What Is Blockchain Technology? A Step-by-Step Guide on How It Works

What Is Blockchain Technology? A Step-by-Step Guide on How It Works
Imed Bouchrika, Phd by Imed Bouchrika, Phd
Chief Data Scientist & Head of Content

Blockchain has been hyped as the next generation of recordkeeping for the past several years now. In fact, it is viewed as a key technological driver of the fourth industrial revolution. And it has the potential to make these claims a reality. But before we delve into the nitty-gritty, let us get down to the basics. What is blockchain technology exactly?

This article was prepared to answer that very question and more. It will address issues not only limited to how blockchain was developed and how it works but also questions about security and potential applications. Also, we will give specific examples of blockchain uses. Through this, we hope that readers will have a better appreciation of the benefits and disadvantages of the technology and how adoption could change the face of economics as we know it today.

Blockchain Technology Table of Contents

  1. What is blockchain?
  2. How Blockchains Work: Through a Bitcoin Lens
  3. The Types of Blockchains
  4. Blockchain Uses and Mainstream Adoption
  5. Blockchain Security Issues

Worldwide spending supporting blockchain technologies in 2019 reached around $2.7 billion. It is set to reach $17.9 billion in 2024 (IDC, 2020). Blockchain technology promises not only to make online transactions safer and more transparent but also to make them democratic. Meaning, with blockchain technology implemented, the average individual can exchange data and financial resources with another willing party without the help of third-party institutions as mediators and away from the eye of Big Brother organizations.

Source: IDC, 2020

Cryptocurrency has been blockchain’s original implementation. Hence, it has become almost synonymous with it. However, many intend to extend the technology’s scope. Applications have been found in various domains in business apart from finances. These include a distributed ledger for legal records, inventory, and even the Internet of Things (IoT). Also, some have even suggested that it be used for intellectual property monitoring together with smart contracts in the music industry.

Many believe that this technology will revolutionize how industries and government operates. However, business and public confidence are not unanimously high. The once-thought-to-be unhackable technology got hacked. And, it got hacked badly. The DAO fiasco serves as the poster child for blockchain apprehension. The attack cost investors 3.6 million Ether, which costs approximately $50 million (Deloitte, 2020).

However, it is good to note that blockchain networks are being run differently. They do not have a ubiquitous implementation. And, the apprehension towards this new technology usually stems from not fully understanding how it works. It is the fear of the unknown. And, this unknown is looming as institutions make their move towards adopting blockchain technology.

1. What is a blockchain?

Put simply, blockchain is a type of database. It is a special type of database that differs from traditional databases in two key areas: (1) storage and (2) structure.

Firstly, a blockchain is stored across a peer-to-peer (P2P) network of computers, which is unlike a traditional electronic database stored in drives and servers. At the outset, it is so-designed to make data and transactions more democratic without the need for third-party mediators or overseers.

Secondly, the technology differs in structure from other types of databases in the way it stores information—it uses ‘blocks’ and ‘chains’ them together. These blocks are immutable, meaning they create an irreversible data timeline. Thus, each transfer and modification can be easily tracked by those who can access the network.

The creators of blockchain fundamentally established three pillars for the technology. These are (1) decentralization, (2) transparency, and (3) immutability. Altogether, these three contain the operational principles of blockchain networks.

Principles of Blockchain Networks

As Berke (2017) pointed out in Harvard Business Review, there are five basic principles underlying blockchain technology. These are a distributed database, peer-to-peer communication, transparency with pseudonymity, records irreversibility, and computational logic.

Distributed Database with Peer-to-Peer Communication. Every member of the blockchain is provided access to the database along with a complete history. No single entity has control over the information. Moreover, each member can directly verify every transaction partner’s records without a trusted mediating third-party entity. The communication transpires directly between peers. There is no central organizing body that saves and disseminates information to network members.

Transparency with Pseudonymity. All users are given unrestricted access to every transaction, including values. These transactions occur between unique user alphanumeric addresses made up of 30-plus characters. Also, users can either choose to be anonymous or give proof of their identity.

Records Irreversibility. Every transaction record is linked to previous records. These immutable records are chained together to make up a complete history. The network uses multiple computational approaches and cryptographic algorithms to make these records widely available, unchangeable, and compose a proper timeline.

Computational Logic. Blockchain transactions, thanks to computational logic, can be programmed. This means that users can create rules and algorithms to automatically trigger transactions between parties.

A Brief History: The Chain of Ideas Creating Blockchain

The idea of a blockchain is not new. Several key blockchain principles and components have been proposed over a few decades now. In fact, the motivation to create this type of technology has been around since the 1980s.

One of the first, if not the first person, to be credited for developing a blockchain-like technology is David Chaum. In his 1982 dissertation, he sought to design a highly-secure computer system that organizations mutually suspicious of each other can trust instead of relying on third-party mediators like financial institutions and regulatory bodies. He suggested the use of cryptographic techniques to maintain a series of information called ‘vaults’ (similar to blocks) that are distributedly owned by everybody in the network.

In 1991, Haber and Stornetta developed computational procedures to create immutable time-stamps of documents including media files. These procedures would solve the problem of certifying when a file was created or last changed.

The technology has two properties.

First, it time-stamps the data itself without “any reliance on the characteristics of the medium on which the data appears, so that it is impossible to change even one bit of the document without the change being apparent (Haber & Stornetta, 1991).”

Secondly, the system would make it impossible for the stamping of a different time and date from the actual one. Thus, it makes it impossible for a user to forward-date or back-date the file.

In 1992, Dave Beyer, Haber, and Stornetta added the use of Merkle Trees to the design. This makes it more efficient by allowing multiple document certificates to be stored in one block.

These developments led to the contemporary versions of the blockchain. The most famous of them all is the first one to get it to work: Bitcoin.

Bitcoin’s blockchain technology was pioneered by Satoshi Nakamoto (widely believed to be a group of people). In 2008, he released the first Bitcoin whitepaper presenting the first implementable concept of a blockchain. He later used this as the core component of the Bitcoin system. Today, blockchain and cryptocurrency are viewed synonymously by many people—all thanks to Nakamoto.

Motivations Behind the Use of Blockchain for Cryptocurrency

The main motivation behind Nakamoto’s blockchain is similar to that of the idea’s predecessors. He wanted to do away with third-party mediators and replace them with cryptographic techniques that a peer-to-peer network can trust instead. However, it revolves around electronic financial transactions.

As strongly implied by Nakamoto’s landmark whitepaper, the main driver of ecommerce security and optimization issues is the over-reliance on the mediation of trusted third-party financial institutions. These problems include, but are not limited to, (i) costly time and resources spent on mediation, (ii) the impossibility of irreversible transactions, (iii) fraud, and (iv) the hassling of consumer information.

Cost of Mediation. Resources spent on mediation do not only add to the consumers’ costs like transaction fees but also discriminate against what Nakamoto (2008) calls “small casual transactions.” In all practically, parties would want to send payments of significantly higher value than that of the third-party transaction and processing costs.

Reversible Transactions and Fraud. Moreover, Nakamoto added that there is also a broader cost, especially for producers. This is because the traditional regulation by third-party financial institutions make it impossible for non-reversible services to be disputed and reversed. For instance, producers are at a constant risk against unreasonable consumer payment disputes and outright chargeback fraud.

Consumer Information Hassling. Because the system has a high risk for chargeback frauds, businesses and banking institutions themselves ask for more information than they otherwise might require for cash transactions. This is not only annoying to consumers but also takes up time and resources for business entities. The same goes for those engaged in online microtransactions like peer-to-peer sales and exchanges on social media.

