Cryptocurrency through Cybersecurity: Explaining the technology behind Blockchain
Foreword
Cryptocurrency. Everyone is familiar with the second part of the word, currency, as an instrument of trade. Indeed, Bitcoin was created with two problems it sought to solve — inefficiency of trade (leading to higher transaction cost) was one of them.
However, the first part of the word, crypto, is commonly ignored.
The adoption of internet commerce meant that financial intermediaries became commonplace. Financial intermediaries adopted a reversible-transaction solution to facilitate trade for dispute resolution.
However, with reversible transactions comes the need to trust a third party, and such trust can be abused. It was inevitable that fraud would occur in such a system. Therefore, the second problem Bitcoin sought to solve was exactly this — fraud. And cybersecurity techniques — specifically cryptography — was used to solve this issue.
Cybersecurity
Cybersecurity is implemented to protect people against the criminal or unauthorized use of electronic data. Fraud is exactly that — it is criminal. Here, we finally see the convergence of Bitcoin and Cybersecurity. By eliminating the middleman, we stumble upon a new problem: we also eliminated the trusted third party. How can parties transact without a trusted middleman? How could I trust that the other party will uphold their end of the deal?
The solution is simple: go trust-less. Thus, the requirement is simple: A system which does not require trust but is still able to guarantee that both parties can uphold their end of the deal. This is where Blockchain, the technology powering Bitcoin, comes in. For more advanced readers, the Escrow concept will not be touched on today to keep things simple, so trust-less here is simply dependent on the validation and immutability of the transaction.
Blockchain
Blockchain provides many benefits like decentralisation, availability and transparency. In line with this article however, we will be talking about the trait that makes Blockchain highly secure, a trait called Immutability. Immutability means that whatever is written into the Blockchain cannot be changed, ever.
Immutability
Immutability is achieved thanks to a concept called Hashing. Hashing is a subset of Cryptography, an important field in Cybersecurity.
Hashing essentially is a method to irreversibly convert your text into a secret code. For example:
Text: I love Blockchain!
Hash: 1CF7F2E291A19F6309A21D828B3C50C661F744ACB1A0E42549C92112AF245E1C
But why is this code secure? Can’t hackers decode it like in the movies? Let’s have a look at an example of the mathematics implemented in Hashing. (For advanced readers, the concept of ECDSA will be covered in future. RSA will be used due to its simplicity in understanding.)
Imagine two prime numbers, 7 and 19. Now, it is easy to multiply both of them right? Immediately, we can derive that the answer is 133. Now, if I gave u 133 and asked you to derive the two prime numbers that were multiplied to get this, could you? There would only be one answer, since both 7 and 19 are prime numbers, and to get these numbers we need to try all permutations of prime numbers. Now, imagine if I gave you a bigger, ten-digit number like 4469697691. Could you get the two prime numbers? Sure, you could try a brute force, but this would take an impossibly long time to crack.
A similar 300-digit integer would take 600 thousand years for a super-computer capable of doing 93*10¹⁵ operations per second. What if I gave you an exponentially larger number? The time taken and difficulty to crack the primes increases exponentially towards impossibility. However, in the context of Blockchain, we do want these hashes to be solvable. It just needs to be extremely difficult to do so. The process in which we need to solve hashes is called Mining.
Mining
To simplify matters, I will illustrate the concept of mining using Bitcoin. Mining Bitcoins is just like mining gold, we are repeatedly trying our luck at random to get something of high value. Just like mining gold, successful miners will get a reward decided upon by the cryptocurrency. In Bitcoin, it is 12.5 bitcoins — almost $112,000 USD (at time of writing)! But what is the purpose of mining then?
When mining a block, you need to solve the hash to add that transaction into the blockchain. The hash is formed by adding a nonce to the block’s data. A nonce is essentially a random number from 0 to 2³¹. Since block datas are public, miners are essentially guessing what the nonce is.
Since we one cannot decrypt a hash to regain it’s original message, one has to hash random messages to find a desired hash. For example:
Text: I love Blockchain1
Hash: 0B5D39B3F80FF202250C1255856B65FFCDBA85D05F152CADBCC8EF593E5703EF
Text: I love Blockchain123
Hash:
38C8A2D58477FEC81676AE8EB995474D94C540C5E7596F9DB411D005372DD184
This means that every different message results in a different hash! Thus if the original nonce is 2¹⁷ — 2048, miners will need to keep trying different numbers for nonce until they hit a desired number.
In Bitcoin’s case, they are more relaxed. Trying to solve for one particular number amongst 2³¹ possibilities is herculean. In this case, Bitcoin allows you to solve a block if you find a hash that has more than a predetermined number of zeros in front.
For example, let’s say the difficulty is 3 0s.
Text: I love Blockchain1
Hash: 0B5D39B3F80FF202250C1255856B65FFCDBA85D05F152CADBCC8EF593E5703EF
Here, when the nonce is 1, the hash has 1 zero! So now we need to keep increasing the nonce until we find one with more than 3 0s. This is not easy as increasing the nonce does not guarantee that the hash will have an additional. For example, when the nonce = 123, the hash has 0 zeros in front (Refer to above example). Hence, we would possibly try trillions of numbers and still not come close to solving the hash.
