TheTechOasis company logo
home

Explain like I am a Baby: blockchain security advanced edition

Date: 2022-07-26

Blockchain security explained

Photo by Markus Spiske on Unsplash

On October 31st, 2008, one of the most important technological advances in modern history was presented. That day, Satoshi Nakamoto published, in the simple mailing list for people interested in cryptography, his/her/their whitepaper presenting Bitcoin, an uber-important revolution toward securing data in a distributed, peer-to-peer, network.

Thus, Bitcoin was born with one sole objective, top-notch security, and the elimination of trust-led economies, and, thus, the middlemen.

The rest, is history.

But today, few still acknowledge why crypto exists, and few understand crypto's end goal.

Security is paramount for crypto

Security is crypto's greatest asset, its biggest feature, and the reason it has become as important as it is.

However, blockchain security is one of crypto's most notorious mysteries. Put simply, people, even veteran investors, don't understand the most simple blockchain security concepts.

But let's be fair, Blockchain and crypto experts, in general, do a very poor job explaining how this technology works in simple terms.

To me, blockchain has a similar degree of mystery to society as neural networks for AI, with the important difference that neural networks are opaque by design, so their black box nature - the incapacity to understand how they work - is somehow justified.

However, in the case of blockchain technology, the opacity is completely unexplainable, as all the underlying technical components are sound clear, explained, and understood (by few, but still).

It is then the goal of this article to democratize crypto's most crucial feature so that you, after reading this article, will be much more confident about how blockchains work and WHY they are so disruptive.

A little bit of history never hurt nobody

As I said, Bitcoin was born to propose a new way that avoids requiring middlemen to perform transactions, all while having strong security by design that prevents any sort of tampering - illicit modification.

But to understand this, we must start with the basics.

The role of banks

If you ask anyone what are banks for, they'll simply say, "they finance people or entities in exchange for an interest rate". And, I mean, yeah, that's true.

But banks have an ultimate role in society, they order and verify transactions, thereby ensuring trust.

Trust on what?

Trust to ensure, when someone or an entity performs a transaction, that the transaction is valid. In other words, make sure that the sender can actually perform that transaction.

Let's use an example:

Bob has requested the services of Alice and Ray, for $100 bucks each. After the services are done, it is time to pay, isn't it? However, knowingly, Bob only has $100 bucks. With no banks in between, he simply writes two $100 checks to Alice and Ray, both of whom trust Bob dearly. This type of digital fraud is called double-spending, or duplicating your digital money to fraudulently use it two times.

Sadly, only one of them will receive the money, and the other will be left without a single dime.

Banks, in that scenario, have Bob's transaction history and know very well he's full of sh*t. Consequently, it is really easy to identify the problem of double-spending, and Bob won't be able to duplicate his money to pay both of them.

Banks, therefore, resolve an important issue in economics, the guarantee that the person or entity you are transacting with has the actual capacity to pay you or, to the very least, he/she won't be able to use the double-spending tactic on you. Surely he/she can still fool you into believing they have the money to pay, but they surely won't be capable of paying you with money they don't actually own.

Without said guarantee, how would you transact with anyone? Why would you supply a product or service if you didn't have some sort of guarantee that the other person is capable of actually paying?

Banks, one way or another, created the trust necessary for economies to function properly.

Now, I know what you're thinking. Is this post written by a banker or what? We are cryptonites, we hate banks!

But before jumping to conclusions, hold your horses just one second, and let me get where I'm heading to.

Although the banking system has been very powerful over centuries and has crippled economies with a crisis like the 2008 one, it is undeniable that they offer actual value to society, an intrinsic value toward ensuring trust, and as we have seen, trust is paramount for the economy.

But what if we could create a system that doesn't require trust?

Bitcoin showed us an alternative

Albeit acknowledging that banks have actual value to society, they have been also a kind of 'parasite' to the economy by draining our wealth, as banks were a necessary gateway to participate. Banks knew this, and disproportionately profited from it.

The problem was that, until the surge of Bitcoin, there wasn't a distributed alternative to banks, a way to circumvent them.

Distributed systems - systems that aren't governed or managed by a central entity - faced what was known as the Byzantine Generals Problem, or BGP. The BGP is a game theory problem that argued that you cannot achieve consensus on a distributed network without a central entity.

And then... Bitcoin came.

Bitcoin's proponents understood that the only way to circumvent that third-party - the banks - was to eliminate trust, aka create a trustless system. That is, a system that doesn't require trust to function, a system where the double-spending problem isn't possible, even without third party entities accounting for the level of trust that guarantees that double-spending is, in fact, not an option.

And what was Bitcoin's revolutionary proposal?

Use cryptographic proof to substitute trust. In other words, use cryptography to prove and validate transactions without the need of a middleman.

But that's not it. Bitcoin added an extra revolutionary concept to the table. By making all transactions public, a distributed network of nodes was able to validate and verify, using cryptography techniques, that each and every transaction in the network was valid, thereby disabling any chance of double-spend.

And that is Bitcoin, in a nutshell, a widely distributed network of nodes that, using state-of-the-art cryptography techniques, achieve global consensus on which transactions are valid, making the possibility of hacking the network an almost impossible feat, due to that same distributed network.

Eliminating single points of failure creates the most secure network there is.

But none of this is possible without the decentralized network, because the more decentralized it is, the more secure it becomes - the more nodes validate and verify transactions, the more malicious nodes a hacker needs to take over the whole network.

And there is no trustless system without state-of-the-art security, which is why security is crypto's foremost important feature, but also its greatest liability; people need to value and understand the importance of security for blockchain's value proposition.