Noting these difficulties, Nakamoto pushed to transform online commerce by allowing direct transactions from one party to another without going through financial institutions as trusted third-party mediators. Underlying this is his proposal of an “electronic payment system based on cryptographic proof instead of trust.” He claimed that this can be done through a purely peer-to-peer version of electronic cash to mimic the dynamics of physical currency transactions. And, to avoid manipulation and fraud, cryptographic techniques for peer-to-peer verification will be implemented much like blockchain predecessors have proposed.

2. How Blockchains Work: Through a Bitcoin Lens

In its very essence, a blockchain is a “database of verified public timestamps (Nick Grossman (2015)” that runs on a peer-to-peer network. A network takes transaction data, encrypts them, and collects them into a block. The block is then timestamped, verified, and added to the previous block. This continues ad nauseam forming a longer and longer chain. This is generally how the technology works.

However, this might be too simplistic. And, it certainly does not bring justice to the true ingenuity of the technological components and protocols that make blockchain work well. In this section, we will discuss how blockchains work more on the level of specifics without going much into the technical details.

Also, given that Bitcoin is the first blockchain implementation that is more or less being “copied” by others, we deem it appropriate to use its system for a guided tour into how blockchains really work.

Blockchain and Cryptocurrency

The original blockchain was implemented for Bitcoin and is an open-source technology. The Bitcoin blockchain is simply a file that a user can download and share. The user can simply download the Bitcoin program, connect to the network, and the Bitcoin Blockchain will be shared to him or her by other participants or ‘nodes.’ This shared ledger contains a huge list of confirmed transactions. Anyone who is part of the network can confirm how much value a singular address has at any point in time. As of writing, the size of the Bitcoin Blockchain download is over 350GB (Bitcoin, 2020).

To make the process of transactions and verification secure, blockchains like Bitcoin enforce their recorded transaction timelines with cryptography.

Here are the tools and techniques that the Bitcoin network commits a blockchain to (1) get rid of third-party mediators and (2) find community consensus while (3) safeguarding against fraud and (4) incentivizing participation.

Digital Signatures and Hashing: Cutting Out the Middle Man

In the seminal paper by Nakamoto (2008), an electronic coin is defined as a chain of digital signatures. Thinking about it, many developed the view that the information in the chain of digital signatures makes up the currency itself. But this has been disputed (see Warmke, n.d.). What is clear, however, is that digital signatures play a huge part in Bitcoin and, in essence, blockchains.

Digital signatures are mathematical schemes that are used to authenticate the integrity and authenticity of a message or, in the case of cryptocurrencies, the transaction data. As Warmke (n.d.) noted, digital signatures allow a peer-to-peer network to automate two tasks that were entrusted to financial institutions like banks or central authority. These are (1) the verification of the sender’s signature and (2) ensuring that the sender has sufficient funds before clearing and making the transaction. Thus, this technology allows a peer-to-peer network to do away with central authority or mediating institutions. Here is how it works (roughly).

Digital Signatures

In Bitcoin, a transaction is simply the transfer of value between Bitcoin addresses—a spending address and a receiving address. What is unique to Bitcoin, however, is that addresses are only for one-time use. These addresses are created and made secure using a digital signature scheme. The typical implementation of a scheme requires three processes: key generation, signing algorithm, and verifying algorithm. Moreover, this uses public-key cryptography techniques involving a pair of keys.

Key Generation. This function creates two keys, the private or secret key and the public key. The public key is derived from the private key, which is a random number but with a one-way function. This one-way function makes it tremendously difficult to ascertain what the private key is from the public key. The private key is a secret piece of information proving that a node has the right to spend the bitcoins in a specific “wallet” (Bitcoin, 2020). The public key is where addresses are derived from. They are cryptographically connected so that only a unique private key can ‘open’ the public key that was derived from it. Frankenfield (2020) likens the public key to a special mailbox. A mailman or anyone can leave small packages or letters inside, but the contents can only be retrieved by the person who possesses the private key.

Signing Algorithm. This algorithm starts with the private key and the message as its inputs. The message, in this context, is the transaction data containing important details including the spending address, the amount of bitcoin to be spent, previous transactions that credited the spending address, and the receiving address (Warmke, n.d.). The algorithm’s output is called a tag or a ‘signature.’ This signature is a mathematical mechanism that allows someone to prove that they own such and such amount of currency without revealing their highly-valuable private keys.

Verifying Algorithm.  When the receiver or payee gets the message, a verification algorithm is used to determine whether the message is authentic by taking the message, the signature, and the public key as inputs. It decides whether to accept or reject the transaction on the basis of whether the signature matches the amount of bitcoin spent (Bitcoin, 2020).

Firstly, this scheme verifies that the sender is the actual person with the authority to spend the bitcoins and, secondly, clears the transactions after ensuring that the sender has sufficient funds. Here, one can see clearly how this peer-to-peer protocol allows nodes to send and receive direct payments without mediating parties.

For the front-end user to receive cryptocurrency, he simply needs to disclose his or her addresses to the payer. The payer then places the payment and digital signatures do the rest.

With this piece of technology, a network can be truly peer-to-peer and do away with central authorities. The trust placed in third-party mediators is now given to clever cryptography.

Cryptographic Hash Function

Remember that a Bitcoin address is a ‘hash’ of the receiver’s public key. Hence, it is different from the public key itself. Put simply, a hash is the output of a one-way cryptographic hash function that turns any string of any length into a fixed-length output. A public key is used as input and the hash, the output, is then used as the address. This way, payees do not have to broadcast their public keys. They only have to disclose their ‘addresses,’ adding another layer of security. This also goes for whole transactions.

In fact, in Bitcoin and other blockchains, it is not the full original data in a single block that is being verified. It is just the hash of the block.

There are many cryptographic hash functions available. Bitcoin, for one, uses SHA256, which was designed by the National Institute of Standards and Technology (NIST) together with the US  National Security Agency (Penard & van Werkhoven, 2008).

The State of Smart Contract Legislation 2018

StateYearLegislation
Arizona2017AZ HB2417 (Passed):
Signatures; electronic transactions; blockchain technology
Tennessee2018TN SB1662 (Passed): As enacted, recognizes the legal authority to use distributed ledger technology and smart contracts in conducting electronic transactions; protects ownership rights of certain information secured by distributed ledger technology
Nebraska2018NE LB695 (Pending): Authorize and define smart contracts and authorize use of distributed ledger technology as prescribed
New York2018NY A08780 (Pending): Relates to allowing signatures, records and contracts secured through blockchain technology to be considered in an electronic form and to be an electronic record and signature; allows smart contracts to exist in commerce
Ohio2018OH SB300 (Pending): Revise Electronic Transactions Act/blockchain/smart contracts
Vermont2018VT S0269 (Passed): An act relating to blockchain business development
Illinois2020HB3575 (Passed): Blockchain Technology Act
Source: Adcock (2020).
Note: Other American states continue to study legislation pertinent to the utilization of both blockchain technology and smart contracts.

Above is an example of strings used as input to a SHA256 hash generator. You’ll notice that the first and second input strings do not have the same length. When used as inputs, however, each unique hash generated has the same fixed length. It does not matter how long the string you input in a hash function, it will always return a fixed-length output. Moreover, consider the first and third input strings. Both are identical except for the capitalized ‘W’ on the latter. However, they have totally different hashes—a small change from the input causes a drastic difference in the output.

Using hashes has two main benefits. Firstly, it makes it nearly impossible to identify the contents of the messages especially information about transacting parties (Frankenfield, 2020). Secondly, it makes verification faster. As hashes are shorter than the original message, they are easier to compare with each other as opposed to going inside two documents or messages and comparing them bit by bit.

