Blockchain Technology

PREPARED BY: DR. REEMA PATEL

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 1

Cryptography for Blockchain
• Crypto basics that are essential for blockchain technology
• Hash functions and their properties
• Public key cryptosystems
• Digital signature
• Hash puzzles
• Hash pointers
• Merkle data structures

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 2

Hashing Data -
Identifying data from their digital fingerprint
• Fingerprints are impressions of the friction ridges of all or any part of the fingers of the human hand.
• They are considered to be able to identify humans uniquely.
• They have been used to investigate crimes, identify offenders, and to exonerate the innocent.
• Concept for identifying data - digital equivalent to fingerprints.
• The concept is called cryptographic hash value
◦ the blockchain makes extensive use of it

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 3

Hashing Data
• In the distributed peer-to-peer system,
◦ deal with a huge number of transaction data.
• need to identify data uniquely and compare them as quickly and as easily as possible
• Goal: identify transaction data and possibly any kind of data uniquely by their digital fingerprints

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 4

Hashing Data
• Hash Function: Takes Message as input and produces a fixed length output.
• Hash functions are functions that compress an input of arbitrary length to a result with a fixed length.

Fixed Length
Message M Hash Function Hash Code h

• h = H(M) :- M - Arbitrary length message, h- Fixed length hash code

• An n–bit hash is a map from arbitrary length message to n-bit hash value.
• n-bit hash value referred as a hash-value, hash-code, hash-result, message digest, digital fingerprint or
simply hash.
• Hash Functions are used for data integrity and authentication.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 5

 Hash Function
• Easy to compute
• Almost impossible to reverse
• Security properties:
◦ Collision-resistant
◦ Hides the original string
◦ Almost impossible to get the original string from the output
◦ Puzzle friendly

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 6

Requirements of Cryptographic Hash Function
• Cryptographic hash functions have the following properties:
◦ Providing hash values for any kind of data quickly
◦ Being deterministic
◦ Being pseudorandom
◦ Being one-way functions (preimage resistant)
◦ Being collision resistant

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 7

Requirements of Cryptographic Hash Function
• Deterministic
◦ hash function yields identical hash values for identical input data.

• Pseudorandom
◦ Being pseudorandom means that the hash value returned by a hash function changes unpredictably when
the input data are changed.
◦ Even if the input data were changed only a little bit, the resulting hash value will differ unpredictably.
◦ It should not be possible to predict the hash value based on the input data

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 8

Requirements of Cryptographic Hash Function
• One-Way Function
◦ it is impossible to recover the original input data based on the hash value.

• Collision Resistant
◦ A hash function is called collision resistant if it is very hard to find two or more distinct pieces of input data
for which it yields the identical hash value.
• Hash Value Output : Hexadecimal Number
• Trying It Out Hash Value:
◦ http://www.blockchain-basics.com/HashFunctions.html

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 9

Requirements of Cryptographic Hash Function
• Given a function h:X ->Y, then we say that h is:

• Preimage Resistant (one-way):-

◦ Given only a message digest h, can’t find any message (x or x’) (or preimage) that generates that digest.
Roughly speaking, the hash function must be one-way.
◦ If given 𝑦 ∈ 𝑌 it is computationally infeasible to find a value 𝑥 ∈ 𝑋 , s.t. ℎ 𝑥 = 𝑦
◦ Also referred as one-wayness

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 10

Requirements of Cryptographic Hash Function
• Second preimage resistant
◦ Given one message, can’t find another message that has the same message digest.
◦ It is computationally infeasible to find any second input which has the same output as any specified input.
◦ An attack that finds a second message with the same message digest is a second pre-image attack.
◦ If given x∈ 𝑋 it is computationally infeasible to find a value 𝑥′ ∈ 𝑋 , 𝑥 ′ ≠ 𝑥 and h 𝑥 ′ = ℎ(𝑥)
◦ Also referred as weak-collision resistance

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 11

Requirements of Cryptographic Hash Function
• Collision resistant
◦ Can’t find any two different messages with the same message digest
◦ It is computationally infeasible to find any two distinct input x and x’ which has same output h.
◦ Collision resistance implies second preimage resistance

◦ If it is computationally infeasible to find two distinct values 𝑥, 𝑥′ ∈ 𝑋 , s.t. h 𝑥 ′ = ℎ(𝑥)

