a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by wasoxygen
wasoxygen  ·  1539 days ago  ·  link  ·    ·  parent  ·  post: Blockchain, the amazing solution for almost nothing

I'm no expert, but I think your description is fairly accurate.

    1. Blockchains are kept "authentic" by calculating a set of hashes which are updated each time a transaction occurs.

Yes, the chain of hashes is the core principle guaranteeing the integrity of the blockchain. As you are probably aware, a hash function takes data as input and produces a string. The SHA-256 function used by bitcoin produces a 64-character hex string that might look like this:

  be9056c3804a0d6797c7e28b9408ed9a80dac5a36cfdf47de13d2c2d18c122fb

Every unique input value is expected to produce a unique hash, and a key principle is that it is easy to generate the hash from the input, but almost impossible to figure out what the input was if you are given the hash, you might as well just guess the input, hash it and see if it matches.

    2. All past transactions have an effect on the current hash, therefore you cannot modify any prior transactions without also affecting the hash, making it obvious if someone has tampered with it.

Exactly. A set of transactions are gathered into a set called a block. Some summary information and a random number called the nonce is added in. This whole package is the input data, and the resulting hash is an identifying fingerprint for the whole block. The next block includes the previous hash, a new set of transactions and summary information and another random nonce, forming the input for the next hash.

Because the hash function is easy to calculate in one direction, anyone can check the chain of hashes. If a single bit of data at any point in the chain is altered, the next hash and all the following hashes will be different.

    3. This is only valid if there is more than one copy of the blockchain (or parts of the chain, I'm sure nobody is sitting there with the entire Bitcoin chain, it's probably huge), because otherwise the hash changing is meaningless, nobody would be able to tell if it was tampered with or not as you could just recalculate the whole thing.

The bitcoin blockchain is over 100 gigabytes, not small but it would fit on a $30 USB drive. Someone could use the client software to confirm that their copy of the blockchain is valid, meaning that the chain of hashes checks out mathematically. But this would not prove that the blockchain matches any other blockchain in use by others. Anyone can create a blockchain, and there are many blockchains that are not widely used and not valuable.

    4. A higher number of users (and part holders) of the chain increases the security of the chain, because if there were, for example, only three users, two of them could agree to both make the same false transaction, and validate each other. The consensus then goes in their favour.

Security is provided by the mathematics of the hash, and the algorithms in the software which have proven fairly robust over time. Bitcoin blocks are added about six per hour, and consensus is based on a simple rule: whichever blockchain is longest at the moment is the official blockchain. Therefore the most recent transactions, packaged in the most recent block, are considered tentative, since there could be an alternate valid block that contains the same transactions. Only after a second and third block appear are the earlier transactions considered more or less final.

You refer to the 51% attack, a known vulnerability. If a majority of the users creating new blocks (the miners) conspire, they can secretly create valid new blocks without sharing them to the network. After several blocks are published on the public blockchain, the cabal publishes their evil twin blockchain. Since the cabal has more computing power than the rest of the network (more than half), the evil blockchain will be longer, and therefore accepted as official by the network.

The cabal benefits because they used transactions in the doomed blocks of the public blockchain to buy stuff (cash or other digital assets, something that can't be easily reversed). But they don't put these transactions in the evil blockchain, so their balances are not debited in the evil blocks, and they can spend those funds again.

There are some game theory reasons that reduce the risk of a 51% attack, one being that it would wreck confidence in the network and reduce demand and value for the entire blockchain (which, if it is worth attacking, is a big asset for the cabal), but the algorithm itself can't prevent such an attack and it has happened on some blockchains.

    5. Because the entire chain is in a way involved in calculating the hash for the latest transaction, the cost of calculating it increases over time.

The difficulty, and therefore cost, of mining a new block, is entirely determined by the algorithm. Creating a valid block is easy, you just take the previous hash, add some recent transactions and summary data, and a random nonce number, and calculate a new hash. A typical desktop computer can calculate millions of hashes in a second.

But the algorithm is picky, and rejects most hashes. The goal is to accept one new block every ten minutes, no matter how many people are on the network making hashes, so the algorithm makes the arbitrary requirement that an acceptable hash, which is basically a bunch of random digits, must start with a series of zeroes. The miner changes the value of the nonce each time they make a new hash, hoping to get lucky with a hash that starts with enough zeroes.

You can check the most recent bitcoin blocks and see the accepted hashes. Right now the latest winner is

  0000000000000000000bff61e1ae588ae7c575b28736bddbee09a89218eb3404

If, for whatever reason, more people start generating hashes, the next block will probably appear before ten minutes. That's fine, but if it goes on for too long the blockchain will grow faster than intended, sending more mining rewards out so the amount of bitcoin in circulation grows faster than planned. In that case, the algorithm will increase the difficulty, demanding MOAR ZEROES, to slow down the rate of blocks. These tune-ups happen every two weeks or so.

It's also possible that fewer people will mine bitcoin, perhaps turning to other cryptocurrencies when the price drops. If that happens the difficulty will be reduced, to keep the production rate steady.

I made a toy mining simulator, to get a feel for how hard it is to come up with a winning hash. For popular cryptocurrencies, it's not cost-effective to use a desktop computer, when a rig capable of generating trillions of hashes per second won't find enough lucky hashes to pay for the electricity it uses.

So that's the way you could tell that a given blockchain is a big deal. With one simple computation, you can verify that the output hash satisfies an entirely arbitrary but inconceivably restrictive standard of being so very close to zero. Discovering the input value that produces such a low hash required computations consuming as much energy as Switzerland uses, year after year.

(I would like to perform that hash myself, generating a recent accepted block hash, but I haven't been able to piece together the input values that work in a SHA-256 tool to get a bitcoin output hash.)





CrazyEyeJoe  ·  1537 days ago  ·  link  ·  

Thanks, that clarifies it quite a bit.

If I understand correctly; apart from my guess that the blockchain might be kept in parts by different users (turns out the whole block chain must be stored by each user), the only thing I had fundamentally misunderstood is that the calculation cost goes up for every transaction. It does not, since you only use the latest hash to calculate the next one (plus all the new data, obviously).

Pretty funny, since that was pretty much the only one that mattered for the point I wanted to make (blockchains being power inefficient).

wasoxygen  ·  1537 days ago  ·  link  ·  

In practice, most users don't run bitcoin software at all, but interact with service providers like Coinbase. You can also run client software that only downloads part of the blockchain and allows you to generate new wallet addresses, monitor the network, and initiate transactions. Many clients are suitable for portable devices.

You can even run client software on a computer that never connects to the internet, using it to create new addresses with minimal risk that the private keys will be stolen. Bitcoins don't really change hands, they are always in the blockchain, assigned to addresses. Individuals control private keys, which give them the ability to initiate transfers from an address.

The power consumption is considerable and a fair source of criticism, as the low hashes produced by all that effort have no use beyond proving that you did a lot of work.