And, considering that the average transactions per block were 2.16k on January 4, 2021 (Blockchain.com, 2020), going through the data instead of the hashes will take up exponentially more computing power and time.

Merkle Tree

We have mentioned Merkle Trees. To make validation faster, cryptocurrencies use a Merkle Tree to organize these hashes and to form one “root” hash. This technique allows nodes to easily search and verify specific transactions without downloading and going through the whole blockchain.

To arrange transaction data in a Merkle Tree, a system needs to hash every transaction.  Then, a pair of hash strings are concatenated or joined end-to-end then hashed again (Frankenfield, 2020). This goes on until there is one “root” hash. When there is an odd number of transactions, one transaction is doubled then its hash will be concatenated to itself (Frankenfield, 2020).

The magic of Merkle Tree lies in its root. This is because it contains the information needed to verify a transaction. So, when querying whether one transaction is authentic, a node need not go through the hashes one by one. It can start from the root to reach any “leaf” or the bottom row of the tree. This significantly lowers the time it needs to authenticate any message.

With these three cryptographic constructs, cryptocurrencies do not only get rid of trusted third-party mediators but also lessen the time for nodes to verify the authenticity of any given transaction in a block.

Finding Consensus and Dealing with Fraud: One Source of Truth

As Nakamoto (2008) pointed out, these techniques are enough to allow the payee to verify the chain of ownership. However, these alone would not allow the payee to verify whether one of the owners have not spent the electronic coin twice. As it is easy to create duplicates of digital files, a digital currency can be susceptible to be spent multiple times. This is called the double-spending problem.

One solution, as Nakamoto noted, is to have a company that ‘mints’ digital coins. After every payment, a coin gets returned to the mint and a new coin will be issued to avoid double-spending. However, again, he noted that the entire system would depend on the organization that runs the mint, another central authority, thus, defeating the purpose of a free and democratic peer-to-peer network.

The use of a timestamp is intuitively helpful. Just timestamp every transaction and when it appears that a coin has been sent multiple times to different recipients, the network will only honor the earliest. However, this poses two problems.

First, just like how electronic coins can be easily duplicated and manipulated, timestamps can also be fabricated. It will be easy picking for malicious entities (or adversaries as they call them in cryptography) to manipulate network information.

Secondly, in a truly distributed P2P network, there is no guarantee that the order of transactions received at a node is in the same order that they are generated (Crosby et al., 2016). This is because every node’s system time may be different from others. In fact, in Bitcoin, every node has two counters—its local time and the network time (Ma, Ge, & Zhou, 2020). Also, these two may have a difference of no more than 70 minutes. A consensus mechanism is thus in order.

Nakamoto devised a scheme to deal with these two problems. The solution starts with a distributed timestamp server. It is distributed in the sense that nodes participating in the network are required to contribute resources to make it run. Also, as they collectively put in the effort, it will be easier to find consensus on what transactions are valid. Also, the work is designed to be very resource-heavy enough to discourage adversaries from manipulating the network (Szalachowski, 2018).

The work involves the collection of all transaction information that happened in a set time interval, grouping them into immutable time-stamped blocks, and chaining these blocks in chronological order. Hence, the term blockchain. In this scheme,  the blocks themselves are timestamped. So, the transactions in one block are considered to have occurred at the same time (Crosby et al., 2016). This provides a consensus mechanism on what transactions happened first.

To make it difficult to create and, therefore, fabricate a block, Nakamoto designed Bitcoin’s blockchain protocol to deeply incorporate a resource-heavy cryptography game. Together with other essential transaction information, timestamps are used as inputs to a highly-sophisticated cryptography puzzle that nodes are required to solve in order to create a new block (and earn bitcoins).

This puzzle is central to verifying valid transactions, extending the chain, finding consensus, and earning more coins. This activity is essentially what the famous Bitcoin term “mining” refers to.

Hence, all of the cryptographical trouble is by design.

Proof-of-Work: Creating a Block

As Ma, Gans, and Tourky (2019) put it, mining can be thought of as a game where miners solve a cryptographic puzzle. This game is deeply embedded in Bitcoin’s protocol and is a type of proof-of-work (PoW) system. The core idea behind a PoW is to create a “cost-function” that poses a difficult challenge that is, hopefully, costly enough for malicious actors not to pursue without discouraging honest ones to go through it (Back, 2020).

A P0W system is somewhat analogous to the pesky CAPTCHA that forces users to prove that they are humans and not a computer by putting in some mental ‘work.’  The difference between the two, however, is that while CAPTCHA is easy to solve for humans but hard to solve for a computer, a PoW is virtually impossible to solve for humans and is computationally very expensive to solve for computers.

In the case of Bitcoin, the game is designed for nodes to collectively try to solve for the target hash, which is the hash of the next block. The answer that everybody is looking for is called the ‘nonce’ or number only used once. All technicalities aside, this game is in essence just computationally-heavy guesswork. It is solving for the target hash by brute force. Solving by brute force is like trying every possibility to find the right solution or demonstrate proof. This is also called proof by exhaustion—which is indeed exhaustive.

A loose analogy would be solving a Rubik’s cube behind your back without really knowing the starting state of the cube. You will only know if you successfully “solved” it when a designated arbiter, seeing that you have all sides correct, tells you to stop. Consider that the possible permutations or states of a Rubik’s cube total to more than 43 quintillion. If or when you get it right, your success can only be attributed to luck more than anything else.

Bitcoin mining, however, is collective. Thus, it is like commissioning a vast army of blindfolded people to solve Rubik’s cubes of unknown states and they only stop when one gets it right. Then they are off to the next round.

The mechanics are as follows (Nakamoto, 2008):

  1. New transactions are announced to all nodes
  2. Every node collects new transactions into a block
  3. Every node works on solving a difficult proof-of-work for its block
  4. When a node finds a proof-of-work, it broadcasts the block to all other nodes
  5. Nodes only accept the block only if transactions are valid and have not been spent
  6. Nodes show that they accept the block by working on creating the next block using the hash of the previously accepted block

A node that solves the target hash is said to create or mine the next block. In fact, this node just merely proposes what the next block should be. This node is the “miner” node. On the other hand, the other nodes—full nodes and lightweight nodes—validate every block and transaction.

Degree TypePublic
In-State
(Tuition and Fees Only)
Public
Out-of-State
(Tuition and Fees Only)
Private
(Tuition and Fees Only)
Associate Degree$3,370$14,046$14,587
Bachelor's Degree$10,560$27,020$37,650
Master's Degree$8,950$23,007$42,030
Doctoral Degree$11,440$25,083$44,910
Source: College Pricing & Student Aid, 2020; College Tuition Compare, 2021

And in order for Bitcoin to have some stable block generation rate, the system automatically adjusts the difficulty of the puzzle so that the right guess will come up regularly. In Bitcoin, the average block generation rate is every 10 minutes and the difficulty is adjusted every 2016 blocks to achieve this (Ma, Ge, & Zhou, 2020). With a stable block generation rate, the network will be able to regularly update its blockchain ledger.

As Bitcoin’s PoW system requires participants to have a stake in terms of the work they expend, participants are less likely to compromise the integrity of the network.  As Ma, Gans, and Tourky (2019) noted:

“The only way one might conceivably distort the blockchain is to control the game, but to do that requires proof-of-work—solving the puzzle—which is costly. The expenditure of real resources is, therefore, key to the integrity of the network.”

Mining alone is very costly. In fact, it cannot be successfully done by your typical home computer anymore. Sophisticated rigs and processors that consume great amounts of energy have been developed specifically for bitcoin mining. This is why not all nodes are miners. Moreover, participating in mining and verification is not only computationally expensive. It also requires the use of “more real” resources like electricity.

