In our new #securitysolutions series, we will go over topics ranging from blockchain to data integrity. First, let's start with a short series of blogs about blockchain technology.
“There is a high level of hype around the use of blockchains, yet the technology is not well understood. It is not magical; it will not solve all problems.” - NIST IR 8202
What is blockchain? A blockchain is an immutable append-only digital ledger that is maintained in a distributed manner by a set of nodes. This technology is used as a key building block in modern cryptocurrencies but has potential applications to other domains.
The core purpose of a blockchain is to implement a distributed digital ledger, where the record of transactions recorded on the ledger is immutable and cannot be altered. As modern cryptocurrencies are implemented as distributed systems that lack a centralized authority, blockchain was introduced as a solution to provide a trusted ledger for the decentralized environment. The following properties are essential to the ledger:
- Integrity: Transactions on the ledger must be immutable, prohibiting deletions, modifications, and insertions
- Consensus: All nodes in the system must agree on the same record of transactions
- Validity: All transactions must be valid, for example prohibiting double spending of digital currency
To understand how a blockchain preserves these properties, we will describe how new transactions are appended to the digital ledger. A set of transactions is appended to the blockchain in a block, which contains additional information that allows the blockchain to maintain the aforementioned properties.
Figure 1 (NIST IR 8202): Blockchain Example
To ensure integrity of the transactions, information is passed through a cryptographic hash function which produces a fixed size digest or summary of the arbitrary amount of information it receives. Modification of even a single bit of the input information will result in a substantial change in the resulting output of the hash function. First, the entire transaction list is hashed together and the output stored in the block header. Any modification to the transaction list will result in a substantially different output of the hash function, which ensures integrity is maintained. The inclusion of a timestamp in the header provides evidence of when the transactions were completed, while the nonce is used to control the rate at which blocks are added.
Each subsequent block that is appended is chained to all previous blocks in the record by including a hash of the previous block header. Thus, the integrity of the entire chain of blocks (blockchain) can be verified by computing the corresponding hash values from the start of the chain through the most recent block that was added. If any of the information in the blockchain has changed, there will be a mismatch in the output of the cryptographic hash function.
When one node completes and appends a block to the blockchain, it distributes the new block to the other nodes for verification. If the block was computed correctly, each node then appends it to their local copy of the blockchain. However, it is possible that multiple blocks may be submitted simultaneously, resulting in two different versions or forks of the blockchain. The most common method for resolving these conflicts is to adopt the longest blockchain as correct. This ensures that all nodes in the system reach consensus, and that an identical record is held at each node.
With a method to maintain an immutable record across a set of distributed nodes, the final component is imposing conditions on what constitutes a valid transaction. With cryptocurrencies, a core requirement is the prohibition against double spending. As all nodes have an identical copy of the blockchain, it is easy to verify whether or not the origin account has sufficient funds to complete a transaction, and once the transaction is complete, it will be recorded by all nodes. However, what authorizes a transaction in the first place?
Most blockchains require a form of authentication for a transaction to be considered valid, which is usually accomplished through public key (asymmetric) cryptography. Each contributor has a set of two mathematically related cryptographic keys: a public key, known to others, and a private key, known only to the contributor. With knowledge of the private key, a digital signature can be generated over a transaction. Anyone can verify the authenticity of the contributor’s digital signature with knowledge of their public key, which demonstrates that the contributor (the only one with knowledge of the corresponding private key) has authorized the transaction.
In the next blog in this series, we will go over use cases about how blockchain technology can be applied in the real world.
 For more efficient verification of individual transactions, a more advanced structure called a Merkle Hash Tree is used. However, it provides the same integrity guarantees as simply passing all transactions directly into the hash function. For more details, see NIST IR 8202.
 In most cryptocurrencies, nodes (“miners”) that maintain the blockchain receive currency to incentivize their participation. To control the rate at which blocks are added, a nonce must be found such that the resulting hash output satisfies some property, such as beginning with a certain number of 0s. This is optional for general blockchains.