Blockchain Unit – 01

➢ Overview of Blockchain
Blockchain is a tamper-proof distributed digital ledger. This digital ledger is safe, secure,
transparent, and decentralized, which simply means that it is not controlled by a single authority.
It is like a ledger that a bank uses to keep track of all customer transactions. However, in a bank,
the ledger is controlled by the bank, and only the bank can see the transactions. Whereas in
blockchain, there is no central authority, and the ledger runs on multiple computers and doesn’t
require any single person to authenticate or settle transactions.

Properties of Blockchain:
1. Decentralization:
Decentralization is one of the most critical components of Blockchain. Decentralization refers
to the transfer of control from a centralized entity (individual, organization, or group) to a
distributed network. Unlike traditional centralized systems where a single entity controls the
database, blockchain distributes control across a network of nodes.
A user can also easily transfer his asset to anyone at any point of time from anywhere in the
world. This feature of decentralization eliminates the need to rely on any third party or
middlemen for these transactions. Thus, cutting down the high transaction fees charged by
these third-party service providers.

Benefits of Decentralization:
- Decentralized systems give users control over their own data and transactions.
- They are harder to hack and more resilient to cyberattacks and failures due to the lack of a
central point.
- Without third-party data storage, data tampering and misuse are minimized, and
transaction costs are reduced.
- Transactions are processed in minutes and can occur at any time, regardless of holidays.
- Public blockchains ensure transparency, as all changes are visible to every participant in the
network.

2. Distributed Ledger:
The word distributed ledger is composed of two terms — Distributed and Ledger. Ledger, as
the name suggests, is the record of all transactions, and distributed means that the ledger is
shared with every person on the same network. The distributed ledger contains the record of
each and every transaction that took place over the network.
And every node of the network has access to a copy of this updated ledger. Any updates or
changes in the ledger are reflected in almost real-time in all the copies of the ledger across the
network.
Benefits of distributed ledger:
 - A distributed system simplifies tracking goods by sharing the same ledger across all users,
prompting many companies to adopt blockchain for supply chain management.
- Having a single ledger for all transactions reduces complexity, making it easier to manage,
view, refer to, and verify transactions.

3. Immutability:
Immutability means something that can’t be changed or altered. Once the data has been
recorded inside a Blockchain, it becomes nearly impossible to change it, thus making it tamper-
proof and immutable.

4. Consensus Mechanism:
As the name indicates, Blockchain is a chain of blocks that store transactions or data. Each
block can be thought of as a page in the ledger. A new block of transactions is created after a
certain fixed duration. The block is then sent to each node which verifies the block. And once
the verification is done, the block gets added to the Blockchain. This verification and validation
of blocks by these participating nodes is called consensus.
Without consent from the majority of nodes, any transaction block cannot be added to the
ledger. And once the transaction block gets added to the ledger, no user on the network won’t
be able to edit or delete it.

5. Security:
Blockchain uses cryptographic algorithms to secure data. Each block is linked to the previous
one through a cryptographic hash, forming a chain. This makes it extremely difficult for
malicious actors to alter any information without being detected.
How Blockchain Works
1. Transaction Initiation:
A transaction is requested and broadcasted to the network of nodes.

2. Transaction Validation:
The network of nodes validates the transaction using the consensus mechanism. For instance,
in a PoW system, nodes (miners) compete to solve a complex mathematical problem.

3. Block Formation:
Once validated, the transaction is combined with other transactions to form a new block. This
block is then added to the existing blockchain in a linear, chronological order.

4. Block Confirmation:
The new block is confirmed and becomes a permanent part of the blockchain. Each subsequent
block added to the chain further reinforces the security of the previous blocks.
Applications of Blockchain
1. Cryptocurrencies:
The most well-known application of blockchain is in cryptocurrencies, such as Bitcoin and
Ethereum, providing a decentralized and secure way to transfer value.

2. Smart Contracts:
Smart contracts are self-executing contracts with the terms directly written into code. They
automatically execute and enforce agreements based on predefined conditions.

3. Supply Chain Management:

Blockchain can enhance the transparency and traceability of supply chains, allowing all parties
to track the movement of goods and verify their authenticity.

4. Healthcare:
Blockchain can securely store and share medical records, ensuring patient data privacy while
allowing access to authorized medical professionals.

5. Voting Systems:
Blockchain can be used to create secure and transparent voting systems, reducing the risk of
fraud and ensuring the integrity of election results.

