What does blockchain technology mean for security and how does it work?
Welcome back to the second part of Digital Cabinet’s three-part guide to the blockchain, all about what it is, how it works, and its future.
Last time, we started with understanding the basic concept of what the blockchain actually is, as well as describing some of the benefits of this structure. This time, we’ll focus on how that all works together and what that means for security.
While the simple building blocks (excuse the pun) of blockchain is relatively simple, there is a bit more to why blockchain, as it stands currently as an innovation on par with the creation of the World Wide Web itself, is especially useful in terms of security, privacy and transparency.
So, without any further ado, let’s dive right in shall we?
The key(s) to it all
One thing you may be wondering is whether the blockchain is private.
While it’s true that the blockchain’s architecture means that all the transactions recorded in blocks is transparent and able to be viewed by anyone, this does not mean that people that view the blockchain know exactly who the transactions are occurring between and what those transaction were—they just know that a transaction took place.
This is because what is recorded on the blockchain is a digital signature called a ‘public key’ which is, in effect, a “username” comprised of a long string of cryptographically generated, unique numbers and letters that act as addresses for users.
Any cryptocurrency would be recorded as belonging to that address, and anyone can send something to that address if they know it.
The public key is a shortened version of what is called a ‘private key’ which is generated by a complex encryption algorithm and is thus nearly impossible to be reverse-engineered (except with an unreasonable and infeasible amount of computing power, but more on that a little later).
Having the private key is tantamount to proof of ownership. Your private key is the combination, or password, that allows you into your address or “wallet”, and there is only one. If you lose that key, you irrecoverably lose access to your wallet.
It is usually recommended that this private key should be stored offline, physically, so as to eliminate the possibility of anyone hacking into your computer to find it and thus gain access to your wallet. This is why it is typically referred to as a ‘paper wallet’.
With these safety measures in place, one can be assured about the confidentiality on the blockchain—having the records of transactions is perfect for immutable transparency, but the exact details still remain private.
And now, a nefarious interlude…
We covered before how the method of distributing the blockchain across thousands of nodes in a decentralized manner (DLT technology) means that there is no critical point of failure. In addition, the structure of blocks connected the block preceding it (‘chaining’) means that data within blocks remain immutable and incredibly difficult to change.
However, changing data in the blockchain, while incredibly difficult, is not necessarily impossible.
If a hacker, for example, wanted to edit some data of a transaction in a block to reflect a payment that didn’t occur, since the blockchain is public and any computer can become a node voluntarily, what stops them from just making those changes and letting the blockchain incorporate those nefarious numbers?
The fundamental structure of chains of blocks would be the first hurdle: editing one block would mean altering its hash—the unique identifying name of each block—which would mean having to generate a new one. Hashes are computed using complex cryptographic algorithms and computing them requires resources in the form of hardware and electricity.
Generating a new hash takes computing power, but every time a block is added to the blockchain one has to generate one, so in theory changing one can be accomplished. But, because of the structure of the blockchain, the next block in the chain contains the hash of the block preceding it and so the edited block’s old hash is present in the following hash.
Since the hashes don’t match, the next block’s hash will also have to be changed and calculated as well, and so too for the block proceeding that one and the one after that—in fact, hashes would have to be changed for every single block in the chain after the edited block.
The computing power needed to retroactively edit the contents of one block, change its hash and then also the hashes of every block requires exponentially more resources and time than is feasible.
Proving your work
While anyone can view the blockchain, only nodes can add blocks to the blockchain and to add a block it needs to be named first. Any computer can voluntarily become a node, which raises the issue of how the blockchain can be trusted if anyone can just add nodes?
The way that the blockchain manages this is by getting a node to prove their “trustworthiness” by doing some work—a concept called, ‘Proof of Work’.
Just like a boss wanting to see the work their employees have done during the day to prove that they’ve actually done work, and have thus earned your day’s pay, nodes ‘earn their pay’ by generating hashes—each node putting a little bit of work per hash.
