Buckets of Half Knowledge about Blockchain

There are two types of people: those who don't understand blockchain, and those who don't admit they don't understand blockchain. I suppose saying so puts me in the first category. However, ignorance of blockchain is a spectrum, and as I've been asked to take part in a podcast on the topic, I'm trying to push myself as far towards the “knows everything about blockchain” end as possible. Here's what I know about blockchain so far.

My first stab at this article was an attempt at perfection, but I've given up on that now. I think there are several bottomless buckets of knowledge you need to have in order to understand blockchain entirely, and it's better to know what the buckets are and have a little superficial knowledge of them than trying to attempt the impossible and actually understand the lot. So here we go.

Hashes

If you read about bitcoin, you'll hear a lot about hashes. For our purposes, it's enough to know:

  • They are the result of a hashing function
  • They are unique, so two input values will never yield the same output
  • However large the input, the length of the output is the same
  • They are designed to stop you deducing the input from the output; in other words, even if you know the hash, that doesn't help you find the input
  • Even changing a single bit and leaving the rest of the input untouched results in a completely different hash output

An illustration of a case where hashes are very useful (other than blockchain) is authentication. When you set a new password on a secure website, it shouldn't store the password in the database. Instead, it stores a hash. The next time you log in, the website calculates the hash of the password you enter and compares it with the hash in the database. If the result is the same, it let's you in; if it's different, you obviously entered the wrong password, so you're not let in. Because the hash is a one-way function (i.e. you can't deduce the input from the hash) an attacker who hacks into the database still doesn't know your password.

Merkle Trees

The Merkle tree is the data structure that underlies the blockchain. It's damn complex if you read the Wikipedia article about it, but the important bit appears to be this: it's a sequence of data records, and each block contains the hash of the previous record. The previous record itself includes a hash of its previous record, so they are chained together in this way. It's important to understand that the hash that points to the previous record is also hashed, along with the rest of the record, when generating the hash for the next record that points back to it. So any change further down the chain also invalidates the next hash along, which invalidates the next one and so on. This makes it possible to verify whether something in the chain has been tampered with, and which bit has been changed. Think about it: if I change the second block in the chain, then its hash is completely different. This means the has in the next block along needs updating, which itself is part of the next hash along, and so on.

Distributed

Blockchain is an example of a distributed ledger, but not the only type. On top of the Merkle tree data structure, blockchain specifies protocols for tracking transactions and having them verified by various nodes within a network.

Every node that verifies transactions must download a full copy of the blockchain.

The promise of a distributed means of verifying transactions and establishing trust is the revolutionary aspect of blockchain. Previously, a central authority was necessary to establish trust and solve the problem of people selling, spending, or giving away digital value more than once.

In the case of Ethereum, another cryptocurrency, researchers pointed out that 25% of nodes run in Amazon's cloud, which questions whether it is as decentralised and independent as claimed. Indeed, nothing forces blockchain to be widely distributed so just because something is based on blockchain technology doesn't mean you can trust it.

Bitcoin

Blockchain was invented for the purposes of Bitcoin, but other blockchain applications are also possible. Wherever a decentralised database for verifying transactions is required, blockchain could be a solution.

I first heard about Blockchain back in 2011 on the Security Now podcast, which explains it very well. (You have to fast forward quite a way to get past the news.) Oh how I wish I'd bought 100 Bitcoin for less than a dollar each, but back then it seemed like a niche idea that would never take off.

Proof of Work

The idea behind a decentralised network verifying transactions is great, but what incentive is there to operate one of these nodes? Bitcoin solves that by setting a puzzle for computers to solve in order to integrate the next block of transactions to the chain. This involves finding a hash that has a certain number of leading zeroes – a heavily processor-intensive task, because it means calculating hashes non-stop until you chance upon one. Making up a hash value and then working back from that isn't an option, remember, because you can't derive the input of a hash function from its output. At least this is how I understand it. This is what's called a “proof of work”, and the reward for that work is a certain number of Bitcoin. At the time of the podcast, it was 50 but it halves in May every four years. Now, it's down to 12.5 and this year (2020) it will be halved again.

Don't Try this at Home

I once had the idea of using a couple of Raspberry Pis I have lying around to mine some Bitcoin, just for fun. I quickly ditched the idea after a couple of Google searches: people now have dedicated banks of expensive graphics cards that are optimised to mining Bitcoin. A weak Pi wouldn't have a chance of competing with these and would just waste energy.

In the Security Now podcast, way back in 2011, Steve Gibson compared it to a gold rush. At the beginning, it's feasible for anyone to discover gold, but as it becomes harder and the business becomes more professionalised, fewer and fewer people mine more and more of it.

Smart Contracts

Smart contracts are bits of computer code that automatically carry out transactions without human interaction when certain agreed conditions are met. If reference to external sources is required, such as a feed with weather information, these are called “oracles”. So if you fail to pay an instalment on a loan on time, it could automatically result in a penalty payment being transferred.

You may, for example, qualify for an insurance payment depending on the weather if you're a farmer who has insured against prolonged frost. The next problem that arises is how to protect these “oracles” from manipulation – what if the insurance company is tempted to fake the results?

Tokens – Assets other than Money

Blockchains are used to track transactions not only in money but also other assets. So you could have property that is owned by many people whose shares are recorded in a blockchain. You could transfer your assets and it would be recorded in an independently verifiable manner. This threatens to make public registries and notaries reduntant in the future.

The US authorities were quick to jump on Initial Coin Offerings – these are treated exactly the same as securities, and subject to the same regulations.