This part on blockchain gets a little technical. So I have broken this down to two smaller pieces.
We understand p2p systems must ensure trust especially when it the whole idea is based on a system of unrelated computers. Let’s look at how the trust is achieved.
If we go back to our p2p example in part 2 , here’s what we said:
In a p2p environment, the bittorrent program checks the file it is downloading.
The question is how does the checking work and trust is established? Well, one of the ways is to do a byte by byte comparison. But that will be slow and unreliable. Instead it stores a hash of the original file and checks it against the file from ubuntu.com. If the file hash doesn’t match it is rejected.
What is hash?
Hash is another cryptographic technique to hide data from hackers. So it takes any data and then makes it unreadable. While each hash is unique, unlike encryption you can generate hash without any key at all. There are various forms of hashes – MD5, SHA1, SHA256 etc.
All examples below use SHA256 hash [See Appendix for notes on tools]
It differs from encryption in three more ways:
The output is irreversible:
It is one-way street; the output cannot be decrypted at all. Knowing the original message is the only solution because even a small change leads to different hash:
I have progressively capitalized the words in our message.
Output length is fixed:
I have repeated the same message thrice. As you can see the output length is still same.
It works on any data :
The second example is an Ubuntu file. To go back to our torrent trust example, the torrent file will have the above hash stored. A corrupted file’s hash will be different from the expected hash. Hence, the corrupted file will be rejected.
Innovative usage of hash
Email spam has been the bane of electronic communication. Back in the 90s, a cryptographer named Adam Back proposed a brilliant idea to counter spam. The system was called “hashcash“.
Without getting into minute details, the idea was to have the email sender’s computer to take the below information and generate a hash:
- email address, date and time etc
- random number, also called nonce
This hash had to start with 20 zeros to be valid. Once the valid hash was found it was attached along with the email and sent out.
The email receiver’s computer could use the email content to generate another hash. It would then check the resulting hash against the received hash. If they did not match, email would be marked as spam.
Example of email flow between Red and Green (relaxed condition to 4 zeros only):
The number – 15395 is the nonce part of Red’s message. To generate the valid hash with 4 starting zeros, our sender’s (Red) computer has to check each combination:
|1How are you?21:37||7834A5C1A266260A30D310696C0CE20811E44D853F4ECA6EF570AC595B2F6C4A|
|2How are you?21:37||AB2C56650D330F4A10AFF17F51BE71B0875172EE53A343B1EF620DC17B3821BD|
so and so forth unless the correct number (nonce) and hash with required zeros is found.
15395How are you?21:37 -> 00007A092207AD90CC5DC4DDD4865A43DDD4716DA33034ACD66A52F9BE9A162A
How does all this stop spam?
On the sender’s computer finding the correct hash takes about a second. While on the receiver’s side verification takes milliseconds.
For a genuine mail sender this is not a problem. They can take the time and date, email address etc information and generate the correct hash in one second to earn the cash for one email.
For a spammer sending say 10k emails, his computer will be in peril for a long time. Each email requires 1 second so the computer will hang after every email sent. The total time it will take to send email will be 10k seconds or 2.8 hours or even more. All the while recipients verifying spam in matter of seconds.
- Google “SHA256 hash Generator” and you will find a lot of tools to generate hash
- Small tutorial and tool to generate SHA256 on a pdf, video, etc here – http://www.labtestproject.com/using_windows/step_by_step_using_sha256sum_on_windows_xp.html
Also published on Medium.