CC BY
33
Once again about Blockchain Technology
V.N. Kustov, T.L. Stankevich Emperor Alexander I Petersburg State Transport University St.-Petersburg, Russia kvnvika@mail.ru, Stankevich-t@gaz-is.ru
Abstract. Recently, the blockchain technology was not written or spoken only by the lazy one. Blockchain - what is it: future technology or self-deception in the light of its small study and applicability? To argue, answering this question, it is possible long and persistently. The same article are considered implementation its technological features, which often remain «behind the scenes» or represent a kind of superficial, short and nonrevealing essence description.
Keywords: blockchain, block, transaction, Merkl's tree, mining, hash, miner, node.
Lately about blockchain, technology did not write and did not tell only the lazy. The views expressed by information security and information technology experts in articles and oral presentations can be defined as diametrically opposed and considered at two levels of criteria:
1. Prospects for implementation;
2. Consequences of implementation.
The second criterion directly follows from the first, and both of them allow experts to be divided into skeptics and enthusiasts. At the first level, «Prospects» opinions are divided into those that express a sincere belief in the blockchain and its existence within a variety of systems and services, and those that deny it, referring to the possibility of alternative approaches to solving certain problems. The second criterion divides the experts into those who express great enthusiasm about the upcoming «revolution», comparable with the creation of the Internet, and those who connect the blockchain with the death of existing information and payment systems. Schematic representation of the described criteria is shown in figure 1.
Blockchain
Viable Unviable
Revolution
Disaster
This article discusses the technological features of the blockchain technology implementation, which often remain «behind the scenes» or represent its surface, short and undisguised nature. So, what is the blockchain?
Blockchain is a technology of reliable distributed storage of reliable records [6]. At the same time, we want to emphasize that the main advantage of blockchain technology in comparison with distributed databases is the inability to violate the integrity of stored records (blocks). Thus, blockchain technology provides two of the three main properties of information security: data integrity and availability.
How does the blockchain work?
On the one hand, the blockchain is nothing new: linked lists in distributed databases have always been used, and the connection of list items in such databases is provided by links from one node to the next and (or) the previous one; new nodes are added to the end of the list. It also happens in solutions implemented based on blockchain: each block is a collection of certain elements and is a node of the list. The newly created blocks are always added strictly to the end of the chain, as shown in figure 2.
On the other hand, blockchain has a set of new properties that are not related to the lists and meet the following principles:
1. Spatial distribution.
2. Availability and openness of information.
3. Internal security.
4. Each blockchain user has access to the data stored in the system. Each node (user's computer) keeps and maintains a complete copy of the system blocks, which is provided by special synchronization mechanisms. This organization allows excluding the possibility of hacking the system, built based on blockchain, because in case of malicious modification of data on one node of the system, the rest of the system will immediately detect this fact. The network excludes centralized management, and each participant can join or leave the network at any time.
5. Any user, while maintaining the principles of openness and availability of records (transactions) in blocks, as well as the principle of anonymity easily verifies Block elements in the system.
6. The internal security of the blockchain is implemented using cryptographic mechanisms.
Fig. 1. Classification of expert opinions on blockchain technology
Fig. 2. The chain of blocks - Blockchain
Hash function
The integrity and availability of data stored and processed by systems implemented based on blockchain ensures the use of a cryptographic mechanism that operates based on a hash function.
The hash function has only one argument - an arbitrary set of data: strings, documents, messages, data arrays, registers, etc. [1] The result of the hash function calculation over the input data is a bit string of fixed length - hash. Hash calculated using a special algorithm, which is a mathematical representation of a hash function.
The main properties of hash functions are as follows:
1. The hash function argument can be any size.
2. The calculated value of the hash function (hash) must always be a fixed size.
3. The h(m) hash function is easy and simple to compute for any m message.
4. The hash function must be sensitive to various, even the smallest, changes in the content of the m input dataset.
5. The hash function must be irreversible, that is, it must have a unidirectional property.
6. The probability of an event that the hash values of two different arguments (regardless of their size) coincide should be very small.
7. As it was mentioned earlier, the format and size of the input data for the hash function calculation are not limited, and a hash - bit string of fixed length should represent the hash result of the calculation. Standard hash sizes in bits can be as follows: 224, 256, 384 and 512. It is easy and simple to calculate a hash function by a certain algorithm, but it is almost impossible to recover the initial data (argument) from the hash, i.e. in other words, the hash function is unidirectional, the sensitivity of the hash function to the slightest changes in the argument is high. Examples of initial data slightly different from each other, and the results of applying hash functions to them are given in table 1 (calculations are made for the hash algorithm SHA-2(256) [2] using the utility Alternate HASH-Generator 1.450 [3]).
