Last week, we talked about what cryptocurrency is and why cybercriminals love it. We mentioned that cryptocurrency was founded on a technology called blockchain, which is a tight system that, when applied correctly, is more secure than most other financial transactions. In this post, we’ll explain the basics of blockchain technology, including its origin, development, and what makes it secure.
Origin of blockchain
One of the prime and most well-known examples of blockchain technology is Bitcoin. In 2008, the founder and spiritual father of Bitcoin (acting under the name of Satoshi Nakamoto) laid the groundwork for blockchain technology when he presented his solution for the “double spending problem” in digital currency. Double spending can be seen as copying and pasting money so you would never run out of it. In the non-digital world, we’d call this counterfeiting.
This countermeasure against double spending is essentially the foundation of our current blockchain technology, a method of record keeping that is essentially a decentralized, distributed, historical database.
The linchpin of blockchain technology is its decentralization. There is no central authority. Anybody can be a user or participant. This makes the system more open and less vulnerable than traditional ledgers.
How is the blockchain made secure? Good question! Without making this too complicated, consider a system that only works in one direction. That system calculates the hash value that is the unique answer to a math problem based on the data contained in the block. Every time you feed the system the same data in the block, the hash value will be the same. Every change in the block results in a different hash value.
Take for example adding up the numbers in a long value like 123456789, which will result in 45. Changing the first value will have an effect on the result, but from knowing 45 alone it is impossible to figure out the value we used as input. This is the basically the same idea as blockchain, only the its hashes and input are much more complicated.
So there is no way (short of centuries of bruteforcing) to go in reverse and find the data of the block based on a hash value. This provides miners, or those who maintain the transactions in the blockchain, with a method to check the validity of a transaction without being able to create a block with false information. This is what solves the double spending problem. It makes it impossible to make up a transaction and feed the false information into the blockchain. You can not find the hash that would make that transaction look legitimate.
How new blocks are created
Every so often a new block is created—as a set of transactions recorded over a given period of time. This block contains all the transactions that were made on the blockchain since the previous block was closed. Miners then calculate the hash value of the current block. The first one to get it right gets a reward.
Now the nodes come into play. A node is a machine that is broadcasting all the transactions across the peer-to-peer network that is the base of the blockchain. The nodes check and broadcast the hash of this proposed block until agreement is reached about the new block. Then this block will be accepted as the new starting point for the transactions in the next block. The block is saved in many different places so that no one entity has total control over it.
The transactions we mention do not have to be money transfers, as the blockchain can be used for many other applications. Consider, for example, smart contracts that can be programmed to pay the supplier when a condition has been met, such as the delivery of goods. This moves the trust in the completion of the transaction from an intermediary like a bank or a website to the blockchain.
How mining works on the blockchain
Why would miners bother with appending to the blockchain and verifying new blocks? The “proof of work” method gives rewards to miners for calculating the hashes. So basically they get paid for the energy they put into the work. However, the proof of work method used in Bitcoin and other digital currencies is causing an energy consumption level that could run an entire country.
The number of processing cycles needed to mine effectively has made CPU mining a thing of the past. Instead, miners moved on to GPU mining and then to ASIC, or application-specific integrated circuit, which is highly specialized and much more effective at what it does.
Although the number of Bitcoin that are given out each day as rewards stays the same over a given period of time, the number of mining farms has taken the number of cycles needed for one Bitcoin through the roof. Imagine huge server farms with racks upon racks of ASICs mining away, and that will give you a good idea of what the professional miners are doing. This is not “Joe at Home” anymore, but serious business.
One alternative method that is in planning for the Ethereum Project is “proof of stake.” Proof of stake rewards those that have the most invested in the currency or gas (gas is the internal pricing for running a transaction or contract in Ethereum). Some fear this will turn blockchain into “the rich get richer” system, so there may be some new problems to be solved on the horizon.
But if it’s so secure, how come I heard…
Even though the blockchain technology itself is secure, the applications that may be built on or around this technology are not necessarily inheriting its security. So you may have heard of criminals acquiring Bitcoins illegally in various ways, but these crimes usually take place before the cryptocurrency was acquired, for example by having others mine for the threat actor. Or afterwards, for example by stealing wallets or even robbing a Bitcoin exchange.
For more information on blockchain, take a look at this explanation using easy to understand examples: The ultimate 3500-word guide in plain English to understand Blockchain.
A comparison between proof of work and proof of stake can be found here: Proof of Work vs Proof of Stake: Basic Mining Guide
This is a Security Bloggers Network syndicated blog post authored by Pieter Arntz. Read the original post at: Malwarebytes Labs