In fact, the Bitcoin network runs on a very energy-extensive worldwide network infrastructure (Digiconomist, 2021). Its annual carbon footprint is pegged at 36.95 Mt CO2, which is comparable to that of New Zealand. The electrical energy used annually to power it is estimated to be 77.78 TWh, which is comparable to the power consumption of Chile. Some even say that Bitcoin’s energy consumption is underestimated (see de Vries, 2020).

Mining Incentive

As shown, creating blocks are very expensive. In a PoW scheme, the main resources expended are CPU time and electricity. Hence, incentives are in order for Bitcoin and other mining-based cryptocurrencies to keep participants interested. This is done through mining rewards automatically generated by the system.

In the Bitcoin context, adding a new block will trigger a special transaction. This transaction creates new coins credited to the successful miner. Moreover, this does not only provide an incentive to participate but it also provides a mechanism for a network with no central authority to put new coins into circulation.

This, as Nakamoto (2008) saw it, is analogous to how gold miners expend resources to put more gold into circulation. And they themselves get a cut. In the case of Bitcoin, the resources are CPU time and electricity. The reward is new bitcoins. This is the incentive for costly cryptographic PoW. Today, the amount is 12.5 BTC (this gets halved in set intervals, the reward started at 50 BTC).

Just as the real supply of gold is finite, Bitcoin also has a predetermined amount of coins to be circulated. Once this amount has been reached, incentives would switch into transaction fees. This way, no inflation would happen.

All of these tools and protocols have been put in place just for the network to be able to create its own ledger in a truly distributed way. Clever cryptography, an ingenious proof-of-work system, and generous incentives are all for the mining, verification, and linking of blocks to a chain. But what are blocks exactly? What do they contain?

The Block: The Basic Data Structure

A block is the basic structure of a blockchain (Ma, Ge, & Zhou, 2020). It is a collection of information about transactions that occurred in a more or less set time interval. For Bitcoin, again, it is around 10 minutes. The block is made up of two parts: the block header and the block body.

The block body contains the Merkle Tree of transaction hashes. This, as discussed, is basically the list of transactions arranged in a way they can be easily validated even by resource-limited nodes (Ma, Ge, Zhou, 2020).

On the other hand, the block header contains a summary of what is in the block together with other information linking it to the previous block and the next. These include the block’s version number, its timestamp, the hash of the previous block, the Merkle root, the target hash, and the nonce.

  • Version Number and Block Size. The block size and the version number are indicated for better verification and communication
  • Previous Hash. This is the hash value of the previous block header. As Zhou, Ma, & Ge, (2020) noted, this can be used to validate a block’s father block in order to validate their link.
  • Merkle Root. As discussed, this is an important data structure that nodes can use to search for and verify transaction data.
  • Timestamp. This records the time that a block is found out or created. This also serves as the inner timestamp for transactions contained in the block. Timestamps act as time-sensitive proofs of existence. Note, however, that Bitcoin transactions themselves do not have timestamps, only its blocks.
  • Target Hash. This is considered to be the key to the next block.
  • Nonce.  The “number only used once” is the number that miners are solving for

It is the block structure itself and its contents that allow for it to be cryptographically linked to its previous and next block. And this linking or chaining plays a big role in how to further reach consensus. This is all that the proof-of-work trouble and the expense of resources are for.

 Majority Rule: The Longest Chain

Having a PoW system to find the nonce is not enough to find consensus. The distributed nature of the network itself (including latency issues around the world) can cause instances where multiple blocks get created by different nodes at the same time (Crosby et al., 2019). Moreover, there can also be malicious or malfunctioning nodes that collect unconfirmed transactions and broadcast them to the network.

As briefly discussed, creating a block is not equivalent to already appending it on the blockchain. When a miner publishes its block, the miner merely “proposes” to include its block to the blockchain. It takes other nodes to verify it before it gets to be added. And when multiple versions of blocks appear at about the same time, the network has to decide which one gets to be included in the chain. This is where the PoW as a consensus system comes into full swing.

Achieving consensus for which a blockchain version is real was likened by Nakamoto to “voting.” But what is blockchain voting and how does it work?

Firstly, he noted that voting cannot be done via one-IP-one-vote. It is because the integrity and authenticity of a blockchain can be subverted by those that have allocated more IPs.

But thanks to the ingenuity of the PoW system, voting in this regard can be considered as one-CPU-one-vote. Thus, the authenticity of a block or a version of a blockchain rests upon the amount of PoW effort invested therein.

The chain with the most CPU power invested in it is the longest available chain. The longest chain, in essence, represents the majority decision. Here are examples to make the picture a bit clearer.

Consider that CPU power and connection speed is not constant among nodes and participants. Some nodes may get dropped off because of bad internet connection or power outages. Also, in practice, some full nodes may only contribute six hours worth of work a day.

When these nodes drop off the network, they stop providing computational work. The nodes that do remain continue to work on the blockchain. In the event where those that dropped off resume connection, their local versions of the blockchain will be shorter. This is especially true if they dropped off for more than 10 minutes—the average amount of time that a new nonce is found. In this case, it is intuitively so that the nodes with the shorter chains will defer to the longer version created by the majority of the network.

In another case, it is possible that two nodes broadcast two different versions of the next block at the same time. And some nodes may receive one or the other first (Nakamoto, 2008). If this happens, nodes will work on the first node that they have received while keeping a copy of the other. Both blocks can be valid, but the “tie” can be broken once the next PoW has been found and one version becomes longer than the other. As Nakamoto stated:

“Nodes always consider the longest chain to be the correct one and will keep on working to extend it.”

This PoW consensus system also guards the network against adversaries or malicious entities that want to make changes to a particular block. This is because in order to change a particular block, the entire work should also be redone. Since the target bock is computationally chained to its subsequent blocks, changing the target block would also require redoing all the work for all the blocks after it. The tremendous work required to change all of these, especially when block generation happens every 10 minutes, would not allow adversaries (in the minority) to “outrun” or “outwork” the honest majority that continues to extend the chain.

However, this is provided that the majority of the nodes are honest. In a system where CPU power is the voting currency, a group can theoretically amass CPU power greater than others in the network. The group can use this to propagate fraudulent blocks and execute double-spending attacks.

If this comes to fruition, Nakamoto hoped that the mining incentives will play a part to keep those that hold more CPU power, which is the voting currency, to stick to the rules.

Nakamoto (2008) envisioned that if someone had managed to assemble more CPU power than the rest of the network, he would therefore choose between two actions: (a) defraud people or (b) use it to generate more coins. The more profitable route, as Nakamoto suggested, is the latter. By playing by the rules and using superior CPU power to generate more coins, the entity possessing the majority CPU power would be able to get more coins than all the rest combined. If he chooses to defraud people, then he would undermine the whole system and put the validity of his own wealth into question. This, Nakamoto hoped, would prevent nodes from going the dishonest route.

Blockchain Summary: A Combination of Technologies and Protocols

As seen in the discussion, Bitcoin’s blockchain is not a singular technology. It is a composite technology designed using various protocols. Also, as discussed in the previous section, many such tools have already been invented and implemented before Satoshi Nakamoto’s 2008 seminal paper. However, the combination and deployment of these tools together with new protocols have made Bitcoin’s blockchain implementation the one to watch and follow for many years now.

The ingenious use of cryptographic techniques allows the Bitcoin community to forego third-party mediators. Transactions and the recording of transactions are outsourced to each and every node providing computational work and resources. This strategy is also being used by many blockchain-based cryptocurrencies and is a shining example of how decentralized digital infrastructures and even economies can work.

