Blockchain: opportunities, structure, digital signature and assignment for a student, part 1

Published on January 31, 2018

Blockchain: opportunities, structure, digital signature and assignment for a student, part 1

    Foreword


    I work as an assistant at the university (as a hobby), I decided to write several laboratory for students in the discipline "distributed systems". In the first part, we will talk about the possibilities of the blockchain, the structure and digital signature, and in the second part about: signature verification, mining and approximate network organization. I note that I am not a specialist in distributed systems (network organization may be incorrect).


    Structure and features


    Blockchain is a type of distributed data storage that uses 3 previously known technologies: peer-to-peer networks, encryption and databases. The database is a chain of blocks, which is specially encrypted and stored on all network nodes in the same form (replication is an exact copy). The whole secret lies in the connections between blocks due to cryptography, as a result it is almost impossible to fake information in blocks.
    Blockchain allows you to securely distribute and / or process data between several persons through an untrusted network. Data can be anything, but the most interesting option for data is the ability to transmit information that requires a third trusted party. Examples of such information are money (require the participation of a bank), property rights (require the participation of a notary), a loan agreement, etc. In essence, the blockchain eliminates the need for a third party to participate.

    The most interesting projects where blockchain is used:
    1. Monegraph allows authors to secure the rights to their work and establish rules (and payments) for the use of their work;
    2. La Zooz is a decentralized Uber. Offer your car, find a carrier without a fee to Uber;
    3. Augur is an online bookmaker. Place bets and get a win;
    4. Storj.io is a P2P data warehouse. Give your unused disk space or find the cheapest online storage;
    5. Muse is a distributed, open and transparent database specifically for the music industry;
    6. Ripple allows for low-cost cross-border payments to banks;
    7. Golem is an open source global decentralized supercomputer that anyone can access to perform distributed computing (from image processing to research and website launching). Using Golem, users can buy or sell computing power among themselves;
    8. Many other cryptocurrencies are characterized by high anonymity of work, low cost of transfers, smart contracts, etc.


    Database


    In its simplest form, a database (DB) is a chain of blocks, which can be represented as a JSON file.

    Block structure


    Each block consists of an address, creation date and time, a hash, and a list of transactions. As in figure 1.
    • Address - a public key generated by an asymmetric encryption algorithm (for example, RSA), based on a private key invented by the user;
    • Date and time - the moment when the block was created (the transaction also has a date and time of creation);
    • Hash (binder) - calculated using SHA512 from the address of the previous block and the sum of the hashes of all transactions in the current block, why the binder? Because when calculating it, the address of the previous block is required;
    • Information - message, amount of money (cryptocurrencies), documents, medical history, program code (smart contracts), etc.



    Figure 1 - a blockchain of 3 blocks

    For a simple understanding of what a block is, just imagine it in the form of a chest with a lock, when you want to put something there, you need to unlock the lock with a key, this key is created by you when creating block and is called the private key.

    Electronic digital signature


    So that the information inside the transactions cannot be faked, each transaction inside the block is signed with an electronic digital signature (EDS).
    An electronic-digital signature is a sequence of bytes formed by converting the signed information using a cryptographic algorithm and intended to verify the authorship of an electronic document.
    EDS is based on the use of asymmetric encryption and hash functions.
    Briefly about encryption methods:
    • symmetric encryption uses the same key for both encryption and decryption;
    • asymmetric encryption uses two different keys: one for encryption (also called public), and the other for decryption (called private).

    In asymmetric encryption algorithms, encryption is performed using the public key, and decryption using the private key.
    But in asymmetric digital signature schemes, signing is performed using a private key, and signature verification is performed using a public key, that is, we encrypt it with a private key and verify it with an open one (do not “decrypt” this “verify”, do not confuse).
    One such algorithm may be RSA. The choice of asymmetric encryption is justified by the fact that other network participants must make sure that it is the block owner who made the changes and signed the block with his signature (verification is described in the second part ).

    Private and public keys


    The private (private) key is generated by the user himself, used to sign transactions. It is kept secret, whoever owns the private key has access to the blockchain cell, which can be represented by a wallet, a container with any data (for example, personal correspondence, important documents, etc.).
    The public (public) key must be generated on the basis of the private key, that is, there is a mathematical connection between them (the public key was not invented from the head). It can be published, moreover, in the blockchain it is used as the address of the block, as well as as an authentication verification of information in other blocks by third-party network participants. Knowing the public key makes it impossible to determine the private key.

