Fundamentals Of Blockchain Security


The goal of blockchain is to create a fully decentralized, trustless digital ledger. This is an ambitious goal since most ledger systems in use today, such as those used to track bank balances, rely upon a centralized authority to maintain the consistency, correctness and integrity of the ledger.

Blockchain is designed to replace this trust in a centralized authority with trust in cryptographic algorithms and protocols. The blockchain is designed so that all of its “guarantees” are reliant upon the correctness and security of protocols and cryptographic algorithms, rather than any of the individuals operating the network.

Structure of the blockchain

The blockchain gets its name from its two main structural components. A blockchain is a series of “blocks” that are “chained” together. The combination of these two features creates a digital ledger with built-in integrity protections.

The blocks

The blocks of a blockchain are what provides the data storage. A block is composed of a block header containing important metadata and a body containing the actual transactions stored in the block.

Source: Wikimedia Commons

Block 11 in the image above shows the structure of a notional block. The block header contains a previous block hash (more on this in a minute), a timestamp, a transaction root and a nonce (important for the Proof of Work consensus algorithm).

The block body is structured as a Merkle tree, which provides a number of different benefits. One of these is the fact that, due to the properties of hash functions, the root value of the tree can be used to summarize the entire tree. Anyone with a list of the transactions contained in the block can regenerate the tree, but it is computationally infeasible to find a different version of the transaction tree with the same root value. This means that a block can contain an infinite number of transactions but maintain a fixed-size block header; however, most blockchains have a maximum limit on block size for protection against Denial-of-Service (DoS) attacks.

The “chains”

The previous block hash value in a block header implements the blockchain’s “chains.” Each block header contains the hash of the previous block in the blockchain.

With a strong hash function, it is infeasible to find another version of a block that has the same hash value as is stored in the header of the next block. This is vital to the integrity protections of the blockchain. If an attacker wants to create a fake version of a given block, they must create a fake version of every block that follows it as well.

Blockchains are also governed by the longest chain rule. This says that, in the event that two conflicting versions of the blockchain exist, whichever one is “longer” wins. This means that an attacker not only needs to create a new, fake version of every block after the one that they want to change, but they also need to do so faster than the rest of the network creates the legitimate version. This makes creating a fake version of the blockchain exponentially more difficult than faking a single block.

Basic blockchain cryptography

The design of the blockchain and the protocols that define how it works are new. However, the cryptography that provides blockchain’s security guarantees existed long before Bitcoin. Under the hood, blockchain technology is very dependent on public-key cryptography and hash functions.

Public-key cryptography

Public-key or asymmetric cryptography is designed to use a pair of related keys. The public key is designed to encrypt messages and to verify digital signatures, while the private key performs message decryption and signature generation.

The distributed and decentralized nature of the blockchain makes digital signature technology essential to the integrity of the digital ledger. Blockchain is implemented so that each node in the network stores and updates their own copy of the ledger.

Digital signatures are what keep these nodes honest. Every transaction and block in the blockchain is signed by its creator. This ensures that a malicious node cannot create a fake transaction or block and attribute it to someone else unless they can generate a valid digital signature for that user.

In theory, this is impossible since current public key cryptography algorithms are secure until quantum computers and Shor’s algorithm are a feasible attack vector. In practice, use of weak private keys for blockchain accounts have enabled cryptocurrency thefts on blockchains.

Hash functions

Hash functions are used for a variety of purposes in blockchain systems. Their benefit comes from the fact that they are guaranteed to be both collision resistant and one-way functions.

Collision resistance means that it should be infeasible to find two inputs to a hash function that produce the same output. While the Pigeonhole Principle guarantees that it is possible to find two such inputs (in fact, an infinite number of inputs produce the same output), a hash function should be designed so that the only way to guarantee that you find a match is to search the same number of inputs as there are possible outputs (which is a lot).

In order to be a cryptographically secure one-way function, hash functions must have a number of different properties. They not only need to be one-way functions but also must have a large state space (number of possible outputs) and be non-local (similar inputs produce dissimilar outputs).

As collision-resistant, one-way functions, hash functions are ideally suited to ensuring the integrity of data within a distributed digital ledger…[…] Read more »….




Cryptoasset Investing: Privacy & Taxes

The Efficient Approach to Investment in Cryptoassets

The innovative crypto investor knows maintaining full autonomy over their cryptoassets is crucial to long-term performance of their portfolio.

Let’s take a look at some interesting progressions on the front of taxation & privacy of blockchain transactions…

Taxation Strategy for Cryptoasset Capital Gains

When there are massive amounts of money being made, you can expect the government to be following to collect their share. Regardless of where you stand on the debate of taxation of cryptocurrency gains, this will be a crucial theme in 2018, especially as we approach April in the United States (and tax season elsewhere).

One of the innovative solutions to efficient tax strategy can be borrowed from a common transaction used in the real estate world.

Source: Crush Crypto — An Analysis of SALT

Rather than selling the underlying asset and realizing a capital gains event, which will ultimately run you about 30% in taxes off of the profit, one can borrow against that asset instead (in order to generate the CF they are seeking). By putting the crypto-asset in escrow and taking a loan out against the value of that asset, the investor avoids a taxable event. This is a great solution for individuals who have amassed sizeable gains but are looking to access fiat capital for any number of reasons.

Now this sounds great and all but can anyone actually do this?

