[my personal opinion]
Laterally, blockchain is a set of
chained blocks and each block is like a tamper-proof container which holds genuine information. The "tamper-proof" here means that any unauthorised change to a block will be detected.
We can also make a descriptive
definition close to blockchain implementation:
A blockchain is a smart ledger which
has many identical copies on the Internet. When one copy is legitimately
updated, all the other copies can verify the legitimacy of the update and make
the same update on themselves to have all copies synchronised to be identical. Here, we can imagine an entry of the smart ledger is a block.
It is important to note that a
blockchain can be legitimately updated, and after this update, the blockchain
can no longer be changed. Any attempt to fraudulently tamper a blockchain is
either infeasible technically or detectable logically.
The technology behind blockchain actually is very matured, mainly including:
- Merkle Trees
- Schnorr Signatures
- Fiat Shamir and Pedersen Commitments
- Hash Cash, which is a proof of work of a CPU that works out a hash value meeting some special requirement such that the hash value must have 20 leading 0’s. If an CPU can prove its work, it will earn an amount of Hash Cash.
All of them were from 1980s or 1990s,
but the blockchain technology nicely fits them together to provide new applications for the
digital age.
The above terminology is from data
security. A blockchain user does not have to know all the technical details and
can take them as what they are because they have been successfully applied to
Bitcoin (see Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, www.bitcoin.org, 31 Oct 2008). The security of
Bitcoin has been proven credible and the blockchain that implemented Bitcoin
has withstood various malicious attacks. No exploitable weakness has been
exposed.
Anyway, what is really a blockchain? In this post, we use a simplistic version of digital currency to describe its main features. Details of
blockchain needs to study Satoshi’s paper.
We use an imaginary D-coin, a
digital currency, to describe the concept of blockchain, followed by a blockchain application for counterfeit prevention.
Assume in a sovereignty country, all
its citizens and enterprises use the D-coin as the only currency, nothing else.
The history of transactions of any D-coin, from its creation to its every
transaction to date, is recorded in an open ledger which has many (the total
number may vary) copies on the Internet. All the copies of the open ledger are
identical and each copy is “smart”, which is able to fulfil all the functions
that we just mentioned above (Merkle Trees, Schnorr Signature …). This open
ledger is called the D-coin blockchain.
Here, we must emphasize that the
origin of a D-coin is genuine, not fake. For example, a D-coin is issued by the
national bank of this sovereignty country, bonded with its verifiable electronic
signature. Everyone accepts it with no dispute.
When we say a D-coin is issued to
someone, we really mean that the D-coin is added to the D-coin blockchain or
the “D-coin open ledger” as follows (we denote […] as a block of transaction
and + as concatenation):
Time_0:
[D-coin#1:
Alex] + [D-coin#2: Alex] + [D-coin#3: Alex] +
[D-coin#4:
Bella] + [D-coin#5: Bella] +
… +
[D-coin#500:
MarketLee] + all MarkektLee’s D-coins + [D-coin#999: MarketLee] +
Other@Time_0
The D-coin blockchain can be
visualised as that many blocks are interlocked (chained) together. Each block contains the transaction history of a D-coin. The detail of
chaining is described in the technical note below but we can just simplistically accept
it as that tampering a block will destroy the chain. The technical note below is for those who are interested in technical details of chaining.
Technical note:
Every block is prefixed with a “lucky number”, denoted as LuckyNbr, and suffixed
with a “block serial number”, denoted as BlockNbr. So, the [D-coin#1: Alex] @Time 0 is organised as
[LuckyNbr + D-coin#1: Alex + BlockNbr]
where the BlockNbr is required to have a
specified format, such as to have 20 leading 0’s and the LuckyNbr is a random
number that makes the BlockNbr, which is a hash value as
BlockNbr = Hash(previous_BlockNbr + LuckyNbr
+ [Transaction Content]) where the [Transaction Content] is "D-coin#1: Alex", the D-coin#1's current transaction history
to meet the required format where the previous_BlockNbr is previous block’s “block serial number”. In this way, all the blocks are chained together. For details, see Satoshi’s paper.
Hacker
Harry has hacked into miner X and he wants to add a transaction “D-coin#2:
transfer to Harry, signed by Alex”. Because Harry doesn’t own Alex’s signature.
