Blockchain and cryptography: an introduction
I felt like continuing with the buzzwords run, and also learn something completely new. So today I’m gonna talk a little bit about on how blockchains actually work, and write some psuedo-code.
What is a blockchain?
From Wikipedia -
A blockchain is a growing list of records, called blocks, that are linked using cryptography.
Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data.
This wasn’t complicated at all. Simply a linked list where the integrity and order of the blocks is controlled by an hashing algorithm(H).
____ ____ ____
| G | | A | | B | *n
| |--->|H(G)|--->|H(A)|--->
|data| |data| |data|
|____| |____| |____|
The implication of this is that if an attacker would change an arbitrary block in the chain, he would then need to change all blocks after that block in order for the chain to be correct. Most blockchains is managed in a peer-to-peer network, which means that the attacker, without network majority, cannot control the entire chain after the changed block. Simply, the chain is copied to each peer in the network and only trusts the majority. If the attacker would change a block and his copy of the chain, the network would vote on which copy is correct, and choose the majority’s copy.
(This is the basic idea of a decentralized blockchain, but there are other types of blockchain which have different voting algorithms or other models in which the former statement doesn’t hold true. The voting/majority part that is. Thanks to Hampus Bengtsson for pointing that out).
Introducing new transactions(blocks) into the chain
To prevent the chain from overflowing with blocks we must ensure that it’s a hard problem to add new blocks to the chain. This is very important in cryptocurrencies i.e. Bitcoin. This is what’s called mining. Mining comes from the parable with mining gold(or other metals). We add more money into the economy. If anyone could add coins into the chain very easily we would have a Weimar hyperinflation all over again. That’s why any new block needs a proof-of-work which is very hard to calculate. A commonly used proof-of-work is that the hash of every block must start with x-numbers of zero.
class Block():
def __init__(self, id, data, prev_hash=None):
self.id = id
self.data = data
self.prev_hash = prev_hash
self.nonce = 0
def mine(self, x=4):
while hash(self)[:x] != "0"*x:
self.nonce += 1
self.hash = hash(self)
return
def dump(self):
if self.hash is None:
self.mine()
return {
"id":id,
"data": self.data,
"timestamp": time.now(),
"nonce": self.nonce,
"prev_hash"=self.prev_hash
}
If you for some reason would want the code to actually work - change the hash-call to a real hashing algorithm, and make the time.now() call to a string
A simple block class which holds transaction data and the hash of the parent. If we would like to add a new block to our chain we would simply do (note that block.dump() calls on block.mine() if the block is not mined yet)
# Initialize with genesis block
chain = []
genesis = Block(id=0, data={XXXX}) # prev_hash=None
chain.append(genesis.dump())
# Add a new block to the chain
new_block = Block(id=1, data={xxxxx}, prev_hash=genesis.hash)
chain.append(new_block.dump())
As you can see blockchains are actually very simple in it’s basic form, but there are so many variants on every algorithm and voting policies and so forth that there could be thousands of books to cover the complete topic. This was only a fairly quick reading to learn the basics about blockchains.
Attacking blockchains
In this basic form of the blockchain the only attack vector would be to take majority of the network to change the transaction data in any block successfully. As mentioned above, every blockchain has it’s own algorithms and forms, and therefore new attack vectors.
Conclusion
There a million of blog posts like this that are much better and more thourough, I only wrote this since I wanted to know how basic blockchains work and to learn something new. I guess next post will be on how to build a CAN-network with arduinos :) Or maybe a crypto-attack