6. Decentralized Finance (DeFi):

DeFi uses blockchain to offer financial instruments without intermediaries like banks, providing
services such as lending, borrowing, and trading on decentralized platforms.
Challenges and Considerations
1. Scalability:
Current blockchain systems often face scalability issues, with limited transaction throughput
compared to traditional systems.

2. Energy Consumption:
Consensus mechanisms like PoW require significant computational power, leading to high
energy consumption.

3. Regulation and Legal Issues:

The regulatory landscape for blockchain is still evolving, with many jurisdictions grappling with
how to integrate and oversee blockchain-based systems.

4. Interoperability:
 Different blockchain networks often operate in silos, and achieving interoperability between
them is a challenge.

➢ Public ledgers
A public ledger on the blockchain is a distributed database that is shared and interconnected
across network nodes. It allows for transparent and secure recording of transactions or contracts.
The ledger is maintained in a decentralized manner, with each participant in the network having
access to the registered data and owning an identical copy of it. Transactions are recorded in the
ledger by network members, who validate and verify the legitimacy of the transactions through
algorithms. Once a transaction is added to the ledger, it becomes immutable and cannot be
reversed or deleted. The blockchain ensures that no single user can tamper with or change the
data, as every member of the network has a full copy of the ledger.
Benefits:
1. Transparency
2. Reduced of Risk of fraud
3. Trust among Users

➢ Bit coin
Bitcoin is a cryptocurrency (virtual currency), or a digital currency that uses rules of cryptography
for regulation and generation of units of currency. It is commonly called decentralized digital
currency.
A bitcoin is a type of digital assets which can be bought, sold, and transfer between the two
parties securely over the internet. Bitcoin can be used to store values much like fine gold, silver,
and some other type of investments. We can also use bitcoin to buy products and services as well
as make payments and exchange values electronically.
In Bitcoin, all the information related to the transaction is captured securely by using math,
protected cryptographically, and the data is stored and verified across the entire network of
computers. In other words, instead of having a centralized database of the third-party such as
banks to certify the transaction took place. Bitcoin uses blockchain technology across a
decentralized network of computers to securely verify, confirm and record each transaction. Since
data is stored in a decentralized manner across a wide network, there is no single point of failure.
This makes blockchain more secure and less prone to fraud, tampering or general system failure
than keeping them in a single centralized location.

➢ Smart contracts
A smart contract is a digital agreement signed and stored on a blockchain network that executes
automatically when the contract’s terms and conditions (T&C) are met; the T&C is written in
blockchain-specific programming languages like Solidity.

Need of Smart Contracts:

The majority of commercial transactions involve the signing of documents outlining the terms and
circumstances of the agreement. Handwritten or manually drafted contracts can lead to different
interpretations by the involved parties, increasing the likelihood of disputes as contract complexity
grows. Consequently, a neutral third party becomes increasingly important to interpret the terms,
enforce compliance, and expedite the agreement process over time.

Smart contracts are authenticated agreements containing all necessary information, agreed upon
by both parties. They address various scenarios that could arise, simplifying the resolution of
disputes regardless of the outcome. Commonly associated with Ethereum, smart contracts can be
applied to any blockchain network. The code within these contracts ensures performance by
automatically executing agreed-upon terms when conditions are met.

Smart contracts operate on blockchain's distributed ledger technology (DLT), storing data globally
across multiple servers for transaction validation. They reduce administrative burdens by
automating processes. For instance, when contract conditions are fulfilled, funds are automatically
transferred between parties, recorded on the blockchain. Smart contracts are written in
programming languages like Solidity and Go, making them immutable and irrevocable. However,
they are not legally enforceable in court but are designed to execute business logic through
programmed operations based on specific criteria.

How Smart Contracts Work

1. Coding the Contract:
The terms and conditions of the contract are written in code. This code specifies the conditions
under which the contract will be executed.

2. Deployment:
The smart contract is deployed to the blockchain. Once deployed, it is assigned a unique
address and becomes part of the blockchain network.

3. Triggering Events:
The smart contract waits for the predefined conditions to be met. These conditions could be
any data input or event, such as a specific date, the receipt of funds, or the achievement of a
particular milestone.

4. Execution:
When the conditions are met, the smart contract self-executes the specified actions. These
actions could include transferring funds, releasing digital assets, or triggering other smart
contracts.

