Editor's Note: This report was produced and originally published by Threat Lens, Stratfor's unique protective intelligence product. Designed with corporate security leaders in mind, Threat Lens enables industry professionals to anticipate, identify, measure and mitigate emerging threats to people and assets around the world.
The spectacular rise in the value of cryptocurrencies has captured much media attention lately. Much less attention has been paid to the technology that underpins them, distributed ledger technology — better known as blockchain. Blockchain has multiple applications that go far beyond digital currency. It offers major security advantages built in to its basic design. But this does not mean that blockchain is invulnerable to cyber or physical attacks. Here, we discuss what blockchain is, and how it works.
What It Is
At base, blockchain is a system for keeping accurate, secure digital records. It does this by creating a digital ledger, or chain, copied on multiple computers called nodes. One network can comprise anywhere from a few dozen to millions of nodes, each one holding an identical copy of the ledger. Every time there is a change to the ledger, a new data set called a block is created. For the change to be approved, it must first be validated. This can happen a variety of ways depending on the architecture of the blockchain. Once the block is validated, it is "chained" to previous blocks to create a complete record of every transaction going back to the initiation of the ledger.
Each block has a unique, time-stamped cryptographic hash — or a condensed, converted version of a larger set of data (such as the characters in a password) into a smaller "hash" set — linking it to the previous block in the chain so it is impossible to retroactively reorder the block. Information on blocks cannot be retroactively altered because they are stored on multiple nodes across a distributed network, so even if one node is corrupted the others will have the correct version of the ledger. Changing data does not erase the previous entry, but rather creates a new block showing the changes; the previous version of the data can always be seen by simply going back to the previous block.
Blockchain's decentralized data set is thus far more difficult to tamper with than systems stored on single servers or folders. To destroy or alter the ledger, hackers would need to seize control of 51 percent of the nodes hosting the ledger. When the network is composed of thousands or millions of independent machines, this can be virtually impossible.
In addition to being unalterable once they are added to the chain and being distributed such that there is no one failure point, blockchain integrates cryptography into its basic architecture. Access to the chain is limited to those with proper credentials, known as "keys." These are extremely complex cryptographic sequences, making them very difficult to guess. These "superpasswords" are unique to each authorized user. Changing a chain requires the key, and attempting to make such a transaction creates a time-stamped record of what key requested the transaction, linking the action to the specific key user.
Another advantage of blockchain is that users can remain anonymous. Anonymous networks are extremely difficult to disrupt due to the complexity of simply identifying who owns the nodes. Moreover, all transactions and records can be individually encrypted, and new centralized networks can freeze suspect accounts and block stolen keys.
How It Works
All blockchains function in largely the same way, following four steps that ideally can be completed in less than 10 minutes.
1. Someone requests that a transaction be added to the distributed ledger using his key; in doing so, he automatically "signs" the transaction by creating a time stamp traceable to him.
2. This request is broadcast over the internet to all nodes on the network.
3. The request is validated by the ledger by checking the user's digital signature from his key and the balance of the ledger (cryptocurrencies also include additional safeguards).
4. Once one node has validated the transaction, the other nodes will confirm the validation independently. The validated transaction becomes a new block of information which is added to the chain, and is now unalterable. The block has a unique cryptographic hash and time stamp that identifies its place in the chain, and records when the changes were made. The block includes the key signatures of all those who have made alterations. The transaction is completed, and all nodes are updated to record the new block in their ledgers.
Different blockchain systems have different ways of validating transactions. There are currently two validation methods, proof of work and proof of stake. A third, more centralized method, proof of authority, is being discussed for future blockchain systems.
Proof of Work, or "Mining." This baseline method of validation used by bitcoin and other cryptocurrency blockchain systems is designed to incorporate the needs of a currency, and not just of record keeping. In this validation method, nodes race each other to solve complex mathematical calculations to validate the transaction. The first one to solve the calculation then confirms the transaction, and is rewarded with a newly minted unit of cryptocurrency. The equation posed in each transaction is random and cannot be short-circuited or cheated. If a user wants more cryptocurrency, he must lend the network computing power to solve the problem. Only some of that power will actually be used to solve the equation; the rest will maintain copies of the ledger. Blockchain needs processing power to function, and providing the opportunity to mine through proof of work gives people incentives to dedicate processing power to the blockchain. Instead of investing in massive data centers, this distributes the processing power around the globe so that individual users are providing the network (and redundancy) that make the blockchain work. The more computing power the user offers to the network, the more likely he is to solve the equation first. With each subsequent transaction, the equation gets more difficult, thus requiring more computing power to solve. This has increased upfront investment in computing power needed to efficiently mine currencies, and has prompted the growth of so-called coinjacking malware.
Proof of Stake. In this system, used by the cryptocurrency Ethereum, the validator of a new block is determined not by a race to solve an equation, but based on an algorithm that calculates how much currency the user has and how long he has owned it. This measures how much stake the owner of the node has in the currency as a whole. The more currency the owner holds and the longer he has held it, the greater his chances of being chosen to validate the new block and earn a flat transaction fee.
Proof of Authority. Under this new concept, the blockchain would function more like a conventional currency in that only designated users could grant permission to validate the next block. The proof of authority user would have the authority to sign off on transactions in the same manner account managers approve transactions in conventional systems. While more centralized, it still constitutes a distributed ledger transaction because the data would be stored across the nodes. This system would likely have more utility for the internal blockchain systems of companies or governments that primarily use the technology for record keeping, and so do not need to create incentives to outside users to provide processing power. It would, however, be more vulnerable to hackers and insider threats.
As seen with the emergence of proof of authority, blockchain technology continues to adapt to users' needs. While new challenges to the blockchain architecture will doubtless arise, the system can thus evolve to meet those challenges.