TABLE 1. The property of the hash function sensitivity to changes in the input data
Source data HASH
The hash for this line will be as follows 907ec14038421a67c15a43452404e0d0b9a6e3950822f42ff391845a4dd5703e
The hash for this line will be as follows: 475935ef4c722c6978e5d84942cb90c14def34e03b0e4c7fdfea959c9af78a32
The HASH for this line will be as follows: 3eb5f620077b3cc68316d50f9c87f1e07c3e1df173c71afcd3b5d6e06d9d4154
The HasH FOR this line will be as follows: cdc9a7bb2069343282d5e6eab10cbbd456b00d41c20d287ac0170f275fbfd1ad
Blockchain network
By registering in a system built based on blockchain technology, the user is able to interact with other network nodes (create new transactions, which will be included in the blocks of the chain, view the elements of existing blocks). At the same time, the blockchain network is international in nature and is not subject to the laws of any state.
All users of the blockchain network (see fig. 3) can be divided into 3 categories:
1. Normal user.
2. Intruders.
3. Miners - the creators (generators) blocks and the transaction collectors in blocks.
The functions of a standard user include:
1. Create new records and send them to miners for entering into blocks.
2. Obtaining new data and checking their reliability.
3. Save verified data and share it with other users.
Attackers can create fake records and perform the same
functions as regular users.
The main function of the miners is to create blocks. The process of creating a new block is very time-consuming and complex, requiring significant material, time and computing resources. In addition, some implementations of blockchain have very strict requirements for block generation and the maximum number of blocks that can be created is fixed. In addition to this task, miners provide the collection and verification of new records for their subsequent inclusion in the blocks, as well as their distribution on the blockchain network.
A new record is not considered reliable until it is entered in any block. As a rule, users send new records on the block-chain-network, so that eventually they reach the miner, and he in turn will include them in the block. Only after checking the new record for correctness, it will be included in the block and it will be impossible to cancel it.
Block structure
The data block consists of two parts: the header and the body (fig. 4).
Regular user
Regular user
Intruder
Regular user
Intruder
Fig. 3. Users of the blockchain network
The block body is a collection of individual records (transactions), and the block header contains the main «secret» of blockchain technology: the header of each subsequent block contains the hash of the previous block and its own hash (fig. 5), which in turn guarantees the integrity of the block-chain data.
A minor change in the content of any block will result in a complete change in its hash, which in turn will require a change in the hashes of all subsequent blocks. Insert a new dummy block into the chain becomes impossible.
The hash block must meet important security rules that increase the level of network security. For example, in bitcoin, the hashes of blocks created by miners start with ten zeros, which sets the degree of new blocks creating complexity.
However, for any data set there is always a strictly one hash and to fulfill the hash requirement starting with ten zeros, it is necessary to generate and drop a huge number of unsuitable blocks until a block is found, the hash of which will meet this requirement, that is, will start with ten zeros, for example, will have this form: «00000000000000d1d2e97987d0e86679 ae6d7d4e45cb231969757cb7cb7ec0ef273d6ee».
Thus, any user can easily verify whether the sequence of blocks is correct, whether the block is missing, whether a new block is added, and whether the block hash corresponds to the data stored in it.
Fig. 4. The data block structure of the blockchain network
r -i
1 Block header 1
1 1 1 1 1
1 1 Previous block hash 1
1 1 Block hash 1 1
1 I— 1 i
1 Block body i 1
1 1
1 Transaction 1 1
1 1
1 Transaction 2 1
1 1
1 1 1
1 i
1 Transaction m 1 J
L
Fig. 5. The connectivity blocks in the blockchain
Once such a block is found, you must ensure that it has not been found before and is no longer included in the blockchain. If such a block has already been included in the blockchain, it is discarded and the search process is resumed until a unique block not yet included in the blockchain is found. Such laborious work reminds, figuratively speaking, search of pearl grain in a huge heap of manure.
Now about «mining» or «production» of blocks.
Mining of blocks
The miner is the same user of the blockchain network as everyone else. However, in addition to checking and disseminating data, he is still engaged in the creation of new blocks.