The hashing algorithm should not be too easy to solve such that anyone can simply solve the hash and put transactions in the blockchain. This would open another possibility of fraud, where people can approve fraudulent blocks of their own making. Hence, it is important for the person mining the block to be randomly chosen. Making Blocks hard to mine ensures that an element of luck is needed to mine a block since there are thousands of miners all trying to solve the same block, and anyone could potentially be the successful miner.
Verification
Wait! I understand the need for random selection, but why do I need miners in the first place if everyone is simply mining non-stop without verifying if the transaction is non-fraudulent? Random selection would be pointless since all transactions eventually end up in the Blockchain.
Aha, but there is a verification! Miners verify if the person sending money out is using his own account to send out the money. It would be disastrous if I could simply put up a transaction that said, “I have sent to xxx account 5000 bitcoins” and the account that I am withdrawing from is not my account. Therefore, we must ensure that two addresses, the address in which the transaction starts from and the address which is making the transaction, are the same. The concept used in implementing this check is called the Digital Signature, an aspect of Cryptography too!
Digital Signature
How miners check if a transaction is valid is through wallet addresses.
Imagine you have a glass box within a glass box. The inner glass box will contain your wallet address. The outer glass box will be used to let people see the wallet address inside the inner glass box. You will also have two keys to access these glass boxes. One key can unlock both boxes such that you can change the content of the message in the inner box, and this key must ONLY be kept by you. This is called your “private key”. Once you lose this key, that’s it! Other people will replace the wallet address inside your box with theirs.
The other key can only unlock the outer box to allow anyone to see the contents inside this box. This one is called the “public key”. People with the “public key” can see what is inside the inner glass box, but are unable to change the contents. Only the person with the “private key” can change the contents of the inner box. Essentially, the miners are people with the “public key”, able to check if the wallet address inside the inner box corresponds to the wallet address of the person trying to make the transaction. When a transaction is being made, the transaction caller will show his wallet address and the box to the miner, and let the miner open the outer box to verify if the wallet address is the same. This way, even if I steal someone else’s box, I have no access to the inner box, thus making the wallet addresses conflict and hence, invalidating the transaction.
The Relationship
Traditionally, in Cryptography, hashes are used to hide information. In Blockchain though, Hashes are used to chain transactions to each other. It is a simple, elegant way of guaranteeing immutability since we cannot alter the contents of a block without altering the hash, and altering the hash would break the chain, thus invalidating it.
Thus far, we have seen how Blockchain revolutionised Cybersecurity by reducing fraud. But that’s not all. The potential applications Blockchain has on Cybersecurity are enormous.
The key concept of decentralisation revolutionised the way people approach cybersecurity. It provides a new way to encrypt data — in your computers themselves instead of a central server. This reduces the chances of your data being compromised since hackers do not have a centralised location to target anymore. This also prevents DDoS attacks from being carried out effectively, since there is no longer a single computer to target.
With other benefits such as data transparency (making tracing hackers a lot easier) and data availability (information needed is always available from the Blockchain), it is easy to see how Blockchain can enhance cybersecurity.
Best Friends
However, the relationship between Blockchain and Cybersecurity goes both ways. There are various ways to “hack” the blockchain, even on a technical level. For example, Bitcoin is vulnerable to the 51% consensus attack. To keep things brief and clear, this means that if more than 50% of all Bitcoin miners belong to an evil organisation, they can interfere with the recording of mined blocks. They could prevent other people from mining blocks and even make “double spend” tokens! That said, the 51% attack is not a guarantee, it just is a point where it is likely for such a situation to occur. Conversely, the situation can occur with a lower total % of evil miners like 40%,. It is just that it is less likely.
Even if blockchain itself is fully secure, does that mean that you live in a completely secure world?
As with technology, attack patterns evolve too. If I cannot attack the Blockchain, then I will attack the stuff around it! Phishing attacks, such as impersonation, has been used to deceive people into giving away their “Glass box within a glass box”. The box itself, if not properly taken care of, can be taken away by attackers akin to a burglary — they enter your computer, remove the box, and leave before you even know it.
Cybersecurity exists to protect people from such attack patterns. Cybersecurity organisations use automated programmes across the Internet to detect phishing sites, which are then removed. Firewalls prevent unauthorized “burglars” from entering your house, while encryption makes it harder for the “burglar” to steal your objects.
Last Thoughts
All in all, it is not difficult to see the relationship between Cryptocurrency and Cybersecurity. The first Cryptocurrency was born out of Cybersecurity techniques, and the industry continues to utilise advancements in Cybersecurity to enhance itself. Lightstreams and Oyente are examples of such security-oriented blockchain projects. Cybersecurity reciprocates by guarding the loopholes around Blockchain technology and continually enhancing the technology. Both are inextricable from each other. Together, they are so much more than just a mere instrument of trade. They are defining the future in which we live in.
*This post was edited to correct a factual error, as well as make it clearer that Blockchains are not 100% secure. Thanks to Martius Lim for the heads up!
