INVITATION TO CYBERSECURITY 174 are available online containing password-hash combinations for Windows passwords— this makes “cracking” them easy because the work is already done! Technically, forward searches are always a possible attack vector, just like brute-force key search attacks with cryptosystems, but they can be mathematically eliminated as a serious threat—more on password cracking in Chapter 9. 7.2.3.4 Blockchains and Hash Chains “What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.” - “Bitcoin: A Peer-to-Peer Electronic Cash System” by Satoshi Nakamoto Another significant use of hashes is with blockchains. A blockchain is a technology used to create a trusted public record in a low-trust environment. Bitcoin is a cryptocurrency that is built on a blockchain. Each block in the blockchain contains transactions that are recorded on a shared ledger. Blocks are added regularly—in the case of Bitcoin, a new block is added approximately every ten minutes. Every block is hashed, and its hash value is incorporated into the next block, which is also hashed, thereby chaining the blocks together. In this way every block is tied to the previous block going all the way back to the genesis block (the very first block in a blockchain). If a transaction were changed in any block, it would change the hash of that block, and since the original hash value was incorporated into the next block, it would change the hash of every subsequent block. To prevent an untrusted party from changing a transaction in an old block, generating a new hash for that block, and then updating the hash of every subsequent block to maintain the integrity of the chain, Bitcoin incorporates a proof of work—another useful application of hash functions. Because hash functions produce unpredictable hash values, there is a 50% chance that the first bit in a hash will be a zero. This is just like when flipping a fair coin, there is a 50% chance it will come up heads. The rule for Bitcoin is that the hash for every block must begin with a string of consecutive zeros of a certain length. A random value, similar to a nonce, is added to blocks so this property can be achieved. Random values are generated and tried until the hash of the block begins with the requisite number of zeros. Probabilistically, for a string of zeros of length n, it would take on the order of 2n guesses to produce a conforming hash—it is exponential in the number of zero bits. This is the same math for repeatedly flipping a coin until it comes up heads n times in a row—it will eventually happen but will take approximately 2n tries (i.e., to get ten heads in a row would take around 1,024 tries). Therefore, when a hash is produced that has this property, it demonstrates that the party that generated the hash spent time doing so. This is the proof of work, and it prevents parties from quickly changing blocks. In fact, the chain grows at the same rate that con-
RkJQdWJsaXNoZXIy MTM4ODY=