Receiving new transactions from the other network members, the miner gathers them together, generates the future block header and calculates the block hash. Let us consider an example for Bitcoin network: let us say after the first calculation made by the miner, the following hash value was obtained:
«5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729 d73a27fb57e9». However, according to the rules, the hash should start with ten zeros. To change the hash, you must change the original data. To do this, a special field called «Nonce»is provided in the header of the block. At the first calculation, it is equal to 0, at the second iteration of calculations the miner changes value of a field on 1. Now the hash has changed and became equal to
«6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e5 2ddb7875b4b». We see that the conditions imposed on the hash values of bitcoin network blocks are not met again; therefore, the miner must increase the value of the «Nonce» field to 2 and once again recalculate the hash. To find a suitable hash value, miner have to perform billions and trillions of recalculations on their computing power. In addition, when a suitable hash is found, the miner saves the block to the blockchain network and sends it to other participants. Now all the transactions in the block are confirmed and protected by the hash value of the block, which is very difficult to fake. Recall that the hash of the block is encoded and the hash of the previous block, which is now simply impossible to do.
The secret hashing key is in the fact that this process has progress. It does not matter when the hash search started, how
many records the block contains, how much time has been spent, how much hash has already been iterated - the probability of finding the required value at any iteration is always the same. This, in turn, means that it is impossible to make a preliminary calculation, it is impossible to «accumulate» new blocks and create a «warehouse» of blocks. Each miner has only one opportunity to get a suitable block - it is copulate, copulate and copulate.
For each block created in Bitcoin, as well as in other systems that provide cryptocurrencies, the miner receives a fee: who first found the required hash value, he created the block and earned. The link http://blockchain.info/ru/blocks it is possible to observe in real time how the born or extracted blocks, the hard work of miners for this, we have described the block-chain.
Transactions
The information in the blockchain network is transmitted via transactions. Transactions are signed with the user's Electronic Signature (ES). To do this, each user has 2 keys: key of electronic signature and the verification key of the electronic signature. The ES key is stored by the owner and is not available to other users. The ES verification key is distributed over the blockchain network along with transactions. The next user sends the transaction to the next user (fig. 6) along with the signed hash of the previous transaction and the key of the ES verification. The receiver can easily check each ES using the sender's ES verification key to confirm the correctness of the whole chain.
In order to protect the network from malicious attacks, users must openly publish transactions [4], and agree on the order in which they are to be conducted. The recipient needs proof that for each transaction in the chain, most users agree to consider it first.
Now it becomes clear that it is almost impossible to forge transactions or insert a dummy block into the blockchain network.
Blockchain users always consider the longest version of the chain to be the true one and continuously increase it. If 2 nodes of the network publish different versions of the next block at the same time, then one of the nodes of the network will get one version of the chain before, and some - another. In this
case, each of them will start working on its own version of the chain, keeping the other in case it will be continued earlier. The duality will disappear as soon as a new block is received that will continue any of the branches, and those nodes that worked on the competing version will switch to the chain with the new block that has become longer.
New transactions do not have to reach all nodes: if many nodes of the blockchain network know about them, they will soon fall into one of the blocks. Block distribution rules are also not strict about lost blocks: once a node that misses one of the blocks gets the next one, it will ask for the missing information to fill in the obvious pass.
Transaction 1
ES verification key of User 1
a
HASH
Transaction 2
ES verification key of User 2
rz
HASH
Transaction 3
ES verification key of User 3
Fig. 6. Link of transaction block blockchain data
Memory saving
Writing to the block of the last transaction in the chain allows nodes to delete all previous transactions in order to clear disk memory. All transactions in the block are stored in the form of a Merkle hash tree [5] and only its root is included in the block hash, which in turn ensures its immutability and integrity. The size of filled blocks can be reduced by removing unnecessary branches of this tree, it is not necessary to store intermediate hashes (fig. 7).
A few words about the amount of memory required to store blockchain network data. The header of an empty block takes about 80 bytes of memory. Based on the calculation of the block generation rate, we get an increase in the blockchain size of 4.2 MB per year on average once every ten minutes. For an average computer with 2 GB of RAM and taking into account Moore's law, which predicts the growth of memory of 1.2 GB per year, data storage, as the authors [4] believed, will not be a problem, even if all block headers are in memory. The authors of blockchain technology, apparently, were not much mistaken in their assessments. The total size of memory occupied by blockchain blocks and transactions at 03:00 hours on Decem-
ber 26, 2017 was 148,291 MB (source: https://blockchain. info/charts/blocks-size ).
In addition, transaction verification is possible without running a fully functional node. The user only needs to store the block headers of the longest chain he has received from other nodes and request a hash subtree for the necessary transaction. He cannot verify the correctness of the transaction itself, but after receiving a link to the block in which it is located, the user can easily make sure that this block and all subsequent accepted and confirmed by the network (fig. 8).