As soon as this transaction appears, everyone knows it fake and informs miner
X. This kind of attacks is infeasible.
Case 2:
Assume we are at Time_2, and Some transactions have happened in the D-coin blockchain since Time_1. For simplicity of description, we assume there is one transaction happened on D-coin#1 as “transfer to WholeSaleMay, signed by MarketLee”. At this point, the D-coin blockchain looks like:
There are many copies of the ledger
on the Internet, which can be looked up by anyone, anytime, anywhere. If a copy
is different from the others, the copy is deemed to be fake. As we will see later, it is not
easy to tamper the ledger fraudulently and any seemingly successful tampering
will be detected immediately by logic.
From the above open D-coin ledger, it
is clear that Alex owns 3 D-coins, Bella 2 and MarketLee 500.
When Alex needs to purchase something
from MarketLee with 1 D-coin (this is to simplify the description. The principle
is the same when 0.1 D-coin or 1.5 D-coin are spent), he can make a transaction
request as “Transfer D-coin#1 to MarketLee, signed by Alex”.
MarketLee can verify the authenticity of
the transaction request by checking Alex’s electronic signature. But, to make
the transaction legitimate, such that this is not a double-spending D-coin, and
to make sure that MarkettLee has really received this payment, the transaction must
be recorded in the open ledger, resulting in an update like:
Time_1:
[D-coin#1:
Alex] + [D-coin#2: Alex] + [D-coin#3: Alex] +
[D-coin#4:
Bella] + [D-coin#5: Bella] +
… +
[D-coin#500:
MarketLee] + all MarketLee’s D-coins + [D-coin#999: MarketLee] +
Other@Time_0 +
…
Other@Time_1 +
[D-coin#1: Alex : MarketLee]
Looking at this open ledger again,
with a little calculation, we can see that Alex now owns 2 D-coins, Bella 2,
and MarketLee 501.
We mentioned that there are many copies
of this open ledger. How do they get synchronised to be identical?
In fact, a copy of the D-coin
blockchain is hosted in a network server which is called a miner or a mining
machine, who can add a transaction to the blockchain legitimately.
But, what does “add a transaction to
the blockchain legitimately” really mean? It means that a miner has to find a
LuckNbr which generates a legitimate BlockNbr for this transaction (see the Technical
note above).
And, why a miner is willing to do this
hard work by trying numerous random numbers to find the LuckyNbr? This is
because they can prove their work to earn the Hash Cash.
The source of Hash Cash varies. For
simplicity, we assume the sovereignty state rewards 0.1 D-coin to a miner who
has successfully added a transaction record to the D-coin blockchain.
Technical note: The design of Bitcoin makes it is more profitable to update
the Bitcoin blockchain, by adding a new transaction or fining a new Bitcoin than to attack it. Details see Satoshi’s paper.
When a transaction is successfully
added into a copy of the D-coin blockchain, i.e. a LuckyNbr has been found by a lucky
miner, the lucky miner will inform all the other miners immediately. Other
miners will do the following:
- Verify the authenticity of the transaction – this can be done by verify Alex’s signature.
- Verify the integrity of the lucky miner’s copy of blockchain – this can be done by check the LuckyNbr.
- Check if their copies are consistent with the lucky miner’s copy. That is, are their copies the same as the lucky miner’s copy before the new transaction.
- Many other checks can be performed such as if the D-coin is owned by others (double-spending) or if Alex has enough funds.
- Update their own copies to make them identical to the lucky miner’s if no discrepancy is detected.
Note: everyone can look up the D-coin
blockchain everywhere at any time. In addition, everyone is assumed to have
their own D-coin account, so they know how much money in their account. For
example, Alex knows he has 2 D-coins in his account but he may not care about
which D-coin numbers they are, just like not many people pay attention on the
serial number on their cash notes, as long as those are not fake money.
From here we can see, a blockchain is
just a ledger system. Under this system, a transaction record can be added legitimately
and upon a successful update, any illegitimate tampering will be detected.
