Back in 1999, the file-sharing network Napster appeared to make it easy for users to share audio files (often containing music) over a hybrid peer-to-peer network (the term “hybrid” is used because it uses a central directory server). File-sharing networks can be used for more than just sharing music files, allowing all users to keep copies of those shared files. In this way, a single digital asset generates an infinite number of reasonable copies across the global network. The technology is simple and easy to use, and anyone with a computer can take advantage of it. This led to an unexpected decline in the performance of the respected Taoer Records. By 2006, Taoer Records was forced to close all 89 of its US stores.
In 2008, the subprime mortgage crisis broke out. During this period, long-established and powerful U.S. financial institutions and insurance companies have declared bankruptcy or are on the verge of bankruptcy. In this case, the federal government must intervene immediately to avoid a national and even global financial crisis. The momentous event has raised doubts about central banks and exposed the dangers of keeping money ledgers out of public scrutiny. In March 2008, the Hartland Payment Systems data breach exposed more than 130 million credit card numbers, many of which were later stolen to make fraudulent purchases.
These events illustrate the great dangers of living in a digitally connected world that not only relies on transaction fees to generate middlemen, but is also vulnerable to digital attacks, greed and criminality. The academic challenge is how to create a disintermediated digital infrastructure for the open and reliable transfer (rather than copying and sharing) of digital assets between owners, without corrupt or unreliable central authorities, while being secure and trustworthy .
Getting Started with the Bitcoin Blockchain
On January 3, 2009, a new type of infrastructure emerged, seemingly out of a historical context. It mines 50 digital coins and records them on a tamper-proof public ledger. This ledger is replicated on a decentralized peer-to-peer network of networked computers. These 50 units of cryptocurrency are called “Bitcoins” and are recorded as the genesis block, which is considered to be the first link in the Bitcoin blockchain.
The extraordinary thing about this blockchain-powered cryptocurrency is that every transaction is not verified by any trust or regulatory authority such as a bank or government. Furthermore, it disintermediates transactions, i.e. transfers digital currencies around the world using a global network that does not involve intermediaries such as agents or agencies. Due to the reliance on modern encryption, the data in the blockchain is tamper-proof and anonymous data. Furthermore, because a given blockchain is replicated to every node in the peer-to-peer network, there is no single point of failure, ensuring the availability and reliability of this technology.
Since the launch of Bitcoin, blockchain technology has developed rapidly and has continued to mature and improve. The details of blockchain implementation vary widely, making blockchain research a huge, ever-changing and very complex task. In fact, the term “blockchain” no longer applies only to cryptocurrencies in general, and Bitcoin in particular. Blockchain is constantly being optimized and refined, aiming to become a faster and smarter technology. In fact, some blockchain technologies allow scripting to support smart contracts so that custom rules can be applied to transactions. In this way, blockchain has evolved into a new programmable hacker-proof storage technology. It is for this reason that IT professionals, businesses, financial institutions, etc. are clamoring to realize its true potential.
If you’ve been looking at blockchain from the outside, now is the time to catch up. This is an introductory article and it is impossible to cover the exhaustive technical details of all blockchain technologies, each with its own rules, functions and customizations. However, I have introduced a number of concepts in this article that will help readers understand the core technical foundations upon which many new blockchain technologies are based.
How Blockchain Works
The Bitcoin blockchain is the world’s first example of blockchain technology. Because of this quality, “blockchain” is often misunderstood as being inseparable from Bitcoin. However, newer blockchain technology products/services that track digital assets other than digital currencies work very differently from the Bitcoin blockchain. Additionally, the Bitcoin blockchain promotes the notion that the blockchain is a data structure that virtualizes the bank’s ledger, specifically by tracking borrowing and lending, while offering creative encryption solutions to effectively prohibit double-digitization of cryptocurrency units expenditure. Hence, the terms “digital ledger” and “double spending” are associated with cryptocurrency blockchains. However, the two terms are widely used to track ownership and enforce a single transfer of digital assets, respectively. When you see these two terms, don’t think they just refer to cryptocurrency-oriented blockchain technology.