◦ Also referred as strong collision resistance

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 12

How It Works

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 13

• A small change in the
data results in a
significant change in
the output – called
avalanche effect

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 14

Patterns of Hashing Data
• Independent Hashing:

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 15

Patterns of Hashing Data
• Repeated Hashing Combined Hashing

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 16

Patterns of Hashing Data
• Sequential Hashing Hierarchical Hashing

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 17

Uses of hash functions
• Timestamping
• Message authentication
• Software integrity
• One-time Passwords
• Digital signature
• Certificate revocation management

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 18

Uses of hash functions
• The first use – time stamp a digital document

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 19

Hashing in the Real World - Comparing Data
• Comparing Data:
◦ Compare data (e.g., files or transaction data) without comparing their content piece by piece and
to make comparing any kind of data, regardless of their size and content,
◦ as easy as comparing two numbers
◦ calculate and compare the cryptographic hash value of all data under consideration.
◦ If all of the cryptographic hash values differ, all the data under consideration differ as well.
◦ If two or more of the cryptographic hash values are identical, their corresponding input data are
also identical.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 20

Hashing in the Real World - Referring to Data in a
Change-Sensitive Manner
• Referring to Data in a Change-Sensitive Manner:
◦ Comparing data and detecting changes based on their hash values can be considered basic use
cases of hash values.
◦ A slightly more advanced application case of hash values is hash references
• The goal is to store a large amount of data e.g., transaction data that are supposed to stay
unchanged.
• Any changes to these data are to be detected quickly and easily.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 21

Hashing in the Real World - Referring to Data in a
Change-Sensitive Manner
• There are two classical patterns of using hash references in order to store data in a change-
sensitive manner:
◦ The Chain
◦ The Tree

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 22

Hashing in the Real World - Referring to Data in a
Change-Sensitive Manner
• The Chain:
• A chain of linked data, also called a linked list
◦ is formed when each piece of data also contains a hash reference to another piece of data
◦ Such a structure is useful for storing and linking data together that are not fully available at one
given point in time but instead arrive step by step in an ongoing fashion
◦ Figure: Data linked together in a chain-like fashion

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 23

Hashing in the Real World - Referring to Data in a
Change-Sensitive Manner
• The Tree:
• Data linked together in a
tree-like fashion

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 24

Hashing in the Real World - Causing Time-
Consuming Computations
• Hash values are not only useful for making basic file operations such as comparing,
referring and storing data secure and efficient.
• Hash values can also be used to allow computers to challenge other computers with
elaborate puzzles.
• This usage of hash values is one of the most important concept of the blockchain.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 25

Hashing in the Real World - Causing Time-
Consuming Computations
• You may need to create puzzles that require computational resources in order to be
solved.
• It should not be possible to solve these puzzles based on knowledge or data stored
somewhere or by means of thinking, like an IQ test or a knowledge test.
• The only way to solve these puzzle is by sheer computational power and hard
computational work.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 26

Hashing in the Real World - Causing Time-
Consuming Computations
• Elements of a hash puzzle are:
◦ Given data that have to be kept unchanged
◦ Data that can be freely changed, the so-called nonce
◦ The hash function to be applied
◦ Restrictions on the hash value of the combined hashing, also called the difficulty level

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 27

Hashing in the Real World - Causing Time-
Consuming Computations
• Combined hashing is
applied to the data and the
nonce.
• The resulting hash value
has to fulfill the given
restrictions.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 28

Hashing in the Real World - Causing Time-
Consuming Computations
• Hash puzzles can only be solved by trial and error.
• This requires guessing a nonce, calculating the hash value of the combined data with the
required hash function, and evaluating the resulting hash value based on the restrictions.
• If the hash value satisfies the restrictions, you will have solved the hash puzzle;
• otherwise, you would continue with another nonce until you eventually solve the puzzle.
• The nonce that, when combined with the given data, yields a hash value that satisfies the
restrictions is called the solution.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 29

Hashing in the Real World - Causing Time-
Consuming Computations
• Example

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 30

Hashing in the Real World - Causing Time-
Consuming Computations
• Difficulty Level:
• Requiring the hash value to fulfill a certain restriction is the core of the hash puzzle.
• In the context of hash puzzles, the restrictions are often called difficulty or difficulty level,
• The difficulty is expressed as a natural number and refers to the number of leading zeros the hash
value has to have.
• a difficulty of 1 means that the hash value has to have (at least) one leading zero,
• while a difficulty of 10 means that the hash value has to have at least 10 leading zeros.
• The higher the difficulty level, the more leading zeros are required and the more complicated the
hash puzzle is.
• The more complicated the hash puzzle is, the more computational power or time are needed to
solve it.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 31