The following attack scenarios show
how it works:
Case 1:
Case 2:
Assume we are at Time_2, and Some transactions have happened in the D-coin blockchain since Time_1. For simplicity of description, we assume there is one transaction happened on D-coin#1 as “transfer to WholeSaleMay, signed by MarketLee”. At this point, the D-coin blockchain looks like:
Time_2:
[D-coin#1:
Alex] + [D-coin#2: Alex] + [D-coin#3: Alex] +
[D-coin#4:
Bella] + [D-coin#5: Bella] +
… +
[D-coin#500: MarketLee] + all MarketLee’s D-coins + [D-coin#999: MarketLee] +
Other@Time_0 +
…
Other@Time_1 +
[D-coin#1: Alex : MarketLee] + Other transactions +
[D-coin#1: Alex : MarketLee : WholeSaleMay] +
Alex, the covert hacker, cannot simply remove the previous transaction [D-coin#1: Alex : MarketLee] with all the other subsequent transactions to claims he has successfully updated the D-coin blockchain because his copy will be backtracked to Time_0 and will be greatly shortened. No one would accept has copy of blockchain. This tampering will be detected immediately. This attack won’t work.
Can Alex tamper his legitimate transaction [D-coin#1: Alex : MarketLee] into [D-coin#1: Transfer 0.1 value to MarketLee]? Alex has his own signature and he of course can make such a transaction request. However, to maintain the integrity of his copy of the D-coin blockchain, he needs to find the LuckyNbr of this tampered block. This results in a different BlockNbr which is the input for calculating next_BlockNbr. To achieve a legitimate next_BlockNbr in his copy, Alex needs to recalculate the LuckyNbr for the next block, damaging another BlockNbr.
So, if Alex wants to make his copy look legitimate, he has to re-work out all the LuckyNbr’s along the D-coin blockchain of his copy to “Other@Time_2” and to be faster than the total computation power of all others. He has to produce a longest blockchain with all blocks legitimate.
The motive for Alex to do so is hard to justify. The first is that Alex will lose a lot of Hash Cash, the second is he has to have a bigger computation power than all others combined, and the third even if he succeeds to update his copy he will be detected as a hacker because he has a different seemingly legitimate copy of the D-coin blockchain. No one would accept his copy.
In Satoshi’s paper (Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, www.bitcoin.org, 31 Oct 2008”), many other attack scenarios have been discussed, such as multiple miners collaborate to attack the Bitcoin blockchain, which was shown to be infeasible. The paper also shows how to solve the case that two miners succeed to add the same block into the Bitcoin blockchain and how to achieve anonymity (i.e. the SK-PK-Address arrangement).
Can Alex tamper his legitimate transaction [D-coin#1: Alex : MarketLee] into [D-coin#1: Transfer 0.1 value to MarketLee]? Alex has his own signature and he of course can make such a transaction request. However, to maintain the integrity of his copy of the D-coin blockchain, he needs to find the LuckyNbr of this tampered block. This results in a different BlockNbr which is the input for calculating next_BlockNbr. To achieve a legitimate next_BlockNbr in his copy, Alex needs to recalculate the LuckyNbr for the next block, damaging another BlockNbr.
So, if Alex wants to make his copy look legitimate, he has to re-work out all the LuckyNbr’s along the D-coin blockchain of his copy to “Other@Time_2” and to be faster than the total computation power of all others. He has to produce a longest blockchain with all blocks legitimate.
The motive for Alex to do so is hard to justify. The first is that Alex will lose a lot of Hash Cash, the second is he has to have a bigger computation power than all others combined, and the third even if he succeeds to update his copy he will be detected as a hacker because he has a different seemingly legitimate copy of the D-coin blockchain. No one would accept his copy.
In Satoshi’s paper (Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, www.bitcoin.org, 31 Oct 2008”), many other attack scenarios have been discussed, such as multiple miners collaborate to attack the Bitcoin blockchain, which was shown to be infeasible. The paper also shows how to solve the case that two miners succeed to add the same block into the Bitcoin blockchain and how to achieve anonymity (i.e. the SK-PK-Address arrangement).
The above describes the main features
of a blockchain. For those who are not interested in blockchain technical details, a
blockchain can be simplistically regarded as an open ledger with many identical
copies on the Internet. All these copies can be legitimately updated
simultaneously but cannot be illegitimately tampered.
In addition to implementing digital currency, there are many other applications of blockchain
technology, for example, counterfeit prevention.
We use a purely fictitious example,
Bella buying an LV (Luxurious Venus) bag,
to demonstrate its potential application in logistics market. This
example is to show potential applications of blockchains, not for accuracy.
When LV produced an LV bag for Vendor
A, LV assigns a unique serial number, such as LV#1, to the bag and register,
legitimately, LV#1 and this bag’s features in to the LV-blockchain as
Time_0:
[LV#1: sold
to vendor A] + [LV#2: sold to vendor A] + … + [LV#100: sold to vendor A]
[LV#101: sold
to vendor B] + [LV#102: sold to vendor C] + …
Here, we must emphasize: all the bags
sold by LV are genuine at the origin – we do not discuss LV making counterfeits
themselves.