Essentially, a blockchain is a tamper-proof data structure that keeps track of content of value or interest that is passed between owners. The “content” referred to here can be any kind of digital asset, such as a digital currency, a Word document, or a Microsoft Surface tablet serial number. In fact, any item that can be associated with a unique digital fingerprint can be tracked on the blockchain. Blockchain requires the transfer of ownership of digital assets, rather than copying or sharing, solving the so-called “double spending” problem. However, the interesting thing about blockchain technology is that it not only establishes protocols and enforces transaction rules, but also enables nodes in a distributed network of computers to self-supervise the entire operation. And, it accomplished this remarkable feat quickly and globally without a central server or trusted authority. This prospect has piqued interest in eliminating middlemen, reducing or suspending transaction fees, while allowing businesses and users to improve business efficiency.
Core Components of Blockchain
The Bitcoin blockchain network is public. That is, anyone can participate anytime, anywhere. However, modern blockchain offerings (such as Microsoft Azure Managed Blockchain) can be configured as public, private, or privileged networks. While blockchain is decentralized, the meaning of decentralization requires further clarification. As Vitalik Buterin explains (bit.ly/2tEUYyT), “decentralized blockchains” mean that they are “not only decentralized politically (without any regulation), but also architecturally (without infrastructure centers) point of failure), but they are not logically decentralized (there is a mutually agreed upon state and the system behaves like a computer).” Decentralization provides fault tolerance, attack defense, and collusion defense (I’ll cover proof-of-work later, when the implications will become clear).
To understand how to design a public blockchain, you need to understand cryptographic hashing, public key cryptography (PKC), chains of binary hashes (especially Merkle trees), and consensus algorithms. I will briefly review these concepts and introduce that a blockchain is a chain of hashes that contains a chain of hashes of transactions. Once you master this nested hash chain concept, you will understand the basic design of blockchain technology.
Cryptographic hashing: While there are many variations of one-way cryptographic hashing algorithms, SHA-256 is usually chosen (bit.ly/29kkpft). This is a one-way hash function that accepts messages up to (264-1)/8 bytes and returns a 32-byte hash (64 hexadecimal characters) in the decimal range between 0 and approx. Between 1.16 x 1077. To put the order of magnitude in perspective, it’s important to point out that a drop of water contains approximately 5 x 1012 atoms; the number of atoms in the observable universe is estimated to be between 1078 and 1082. Adjust any character in the message, and recalculate the SHA-256 hash to generate a completely new hash. (To experiment, visit onlinemd5.com and set the file or text checksum type to SHA-256.)
The SHA-256 algorithm always produces the same fixed-length output if the input is the same. For blockchain technology, the value of using SHA-256 cryptographic hashes is that they are unique and can be used as both a digital fingerprint and a checksum. Also, (by convention) one-way hash functions cannot decode. Take the SHA-256 value of my name as an example: 8F12D83BA54AC0EA7687AD4AFDE5E258BBFF970AA8D60C6588381784C502CA8E. Since this is a hash, there is actually no way to reverse my name using an algorithm. (One hacking technique utilizes rainbow tables, which list computed hashes of common strings (such as “password”), but this is also not an algorithm to reverse the hash. To defend against such attacks , it is common practice to decorate the string to be hashed by appending a random string (called a “salt” value).)
If no SHA-256 generator is available, see the table in Figure 1, which shows that strings of different lengths always generate 64-bit hexadecimal hashes, and that slight changes to any string can lead to completely different results .
Public Key Cryptography: To recap, one of the main functions of the blockchain is to track the ownership of digital assets. The underlying digital assets may be worthless, or they may be worth millions of dollars. Therefore, the ownership test must ensure that the owner cannot be impersonated. To conduct such tests in the digital realm, blockchain utilizes PKC so that owners can digitally sign assets to prove ownership and authorize asset transfers. Unlike symmetric key encryption, which uses one private key to encrypt and decrypt messages, PKC uses asymmetric key encryption.
