Techsplaining: The Code behind Cryptocurrency

In the first of a regular column explaining the terminology behind the tech, the SCL’s resident geek, Simon Forrester, looks at asymmetric keypairs and hashing and how they underpin cryptocurrencies.

Post-trust currency

Without going into too much depth on the 2008 financial crash, it’s safe to say that the population’s faith in the banking industry faltered. An anonymous individual (using the pseudonym Satoshi Nakamoto) developed Bitcoin as a response to this crisis of faith, and to address corporate and governmental control of currency in general. Bitcoin is:

  • based on the concept of scarcity (that is more closely aligned with the concept of a gold standard);
  • unregulated by governments (free from deliberate inflation);
  • completely independent of the banking industry; and
  • anonymous (and so fundamentally untaxable).

Bitcoin’s anonymity instantly made it the de-facto currency for nefarious activities on the dark web, but its popularity gave rise to a raft of competing currencies, the rising value of which has led to brokerages and exchanges enabling people to use and speculate on cryptocurrencies without needing to concern themselves with its technical implementation.

Like US dollars and UK sterling, Bitcoin is a fiat currency in that it relies on faith rather than being underwritten by an asset such as gold. Unlike national currencies, that faith isn’t in the nation itself but rather the blockchain or distributed ledger that underpins the entire system. Nevertheless, Bitcoin’s value rose from its initial 2011 value of $0.30 to $6,343 in mid-2018.

Blockchain: a distributed ledger

Ownership of bitcoins isn’t based on a bank account linked to an identity: in fact, there are no banks involved at all in the process. Instead, ownership of the currency is based on an asymmetric keypair [see box: Asymmetric Keypairs] and users can have as many identities as they like by generating a new keypair. These keypairs are stored in a file, physical device or online account known as a ‘wallet’.

Transactions consist of:

  • inputs – the results of previous transactions in the chain that the spender has received;
  • outputs – the recipients of the transaction;
  • an optional output returning the unspent input amount to the owner;
  • an optional transaction fee – the remainder of the inputs not accounted for by outputs; and
  • the sender’s private key signature for the transaction.

This structure enables one transaction to detail multiple payments as fractions of a coin. Unlike traditional currencies bitcoins are freely divisible with the smallest unit being a hundred millionth of a coin: known as a satoshi in honour of Bitcoin’s creator.

Unlike bank transactions, bitcoin transactions aren’t stored in a central repository. Instead, they’re stored in the blockchain which is a public list of every bitcoin transaction ever made, stored and processed by miners, the individuals that perform the work that underpins the entire currency.

Asymmetric Keypair
Most of the times that you encrypt data, such as password-protecting files on your computer, you’re using what we refer to as symmetric encryption: the same password (or key) that encrypts your data also decrypts it. This is fine for most uses but has shortcomings for sending encrypted information because:
  • you need to communicate the decryption key to the recipient of the data;
  • which means an attacker could obtain that key and decrypt the information;
  • or even substitute your data for theirs without the recipient realising;
  • ultimately, you’ll need to generate a new key every time you send data anywhere.
Asymmetric encryption works differently as it relies on two keys: data encrypted with one key can only be decrypted by the other (it can’t even be decrypted with the original key). The two keys are known as a public key (which you can distribute freely), and a private key (which you keep completely private, preferably never transferring it anywhere online). The two keys are collectively known as a keypair. This solves the problems with symmetric encryption, as:
  • to send someone encrypted information, you encrypt it with their public key, meaning that only they can decrypt it (as only they have the private half of the pair);
  • meaning that no private decryption keys need to be passed around;
  • and importantly, you can ‘sign’ the communication with your private key, which can be verified with your public key, meaning data can’t be substituted.

Mining for bitcoins

Bitcoin miners are essentially the record-keepers of the network providing the computational power that both maintains the blockchain ledger and creates new bitcoins. They do this by grouping transactions into a block, which is then added to the public blockchain. The blockchain is sequential with each block chained to the block before, creating an unbreakable record. Each block contains:

  • the transactions that constitute the block;
  • a hash of the previous block; and
  • proof of work.