5. Recording Transactions:
 The execution of the contract is recorded on the blockchain, ensuring transparency and
immutability. All participants can verify that the contract has been executed as agreed.

Types of Smart Contracts:

1. Smart Legal Contract:
Smart contracts adhere to the structure of legal contracts, following an "If this happens, then
this will happen" format. Smart legal contracts can autonomously execute actions, such as
making a payment when a specific deadline is reached, if predefined conditions are met.
Failure to comply with these conditions can lead to severe legal repercussions for the
stakeholders involved.
Residing on an immutable blockchain, they offer greater transparency than traditional
documents. These contracts are executed with digital signatures, ensuring authenticity and
agreement between parties.

2. Decentralized autonomous organizations:

Decentralized Autonomous Organizations (DAOs) are democratic groups governed by smart
contracts that confer voting rights to their members. DAOs operate as blockchain-governed
organizations with a shared objective, collectively controlled without any executive or
president. Instead, the organization's functioning and fund allocation are regulated by
blockchain-based rules embedded within the smart contract's code. An example of a DAO is
VitaDAO, which uses this technology to power a community dedicated to scientific research.

3. Application logic contracts:

Application Logic Contracts (ALCs) are comprised of application-based code that often stays
synchronized with multiple other blockchain contracts. They facilitate interactions among
different devices, such as those within the Internet of Things (IoT) ecosystem, and enable
seamless integration with blockchain technology. Unlike conventional smart contracts, ALCs
are not executed between humans or organizations but instead operate between machines
and other contracts.

➢ Block in a block chain

Block is a place in a blockchain where data is stored. In the case of cryptocurrency blockchains, the
data stored in a block are transactions. These blocks are chained together by adding the previous
block's hash to the next block's header. It keeps the order of the blocks intact and makes the data
in the blocks immutable.

Block Time: The average time it takes for the Blockchain network to generate a new block of
transactions and add it to the Blockchain is called the block time. Some Blockchains create a new
block as frequently as every five seconds, and some may even take a few minutes. In
cryptocurrency, a shorter block time means faster transactions.
 Structure of blocks
The structure of a block is different for every blockchain. However, a
general structure of a block is as follows. A block consists of the
following two main parts: Header and Body
1. Header:
A block's header contains information about the block and the
miner. It is further divided into subparts which are as follows:

a. Current Block’s Hash

Each block also includes a Hash- a unique identifier for the block and all of its contents. It is
always unique, and no two blocks can have the same hash. As soon as a block is created, its
hash gets generated simultaneously.

b. Previous block's hash

This is the hash of the previous block. It chains the blocks together and makes the data in
the previous blocks immutable. If data in the previous blocks is changed, then the hash of
that block will change causing the unchaining of the blockchain.

c. Nonce: This is an integer that a miner changes to change the hash of the block to achieve
the network's difficulty. The Nonce is an integer number that, along with the block number,
data, and previous hash, serves as an input for the hashing algorithm to calculate the valid
hash for the block. A valid hash for the block is a hash that meets a certain difficulty i.e.
contains a number of predefined zeros at the beginning of the hash.

d. Timestamp:
This is the time at which the block was mined. It is usually in the Unix time. Timestamp
simply means “a proof that some data existed at a particular date and time.” In other
words, the timestamp can be referred to as “Proof of existence.” Any digital data can be
timestamped. The hash of the block containing data and transactions is timestamped and is
then published on the network. By doing so, it is ensured that the transactions have existed
at this point in time.

e. Block height: The number of blocks mined between the genesis block and the current block.

2. Body: It includes all the data stored in the block, such as transactions. Every blockchain has a
different format for storing transactions. An array of transactions is stored in the body of the
block. The amount associated with that transaction and all the other related information like
 sender information, receiver information, etc., will be stored in the block. The data contained in
each block depends on the type of Blockchain.