Hashing in the Real World - Causing Time-
Consuming Computations
• The functioning of hash puzzles critically depends on the fact that hash functions are one-
way functions.
• Hash puzzles can only be solved by trial and error, which consumes a lot of computing
power and hence a lot of time and energy.
• The level of difficulty directly influences the number of trials needed on average for finding
the solution, which in turn influences the computational resources or the time needed to
find the solution.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 32

Hashing in Blockchain
• In the context of the blockchain, hash puzzles are often called proof of work, as their solution proves that
someone has done the work necessary to solve it.

• Usage of Hashing in the Blockchain:

◦ Storing transaction data in a change-sensitive manner
◦ As a digital fingerprint of transaction data
◦ As a way to incur computational costs for changing the blockchain-data-structure

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 33

MD5 Hash Algorithm

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 34

MD5
• Preparing the input
◦ The MD5 algorithm first divides the input in blocks of 512 bits each.
◦ 64 Bits are appended at the end of the last block. These 64 bits represent the length of the original input.
◦ If the last block is less than 512 bits, the message is padded (1 followed by 0s) such that its length ≡ 448
mod 512
◦ Next, each block is divided into 16 words of 32 bits each. These are denoted as M0 ... M15.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 35

MD5
• MD5 helper functions
◦ MD5 uses a buffer that is made up of four words that are each 32 bits long. These words are called A, B, C
and D. They are initialized as
◦ A = 01 23 45 67
◦ B = 89 AB CD EF
◦ C = FE DC BA 98
◦ D = 76 54 32 10
◦ These words are called chaining variables
• Ki = Constant Value derived from sin function
◦ abs(sin(i)) * 232

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 36

MD5
• Four auxiliary functions
◦ In addition MD5 uses four auxiliary functions that each take as input three 32-bit words and produce as
output one 32-bit word.
◦ They apply the logical operators and, or, not and xor to the input bits.
◦ The message is processed in 16-word (512-bit) chunks, using 4 rounds of 16 steps each
• 𝐹 𝐴, 𝐵, 𝐶 = 𝐴 ∧ 𝐵 ∨ ~𝐴 ∧ 𝐶
• 𝐺 𝐴, 𝐵, 𝐶 = 𝐴 ∧ 𝐶 ∨ 𝐵 ∧ ~𝐶
• 𝐻 𝐴, 𝐵, 𝐶 = 𝐴 ⨁𝐵⨁𝐶
• 𝐼 𝐴, 𝐵, 𝐶 = 𝐵⨁(𝐴⋀~𝐶)

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 37

MD5

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 38

 MD5
• Round 1
◦ FF(a,b,c,d,Mj,s,ti) denotes a = b + ((a + F(b,c,d ) + Mj + ti) <<< s)
◦ 16steps:
◦ FF (a, b, c, d, M0, 7, 0xd76aa478)
◦ FF (d, a, b, c, M1, 12, 0xe8c7b756)
....
◦ FF (b, c, d, a, M15, 22, 0x49b40821)

• Round2
◦ GG(a,b,c,d,Mj,s,ti) denotes a = b + ((a + G(b,c,d ) + Mj + ti) <<< s)
◦ GG (a, b, c, d, M1, 5, 0xf61e2562) ..... Upto 16steps

• Round3
◦ HH(a,b,c,d,Mj,s,ti) denotes a = b + ((a + H(b,c,d) + Mj + ti) <<< s)
◦ HH (a, b, c, d, M5, 4, 0xfffa3942) ….16steps

• Round4
◦ II(a,b,c,d,Mj,s,ti) denotes a = b + ((a + I(b,c,d ) + Mj + ti) <<< s)
◦ II (a, b, c, d, M0, 6, 0xf4292244) .....16 steps

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 39

MD5
• After all of this, a, b, c, and d are added to A, B, C, D, respectively, and the algorithm continues with the next
block of data.
• The final output is the concatenation of A, B, C, and D.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 40

MD5
• Berson (1992): for a single-round MD5, he used differential cryptanalysis to find two messages producing the
same hash. Attack does not work for 4-round MD5.