Also, its consensus mechanism serves as a basis for other blockchain-based networks for forging their own. Bitcoin showed that blockchain can work and it can be done. Others, then, have found new ways to make blockchain work for different purposes. In the next sections, we will take look at how blockchain technology can be implemented in different ways.

3. The Types of Blockchains

Since the implementation of Bitcoin’s blockchain in 2009, many companies and entrepreneurial individuals started seeking to adopt, improve on, or design their own blockchain technology. As mentioned, there are many different types and implementation is not ubiquitous. And blockchain implementations can also vary in various components, from consensus mechanisms to how they preserve anonymity.

Blockchains by Access

As the technology is quite new and innovations are fast approaching, it is really hard to categorize blockchains into a such and such class or type. However, there is a prevalent taxonomy that provides a rough categorization. In this taxonomy, there are three main types (Zheng et al., 2017). They are (1) public blockchain, (2) private blockchain, and (3) consortium blockchain.

  • Public Blockchain. All the records are public and everyone can participate in the consensus process.
  • Private Blockchain. Only nodes from a single organization are allowed to join the consensus process.
  • Consortium Blockchain. Only a group of pre-selected nodes can participate in the consensus process.

According to Zheng and colleagues (2017), these are how they may be similar or different in terms of the selected blockchain properties of consensus determination, read permission, immutability, efficiency, centralized, and consensus process.

Computer Science Degree Tuition

Public In-StatePublic Out-of-StatePrivate
Associate Degree$2000 - $5,500$7,900 - $14,000$9,500 - $17,700
Bachelor's Degree$10,560 -$17,000$27,020 -$40,000$37,650 - $59,200
Master's Degree$9,700 - $15,900$12,200 - $38,800$24,100 - $60,000
Doctoral Degree $15,930 - $18,000$18,000 - $39,000$27,000 -$54,000
*Values are estimates.

Consensus Types

Moreover, there are also different consensus algorithms being used today. PoW is just one. Other types have been created that circumvent Bitcoin’s original resource-heavy implementation. Here are the most common ones as Zheng and colleagues (2017) have listed and defined:

Proof of Work (PoW). This consensus strategy is designed so that a node that wants to publish a block of transactions would put effort into a lot of work to prove that it is not a malicious entity. It is the original blockchain consensus algorithm used by Bitcoin as discussed above. To lessen resource use, other PoW protocols have been designed. For instance, Primecoin’s PoW system involves the search for special prime number chains that can also be used for mathematical research.

Proof of Stake (PoS). Instead of solving a sophisticated cryptographic puzzle using costly CPU power and electricity, the PoS scheme has their miners prove that they have ownership of some amount of currency. The selection of who gets to add a block is based on the size of the account balance. The core idea is that those who have more currencies are the least likely to attack the network. However, many consider this unfair. When compared to PoW, PoS saves more energy. Hence, some with PoW systems like Ethereum have been reported to be poised to move to a PoS scheme. Other variants choose a coin-age-based selection scheme. Peercoin nodes with the larger and older sets of coins have a greater probability of recording the next block.

Partial Byzantine Fault Tolerance (pBFT).  Roughly, this is an algorithm designed to tolerate dishonest or nonworking nodes while providing a way for the entire system to continue making decisions. During the start of a round, a node is selected according to a set of rules. The process has three phases: pre-prepared, prepared, and commit. The node would only enter the next phase if it has received votes from more than 2/3 of all the other nodes. In another variant called dBFT, there are professional nodes that are voted for to record the network’s transactions. This is being used by Antshares.

Delegated Proof of Stake (DPOS). The main difference between PoS and DPOS is that the latter is representative democratic. In PoS, those with the most coins may dominate in recording the transactions. In a system using DPOS, stakeholders elect delegates to create and validate blocks. Because there are fewer nodes doing the verification, blocks are confirmed relatively quickly than competing consensus algorithms. Moreover, dishonest nodes can easily be voted out by stakeholders. Bitshares uses the DPOS scheme.

Ripple. In this consensus scheme, the network is divided into two types of nodes: a client and a server. Clients can only transfer funds while servers can participate in the consensus process. Every server has a Unique Node List (UNL). This list is used when the server is trying to determine whether to append a transaction on the ledger. The server queries its UNL and if agreements have reached 80% then the transaction will be added. The ledger, for a node, will remain correct provided the percentage of faulty nodes do not reach 20%.

Tendermint. This is a kind of a byzantine consensus algorithm. It also uses a three-step round to determine a new block. One proposer would be selected to broadcast an unconfirmed block. A round is divided into three phases: prevote, pre-commit, and commit. The rounds go similarly to pBFT where the round progresses when votes reach up to 2/3 in every step. However, unlike pBFT, nodes have to put their coins on the line to become validators. This is because when a validator has been found to be dishonest, it will be punished.

Key Differences Between Online and Traditional Degrees

 TraditionalOnline
Learning ScheduleFixedFlexible
Mode of LearningOn-campusLearning Management System
CommunicationFace-to-face collaborationsOnline channels
ExpensesTuition
Food and lodging
Transportation
Miscellaneous fees
Tuition
Tech expenses
House bills

Essentially, developers and communities can create or pivot their own networks. This leads to the creation of many other types of blockchains. For instance, there is what is called a “permissioned blockchain.” Unlike private and public blockchains, these blockchains have a unique access-control layer. This layer provides the network with a chance to delegate access via role-based or identity-based protocols. The end result is, therefore, a network with selective transparency.

This functions just like the typical role-based SaaS platforms like a learning management system, providing different access types to students, teachers, parents, and administrators. Developers of this sort of blockchain network may limit access to certain people or roles to certain files or information. For instance, student users may not have access to data like the addresses of their teachers and administrators. The updates and validation of information still retain the core blockchain scheme. The access-control layer just adds another level of security and privacy.

Implementations like this are what blockchain boosters are eyeing for business or organizational use. This type of deployment can take advantage of blockchain security features and consensus mechanisms without making data available to everyone. Indeed, this is one of the latest advancements when it comes to possible novel blockchain applications outside of cryptocurrency.

4. Blockchain Uses and Mainstream Adoption

In the early years, and still true today, blockchain and cryptocurrency are quite synonymous. However, there have been always efforts to expand the use of blockchain technology. In many ways, the push is strongest in the financial industry.

In 2015, a consortium of banks and companies flocked to create an open-source blockchain platform with R3, a financial technology company, leveraging blockchain technology (R3, 2020). The consortium included top financial institutions, including Goldman Sachs and Barclays. Today, R3 has become an enterprise software firm with the largest blockchain ecosystem linking 350 institutions.

The development here is not just concerned with the transfer of money or recording transaction information. It also seeks to revolutionize how institutions connect and transact with each other leveraging blockchain technology’s promise of decentralization, transparency, and immutability.

And one piece of technology is making this and more possible. Enter smart contracts.

Smart Contracts and Blockchain

Invented by Nick Szabo in 1994, smart contracts have not found much usage until the notion of cryptocurrencies and programmable payments (Crosby and colleagues, 2016) came along. The idea behind smart contracts is to have a technology that automatically executes contract terms and obligations among participating parties.

Paired with blockchain technology, participants can now rest assured that payments or obligations will be automatically triggered when set conditions of a contractual agreement are reached. This technology duo can replace lawyers in creating contracts and banks to provide escrow services. Today, Etherium allows the running of smart contracts on its blockchain.

