Blockchain Technology: Where’s The Security?
If you’ve already read our first article in this series, welcome back! If you are new to this series, please consider taking a look at our first article in which we explain blockchain technology: what it is and how it works. This week we are going to discuss the security aspect of blockchain. We are still looking at blockchain technology but we will be going over the specific details of how the data is checked off and verified. These are steps that must be accomplished before a transaction can be completed. That transaction is not always financial, it might be storing the identities of physical items, providing credentials, or securely storing and verifying details of education, accreditation, awards and employment history.
In security, the terms checksum and hash are often used interchangeably. However there is a bit of a difference in that the word checksum actually refers to a unique hash value which is generated by the hash function.
The hash function is a one-way function[i] which takes a large amount of data and using some complex mathematics, outputs a fixed length value that acts as the hash value for the data. The hash value, also known as the checksum, thus ensuring the integrity of the data due to its unique nature.
Part of how transactions are checked is by use of a checksum / hash value . The checksum is generally unique for the data that was processed. That checksum will change if the data is altered at all.
In most cases, checksum is 256 bits in length, which is sufficient to make it extremely difficult to counterfeit. The chances find any two pieces of data that will generate the same hash are statistically insignificant. The chances of finding data similar enough to the original that it can serve as a forgery are even lower.
In the case of a blockchain, the entire state of the blockchain prior to a given transaction is used as portion of the input for this hashing function. This is added to the data in the current transaction, which then generates a unique hash value. This unique hash value is incorporated into the new block thereby improving the security of data. By doing this, each transaction holds a marking of all the transactions prior to it as well as its own current state when added to the blockchain. This provides a level of security that guarantees no alterations have occurred in the blockchain.
This is a method of digitally ensuring that an entity is the individual or organization that they claim. We utilize a digital signature in order to show that the person originating the transaction is actually who they say they are and has authorized this transaction. This ensures that nobody else is masquerading as them and making transactions in their name.
Digital signatures are mathematical functions that use very large prime numbers to create a pair of linked keys that are used in asymmetric cryptography. These keys have a special property that what is encrypted utilizing one can be decrypted utilizing the other. To make this useful, we have one of the keys designated as public and the other one as private.
To think about this in a practical sense, you can go to the bank with an account number of someone and deposit money in their account. Without the proper ID or pin, they cannot actually see what is in your account or the transactions that have happened to your account. In this case the public key is the bank account number but the pin and/or signature are the private portion of the key which is needed to access the rest of the information.
When we are dealing with signatures of data for blockchain, the transaction will be “signed” by one of the parties after the hash has been made. To do this, the private key is used to encrypt this hash we generated earlier, this is sent with the message so that the other party can use the original party’s public key to decrypt the hash. Only the public key can decrypt this signature, so if we know who the public key belonged to and it decrypt’s the signature from that person, then it must have originated from that person as only he has the private key.
Let’s take an simple example using our friends Bob and Alice. Bob is communicating with Alice. Bob has written a private email to Alice. He wants to make sure that Alice knows for sure the message is both unaltered and from him. Before sending, Bob will make a hash of the message and then encrypt the hash with his private key. When he sends the message and the encrypted hash to Alice, she can use his public key to decrypt the hash value. Alice will use the same hashing algorithm, to see if she generates the same hash value as Bob did. If her value and the one she decrypted from Bob match, then she can know that the message has not been manipulated. In addition, she can know for sure that it came from Bob. We will get deeper into encryption and the details of how encryption works in a later article. This is just a general overview.
This is the method by which we can utilize hashes and digital signing to ensure that we know who a message came from and that it has not been altered in transit. This is the foundation of the security which forms the basis for blockchain technology.
By distributing the ledger to multiple parties and requiring the sign-off of these parties, it is much harder for any single entity to corrupt the system. Unlike a traditional bank or other 3rd party, there is no single database that can be hacked. With blockchain, it’s nearly impossible to wipe out a transaction record and make it look as if it never took place. It isn’t a simple case of accessing a database and alter transactions to rewrite what had already occurred. By having these multiple copies spread out and cross referenced, if one happens to be bad, it can be dumped and re-synchronized with the good ledgers. This significantly improves the security of the system and preserves the integrity of the data.
It’s also important to note, a single transaction that has already occurred cannot be tampered with since it is signed using the checksum / hash value generated by all the transactions that occurred prior to it. Since this is used to create the digital signatures of all transactions going forward, any changes will alter these signatures and therefore flag in the system as invalid. Part of the security of blockchain is in its ability to flag tampering when it occurs and show where it occurred.
Although we are discussing blockchain in the context of cryptocurrency, it is important to remember that blockchain is not specifically just for financial transactions. Yes, cryptocurrency is the usage that most people are familiar with and therefore the easiest for people to understand, after all, we perform financial transactions every day.
You can substitute out the financial data for some other information such as logging access to a web site or tracking important information such as a list of students that are registered at a University. Next week, we will discuss some of the other uses for blockchain before we begin digging into the how’s and why’s of cryptocurrency.
[i] A one way function is a mathematical function that takes in data and manipulates it in a way that it can never be turned back into the original data. For example, we know that 1+2 = 3, but we can start with 3 and go back to find out our original value of 1 by subtracting 2 from it (3-2=1). In a one way function we take our value X and through this function, generate a value Y but unlike the example above, there is no way to take our Y and reverse some steps in order to find our original X.