Up until now, there have been very few traditional lenders willing to loan against the value of crypto-assets. Enter SALT Lending (SALT). The following overview is from SALT’s newly-launched platform: “SALT lets you leverage your blockchain assets to secure cash loans. We make it easy to get money without having to sell your favorite investment”.

Privacy of Blockchain Transactions

One of the alluring features of crypto-assets to early adopters was the privacy of transactions. Being able to send and receive transactions off the radar from traditional regulators resulted in black market behavior, however it also served practical applications for users who were not using the privacy for illicit purposes.

As the infrastructure of the crypto industry has been built, gradually the built-in privacy features of coins like Bitcoin have been eroded.

Why exactly did that occur?

Well for individuals in the US, the easiest way to purchase cryptocurrency is through an exchange like CoinBase. In order to open an account and purchase any crypto, the user needs to provide a fair amount of personal information. Such information can and will be used to identify and track users’ capital. This results in a trade-off between ease of use (convenience) and privacy.

Privacy will be a central theme for 2018. Decentralized Blockchains with native crypto-assets should continue to thrive. As users begin to value the feature of a fully private blockchain, there will be a natural flow of capital into privacy-centric assets.

Although there are a number of other privacy centric crypto-assets, Monero (XMR) is my personal favorite at the moment. By using ring signatures and one-off public wallet addresses, Monero ensures that both the user sending and receiving a transaction do not have information related to the transaction stored on the public blockchain which can be traced back. For those of you looking to dig a little deeper, check out this piece on “How Monero’s Privacy Works”.

Source:BTC Manager

Monero has built a reputation as an industry leader, in terms of its development team, community and most important the gold-standard for completely private transactions.

One of the notable drawbacks of Monero has been a lack of support from hardware wallets, making storage of Monero difficult and insecure (as compared to cold storage). However, the Monero team has been hacking away furiously at this issue and we can expect Monero to be compatible with hardware wallets in 2018.

Go to the profile of Thomas L. McLaughlin

2017: The Year Cryptocurrency Arrived

From a historical perspective, 2017 will be regarded as “The Year Crypto Arrived”. Sure Bitcoin and other cryptocurrencies have been picking up steam for close to a decade now, however it was not until 2017 that cryptocurrency really hit their stride, reaching a critical mass and experiencing significant network effects from mainstream adoption.

Let’s take a look back at some of the seminole moments that shaped the historical year of crypto assets:

Total Cryptocurrency Market Cap Grows 32x

Ok, ok…we’re all aware 2017 was a parabolic year for investors in cryptocurrency. That being said its astonishing to see how far we’ve come in 365 days. I can bore you with my opinion of why this occured but the numbers tell the story.

January 1, 2017: $17.7 billion

December 31, 2017: $569.6 billion

The total Market Capitilization of Cryptocurrency increased by a multiple of 32 times in 2017…not too shabby!

Bitcoin Cash Fork — August 1st, 2017

While the Ethereum blockchain successfully forked following the DAO attack in 2016, the proposed Bitcoin Cash hardfork brought with it a new level of FUD (Fear, Uncertainty & Doubt). While many of the major exchanges failed to support the fork immediately following the August 1st fork, the process went quite smoothly from a technological standpoint.


Although the civil war on Twitter between Bitcoin purists and Bitcoin Cash supporters carries on, we now know that there is room for competition within the Bitcoin ecosystem. As of December 31, Bitcoin Cash’s market cap of $41.8 billion is nearly 18.9% of Bitcoin. With Coinbase recently adding Bitcoin Cash to its exchanges, it appears that Bitcoin Cash is here to stay.

ICO Market Surpasses Traditional Early-Stage Funding

The Initial Coin Offering (“ICO”) first came on the scene in July 2013 when Mastercoin raised nearly $5m of Bitcoin in exchange for their newly-generated tokens. In 2014, Ethereum raised 3,700 BTC within its first 12 hours. However, the sentiment around ICOs coming into 2017 was that an ICO was a niche funding mechanism, put more bluntly ICOs were for projects that could not garner support from traditional Venture Capital firms.

All of that changed in 2017, when the ICO market raised a cumulative $5 billion of funding. At a current run rate of nearly $600m per month of capital raised by ICOs, the ICO market is crushing traditional early-stage funding which has a current run rate of ~$300m per month. June 2017 was the first month where the ICO market surpassed traditional VC funding and it appears there is no looking back.

Source: LA Token Research

While it is far too early to announce the demise of traditional Venture Capital, its obvious that early-stage capital raising as we know it has changed. There will always be a place for experienced advisory and Venture Capitalists have helped shape the world’s largest companies, however the ICO (for now) has swung the pendulum and there is a shift of power taking place.

So what does all of this mean? Well a divergence from the Sand Hill Road VC boys’ club will hopefully provide a more democratized approach to capital raising. While an exorbitant percentage of funding during the development of the Internet was centralized in Silicon Valley, New York and other tech meccas; the development of the blockchain industry will be far more diverse from a geographical and socio-economical standpoint.


By total market capitalization, the cryptocurrency market grew by a multiple of 32 times in 2017. While such growth rates speak for itself, the mainstream appeal of cryptocurrency is just scratching the surface.

In 2018, I envision more of the same from the crypto market (of course 32x returns are unlikely). With institutional capital knocking at the doorstep, I expect massive inflows of capital into the major cryptocurrencies. A more developed and sophisticated investor base will bring to the surface short-term growing pains, however I believe that long-term this process will legitimize cryptocurrency as an asset class.

Here’s to a great 2018, see you all on the moon!

Go to the profile of Thomas L. McLaughlin