The Basics
Here are the very basics about what a blockchain is and how it delivers the guarantees it does. Shown here simply to get all readers on the same footing when talking in more depth later. In this section, I won’t be going too technical, but will be introducing high level concepts that lay the foundation for these systems.
Definitions
State (S) — The data being held/updated by the blockchain. In the case of cryptocurrencies, it could be a mapping from accounts to balances.
Transaction (T) — A transition function that changes the blockchain’s state from S to S’. In the case of a currency, it could be a transfer of coins from one account to another. All transactions are signed by the account private key in order to be seen as valid.
Block — A packing of transactions that is created by miners to add transactions to the current state. These contain the hash from the previous block in the chain to link the blocks together.
Hash — The output of a hash function. A hash function is a one way function that takes in data and transforms it into a randomized output with a certain size. The key takeaways are that it is easy to turn data into a hash but it is just about impossible to turn a hash back into the original data and any small changes in the data leads to completely different hash that is not predictable.
Merkle Tree — A method for packing data so that you can efficiently stored and verified later. Merkle Trees allow for transactions to be packed into blocks in a way that they are tamper resistant and can easily be verified by any nodes (especially light nodes). The Merkle Root holds a compact representation of the data.
Blockchain — Blocks that are linked together by hashing their block headers and adding it to subsequent blocks. The longest chain is seen as the most up to date and accurate picture of the state.
Fork — An ordering of the blocks in the blockchain that has shown to follow the rules of the network. Many valid orderings can exist, most chains stick to using the longest chain as the official chain.
Node — A participant in the blockchain that is hosting the full storage for the chain state and posting & receiving blockchain updates.
Miner — A node that is also working to create blocks. For example, in Bitcoin, it is a PoW chain which has miners hash the block header with incrementing nonces until it passes the difficulty test (has enough zero’s prepending the hash).
Hashrate — The amount of hashes the network can perform per second. This is in relation to PoW algorithms that rely on miners completing hashes. Larger hashrates mean more secure PoW networks since it requires more resources to commit a 51% attack.
Consensus — Algorithm used to keep all nodes in the blockchain on the same view of the state.
PoW — Proof of Work. Protocol for block creation where miners are required to use their own computational power in order to try to create a block. Once a miner has found a block, they post a short and quickly verifiable proof that they did the work which acts as proof that the block is valid. For example, Bitcoin miners hash the block header repeatedly with different nonce values in the header until the output has enough 0’s at the start of the hash output.
PoS — Proof of Stake. Protocol for block creation where miners are required to stake their own currency in order to be selected to create a block and receive rewards. Just as in PoW where more computational power equates to a higher chance of creating a block, in PoS more stake equates to a higher chance of creating a block.
Overview
On the high level, a blockchain works by keeping a distributed ledger with every account’s balance on it. The ledger is stored in every single node in the network so that there is no singular point of failure and no central parties to trust. Miners add transactions to blocks which are then added to the blockchain to update the ledger with any new transactions. I will focus on PoW chains for now since they are the simplest to explain. Each added block contains the hash of the previous block, thereby creating a chain.
In a traditional PoW chain like Bitcoin, miners compete to add blocks by spending computational cycles on computing hashes. The miner first takes transactions from the pending transaction pool and builds a Merkle tree from them. Then the Merkle root is added to the block header, along with the previous block hash, timestamp, and some other metadata. Then a nonce field is added that is simply a random number. The act of mining is simply hashing the block header with different nonce values until the resulting hash is smaller than a target difficulty number. This is indicated by the number of 0’s the resulting hash starts with. By asking for more 0’s, the difficulty is raised on finding a hash that matches the requirement. If a miner has found a valid block, they get paid a reward for their work.
Once a miner has found a valid block, it is broadcasted to the network so that all peers can add it to their chain. Each receiving node can easily verify that this miner didn’t cheat by simply hashing the block they received and seeing if it matches the hash the miner sent. If the hashes match, then the miner did the work and solved the puzzle and the work has been completed for the block. The receiver can then check if all the transactions are valid (signed properly) and then add it to the longest fork (main chain).
If multiple miners find blocks at the same time, the blockchain now has multiple forks that are both equally valid since they are the same length. In an event where this is a random occurrence, this is resolved on it’s own. This is because once the next block is mined, whatever chain the miner who found it saw as valid, is now the main chain since it is longer. The other block becomes an orphan block and is not included in the chain. Statistically it is very unlikely that a transaction included in a block a few blocks down the chain will be overwritten due to this. So after waiting for your block to sink a few blocks into the chain, users should almost be certain that it won’t change.
How is it Secure?
Security in the blockchain comes from a few properties.
- Mining blocks requires using resources.
- Each block contains the hash of the block before it.
Imagine if an attacker wanted to change the chain by changing a transaction from 5 blocks ago. If they tamper with the block, the hash of the block changes. The attacker would then have to change the pointer from the next block to the changed block, which would then change the hash of the next block… This continues on all the way to the end of the chain. This means that the further back the block is in the chain, the more resistant it is to changing.
Effectively, the attacker has to simulate the hash power of the entire network until the front of the chain. However, while the attacker tries their attack, the chain carries on and moves forward. If the attacker has a lower hashrate than the rest of the chain (< 50%) then they will always be playing catch up and never produce the longest chain. Therefore, this type of blockchain is safe from an attack where an attacker has less than 50% of the hashrate.
When an attacker has 51% of the hashrate, they can rewrite the history of the network however they please with the list of valid transactions. This is because they can recompute the hashes of any ordering of blocks faster than the rest of the network so they can basically always guarantee a longer chain eventually. The main danger of a 51% attack is the possibility of a double-spend. What this simply means is an attacker can buy an item and show that they have paid for it on the blockchain with arbitrary number of confirmations. Once they have received the item, they can reorder the blockchain so that it doesn’t include the send transaction and therefore getting their money back.
Even if an attacker has > 50% of the hashrate, the attacker can only do so much damage. They cannot do things like transfer money from a victim’s account to theirs or print more coins. This is because all transactions are signed by account owners so even if they control the entire network, they can’t forge account signatures.
Thanks for reading! Stay tuned for more posts as we go deeper into the topics.