➢ Transactions
A transaction refers to a contract, agreement, transfer, or exchange of assets between two or
more parties. The asset is typically cash or property. Likewise, a blockchain transaction is nothing
but data transmission across the network of computers in a blockchain system. The network of
computers in a blockchain store the transactional data as replicas with the storage typically
referred to as a digital ledger.
Blockchain technology leverages peer-to-peer (P2P) networks to form a shared and secured ledger
that records transactions as immutable time-stamped digital blocks. It is a decentralized ledger of
transactions with no third-party involvement, and only participants in the blockchain network can
validate transactions among them. While a blockchain can store different types of information, its
most widespread use has been as a digital ledger for transactions.
In the context of cryptocurrency, a blockchain transaction example is an individual payment, such
as Person A sending .10 BTC (bitcoin) to Person B. A blockchain transaction would typically involve
the following information getting stored in blocks:
- Data about the transaction, such as the date, time, amount of money paid, place, etc.
- Data about the participants of the blockchain transaction or the username.
- Block specific data or hash, a unique code that distinguishes one block from another.
Blockchain involves three key elements: cryptographic keys, a P2P network, and a computer
network for storing and recording transactions. A cryptographic key serves as a unique, secure
digital identity reference for managing and authorizing transactions. When combined with the P2P
network, the digital signature generated by the cryptographic key allows individuals on the
network to reach a consensus on transactions. Once a transaction is authorized, a mathematical
verification certifies it, resulting in a successful transaction between the two connected parties.
Beyond financial transactions, blockchains can store legal contracts, product inventories, and
transactional details of assets like vehicles and property.
Steps of the Blockchain Transaction Process
A blockchain transaction undergoes several steps before it becomes part of the blockchain. This
process is crucial for authorizing and confirming transactions. Here are the steps involved:
1. Entry of a New Transaction: A participant initiates a new transaction, entering the necessary
details such as sender, receiver, and transaction amount.

2. Transmission of the Transaction: The transaction is transmitted to a global network of peer-to-

peer (P2P) computers, known as nodes.
 3. Validation by the Peer Network: The network of computers verifies the validity of the
transaction using consensus mechanisms and cryptographic algorithms. Nodes check that the
transaction adheres to network rules and that the sender has sufficient funds.

4. Clustering of Confirmed Transactions:

Once validated, legitimate transactions are grouped together into a block. This block contains
multiple verified transactions.

5. Chaining of Blocks:
The newly created block is added to the existing blockchain, linking it to the previous block
through a cryptographic hash. This creates a chronological chain of blocks, maintaining a
transparent and immutable history of all transactions.

6. Completion of the Transaction: The transaction is now complete and recorded on the
blockchain. It is propagated across the network, and the updated ledger is synchronized with
all nodes, ensuring consistency and transparency.
This process ensures the security, transparency, and immutability of transactions on the
blockchain.
➢ Distributed Consensus
Distributed consensus is a fundamental concept in blockchain technology, ensuring that all
participants in a decentralized network agree on the state of the blockchain.
Distributed consensus refers to the process by which multiple nodes (computers) in a
decentralized network come to an agreement on the validity of transactions and the state of the
blockchain. This consensus ensures that the blockchain is consistent, accurate, and resistant to
tampering.

Consensus Protocol Types

Consensus protocols in blockchain can generally be categorized into two main types: voting-based
and proof-based algorithms. Each type has its own strengths and weaknesses, suited for different
blockchain applications.
1. Voting-Based Consensus Algorithms
Voting-based consensus algorithms rely on nodes in the network voting to reach an
agreement. These algorithms offer strong fault tolerance and mathematical proofs to ensure
security and stability. However, they can be slow or inefficient as the network size increases
due to their democratic nature. Examples of main Voting-Based Consensus Algorithm includes:
Practical Byzantine Fault Tolerance (pBFT), Delegated Byzantine Fault Tolerance (dBFT),
Federated Byzantine Agreement (FBA).

2. Proof-Based Consensus Algorithms

 Proof-based consensus algorithms require nodes to provide proof of some work or stake to
participate in the consensus process. These algorithms are well-suited for large, permissionless
blockchains. Examples for Proof-based Consensus algorithms includes Proof of Work (PoW),
Proof of Stack(PoS).

Several consensus mechanisms are used in blockchain networks to achieve distributed consensus.
The most common ones include:

1. Proof of Work (PoW):

- Process: Miners compete to solve complex cryptographic puzzles. The first to solve the
puzzle gets to add the next block to the blockchain and is rewarded with cryptocurrency.
- Security: PoW is secure but energy-intensive, making it expensive to attack the network.

2. Proof of Stake (PoS):

- Process: Validators are chosen to create new blocks based on the number of coins they
hold and are willing to "stake" as collateral. The more coins staked, the higher the chance of
being selected.
- Security: PoS is more energy-efficient than PoW and incentivizes holding and staking coins
to maintain network security.