Blockchain's five-layer security model

This brings us to the center point of the article. Assuming you now understand how overriding security is for crypto's value, can we simplify the main security features a blockchain has in a simple, digested, 3-minute read?

I bet I can, so here are my two cents on blockchain security; "explain it like I'm five" edition. Blockchains have what I call the five-layer security model:

  • Data hashing
  • Data encryption
  • Message signing
  • Control mechanism
  • The distributed network

They rely on two cryptographic techniques, hashing, and encryption. But before moving into the other two security layers, a disclaimer.

Disclaimer: Blockchains use other cryptographic techniques also. For instance, they are starting to use zero-knowledge proofs for scalability and pseudo-anonymous KYC. The explanation of these terms is far too complex for this article, but if you're interested, please check out another post I did, specifically on this matter.

  • Data hashing: For the first security layer, blockchains hash almost all data. Hashing means using a hash function to transform the content of a message into gibberish, thereby making it absolutely incomprehensible for someone that intercepts it. The important concept to understand is that a particular set of data will always produce the same hash output. This is great, as it will be very easy to detect if someone has modified the content. Blockchains also use hashing to generate a hash of a block - a group of transactions - and link that hash to the next validated block, by that means creating the block of chains that hence gives the name to the technology. This is done because the moment someone tampers a block, its hash changes, and the following blocks will all become invalidated as the rest of the nodes of the network will quickly detect the tampering.

Think of a hash function as an irreversible process. For instance, you can use two eggs to create an omelet, but you cannot create two eggs from that omelet. In the world of mathematics, a hash function is very similar, it requires an incomparable amount of effort to reverse the process.

  • Data encryption: The second security layer, encryption, is used to turn content into gibberish, while enabling the receiver of a message to decrypt and see the original content. In the same way Julius Caesar used the Cesar Cipher to communicate with his generals (by moving every letter in the text one letter to the right of the alphabet), the only way you can understand encrypted messages is by knowing the secret; in the case of the Caesar Cipher, know that Caesar always used that trick to encrypt his messages, and simply moving one letter to the left to decrypt it. In the case of blockchains, they use asymmetric encryption. Asymmetric encryption uses a pair of keys, mathematically linked to each other; one public, one private. The public key is known by everyone in the network and used to send you the message. Thus, when someone wants to send you a message, they use your public key to encrypt the data. In that way, the only way to decrypt that message is using the other key in the pair, in this case the private key, which you are the only one who knows it. Encryption is key (no pun intended) to avoid someone who has intercepted the message to see the content.

Think of encryption as a mailbox. Anyone can put mail inside your mailbox through the top hole (by knowing your public key) but only you can use the key to open the box and get all your mail (private key).

  • Message signing: In the same way you want to ensure your communications with another person are private - like in Whatsapp or iMessage - you also want to make sure that the sender of the message is who you think it is. Consequently, in blockchains, it is required to sign your transactions (just like in the real world, where contracts and many other paperwork require your signature to become valid). Signing works the other way round to key-pair encryption. In this case, the sender uses his/her private key to encrypt the message. The receiver then uses the sender's public key to decrypt the message - as the key is public, it is known by the network - to verify that, indeed, the only way that message could be decrypted is if the original private key is the key linked to the public key used to decrypt. Signing is a requirement from other nodes in the network to accept your transaction.
  • Control mechanism: The control mechanism is the algorithm in charge of defining the rules of the game. In other words, it defines how nodes participate in the validation of transactions. The two most common examples are Proof-of-Work (PoW), in which nodes have to do - literally - a proof of work in computational effort to solve a complex mathematical problem to be chosen to put the next block. Bitcoin is a classical example of a PoW chain. The other popular mechanism is Proof-of-Stake (PoS), on which the validators 'stake' their coins to aspire to be chosen to put the next block. The more coins a staker has, the higher the chances to be chosen. Examples of PoS chains are Avalanche and soon-to-be Ethereum. Control mechanisms are also a security layer as they deter nodes from acting with dishonesty, as they economically incentivize actors (nodes) to behave correctly, and punish nodes who behave badly.

  • The distributed network: The final layer is the network of nodes. This is probably the most important 'layer' of them all, and what truly differentiates blockchains from other systems, what makes it 'unhackable' - nothing is unhackable, but truly decentralized blockchains are as close as we get. The reason is simple. To hack a blockchain (modify transactions, do double-spends or reorganize blocks) you need to possess a majority of the nodes of a network. If you possess only one node of the 14 thousand Bitcoin has, the moment you propose an alternative blockchain, the rest of the nodes will call your bluff and decline your proposal. Also, the control mechanism will surely punish you or even ban you from participating. Needless to say, owning more than 50% of Bitcoin's nodes is almost impossible (or having the majority hash rate of the Bitcoin network, which is like saying you possess country-level computational power). Simply put, the more distributed a blockchain is, the harder is to hack, period.

Bottom line, I hope this article has shed some light on two things. Firstly, the 'raison d'être' of blockchains, what have they solved and why is that important. Secondly, understanding not only that security is blockchain's most important asset, but also why are blockchains so secure. Without a shadow of a doubt, this simple knowledge has given you superiority in your decision-making in the crypto space over 90% of the community. However, we are - both you and I - far from experts, and we need to continue to learn, every day.

The rest of my stories

If you enjoyed this post, you can become a member of Medium and open yourself to an absurd amount of curated, bespoke content tailored to your needs through this link:

Important!

If you happen to enjoy my blog, subscribe below to my weekly newsletter.

Join the community of leaders that stay easily up-to-date with the essential tech & crypto insights, simplified so even your dog will understand them.

Check out my latest blog!

© 2023 | icon courtesy of Freepik - Flaticon