    Algorithm for signing information (document)


    To create a signature you will need:
    • Asymmetric encryption algorithm (for example, RSA);
    • Hash function (e.g. SHA512);
    • Information that we are going to sign.

    Since asymmetric algorithms are rather slow compared to symmetric ones, the volume of data being signed plays a big role and if it is large, they usually take a hash from the data being signed, not the data itself. A hash is obtained using hash functions, for example, SHA512, which receives some information as input and returns a hash of a certain length. The hash function is like a meat grinder, you can scroll the meat and get the minced meat, but you can’t get the meat back from the minced meat. Thus, the digital signature is not placed on the document itself, but on its hash. Hash functions are not part of the EDS algorithm, so any reliable hash function can be used in the scheme.
    Stages:
    1. Using RSA, we generate a pair of public and private keys;
    2. We substitute the signed data into the SHA512 function and get a hash;
    3. The resulting hash and private key are substituted into the RSA asymmetric encryption function, that is, RSAEncode (hash from information, private key), at the output we get the line - EDS.

    The data signing algorithm is shown in Figure 2.

    Figure 2 - data signing algorithm

    Block hash


    The binding hash is recalculated each time a new transaction is added. It is considered by summing all the transaction hashes of the current block and the address of the previous block:
    Хэш (связующий) = SHA512(block_prev_adress_hash + transaction_hash1 + transaction_hash2 + … + transaction_hashN)

    For example, from Figure 1 it can be seen that the hash of the 3rd block was calculated as the address of the second block and two hashes of two internal transactions:
    Хэш 3 блока = SHA512(JD9100...NNBAXVB + B35BCA...H78C + A144...875D)

    It is the connecting hash that combines the blocks into a single chain and most importantly protects the blockchain from fraud by attackers. Suppose, if someone wants to “throw out” or insert his block in the middle of the chain, then the blocks following him will no longer pass the test, because their hash was based on the address that they want to replace or remove. How network participants check or monitor network integrity will be discussed in the next part .

    C # Signature Example


    To generate a key pair, you can use various libraries, for example, the C # language has a built-in package for working with encryption and digital signature algorithms.
    
    // Создание новой пары ключей размера 1024 бит
    RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(1024); 
    // приватный ключ, представляется ввиде строки XML
    string privateKey = rsa.ToXmlString(true);
    // публичный ключ, редставляется ввиде строки XML
    string publicKey = rsa.ToXmlString(false);
    

    The resulting private key should be stored in a separate file, the public key is the address of the block, so it does not need to be stored.
    Thus, for each user, the login is the address of the block (public key), and the password is the private key, knowing these two keys, you can access the blockchain cell located under this address and manage the information in it.
    The signature of arbitrary data by the RSA encryption algorithm, we transfer the data and the private key, we get the signature:
    
    private static string SignData(string data, string privateKey)
    {
        // Получаем объект класса RSA через провайдер
        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(1024);
        // Говорим, что у нас уже есть приватный ключ (например взятый из файла) и следует использовать его
        rsa.FromXmlString(privateKey);
        // Преобразуем символы строки в последовательность байтов   
        byte[] byteData = Encoding.UTF8.GetBytes(data);
        // Хэшируем наши данные с помощью SHA512 и подписываем уже полученный хэш (то есть, берется уже хэш от данных, а не сами данные)
        byte[] signedByteData = rsa.SignData(byteData, CryptoConfig.MapNameToOID("SHA512"));
        // Конвертируем массив байтов в строкове представление в кодировке Base64
        string signedData = Convert.ToBase64String(signedByteData);
        // Возвращаем ЭЦП
        return signedData;
    }
    

    The task


    It is necessary to implement a PS storing a chain of blocks in a separate file in JSON format, each time a new block or transaction is added, it is necessary to update the file.
    Customer Features:
    1. Registration of a new user (one block = 1 user) - that is, create a new block, return the private key to the user, and use the public key as the address of the block;
    2. Authorization - access to the blockchain cell, login is the address of the block, password is the private key;
    3. After authorization - insert a transaction with arbitrary information in the block (not in any, but in the one to which you have access);
    4. View the list of blocks and transactions in an understandable way.

    The structure of the block and transactions should correspond to the description in the manual. It is also necessary to store the private keys of users in a separate file (in this blockchain, each user has his private key, we need such functionality to check the operability of the program).

    Continuation - signature verification, mining and sample network organization

    Sources