3. Delegated Proof of Stake (DPoS):

- Process: Coin holders vote for a small number of delegates who are responsible for
validating transactions and creating new blocks.
- Security: DPoS is highly efficient and scalable, but it introduces a level of centralization due
to the limited number of delegates.

4. Practical Byzantine Fault Tolerance (PBFT):

- Process: Nodes communicate with each other to reach a consensus on the next block, even
in the presence of some faulty or malicious nodes.
- Security: PBFT is designed for high-performance blockchains and can tolerate up to one-
third of nodes being malicious.

5. Proof of Authority (PoA):

- Process: A small, trusted group of validators is pre-approved to create new blocks.
- Security: PoA is highly efficient but relies on a set of trusted validators, introducing
centralization.
Steps in Distributed Consensus
1. Proposal: A node proposes a new block of transactions to be added to the blockchain.
 2. Validation: Other nodes validate the proposed block by checking its transactions against the
consensus rules like PoW or PoS.
3. Agreement: Nodes reach an agreement on the validity of the proposed block.
4. Addition to Blockchain: Once consensus is reached, the new block is added to the blockchain.
All nodes update their copies of the blockchain to reflect the new block.
5. Propagation:vThe updated blockchain is propagated across the network, ensuring all nodes
have the latest version.

➢ Public versus private blockchain

Public Blockchain Private Blockchain
1 Public blockchains permissionless Private blockchains are permissioned
networks. networks.
2 These are open networks where anyone These are closed networks where access and
can join, participate, and read the participation are restricted to a selected
blockchain without requiring group of participants called as trusted
permission. entities.
3 Users can also create and validate Access to read, write, and validate
transactions. transactions on a private blockchain is
controlled.
4 Governance in public blockchains is Governance in private blockchains is usually
decentralized. centralized or semi-centralized.
5 Decision-making regarding protocol The organization that owns or operates the
changes, updates, and consensus private blockchain has more control over
mechanisms typically involves a decision-making processes.
consensus among a large community of
users, miners, and developers.
6 The distributed nature of public Private blockchains may have lower levels of
blockchains makes them highly resistant security compared to public blockchains since
to tampering and censorship. they are typically managed by a smaller
number of known entities.
7 Public blockchains often face challenges Private blockchains generally have better
related to scalability and performance performance and scalability since they are
due to their decentralized nature. designed for specific use cases and have a
limited number of participants.
8 Speed of processing transactions is Transactions can be processed more quickly,
slower. and the network can handle higher
transaction volumes.
9 A public blockchain consumes more Private blockchains consume a lot less energy
energy than a private blockchain as it and power.
requires a significant number of
electrical resources to function and
achieve network consensus.
 10 Public blockchains are suitable for use Private blockchains are ideal for use cases
cases that require transparency, where participants are known and trusted,
decentralization, and censorship and where privacy, control, and efficiency are
resistance. priorities.
11 Example includes Bitcoin, Ethereum, Example includes R3 (Banks), EWF
Monero. (Energy), B3i (Insurance), Corda.

➢ Permissioned model of Blockchain

- A permissioned blockchain is a controlled and private network where access to participate and
view the data is restricted to authorized entities. They are employed by organizations and
groups that require enhanced control, privacy, and security over their blockchain activities.
- The governance for this blockchain is managed by a consortium of trusted participants who
collectively determine network rules, consensus mechanisms, and overall management. These
entities rigorously control access, using methods like digital certificates or cryptographic keys
to ensure that only the approved users can engage with the network.