This is accomplished by solving incredibly complex mathematical calculations; calculations that can only be solved by computers. Computers need hardware and electricity to function, and hardware and electricity cost money. Therefore, if you have the resources to solve these calculations, and do so, then you have shown the blockchain that you are trustworthy. This concept is what is known as ‘mining’ the blockchain.
You may have heard of the term ‘mining’ before in connection with blockchains such as Bitcon—the term is a bit of a misnomer of sorts, because it implies that all they are doing is ‘looking for’ Bitcoin that already exists and digging them up.
This is not exactly the case: in essence, mining is a competition between nodes to solve these complex mathematical riddles first—and generate the complex encrypted hashes required to add blocks to the blockchain—and in the case of cryptocurrency, this “game” is rewarded with cryptocurrency. You’re not finding bitcoin in a mine, it’s more like you’re arbitrarily digging holes until you’ve done enough work for to be payed a fraction of a Bitcoin, or any other cryptocurrency.
In this way, cryptocurrency’s value can be likened to the value of money in the age of the Gold Standard: because it takes resources to ‘mine’ cryptocurrencies, there is direct “physical” relationship between the work you put in and the amount of crypto you receive; if you had 50 dollars in your wallet, that meant you owned 50 dollars worth of gold and if you put in ‘x’ amount of work mining you recieve ‘x’ amount of cryptocurrency.
So, what this means is that in order for that hacker to change a hash, they would need to “spend” resources to calculate a new one, as well as spend the resources for each and every other block afterward. Once gain, while this requires a lot of computing power—and some would say, an infeasible amount of work for the reward—this is not necessarily impossible.
But, the difficulties don’t stop there.
Now, with the blockchain edited, the next hurdle for the hacker needs to be surmounted: how to get the copy onto thousands of other nodes on the network.
Remember that the blockchain is essentially a shared, public spreadsheet (a.k.a. ‘ledger’) that has been distributed over thousands of computers (a.k.a. ‘nodes’)—since each version of the blockchain is essentially an independent, “master” copy, how do the nodes know which version is the correct one?
The answer: by comparing notes.
What happens is that each and every copy of the blockchain on each node is compared to the each and every copy of the blockchain on every other node—if they can agree and reconcile that the entries on each page of their spreadsheets match exactly with the entries of their own spreadsheets, then the blockchain is valid.
But nodes do not just except any version willy-nilly. If at least 51 percent of the nodes agree—or, ‘reach a consensus’—on the correct blockchain version, that is what’s then distributed throughout the network. The latest version of the blockchain is updated or refreshed on every node every ten minutes, so this happens multiple times a day.
This method means that the integrity of the blockchain and its data can be kept validated, preventing any potential manipulation of data within the blockchain. This is called the ‘consensus model’.
So, if a would-be hacker had the computing power to edit one blockchain, that same hacker would also need to hack into the other nodes on the blockchain network to edit their blockchains individually as well. Since a blockchain is stored independently over thousands of nodes—and in Bitcoin’s case, over 5 million nodes—a hacker would have to change a minimum of 51 percent of all blockchain nodes, which would take an unprecedented amount of computing capability—that just isn’t feasible.
While “51% attacks” have occurred on smaller or younger blockchains, usually the bigger the blockchain network—i.e the number of nodes—the more the blockchain is safeguarded from such a hack, as the realistic ability to have access of that amount of computing power is incredibly unlikely.
All these safeguards mean that the blockchain itself is incredibly secure and transparent.
Digital Cabinet is always looking ahead to see how we can better help you with your paperless solutions and automated workflow needs.
The blockchain as it is now is prime territory for document management, as it offers immutable storage of data that is secure, and perfect for the transparent paper trails and business practices, just ask our CEO Daniel Krtizas.
While the blockchain is really only just starting out, the future is bright for this kind of technology while we look ahead at things like Web 3.0 and other iterations of the internet.
This concludes the second part of Digital Cabinet’s beginner guide to blockchain. We hope that now blockchain technology is starting to make a bit more sense as you begin to understand how it works and how it all links together. Join us next time, when conclude our series by discussing the uses and future implications of blockchain technology, and how blockchain could one day completely revolutionize how the internet works.
You can find out more about Digital Cabinet at www.digitalcabinet.co.za