Just like the example of the D-coin
blockchain, as soon as a bag is added into the LV blockchain, the bag’s
history, such as [LV#1: sold to vendor A] can no longer to be tampered.
Before Bella makes the purchase, she
checks the LV blockchain, for example, to see if this bag has been sold (actually, it is her ShoppingApp that performs
all the checks for her) because there shouldn’t be two LV bags having the same
serial number.
After validating Vendor A and LV#1,
Bella uses her D-coin for the payment and the LV blockchain records this
transaction. The deal is done. At this point, the LV-blockchain looks like:
Time_1:
[LV#1: sold
to vendor A] + [LV#2: sold to vendor A] + … + [LV#100: sold to vendor A]
[LV#101: sold
to vendor B] + [LV#102: sold to vendor C] + … +
[LV#1: sold to vendor A : sold
to Bella]
Would an LV vendor attempt to sell a counterfeit?
If a vendor sells a counterfeit, then what the vendor is going to do with the
authentic one (say, it is LV#1)? It is impossible to re-sell it because the
authentic one’s serial number LV#1 has been added into the LV blockchain, in
the block [LV#1: sold to Bella by Vendor A], just like the D-coin blockchain,
no double-spending.
Will the vendor keep the authentic
bag for their own use? Then, what’s the point to sell a counterfeit? They not
only spend money on buying a counterfeit, but also risk the loss of doing
business with LV. It’ll be much better they enjoy the authentic bag themselves
and then sell is as a refurbished one. Save the money of buying a counterfeit.
Can the vendor re-sell it? This
authentic bag has lost its unique LV serial number. It can only be sold as a counterfeit!
Can it be a gift to a friend? It is
like spend a fortune to buy counterfeit as a gift. Not a good idea. Of course,
if the vendor just determined to do so, no one can help. The vendor can just
pray his fraud not being found and not losing his business with LV.
Another scenario, could a Vender X
sell a counterfeit LV bag and label it as LV#1, because they know LV#1 is a
legitimate serial number? No, they can't. When Bella is online browsing LV bags and she finds the
Vendor X’s LV#1 is very reasonable, will Bella buy LV#1? No, she won’t, because
her ShpooingApp immediately detects the vendor is wrong. Vendor X is exposed as
a fraudster.
In terms of selling counterfeit
directly, it is a counterfeit because it won’t be in the LV blockchain. No one
would be interested in taking it as an authentic.
There are many applications of
blockchain, such as birth certificates, smart contracts, legal documents, and
traceability of organic foods. We do not get into their implementation details.
The success of Bitcoin (www.bitcoin.org) makes people to believe the
blockchain technology is feasible, although it costs a huge amount computation
power and needs high-speed communication infrastructure.
To summarise, from a user’s point of
view, a blockchain can be simplistically regarded as an open ledger which can
be legitimately updated but infeasible to be tampered and can be looked up by
anyone, anytime and anywhere.
A post remark: the first version was published
on an Internet forum anonymously and it was visited 15,000 times in two days,
with some questions asked. I provide a short Q&A as follows in this
version.
Q: Is blockchain secure?
A: It should be able to reach a very
high level of security assurance though nothing is absolute. Bitcoin has
provided a positive example.
Q: Can blockchain protect privacy,
such as not being under surveillance?
A: It depends which model is chosen.
If an open-anonymity model, like Bitcoin, is used, privacy can be protected.
This has been in practice for a long time. However, it results in
decentralisation which some organisations or regimes do not like.
On the other hand, a blockchain can
be managed by, say, a consortium, which results in limited decentralisation. In
this way, the update of blockchain can be very fast because miners do not need
to prove their work. Furthermore, it is possible to implement limited offline
transaction such as a transaction can be completed by touching two mobile
phones. But, in the end, the consortium is able to trace every transaction.
In terms of the implementation
details of anonymity of blockchain, please see Satoshi’s paper.
Q: Will quantum computers crush
blockchains?
A: Quantum computers will have impact
on blockchains, especially those based on elliptic curve cryptography. However,
the post quantum cryptography are getting matured (see https://csrc.nist.gov/Projects/Post-Quantum-Cryptography). Any design of large-scale new
blockchain will take it into account.
[End of post]