This method of verification can be used as long as the network is under the control of honest participants, that is, until the attackers do not take over most of the resources (more than 51%, the so called «attack 51%» [6]). Normal nodes can check transactions themselves, but if an attacker manages to generate the longest chain of blocks, he can compromise the simplified scheme with his fabricated transactions. One of the strategies to counter this can be sending alarms from normal nodes that receive a «false» block. This alarm will force the client program to load the block completely to independently confirm the incorrect data.
The hash tree of transactions The Hash-tree after removal of the transactions 0, 1, 2
Fig. 7. The Merkle Tree
Fig. 8. Blockchain network block chain
SOME CALCULATIONS
consider a scenario in which an attacker attempts to generate a sequence of blocks that are longer than those generated by normal users (honest network members). Even if he succeeds in this, it will not lead to success. Nodes will never accept an invalid transaction or block containing it. An attacker can only attempt to modify one or more of his transactions, but this can also be easily detected.
The race between users and the attacker can be thought of as a binomial random walk. A successful event, when a
«good» chain is extended by one block, leads to an increase in the separation by one, and unsuccessful, when the next block is created by an attacker, — to reduce the separation.
The probability that an attacker succeeds, as well as the probability that the attacker will be able to catch up with honest participants, is calculated as follows [7]:
qz - the probability that the attacker will make up, the gap in the z blocks.
qz = 1, if p < q, qz = (q / p)z , if p > q, where p - the probability of a block in an honest chain;
q - the probability of a block being created by an attacker;
qz - the probability that the attacker will make up, the gap in the z blocks.
If p > q, the probability of qz decreases exponentially as the number of blocks z that the attacker lags behind increases. Since the attacker is in a deliberately worse situation, then without a large successful breakthrough at the very beginning of the process of creating a blockchain, his chances of success are negligible.
If we take into account that the expectation of the rate of generation of honest blocks is a known value, the number of blocks created by an attacker can be considered subject to an exponential distribution with mathematical expectation
x=z^. p
To calculate the value of P - probability that the attacker will be ahead of the respectable participants, multiply the random value - the number of blocks created by the offender, the probability that he will be able to level the remaining difference and eventually get:
to ykg—X
P = >-(q / P)Zif k < z and
k=0 k! to *\k -X
„ v"1 x e P = > -if k > z.
to k!
By rearranging the summands and changing the symbol ® to z, that is, getting rid of infinity, we get the following expression:
p=SAkrr(1 - (q / pz-k
k=0 k !
Table 2 and 3 the results of calculations of P value depending on z values for q = 0,1 are presented (table 2) and q = 0,3 (table 3), and in figures 9 and 10 - the diagrams corresponding to them.
TABLE 2. The results of P calculations at q = 0,1
TABLE 3. The results of P calculations at q = 0,3
q = 0,1
z P
0 1,0000000
1 0,2045873
2 0,0509779
3 0,0131722
4 0,0034552
5 0,0009137
6 0,0002428
7 0,0000647
8 0,0000173
9 0,0000046
10 0.0000012
q = 0,3
z P
0 1,0000000
5 0,1773523
10 0,0416605
15 0,0101008
20 0,0024804
25 0,0006132
30 0,0001522
35 0,0000379
40 0,0000095
45 0,0000024
50 0,0000006
Fig. 9. Graphic representation of P calculations at q = 0,1
Fig. 10. Graphic representation of P calculations at q = 0,3. calculations at q = 0,1
Conclusion
Therefore, we have read the blockchain device in detail. The attractive side of the blockchain network is the simplicity of its structure. Each node of the network works completely independently, sometimes exchanging information with other nodes. At the same time, there is no need for strict identification, since the messages are transmitted not by any given route, but only in accordance with the principle of «lowest cost». Nodes can leave the blockchain network and reconnect to it, always loading the longest chain of blocks in order to confirm the missed transaction history. Each node independently agrees to load the correct block into the chain, and use its processing power to extend the loaded chain, or failure if the loaded block contains incorrect data without extending the chain. Any other rules of the protocol could be implemented through such a simple voting mechanism. All attempts of the malefactors who do not possess the prevailing part of resources of the blockchain network to replace the checked records become practically impossible from the computational point of view. Blockchain technology is reliable, simple and open. its advantages are obvious.
References
1. Vijay Ganesh (University of Waterloo). Cryptographic Hash Functions 2013. https://ece.uwaterloo.ca/~vganesh/ TEACHING/W2013/ECE458/Lecture- 11.pdf.