- These blockchains often employ efficient mechanisms like practical Byzantine fault tolerance
(PBFT), delegated proof of stake (DPoS), or Raft consensus. Thus, it enables faster transaction
validation and reduced energy consumption.
- Additionally, these blockchains efficiently safeguard privacy and confidentiality, a crucial
requirement for industries where sensitive information must be kept confidential. Moreover,
these blockchains support smart contracts, which reduces the need for intermediaries and
optimizes operational efficiency.
- Examples of Permissioned blockchain: Corda (developed by R3), Quorum (By J.P. Morgan),
Hyperledger Fabric (By Linux).
Characteristics: The characteristics of permissioned blockchain are:
1. Access Control: These blockchains have strict access control. Only authorized users are allowed
to join the network. Access can be controlled through digital certificates, cryptographic keys, or
other authentication methods. Thus, it ensures that the network is limited to known and
trusted participants.
2. Network Governance: They are typically governed by a group of trusted entities. These users
collectively decide on network rules, consensus mechanisms, and governance. Hence, these
blockchains have a more centralized governance structure.
3. Consensus Mechanisms: Such blockchains use consensus mechanisms to validate transactions
and maintain the ledger’s integrity. They often employ more efficient consensus mechanisms.
As a result, these mechanisms enable faster transaction validation and lower energy
consumption.
4. Privacy and Confidentiality: Enhanced privacy and confidentiality are significant characteristics
of permissioned blockchain. Users have greater control over who can access their data and
 transactions. Thus, it is crucial for industries where sensitive information must be kept
confidential.
5. Smart Contracts: Many such blockchains support smart contracts, self-executing code that
automates processes and agreements when predefined conditions are met. Smart contracts
can streamline complex business processes, reduce the need for intermediaries, and enhance
operational efficiency.
Use Cases for Permissioned Blockchains
1. Banks and Financial Institutions: Facilitate fast, cost-effective cross-border payments and
settlements.
2. Product Tracking and Compliance: Track product origin and journey, ensuring authenticity and
regulatory compliance.
3. Healthcare: Securely manage patient records and trace pharmaceutical production.
4. Government and Voting Systems: Develop secure, transparent electronic voting systems and
enhance identity verification.
5. Intellectual Property and Legal Contracts: Protect intellectual property and automate contract
execution.
6. Education: Verify and share academic credentials securely to reduce hiring fraud.
➢ Security aspects of Blockchain
Security is managed in order to protect some vital information so that hackers or other
unauthorized users do not get access to it. With the increasing dependency on Blockchain
networks, Blockchain security has become a prime concern. Blockchain security is a risk
management technique that aims to secure transactions and hence the whole blockchain
network. It is usually implemented with the help of cybersecurity, authorized services, and ethical
users.
Why security needed?
Blockchain is an immutable ledger with no involvement of third-party organization. It also uses
cryptography to hide some details. So hackers find it almost impossible to tamper with the blocks.
But there are some loopholes that allow the malicious users to perform malicious activities as
blockchain networks are not immune to cyberattacks and fraud. Blockchain attacks are cyber
attacks that can be done by outside malicious users as well as the users involved in the network.
Some of the attacks are as follows:
1. Sybil Attack: Hackers try to increase the traffic in the network like Sybil Attack. In this, the
malicious user floods the network with unnecessary packets to create traffic in the network.
2. Eclipse Attack: Hackers try to make duplicates of the node. This is an eclipse attack. The user
eclipses(hides) the original node and broadcasts the fake node that was created by the hacker.
3. 51% Attack: Hackers try to control the network. They take control of 51% of the mining and
this attack is known as 51%Attack.
 4. Finney Attack: In the Finney attack, the hacker hides the original block and broadcasts the fake
block. The transaction is performed. After that transaction for the original block is performed.
So a case of double expenditure happens.
5. Attack Wallet: In this hackers try to attack users’ wallets to perform unnecessary transactions.

So security is of prime concern in blockchain as millions and millions of transactions are involved
and these are the reasons why Blockchain networks should be secured.

Best Practices For Building Secure Blockchain Solutions

Companies are using many ways to make a smooth secured network for users. But users also have
some responsibility so that the whole system gets secured. Some of the ways are:
1. Use of Cold Wallet: Cold Wallets do not connect to the Internet; therefore, users can secure
their private keys. The wallet is not prone to cyberattacks.
2. Secure the Internet: Often hackers try to hack Wifi. Users must avoid public wifi networks at all
costs as any hacker can use public networks and can use malware to steal valuable
information.
3. Avoid Phishing: Phishing attacks are common nowadays. Users should not click malicious
advertisements. They should remove all the spam emails.
4. Password: It is always advisable to use strong passwords with a combination of alphabets,
numbers, and special characters. Passwords should be changed regularly.
5. Security of personal devices: Personal devices should be up to date. The patches should be
fixed and the latest antiviruses should be installed to protect from virus attacks.
6. Blockchain Penetration Testing: Those who create blockchain networks should get penetration
testing done by an ethical hacker to test the strength of the security blockchain networks and
find vulnerabilities if present.
7. Secure keys: Keys should be secured by the user. Strong cryptographic keys should be used
Users should not share the keys with other users.
8. Use private permissioned blockchain: Business entrepreneurs should use private permissioned
blockchain. The permission is necessary as each user is verified before allowing them to enter
the blockchain.

