputnikVMLibrariesweb3.jsweb3.pyEthereumJSweb3jEtherJarNethereumethers.jsEmerald PlatformTesting Smart ContractsOn-Blockchain TestingGanache: A Local Test Blockchain
E. web3.js Tutorial
Descriptionweb3.js Contract Basic Interaction in a Nonblocked (Async) FashionNode.js Script ExecutionReviewing the Demo ScriptContract InteractionAsynchronous Operation with Await
F. Short Links Reference
Smart Contract SecurityTokens
Index

Content preview from Mastering Ethereum

Chapter 4. Cryptography

One of Ethereum’s foundational technologies is cryptography, which is a branch of mathematics used extensively in computer security. Cryptography means “secret writing” in Greek, but the study of cryptography encompasses more than just secret writing, which is referred to as encryption. Cryptography can, for example, also be used to prove knowledge of a secret without revealing that secret (e.g., with a digital signature), or to prove the authenticity of data (e.g., with digital fingerprints, also known as “hashes”). These types of cryptographic proofs are mathematical tools critical to the operation of the Ethereum platform (and, indeed, all blockchain systems), and are also extensively used in Ethereum applications.

Note that, at the time of publication, no part of the Ethereum protocol involves encryption; that is to say all communications with the Ethereum platform and between nodes (including transaction data) are unencrypted and can (necessarily) be read by anyone. This is so everyone can verify the correctness of state updates and consensus can be reached. In the future, advanced cryptographic tools, such as zero knowledge proofs and homomorphic encryption, will be available that will allow for some encrypted calculations to be recorded on the blockchain while still enabling consensus; however, while provision has been made for them, they have yet to be deployed.

In this chapter we will introduce some of the cryptography used in Ethereum: namely ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491971932Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mastering Ethereum

by Andreas M. Antonopoulos, Gavin Wood

Chapter 4. Cryptography

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.