Together, smart contracts and blockchain technology can revolutionize how businesses and individuals transact. Currently, as Crosby and colleagues (2016) noted, there are three main approaches in the industry to extend and overcome perceive blockchain technology limitations. These are:

  • Alternative Blockchains. This uses the blockchain algorithm to find distributed consensus on a particular digital asset. Also, the system can share the miners of a parent network like Bitcoin. This is called merge mining. This can be useful in file storage, DNS, voting, and SSL certificate authority.
  • Colored Coins. This technique is used by developers to create digital assets on top of the Bitcoin blockchain. This extends blockchain functionalities beyond cryptocurrency. This can include asset tracking or even voting.
  • Sidechains. Usually, these are Alternative Blockchains that are pegged to a cryptocurrency like Bitcoin just like how physical currency used to have been backed by gold. As the researchers noted, it is possible to have thousands of these Sidechains that can be pegged to Bitcoin, all taking advantage of Bitcoin’s resiliency and scarcity. Moreover, Bitcoin may choose to provide support for additional features for tried and tested Sidechains.

These three main approaches are currently being used in a wide range of blockchain application expansion. However, efforts can be categorized into financial applications and non-financial applications. A list of current and potential uses in these two categories by Crosby and colleagues (2016) is provided below.

Financial Applications

Private Securities

The use of blockchain technology can make taking a company public less expensive. As practiced today, a syndicate of banks is required to underwrite the deal. With blockchain technology, however, companies can theoretically issue shares via the blockchain. Then, these shares can be bought and sold in a secondary market that is nested on top of the blockchain.

Insurance

With blockchain technology, it could be easier for owners to register unique assets, ranging from physical properties to digital assets. Registering it to the blockchain will create an immutable chronological account of ownership and transaction history. The record can then be used by insurers to easily validate claims. One example that Crosby and colleagues (2016) pointed to is Everledger, which creates a permanent ledger of diamond certification. Unique characteristics of the diamond are registered and hashed, making it easily verifiable by claimants, law enforcement, and insurance agencies.

Nonfinancial Applications

Notary Public

Document verification can now move away from having a centralized authority to govern it. Since blockchain allows the document certification service to be counterfeit-proof, it can then be verified by independent third parties and be legally binding. As the researchers note, this takes notary stamping to a new height. Moreover, this can also eliminate the need for expensive fees and inefficiencies in transferring documents. There are now many firms providing such or similar services. These include Stampery, a firm that stamp emails or files using blockchain, which is a go-to solution for law firms when they want to easily certify documents.

Music Industry

The music industry has gone through drastic changes, thanks to the internet. Transparency when it comes to royalty payments has gotten more complex. By using blockchain technology, the industry can maintain an accurate and comprehensive distributed record of music rights ownership. Moreover, through smart contracts, splitting royalty for every work can be automatically enforced.

Decentralized Proof of Existence of Documents

Traditional document validation depends on central authorities. This, as we now know, presents security risks. Moreover, as the researchers noted, the task becomes more difficult as documents become older. An alternative model using the blockchain could replace this. A Proof of Existence service can easily allow anyone to securely store a proof of existence online. Also, they note that the document itself is not stored but a cryptographic digest, including the timestamp of submission. Such a service is now available on ProofofExistence.com.

Decentralized Storage

Even though the usefulness of centralized cloud storage services cannot be discounted in today’s business environment, they still present a great deal of security and privacy risks. Third-party entities control confidential documents. Time and again, it has been shown that these third-party providers can be hacked, so much more individual accounts. With its cryptographic techniques and peer-to-peer network, blockchain technology can help alleviate these worries. One such service is Storj, which runs a peer-to-peer distributed blockchain cloud-storage platform, allowing those with extra hard disk space and bandwidth to share them for bitcoin microtransactions.

Decentralized IoT

In the usual implementation of the Internet of Things (IoT), devices connect and interact with each other using a centralized hub.  However, the researchers pointed out that this can be impractical in configurations where devices need to “talk” to each other autonomously. Blockchain technology can help with this by providing a platform for secure data exchanges. Also, it can serve as the trusted shared ledger for all the messages exchanged between a decentralized IoT ecosystem. The researchers cite IBM and Samsung’s ADEPT or the Autonomous Decentralized Peer To Peer Telemetry platform as one of the first implementations of this. ADEPT uses a mix of protocols, namely BitTorrent’s file-sharing, Ethereum’s Smart Contracts, and TeleHash’s P2P messaging.

Blockchain-Based Anti-Counterfeit Solutions

Researchers point out that using blockchain technology to create anti-counterfeiting solutions would allow markets to free themselves of trusted third parties that introduce logical friction between consumers and merchants. With a decentralized implementation and high-security features, merchants and consumers can verify the authenticity of branded products themselves without a trusted third entity. An example of a company implementing such blockchain-based counterfeit solution is BlockVerify. Applications have been found in the luxury items, diamonds, and pharmaceutical markets, among others.

Internet Applications

Using blockchain technology to decentralize the internet’s DNS or “phonebook,” as the researchers explained, can help thwart censorship and abuse. DNS servers today are largely controlled by large corporations and governments, making them highly prone to spying, abuse, censorship, and hi-jacking. With a decentralized DNS, users will get to have the same copy on their computer without passing through Big Brother organizations. Also, in the area of Public Key Infrastructure, a blockchain implementation would allow for a Keyless Security Infracture that uses cryptographic hash functions instead of relying on companies providing Certification Authority (CA).

Mainstream Adoption and Challenges

In a survey involving participants from 14 countries, including 1,500 senior executives and practitioners, Deloitte (2020) found that blockchain technology is within the strategic sights of organizations. Fifty-five percent of respondents answered that blockchain adoption will be critical and is included in their top-five strategic priorities. This is an increase from 43% in 2018 and 53% in 2019.

Source: Deloitte, 2020

However, some still believe that blockchain is overhyped. This too is valid. Firstly, as Crosby and associates (2016) have noted, there are great challenges ahead for companies that are thinking about adoption. Secondly, there can be security challenges as well. We will discuss the latter in the next section.

Adoption Challenges

  • Behavior Change. By doing away with trusted third-parties, customers will have to get used to believing that their transactions are safe and secure. Moreover, traditional trusted parties like financial institutions, including banks will have to pivot to accommodate the change.
  • Scaling. Initial adoption could take hours or even days as participants would download a whole ton of data. They would download the entire set of existing blockchains and validate them before making their first transactions.
  • Bootstrapping. There will be migration risk when enterprises move their existing document and contracts to a blockchain-based methodology. For instance, as the researchers note, for real estate ownerships, existing documents are in county or escrow companies, and this involves a lot of resources and a lot of time.
  • Government Regulations. When markets will be poised to adopt blockchain technology, government agencies such as the SEC and FTC will surely look to regulate and monitor the industry. This could slow down adoption. However, in the United States, as entities are trusted by the customers, it could, in some way, help adoption. But in economies where the government exercises more control, it will be harder to adopt.
  • Fraudulent Activities. Because of the pseudonymous nature of blockchain transactions and the ease of moving valuables, malicious entities may use the technology for fraud like money trafficking. To thwart these, regulations and more technical support are needed.
  • Quantum Computing. The security of a blockchain relies on the difficulty of the cryptographic techniques disallowing a single party to manipulate the system. However, with the looming advent of quantum computing, keys would be easier to crack. Thus, blockchain-based systems may need to create stronger keys to make blockchain security future proof.

5. Blockchain Security Issues

Blockchain is not unassailable. Nakamoto (2008) understood the vulnerability of trusting the majority for consensus. So, since its inception, fears concerning the security of blockchain technology are warranted. Many of those fears came to fruition in the past years. Since 2017, and unbeknownst to most of the public, almost $2 billion worth of cryptocurrency has been stolen by hackers from exchanges. These hackers, as noted by Orcutt (2018), are not lone operators but are sophisticated cybercrime organizations.

Attacks are systemic and coordinated in nature.