Because accurate verification algorithms for digital asset ownership are critical to blockchains, they employ a high-security public/private key pair generation strategy that relies on Elliptic Curve Digital Signature Algorithm (ECDSA). The advantage of ECDSA is that the keys it creates, although shorter in length, are more cryptographically secure than keys of the same length generated by the commonly used algorithm, Digital Signature Authorization (DSA). Users can access a software application whenever needed to generate encryption key pairs using ECDSA. Users must keep a backup of the private key because this key must be used in order to transfer or utilize the value of digital assets stored in the blockchain. If you only have access to the private key in the private/public key pair, you can regenerate the public key because there is a mathematical relationship between the two keys. However, the private key cannot be generated from the public key. That said, if you’re only backing up one key, be sure to back up the private key!
These keys are typically used in one of two ways. The first use case (see Figure 3) is to want someone to send you an encrypted message that only you can open. To do this, provide the other party with your public key and let them encrypt the document using this public key, by applying an encryption algorithm through software and producing encrypted text (an encrypted version of the message). The other party will then send you only the encrypted text. Since the counterparty is using the public key to encrypt the document, the correctly paired private key must be used to decrypt the document.
Figure 1: Use PKC when you want someone to send you an encrypted document/message that only you can open
The second use case (see Figure 4) is to want to encrypt a message and prove that it was indeed sent by you. To do this, use the private key to create the encrypted text of the document. Then, send this encrypted text to someone else. The other party will use your public key to decrypt the document. Since only your public key can decrypt the document, recipients can think that the document was encrypted by your private key. That is, unless the private key is compromised, the document is sent by you.
Figure 2: Using PKC when wishing to send an encrypted document/message to someone else and prove that it was indeed sent by you
The third use case uses PKC to prove digital asset ownership through a digital signature process. In this use case (see Figure 5), suppose Bill has written a legally binding Word document that he needs to email to Susan. Susan wants to be sure that the copy of the document she received from Bill was indeed sent by Bill and has not been tampered with along the way. Bill first creates a SHA-256 hash of the Word document and records the value as H(W). Next, he encrypts the document hash with his private key, generating Enc(H(W)), and sends Susan the Word document (encrypted as appropriate) and the Enc(H(W)) value (this is Bill digital signature of document W).
Figure 3: Digitally sign documents/messages using PKC and cryptographic hashes
Susan recalculates the H(W) value from the copy of the Word document she receives, and decrypts the Enc(H(W)) value using Bill’s public key (see Figure 6). If the hash calculated by Susan is equal to the decrypted H(W) value, Susan can conclude that Bill signed the document and that the copy she received is exactly the same as the document Bill signed.
Figure 4: Using PKC and cryptographic hashes to verify that a document/message was signed by the intended party
Using hashes and PKC, the blockchain maintains a transaction history of digital asset ownership. Transaction data objects are linked to each other, forming a data structure called a “hash chain”. How it works is that each transaction constitutes a message (m), which is hashed by a function (H) and signed by the owner’s private key (s). (It is common practice to use the initial “s” of “secret” for the private key to avoid confusion with the “p” for the public key.) This generates the signature (sig):
sig = signature(H(m), s)
After a digital asset is transferred from one owner to another, the new owner checks, verifies, and signs its digital signature before registering it as a new node on the hash chain. Although the implementation details vary widely by blockchain technology and version, the basic concepts are the same for all of these technologies and versions. For example, as shown in Figure 7, Bill is the owner of the digital asset, and he uses the private key to initiate the transfer of the digital asset to Susan. Susan’s transaction records use Bill’s public key to verify his signature. After this, Susan signs the digital asset with the public key, making Susan the new owner. This creates a new transaction record, a new link on the transaction hash chain.
Summarize
This paper describes how to construct a public blockchain consisting of cryptographically linked blocks on a decentralized network of peer nodes, each linked block having its own cryptographically linked transaction hash chain. I covered the basics of blockchain technology, trying not to focus on any single implementation, but on some of the more typical technical features they all share. If you wish to explore this topic further, it is recommended to choose a blockchain technology (such as Bitcoin, Ethereum or Ripple) and try to grasp the details of its specific implementation. To experience blockchain for yourself, take a look at Azure Managed Blockchain Offerings