This proof of work is what gives bitcoin its value. In order to submit a valid block to the chain, miners must combine the block with a ‘nonce’ (a string of random bytes) and hash the result [see box: Hashing] . If the nonce is correct, the result will meet the ‘difficulty target’, a bar set by the bitcoin protocol and understood across the mining network. This difficulty target is artificial. It exists solely to make mining difficult and to ensure that the proof-of-work really is the result of actual work. As with every other aspect of bitcoin, it’s enforced across the network by the protocol. The task for miners, then, is finding the correct nonce to meet this requirement which usually means testing hundreds of quintillions of permutations. Given the number of bitcoin miners across the globe, it takes, on average, ten minutes to find the correct nonce, with the winning miner receiving 12.5 coins as a reward. At the time of writing, that reward is worth £37,500 so it’s not surprising that mining has become a boom industry. To counter the constant increase in mining power across the globe, the level of difficulty increases every 2016 blocks created (roughly every 14 days).

You can think of this as rolling a billion-sided dice, with the nonce being your dice-throw, to come up with a score lower than a certain number, that certain number being set by the difficulty level. As the difficulty level increases, the target number decreases and rolling a number below it becomes harder.

Further to this, the number of coins rewarded for block creation (which started at 50 but stands at 12.5 at the time of writing) halves every 210,000 blocks. This diminishing return mathematically means that there will only ever be 21,000,000 bitcoins in total. As the reward for mining approaches zero, miners will continue to process payments based on the transaction fee attached to the payment.

Hashing
The second form of encryption Bitcoin employs is one-way and is referred to as ‘hash’ encryption. When we say ‘one-way’, we mean it; its output can’t be decrypted at all but is the same every time. Generally-speaking, hashing involves running the entire contents of the data through an algorithm which, unlike two-way encryption, produces a result that’s the same length every time (usually 32-64 bytes).

This method is commonly used for protecting passwords: the hash of your password is stored, rather than it being directly stored in ‘plaintext’, so it isn’t disclosed if there is a data-breach. The next time you log on to the website, the password you enter is also hashed and the hashes are compared for a match. Hashes are incredibly quick to create (and therefore verify) but can’t be reverse-engineered by any means other than generating hashes for every permutation of values until the hash value matches. The vulnerability of this is that, as computing power increases, so does a machine’s ability to run through permutations of hashes quickly. Twenty years ago, calculating a few hundred quintillion hashes, a commonplace task for bitcoin miners, would have been impossible in any meaningful timeframe. Should quantum computing become practical, the encryption landscape will irrevocably change potentially rendering many existing methods obsolete or insecure.

Vulnerabilities

By any account, bitcoin, and the emergence of other cryptocurrencies, is an astonishing revolution in currency. However, it’s not without its vulnerabilities:

It’s subject to massive fluctuations in value at the exchanges, being free from any sort of regulation or safeguarding by governments or financial institutions, which makes it also open to the risk from the exchanges themselves, which are after all private organisations.

The ownership of the currency is dependent entirely on the ownership of the private key. As with all digital currency, it only has value when spent and if the key is lost the value of that account is also lost forever. Lost bitcoins amount to a value of approximately $11bn at the time of writing.

The identities of the parties to the transactions are untraceable. This means that when bitcoin is stolen through the appropriation of private keys and other nefarious methods (approximately $3bn so far), the ultimate beneficiary has anonymity by design.

For various reasons, many nations have clamped down on or out-right banned cryptocurrency trading. For some it’s a matter of control but for others it’s as simple as electricity being subsidised by a government which is understandably wary of funding the massive power-consumption of mining.

In summary, cryptocurrency is as bizarre an up-shot of a democratised internet as one could imagine. While Bitcoin was the original many competing currencies with their own nuances are springing up all the time. Whatever its final form, as with email and the web, it’s slowly moving towards the commonplace.


Simon Forrester has been writing about technology since 1992 when he started at Future Publishing. He has since gone on to develop their online presence and as a freelance working as a developer and technical adviser to many organisations including 14 years working with SCL.

Published: 2019-04-04T15:00:00

    This site uses cookies. By using the site you agree to our use of cookies as set out in our Privacy Policy.

    Please wait...