News & Insight

Blockchain & crypto January 11, 2019
#Block 2: the blockchain methodology

#Block 2: the blockchain methodology

Too often confused with cryptocurrencies, blockchain is a generic term for methodologies designed for managing data and operating databases. Somewhat confusingly, a database, platform or system built using blockchain methodology is usually itself called a blockchain.

The principles driving the blockchain methodology are easy to understand, but life quickly becomes more complicated and confusing when you look into its mechanics.

Having looked in our previous block at why crypto currencies are just one blockchain application, and looking forward to future blocks in this series where we will examine specific blockchain applications as well as applicable law and regulation, now seems like a good time to dive into how blockchain works.

Incorruptible distributive digital ledger

In block 1 we said that blockchain is a methodology with which to build databases and that it has a single common distinguishable feature: distribution. In an undistributed database, data is stored in one place such as the server of a document management system, and while one computer updates data, the others are locked out. By contrast with a database built as a blockchain, the information shared (the ‘ledger’) is stored on each computer on the network (or ‘node’) and every time the ledger is updated, the update is downloaded to each node. So, all users each have their own identical copy of the ledger, can see any changes while they are being made, and no information gets lost.

Create, review, update and delete

Traditional databases are based on the ‘CRUD’ model: create, review, update and delete. Blockchain takes the U and D out of the equation: existing data on the blockchain is ‘immutable’ and thus impossible to be modified or deleted.

The C is secured through large scale peer-to-peer review: as the ledger is public – between all users who have access to the database – everyone can see the data, and any new piece of data must be verified and accepted by the network before it can actually be created. Any attempt to create false data, or to validate a fraudulent transaction does not withstand digital review: by comparing each other’s ledger, honest nodes will instantly spot that their ledgers do not match with the bad or corrupted nodes’ ledgers and that consequently their ledgers are right and the one that does not match the majority must be wrong.

For that reason, blockchain advocates argue that it is ‘incorruptible’.

Dual key-pair system

The R (for review) is secured through a dual key-pair encryption system: only the user who has encrypted the data with his private key can decrypt and review it. Indeed, blockchain works on a dual key-pair system. Every user has both a public and a private key. The public key can be compared to someone’s address and the private key to the house key: the public key and the public information it contains is distributed throughout the network (publicly available such as in an address book), whereas the private key is only known to its owner. The public key is linked to the private key, so before transacting on a blockchain database, a user can verify that they are transacting with somebody holding that particular private key. The private key is used to control which public information a user shows to whom, to encrypt bits of data or sign transactions.

Encryption

All data is recorded on a blockchain database using a form of encryption called ‘hashing’. This method turns data, through a basic algorithm [1] , into a sequence of numbers and letters (a ‘hash’). This hash is always the same length regardless of the size of the data encrypted. It works so that the same data will generate the same hash, but a slight change in the data will produce a totally different hash. Once information has been hashed, it is impossible to reverse the process, unless one holds the private key which was used to encrypt the particular data in the first place.

Tell the true from the false

On a blockchain database, any newly created hash is verified by the nodes constituting the network by comparing their ledgers amongst one another. If more than 50% of the nodes agree, the new hash is linked to the previous hash (or ‘block’), becoming a block in the chain of data. Not all blockchains, however, work the same way. For example, Bitcoin combines several hashes in pairs using a Merkel Tree structure [2] before linking the blocks of data to each other.

Linking blocks

Each block has a block header, which contains a hash, a date and time stamp and crucially the hash of the previous block in the chain. In this way, all blocks are linked together, which ensures that any change flows through the whole chain and is instantly visible, arguably making the system very secure.

Image: The way in which blocks are linked together

Not secure enough?

The entry point to data stored on a blockchain is a private key and needs to be looked after just like the key to your front door. If you lose it, you might be locked out and further still you might have inadvertently given someone else access. Once someone takes possession of another person’s private key, he automatically gains access to that person’s data or digital assets. As a user of a blockchain you may not know that the person you think you are dealing with is in fact a bad actor who has stolen the private key of the person you think you are dealing with.

To keep a private key secure, one could print it off on a piece of paper, delete the digital copy and keep the piece of paper locked away in a safe, or break the piece of paper in three and give one piece to each of three trusted professionals or friends. A private key is a series of 45 characters, so technically one could potentially divide his key in up to 45 pieces. Ultimately, it is a balance between security and efficiency.

However, anytime a user wants to access data or execute a transaction on a blockchain database, he will need his private key. So even if the key is kept really safe, there is always the possibility that it would get stolen when the user actually types it in on a device to encrypt data or execute a transaction on the blockchain. Thus, people using the Bitcoin blockchain for example still rely on trusted third parties (the very same which the system was supposed to eliminate) to keep their private key safe when exchanging Bitcoin against money. And those third parties can and have been hacked (see Mt. Gox, BIPS or BitFloor for example).

Power and tyranny of the majority

The peer-to-peer review or consensus on which blockchain methodology is based works on the assumption that there will be more honest users than dishonest ones in a given network.

Data and transactions are validated by the network through comparing ledgers. And the network has no option other than to conclude that a transaction or data that appears on the majority of the ledgers is the right one and that the dissident (minoritarian) ledgers are corrupted.

Say I try to sell you a digital asset which in fact belongs to another user. The network will look at all ledgers to verify whether I have ownership of that asset. My ledger (corrupted) will show I own the asset, but all other ledgers will show that the asset is the property of someone else. I may have had help from friends – in exchange for a cut of the transaction’s proceeds – so that five ledgers on the network will show the asset as belonging to me. But as long as those five do not represent more than 50% of the ledgers on the network, my transaction to you will be rejected and your money will not be transferred to me.

This verification process thus fails where there are more bad actors than there are bona fide ones in a given network: “false” data or transactions – like the one described above – are validated. I get your money, but you do not get ownership of the asset (as it was not mine to give in the first place).

In that situation, the network is corrupted and will eventually be abandoned. Bona fide users will not want to be fooled twice and will quickly exit the network. And once there is no one to take advantage of anymore, those bad actors being the majority will in turn abandon the network.

The more users there are in a given network, the more secure it is: large numbers of users make it much harder for bad actors to orchestrate fraudulent transactions.

Final thoughts for now

To conclude, the public and private key system makes a blockchain database very secure (so long as you don’t lose hold of your private key) and hashing means the database is incorruptible. Set against that, a blockchain database is morally agnostic – whomever controls 50%+ of the nodes control the database and can bend it to their own will.

In our next block, we will be looking at how ‘proof of stake’ or ‘proof of work’ can be used to stimulate value in a blockchain.

Get in touch

If you are a blockchain venture or investor and want to speak to lawyers who understand how the blockchain works then do please get in touch at enquiries@humphreys.law.

This piece was researched and prepared by Hermance Schaerlig, with input from Henry Humphreys, Martin Cornish, Nitin Dahad and Jeremy Glover.

Humphreys Law


[1] The SHA256 algorithm is always used as a basis. Then some systems make the encryption more complex by making combinations of the algorithm. For example, SHA256 + SHA256, or SHA256 x SHA256, or even using a method called “salting” whereby a random number or letter is added at regular intervals in the hash.

[2] In a Merkel Tree, each transaction is hashed and then each pairs of hashed transactions are combined together and hashed again and this goes on until there is only one big hashed amalgam. This is alike to a sport’s tournament structure (quarter-finals, semi-finals, final and winner).

Sign up for news and insight
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.