2. Стандарт безопасного хэша (SHS). FIPS PUB 180-3. Лаборатория информационных технологий института
стандартов и технологий, Gaithersburg, MD 20899-8900, Октябрь 2008. http://mzdm.narod.ru/FIPS-180-3-Rus.pdf.
3. Alternate HASH-Generator 1.450, https://xetcom.com/programs/system/components/275-alternate-hash-generator.
4. Satoshi Nakamoto: Bitcoin. A Peer-to-Peer Electronic Cash System, satoshin@gmx.com, 2008. https://bitcoin.org/bitcoin.pdf.
5. R. C. Merkle, «Protocols for public key cryptosystem», in Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society, pages 122-133, April 1980.
6. George Shnurenko. Bitcoin 51% Attack: How It Works, How Much Bitcoin 51 Attack Costs. https://cryptocomes.com/bitcoin-51-attack-how-it-works-how-much-bitcoin-51 -attack-costs.
7. Feller V. Introduction to probability theory and its applications. In 2 volumes. Vol. 1:Intr. with English. - M. : publishing Mir, 1984, - 528 p.
8. 3D Explorer, http://blockchain3d.info/
9. Michael Crosby (Google), Nachiappan (Yahoo), Pradhan Pattanayak (Yahoo), Sanjeev Verma (Samsung Research America), Vignesh Kalyanaraman (Fairchild Semiconductor). Sutardja Center for Entrepreneurship & Technology Technical Report, Date: October 16, 2015. https://scet.berkeley.edu/wp-content/uploads/BlockchainPaper.pdf.
10. Tania H. How the Blockchain Works. https://rubygarage.org/blog/how-blockchain-works.
Еще раз о технологии В1оекеЬаш
В.Н. Кустов, Т. Л. Станкевич Петербургский Государственный университет путей сообщения Императора Александра I
kvnvika@mail.ru, Stankevich-t@gaz-is.ru
Аннотация. В последнее время о технологии ЫоекеЬат не писал и не говорил только ленивый. В1оекеЬаш - что это: технология будущего или самообман в свете ее малой изученности и применимости на сегодняшний день? Рассуждать, отвечая на этот вопрос, можно долго и упорно. В статье рассмотрены технологические особенности ее реализации, которые часто остаются «за кадром» либо освещаются с помощью некоторого поверхностного, короткого и не раскрывающего сущность описания.
Ключевые слова: блокчейн, блок, транзакция, дерево Меркла, майнинг, хэш, майнер, узел.
Литературы
1. Vijay Ganesh (University of Waterloo). Cryptographic Hash Functions 2013. https://ece.uwaterloo.ca/ ~vgane sh/TEACHING/W 2013 /ECE458/Lecture -11 .pdf.
2. Стандарт безопасного хэша (SHS). FIPS PUB 180-3. Лаборатория информационных технологий института стандартов и технологий, Gaithersburg, MD 20899-8900, Октябрь 2008. http://mzdm.narod.ru/FIPS-180-3-Rus.pdf.
3. Alternate HASH-Generator 1.450 [Электронный ресурс]. - Режим доступа: https://xetcom.com/programs/ system/components/275-alternate-hash-generator/.
4. Satoshi Nakamoto: Bitcoin.APeer-to-Peer Electronic Cash System [Электронный ресурс]. - Режим доступа: https://bitcoin.org/bitcoin.pdf.
5. Merkle R. C. Protocols for public key cryptosystems, In Proc. 1980 Symposium on Security and Privacy, IEEE Computer Society. April 1980. - Р. 122-133.
6. George Shnurenko. Bitcoin 51% Attack: How It Works, How Much Bitcoin 51 Attack Costs. https://cryptocomes.com/bitcoin-51-attack-how-it-works-how-much-bitcoin-51 -attack-costs.
7. Феллер В. Введение в теорию вероятностей и ее приложения. В 2 т. Т. 1; пер.с англ. - М. : Мир. - 1984. - 528 с.
8. 3D Explorer [Электронный ресурс]. - Режим доступа: http ://blockchain3d. info/.
9. Michael Crosby (Google), Nachiappan (Yahoo), Pradhan Pattanayak (Yahoo), Sanjeev Verma (Samsung Research America), Vignesh Kalyanaraman (Fairchild Semiconductor). Sutardja Center for Entrepreneurship & Technology Technical Report, Date: October 16, 2015. https://scet.berkeley.edu/wp-content/uploads/BlockchainPaper.pdf.
10. Tania H. How the Blockchain Works. https://rubygarage.org/blog/how-blockchain-works.