• Boer & Bosselaers(1993): found a pseudo collision (same message, two different IV’s)

• Dobbertin (1996) created collisions on MD5 compression function with a chosen IV

• Wang, Feng, Lai, Yu found collisions of MD5
◦ works on any IV
◦ easy to find multiple collisions
• Collisions for the compression function of MD5 have been demonstrated

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 41

 Secure Hash Algorithm (SHA)
• SHA originally designed by NIST (National Institute of standards and technology) and published as a Federal
Information Processing Standard (FIPS 180) in 1993.
• Was revised in 1995 as FIPS 180-1 and referred to as SHA-1, also Internet RFC3174
• The algorithm is SHA, the standard is SHS
• Three generations of Secure Hash Algorithm

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 42

Revised Secure Hash Standard
SHA-Generation SHA-1 SHA-2 SHA-3
SHA-1 SHA-256 SHA-384 SHA-512 future hash
Message digest 160 256 384 512 function
size standard still in
development
Message size < 264 < 264 < 2128 < 2128
Block size 512 512 1024 1024
Word Size 32 32 64 64
Number of Steps 80 64 80 80

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 43

SHA-1
• SHA-1 produces a 160-bit digest from a message with a maximum length of (264 − 1) bits.
• SHA-1 is based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4
and MD5 message digest algorithms.
• Preprocessing : exactly same as MD5

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 44

Description of SHA-1

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 45

SHA-1
• Five chaining variables
◦ A = 67452301
◦ B = efcdab89
◦ C = 98badcfe
◦ D = 10325476
◦ E = c3d2e1f0
• Main loop : Four rounds of 20 operations each
◦ ft(X,Y,Z) = (X Λ Y) ν ((¬ X) Λ Z), for t=0 to 19
◦ ft(X,Y,Z) = X + Y + Z, for t = 20 to 39
◦ ft(X,Y,Z) = (X Λ Y) ν (X Λ Z) ν (Y Λ Z), for t=40 to 59
◦ ft(X,Y,Z) = X + Y+ Z, for t = 60 to 79
• + = XOR

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 46

SHA-1
• Four constants are used :
◦ Kt = 0x5a827999, for t = 0 to 19
◦ Kt = 0x6ed9eba1, for t = 20 to 39
◦ Kt = 0x8f1bbcdc, for t = 40 to 59
◦ Kt = 0xca62c1d6, for t = 60 to 79

• Message block is transferred from 16 blocks to 80 blocks:

◦ Wt = Mt, for t=0 to 15
◦ Wt = (Wt-3 + Wt-8 + Wt-14 + Wt-16)<<<1, for t=16 to 79

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 47

SHA-1 Current message block
Current buffer (five 32-bit registers A,B,C,D,E)

Four rounds, 20 steps in each

Let’s look at each step

in more detail…

Very similar to a block cipher,

with message itself used
as the key for each round Fifth round adds the original
buffer to the result of 4 rounds

Buffer contains final hash value

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 48

One SHA-1 operation
• If t is the operation number (from 0 to 79), Wt represents the t th sub-
block of the expanded message, and <<< s represents a left circular shift
of s bits, then the main loop looks like:

For t=0 to 79
TEMP = (a <<< 5) + ft(b,c,d) + e + Wt + Kt
e=d
d=c
c=b <<< 30
b=a
a = TEMP

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 49

 Security of SHA-1
• “a fourth round is added “ SHA does this too. However in SHA, the fourth round uses the same f function as
the second round.

• “Each step now has unique additive constant” True for SHA where it reuses the constants for each group of
20 rounds

• “ G is less symmetric”. SHA uses the MD4 version of G

• “Faster avalanche effect” True for SHA. Addition of fifth variable to make Boer-Bosselaers attack against
MD5 impossible against SHA.

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 50

 Security of SHA-1
• “The order in which message sub-blocks are accessed in rounds 2 and 3 is changed “. SHA is completely
different.

• “The left circular shift… to yield faster avalanche effect.” SHA uses a constant shift amount in each round.
This amount is relatively prime to the word size, as in MD4

• SHA is MD4 with the addition of an expand transformation, an extra round, and better avalanche effect;
MD5 is MD4 with improved bit hashing, an extra round, and better avalanche effect

9/11/2023 BLOCKCHAIN TECHNOLOGY, DR. REEMA PATEL, B.TECH, IIIT SURAT 51