➢ Cryptographic hash function and Properties of a Hash Function

A cryptographic hash function is a mathematical algorithm that takes an input of any size,
performs complex computations, and generates a fixed-length alphanumeric output called a hash
value.

Here are the key properties and characteristics of cryptographic hash functions:
1. Deterministic
Definition: The hash function will always produce the same hash value for the same input.
Importance: Ensures consistency and reliability in verifying data integrity.
2. Fixed Output Size
Definition: Regardless of the input size, the output hash has a fixed length (e.g., 256 bits for
SHA-256).
Importance: Standardizes the size of the hash output, making it easier to handle and store.
3. Efficiency
Definition: The hash function can compute the hash value quickly, even for large inputs.
Importance: Ensures the hash function can be used in real-time applications, including
blockchain.
4. Pre-image Resistance/ One-way function.
Definition: Given a hash value, it should be computationally infeasible to find the original input.
Importance: Enhances security by preventing attackers from reverse-engineering the input
data.
5. Small Changes in Input Produce Large Changes in Output
Definition: A small change in the input (even a single bit) should produce a significantly
different hash value, often referred to as the avalanche effect.
Importance: Ensures that even minor alterations to the input result in a completely different
hash, making it easy to detect changes.
6. Collision Resistance
Definition: It should be computationally infeasible to find two different inputs that produce the
same hash value.
Importance: Prevents attackers from substituting different data that produces the same hash,
thereby maintaining data integrity.
7. Second Pre-image Resistance
Definition: Given an input and its hash value, it should be infeasible to find a different input
with the same hash value.
Importance: Prevents attackers from creating a different message with the same hash,
ensuring the uniqueness of the hash for each unique input.

Examples of Cryptographic Hash Functions

1. SHA-256 (Secure Hash Algorithm 256-bit)
Usage: Widely used in blockchain technology (e.g., Bitcoin).
Output Size: 256 bits.
Properties: Strong security, widely adopted, and efficient.

2. SHA-3
Usage: Newer hash function offering additional security features.
Output Size: Variable (224, 256, 384, 512 bits).
Properties: High security, designed as a backup to SHA-2.

3. MD5 (Message Digest Algorithm 5)

 Usage: Previously used in various applications but now considered insecure.
Output Size: 128 bits.
Properties: Fast but vulnerable to collision attacks.

4. RIPEMD-160
Usage: Used in some cryptographic applications.
Output Size: 160 bits.
Properties: Balanced between speed and security.

➢ Hash Pointer
Hash pointers are a data structure containing the previous block’s hash value and a pointer to that
block. Hash pointers are the building blocks of blockchain.
Hash Pointer is comprised of two parts:
- Pointer to where some information is stored
- Cryptographic hash of that information
The pointer can be used to get the information, the
hash can be used to verify that information hasn’t
been changed.

The immutability of blockchain is one of its most significant aspects, and hash pointers allow us to
attain this property. Hash pointers help us validate if a block is modified or not. Even a minor
change in the blocks would completely change the hash code of that block. This is the reason why
hash pointers are used to detect if the blockchain is altered or not.

➢ Merkle Tree
It is a mathematical data structure composed of hashes of different blocks of data, and which
serves as a summary of all the transactions in a block. It also allows for efficient and secure
verification of content in a large body of data. It also helps to verify the consistency and content of
the data. Both Bitcoin and Ethereum use Merkle Trees structure. Merkle Tree is also known as
Hash Tree.
 It is a data structure tree in which every leaf node labelled with the hash of a data block, and the
non-leaf node labelled with the cryptographic hash of the labels of its child nodes. The leaf nodes
are the lowest node in the tree.

Merkle trees are created by repeatedly calculating hashing

pairs of nodes until there is only one hash left. This hash is
called the Merkle Root, or the Root Hash. The Merkle Trees
are constructed in a bottom-up approach. Every leaf node is a
hash of transactional data, and the non-leaf node is a hash of
its previous hashes. Merkle trees are in a binary tree, so it
requires an even number of leaf nodes. If there is an odd
number of transactions, the last hash will be duplicated once
to create an even number of leaf nodes.

In above example, there are four transactions in a block: TX1, TX2, TX3, and TX4. Here you can see,
there is a top hash which is the hash of the entire tree, known as the Root Hash, or the Merkle
Root.

Merkle Root is stored in the block header.