Source: Q4 2019 Cryptocurrency Anti-Money Laundering Report, 2020

Orcutt (2019) noted that the irreversibility of cryptocurrency transactions makes blockchains particularly attractive to thieves. Hence, fraudulent transactions become permanent. And there are many methods that attackers can use. As Saad and associates (2019) further pointed out, attack viabilities can be attributed to a Blockchain’s cryptographic constructs, distributed architecture, and the application context. Popular blockchain attacks target vulnerabilities in these domains.

In the next section, we are going to discuss the most common and dangerous attacks and vulnerabilities.

The Majority or 51% Attack

As Lin and Liao (2017) noted, within the Proof of Work (PoS) system, the probability of successfully mining a block depends on the work put in by the miner. Specifically, this is the CPU/GPU cycles spent verifying hashes. Hence, many people are incentivized to pool their resources together so they can mine more blocks. This results in the creation of what researchers call “mining pools,” places that hold the most computing power.

In a blockchain network with consensus deferring to the “best block” with the most computational work put into it or the block that is the most difficult to create (Saad et al., 2019), mining pools can easily create the best blocks and dupe the system. When a group assembles 51% of the computing power, they would, in essence, take control of the entire blockchain.

Nakamoto (2008) was very aware of this as previously discussed. He sought to discourage mining pools or just a greedy and CPU-power rich miner by adding in incentives and hoping that they or he would choose to play by the rules in order to earn more coins than the entire network. However, the threat is real. And as Lin and Liao (2017) stated, it can do the following:

  1. Change the transaction data and probably cause a double-spending attack
  2. Stop block verifying transactions
  3. Stop a miner from mining any available block

However, the researchers noted that 51% or majority attacks were more feasible when most transactions were worth significantly more than block rewards and the network processing power or hash rate was lower, thus becoming more prone to manipulation, thanks to the creation of sophisticated mining technologies. Nevertheless, this had happened.

As Saad and associates (2019) pointed out, the Bitcoin mining pool called “GHash.IO” has acquired 51% of the hash rate for one day in July 2014. Fortunately, the group did not perform malicious activities. However, in August 2016, the group called the “51 Crew” had hijacked two Ethereum Blockchains—Shift and Krypton—managing to take 21,465 Kryptons by double-spending. Also, in 2018, a group amassed 51% of the hash rate in Bitcoin Gold. They used this to steal $18 million worth of cryptocurrency. Moreover, in June 2018, this technique was used to attack four more blockchain-based cryptocurrencies, namely Verge, Zencash, Litecoin Cash, and Monacoin.

Blockchain Forks

One key vulnerability that 51% attackers take advantage of is blockchain forks. A fork is what happens when nodes in the network have diverging versions of the blockchain. Sometimes these get corrected quickly, but at other times this is permanent. These, however, can be created unintentionally through malfunctions in protocols or client software upgrade incompatibility (Saad et al., 2019).

The researchers noted that a fork can occur when a group of users create a child application from a parent application. This happened in 2017 when a group of Bitcoin developers wanted to increase the block size limit. For that, they developed a Bitcoin client that supports 8MB as opposed to the 1MB limit. Their proposal, however, was not accepted by the larger community, so they created a “hard fork” and created a new cryptocurrency called Bitcoin Cash.

A hard fork is what happens when new blocks that a network accepts are deemed invalid by pre-fork nodes. Another kind, a “soft fork,” as it is termed, happens when some blocks appear invalid to post-fork nodes (Saad et al., 2019). These forks are inconsistent states that adversaries can use to create confusion, distrust, and fraudulent transactions. One of the ways they can do this is by what is called “selfish mining.”

Selfish Mining

This attack strategy is used by miners to increase their rewards by intentionally keeping blocks private. Instead of broadcasting them when discovered, they choose to continue to mine their own private blocks so they can create a longer chain than that of the public. This creates a race condition between honest miners and selfish ones. Here is a simplified version of the possible mechanics as outlined by Saad and colleagues (2019):

An honest miner, with average CPU power, successfully mined A and shared it with the public. A selfish miner with a significantly higher CPU power successfully mines block A and chooses not to publish it. Then, the selfish miner then continues to mine for his private blockchain and ended up successfully mining blocks B and C. Afterwhich, he releases all his blocks. This creates a fork. When both versions get presented to the network, the longer chain with more computational work invested therein would win the network’s approval.

This not only invalidates blocks contributed by honest miners but also rejects all the transactions in the honest miner’s block (Saad et al., 2019). Also, an invalidated block can take two forms: stale blocks and orphaned blocks. An orphaned block (Block E) does not have its parent block (Block D) in the blockchain while a stale block (Block B) is valid but they are not part of the main blockchain.

Furthermore, when two selfish miners compete to add their versions to the network, this can create blockchain forks. And forks also lead to consensus delays, which can further lead to other potential attacks. There is a long list of potential attacks using forks and selfish mining, but most of them will not be discussed here.

Peer-to-Peer Network Attacks

The distributed nature of blockchain networks also presents opportunities for various attacks. The general goals of these attacks are to sow misinformation, create partitions, and isolate genuine miners from the network. Here are three common attacks among many others:

DNS Attacks

The Domain Name System (DNS) is used as a bootstrapping mechanism for a new node to discover other active peers. Once a new node joins the network, it performs a query on the DNS seeds. This process returns one or more DNS records together with the IP addresses of peers accepting the incoming connections. This way, the new node can establish a connection with its peers (Saad et al., 2019).

As Saad and colleagues noted, the Bitcoin developer’s guide considers the DNS as a “wide attack surface” to Bitcoin networks. Attackers may use this to inject an invalid list of seeder nodes. This can isolate peers and siphon them into a counterfeit network with malicious nodes. From there, the malicious nodes can propagate false blocks.

Sybil Attack

The term Sybil was derived from a woman who was purportedly diagnosed with a dissociative identity disorder.  Sybil nodes are virtual identities with zero mining power (Swathi, Modi, & Patel, 2019). They can participate in disseminating data but they could not have the ability to mine a new block. Attackers create a multitude of these Sybil nodes so they can only forward the block of the attacker and ignoring the blocks of genuine users. Hence, only the attacker’s block is propagated in the network, so the attacker gets more rewards. Also, this reduces the overall throughput of the system. The Sybil Attack also works best when the attacker uses a large number of malicious virtual nodes for his handiwork.

Eclipse Attacks

An eclipse attack happens when malicious nodes isolate their neighboring nodes using IP addresses (Saad et al., 2019). What the attacker does is sever the connection between an honest node to another. Then, he connects this node to malicious nodes.  When an honest node is compromised and surrounded by the attacker’s malicious nodes, the attacker can control the incoming and outgoing traffic of the neighboring nodes. Thus, he can feed them a different view of the blockchain and the transactions.

Application-Oriented Attacks

The blockchain and the P2P system are separate from the application services that use them (Saad et al., 2019). These blockchain applications also possess vulnerabilities and have an attack surface. Saad and colleagues (2019) have anticipated different types of attacks that can be performed on application services.

Blockchain Ingestion and Anonymity

According to the researchers, public blockchains possess a “weak notion of anonymity” while also providing public access to open data. So, by analyzing a blockchain, an attacker can get insights into how he can compromise the network. This process, as noted by the researchers, is called blockchain ingestion. This can happen when a competing entity like a credit company can apply data analytics using the public information so that they can create schemes to compete with the digital currency (Saad et al., 2019).

Also, the anonymity in blockchain-based cryptocurrencies presents opportunities for malicious entities to carry out fraud. Since blockchains provide payment irreversibility, many malicious entities take advantage by scamming users to send money through Bitcoin ATMs. Without a central entity, it is also more difficult for victors to claim fraud and get reimbursed (Saad et al., 2019).