Features:
1. Tamper Evident
Like blockchain, hash pointers ensure data integrity by storing the hash of the data they point to.
By storing the hash pointer at the root (top-level node), you can traverse down to any leaf data
block to verify if the data is in the tree or if it has been tampered with.

2. Traversal Efficiency
Hash pointers enhance the efficiency of verifying data within the structure.
To verify a data block, you only need to traverse the path from the top to the leaf where the data
is located. This results in a complexity of O(logn), which is much more efficient compared to the
O(n) complexity of a linked list blockchain.

3. Non-membership Proof
In a sorted Merkle tree, hash pointers can prove the absence of a specific data item. If the data
before and after the given data are both in the tree and are consecutive (with no space between
them), it proves that the given data is not in the tree.

➢ Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
digital document, message or software. A digital signature is intended to solve the problem of
tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions or digital messages. Signers can also use them to acknowledge informed consent.
Each person adopting this scheme has a public-private key pair. Generally, the key pairs used for
encryption/decryption and signing/verifying are different. The private key used for signing is
referred to as the signature key and the public key as the verification key.
The steps followed in creating digital signature are:
1. Message digest is computed by applying one way hash function on the message and then
message digest is encrypted using private key of sender to form the digital signature. This
encrypted hash along with other information like the hashing algorithm is the digital signature.
(digital signature = encryption (private key of sender, message digest) and message digest =
message digest algorithm(message)).

2. Digital signature is then transmitted with the message.

The reason for encrypting the hash instead of the entire message or document is that a hash
function converts any arbitrary input into a much shorter fixed-length value. This saves time as
now instead of signing a long message a shorter hash value has to be signed and moreover
hashing is much faster than signing.

3. Receiver decrypts the digital

signature using the public key of
sender. (This assures authenticity, as
only sender has his private key so
only sender can encrypt using his
private key which can thus be
decrypted by sender’s public key).
4. The receiver now has the message
digest.
5. The receiver can compute the message digest from the message (actual message which is sent
with the digital signature).
6. The message digest(hash) computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.

Properties of Digital Signature:

The digital signature must have the following properties:
- Authenticity: a valid signature implies that the signer deliberately signed the associated
message.
- Unforgeability: only the signer can give a valid signature for the associated message.
- Non-re-usability: the signature of a document cannot be used on another document.
- Non-repudiation: the signer cannot deny having signed a document that has valid signature.
 - Integrity: ensure the contents have not been modified.

➢ Public key cryptography

PKC stands for Public Key Cryptography. It is also known as asymmetric cryptography. It is an
encryption technique or a framework that uses a pair of keys (public and private key) for secure
data communication. These keys are related, but not identical keys. Each key performs a unique
function, i.e., the public key is used to encrypt, and the private key is used to decrypt. The sender
uses the recipient's public key to encrypt a message, and the recipient uses the private key to
decrypt this message. The use of two keys enables PKC to solve challenges faced in other
cryptographic techniques.

PKC is different from the symmetric key algorithm, which uses only one key to both encrypt and
decrypt. The two types of PKC algorithms are RSA (Rivest, Shamir, and Adelman) and Digital
Signature Algorithm (DSA). PKC encryption evolved to meet the growing need for secure
communication in multiple sectors such as the military, government offices, etc. This type of
cryptography has become an important element of modern computer security and a critical
component of the cryptocurrency system.

How Does PKC Work?

The public key is used by the sender to encrypt information, whereas the private key is used by a
recipient to decrypt it. The public key can be shared without compromising the security of the
private one. All asymmetric key pairs are unique, so a message encrypted with a public key can
only be read by the person who has the corresponding private key. The keys of a pair are
mathematically related, and their length is much longer than those used in symmetric
cryptography. So, it is not easy to decipher the private key from its pubic counterpart. RSA is one
of the most common algorithms for asymmetric encryption in use today.

Benefits of PKC:
- One key cannot be derived from another key, and there is no need to exchange the keys
- It allows to establish authentication of the sender by using PKC (digital signature)
- It can be used to create a digital signature in the Operating System software such as Ubuntu,
Red Hat Linux packages distribution, etc.
Applications of Public Key Cryptography:
- Emails can be encrypted using public-key cryptography to keep their content confidential
- Secure socket layer (SSL) protocol also uses asymmetric cryptography to make secure
connections to websites
- It is also used in blockchain and cryptography technology. For example, while setting up a new
cryptocurrency wallet, a pair of keys is generated.