Double-Spending

Yes, double-spending is still possible in blockchain networks. The researchers noted that this can happen in an environment of fast transactions or if a receiver is optimistic and validates the transaction before the transaction itself gets mined into a block. During this time, the sender can sign the same transaction with his private key and send it to another recipient (Saad et al., 2019). This is the price of consensus delays, which can be caused by factors like block computation time, among others.

The researchers pointed out that in March 2013, a successful double-spending transaction worth $10,000 was successfully carried out in Bitcoin, thanks to a soft fork.

Cryptojacking

In cryptojacking, attackers use web and cloud-services to illegally do PoW without consent (Saad et al., 2019). This comes in two prevalent forms: web cryptojacking and cloud-based cryptojacking.

Web cryptojacking involves the creation of a malicious JavaScript code and injecting it into websites. This allows attackers to secretly do PoW computations without the knowledge and consent of website visitors. Device owners are oblivious to this background activity as they continue browsing the website. Moreover, in 2017, online platforms have emerged providing code snippets that attackers and website owners can use.

Cloud-based cryptojacking, on the other hand, remotely targets devices and hijacks their processors to do some secret mining. This is popular among malicious miners with no powerful hardware to enhance their computing power.

Enhancing Security

As blockchains are implemented differently by different networks, each has specific vulnerabilities. Malicious entities are fast to exploit them, as do those who develop countermeasures. Researchers and developers have come up with many suggestions to make blockchain implementation better.

Some of these include the use of more reliable timestamps (Ma, Ge, & Zhou, 2020; Szalachowski, 2018). To introduce more anonymity, researchers like Ziegeldorf and colleagues (2018) suggested the use of decentralized shuffle protocols and mixing services (in Saad et al., 2019). Improvements can range from adjusting the block size and average computation time to limiting access.

Of course, the arms race is still early. And new types of attacks (anticipated and ongoing) like cryptojacking have still to be explored deeper (Saad et al., 2019).

The same thing goes for fraud. In fact, more cryptocurrency has been stolen due to fraud and misappropriation than those from hacks and thefts. The optimization and strengthening of blockchain networks will likely never end.

Given these, colleges offer on-ground and online cyber security degrees that explore these threats and possible ways to stop and prevent them.

Source: Q4 2019 Cryptocurrency Anti-Money Laundering Report, 2020

The Blockchain Train Is Moving Forward

The hype surrounding blockchain technology seems to be warranted. It mostly delivers on what it promised. However, as we have discussed, blockchain technology still possesses many vulnerabilities. Its security was overhyped and maybe even its role in the evolution of industries. Despite this, the train is still moving forward.

In January 2021, the cryptocurrency market capitalization—the price of currency times the number of coins in the market—alone reached more than $333 billion (CoinMarketCap, 2021).

The number of blockchain patent applications around the world is also rising. Inventors have applied patents for various applications, including for those in the areas of thermal processes, energy, and audio-visual technology. In 2008, there were only 37 applications submitted around the world. In 2018, this number jumped up to 4,673 (IPlytics, 2019). In the middle of 2019, there were already 2,354 patent applications recorded. Also, blockchain conferences are also gathering steam.

It seems that one way or another, blockchain technology will continue to make its way into our industries and daily lives. And as blockchain technology evolves, new exploits will soon emerge. The perennial arms race between code makers and codebreakers will just go on and on (see Piper, 2013).

The most prudent among blockchain supporters understand that the technology is not in its final stages yet. More work should be done to stave off malicious entities. As progress works for either the good or bad side, the work may not end.

Meanwhile, learners who believe in the technology and are interested in developing more solutions can enroll in blockchain degree programs. The future generation paves the way for the future of blockchain.

 

References:

  1. Bitcoin. (2020a). Download. Bitcoin – Open source P2P money. Bitcoin.
  2. Bitcoin. (2020b). Vocabulary. Bitcoin – Open source P2P money. Bitcoin.
  3. Blockchain.com. (2020). Average Transactions Per Block. Blockchain.com
  4. CoinMarketCap. (2021). Global charts. CoinMarketCap.
  5. Crosby, M., Pattanayak, P., Verma, S., & Kalyanaraman, V. (2016). Blockchain technology: Beyond bitcoin. Applied Innovation, 2(6-10), 71. Applied Innovation Review.
  6. Deloitte. (2017, January 9). The DAO attack. Deloitte Ireland.
  7. de Vries, A. (2020). Bitcoin’s energy consumption is underestimated: A market dynamics approach. Energy Research & Social Science, 70, 101721. Elsevier.
  8. Digiconomist. (2020, November 1). Bitcoin energy consumption index. Digiconomist.
  9. Frankenfield, J. (2020, February 18). Merkle tree. Investopedia.
  10. Frankenfield, J. (2020, June 27). Nonce definition. Investopedia.
  11. Frankenfield, J. (2020, June 29). Private key. Investopedia.
  12. Grossman, N. (2015, June 15). The blockchain as verified public timestamps. The Slow Hunch – by Nick Grossman.
  13. IDC. (2020). Blockchain solutions will continue to see robust investments, led by banking and manufacturing, according to new IDC spending guide. IDC: The premier global market intelligence company.
  14. IPlytics. (2019, June 12). Who are the patent leaders in blockchain? IPlytics.
  15. Lin, I. C., & Liao, T. C. (2017). A survey of blockchain security issues and challenges. IJ Network Security, 19(5), 653-659. IJ Network Security.
  16. Ma, G., Ge, C., & Zhou, L. (2020). Achieving reliable timestamp in the bitcoin platform. Peer-to-Peer Networking and Applications, 1-9. Springer.
  17. Ma, J., Gans, J. S., & Tourky, R. (2018). Market structure in bitcoin mining (No. w24242). National Bureau of Economic Research.
  18. Penard, W., & van Werkhoven, T. (2008). On the secure hash algorithm family. Cryptography in Context, 1-18. Webspace.
  19. Piper, F. C. (1990). Codemakers versus codebreakers. Interdisciplinary Science Reviews, 15(4), 349-356. Taylor and Francis Online.
  20. R3. (2019, April 16). History. R3.com
  21. Saad, M., Spaulding, J., Njilla, L., Kamhoua, C., Shetty, S., Nyang, D., & Mohaisen, A. (2019). Exploring the attack surface of blockchain: A systematic overview. arXiv preprint arXiv:1904.03487. Cornell University.
  22. SEBA Research. (2020, August 27). Classification and importance of nodes in a blockchain network. The Bank for the New Economy | SEBA.
  23. Swathi, P., Modi, C., & Patel, D. (2019, July). Preventing Sybil Attack in Blockchain using Distributed Behavior Monitoring of Miners. In 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-6). IEEE.
  24. Szalachowski, P. (2018, June). (Short Paper) Towards More Reliable Bitcoin Timestamps. In 2018 Crypto Valley Conference on Blockchain Technology (CVCBT) (pp. 101-104). IEEE.
  25. Warmke, C. Electronic Coins.
  26. Zheng, Z., Xie, S., Dai, H., Chen, X., & Wang, H. (2017, June). An overview of blockchain technology: Architecture, consensus, and future trends. In 2017 IEEE international congress on big data (BigData congress) (pp. 557-564). IEEE.
  27. Ziegeldorf, J. H., Matzutt, R., Henze, M., Grossmann, F., & Wehrle, K. (2018). Secure and anonymous decentralized Bitcoin mixing. Future Generation Computer Systems, 80, 448-466. Elsevier.

Newsletter & Conference Alerts

Research.com uses the information to contact you about our relevant content. For more information, check out our privacy policy.