Blockchain Primitives

First Primitives

Blockchains:

  • purpose of blockchain:

    • the purpose of blockchain is to have a network of computers agree on common state of data.
    • consensus is a term used to mean a network coming into anagreement on state of data
    • using blockchain we can decentralize where the code runs and agree on the output
    • there is no single owner of code’s execution. this doesnt mean some users don’t have higher permission over the code, i.e if you’re the program’s developer you can change the code. But, what we’re trying to convey here is once the program is deployed it is going to run as programed. and that’s never gonna change. (code runs as programed)
    • code is transparently verifiable.
    • blockchains are going to give us the garntee that the code we deployed is going to run the same as yesterday, today, and decades latter.

Code decentralization

  • decentralization looks like this: you have many machines in a network, that are participating in a network. and we take the code and deploy it out to network each machine is going have a copy of that code. And when the machines are called up on to validate or to run a transaction, they going to run it exactly the way it is going to run. And the Blockchain is going to enforce that each machine is going to run the code exactly the way it was written.

  • code decentralization

Blockchain Network

  • Blockchain is a protocol connecting all the machines or node
  • each machine or node will run the code as written.
  • the blockchain enforces these rules(i.e all machines running the code as is) and because the blockchain is enforcing these rules it is called smart contracts

Common usecases of blockchain

  • ex: in cryptocurrency: we have 3 people and they want send each other some money. So, how would they trust each other they’re not fooling any one? trust? Bitcoin first came up with foolproof system allows people exchange value using pear to pear network.

  • blockchain is created to solve trust

Smart contract blockchains

  • smart contract blockchains provide developers a way to decentralize where the code runs

  • one important thing to drill home is - decentralization isn't about the code itself but how the code is executed

Bitcoin

  • bitcoin is the first successfull blockchain.
  • it is not the first interms of being there, there were many researches and attempts before bitcoin.
  • bitcoin is the first to put all of these cryptographic primitives together in such a way to actually create a blockchain could continue to work and function.
  • and many components were already discovered, and it was bitcoin first to assemble those components to get a functioning blockchain.

Components of decenteralization

  • taking these components together and supplying them with a network of machines is what is going to make decentralization emerge.
  1. Security - proof of work (bitcoin)
  2. Financial Incentives: mining rewards(bitcoin)
  3. Authentication: public key cryptography(i think this common among other networks)
  4. Chronology: Linked data structure(i think is common as well)
  5. Permissionless: peer to pear network (common among others as well)

All of these 5 components work together to emerge a decentralization.

Crypto

  • Long before cryptocurrency there was crypto
  • today u may hear crypto being used to refer a crytocurrency. but crypto is sth that was researched long before cryptocurrency.
  • These crytopgraphic primitives like :
    • Crytopgraphic Hashes and
    • Public Key crytography were discovered in the 1970s

Cryptographic Hashes

  • before that let’s see what hash function is.
Hash function

  • is like give me some input, big or small and I will give you a fixed size output. The size of output depends on the type of hash algorithm.

  • input can be any type of data: number, string,image , video

  • cool image explaining these

  • the hash algorithm we’re going to focus for now is SHA256

  • SHA256 is a cryptographic hash function. and it provides 256 bit output.

  • a crytopgraphic hash function is a function that demonestrates these properties:

    • deterministic
    • pseudorandom
    • one-way
    • fast to compute
    • collision resistant

  1. Deterministic:

    • i.e the same input to cryptographic hash function is going to result the same output.
    • imagine we can put any data we want.
    • so, the output of a cryptographic hash function is going to be the representative of the data we input i.e this is really big because we now can put something really really big and represent it with smaller data. AWESOME!

  2. Pseudorandom:

    • unpredictable! you have no clue! You cannot get it by putting similar inputs.

  3. One-way:

    • given an output I cannot predict what the input was.
    • the only way you could do it by repeatedly guessing. SHA256 has a 256 bit result and i can say our not gonna ever get it my boi.

  4. Fast-to-Compute:

    • should be fast to compute on a modern computer

  5. Collision Resistant:

    • having 2 inputs they SHOULD NOT create the same output.
    • but the chances of these 2 input creating the same output is possible, but the chances are soooo small because of huge address base 2**256 (we can neglect the possibility)
2 important usecases of Hash functions
  1. commitments:
    • we use hash function for its commitment property in protocol design and smart contract design.
    • for ex: we can pass an image monalisa to hash function and we can commit to that output data as monalisa.
  2. proof of work
    • absolutely insturmental for proof of work mechanism!

exercise: Burteforce Hashing

  • you bruteforce to guess the input from the a given output. Or you can use a Rainbow table to determine the input form the output.

  • What’s Rainbow table?

    • rainbow table is precomputed table that contains a large number of possible passwords and their corresponding hash values. It is used to quickly reverse engineer a hashed password by looking up its corresponding original password in the table.

  • For security purposes it is important to use random salt which you can add to your input to make it unguessable using the methods above.

  • How does using a random salt lower chance of password being guessed using rainbow table?

    • So, using random salt means adding a unique string to the password before hashing process. So, say 2 users have the same password, (ex: “password”), so, when using salt you add a unique text. maybe for the first user
      it was like passwordLdks23&32 and for second user it is like passwordEI#)@ , then we start the hashing process after adding a random salt. Resulting a different hash value for the same password. This gonna make using RainbowTable super ineffective, time-consuming, much more challenging for guessing or revers engineer.

  • What does reverse engineering mean?

    • is process of studying and analyzing a product, system or technology in order to understand how it works or was designed. often used to gain insights into existing technology, replicate or modify it, or identify potential vulnerability or weakness.

TASK 1: Find Favorite Color

Brute Force Hashing

Cryptographic Hash Functions like SHA256 are one-way functions. This means that if you have the input, it’s relatively trivial to find the output. On the other hand, if you have the output, it is infeasible to find the input.

However, if you knew the hashes of some common inputs, then you could brute-force guess at the output or create a Rainbow Table to determine what that input is.

It’s easy to find that the SHA256 hash of “apples” is 0xf5903f…0f74d9. If this was a likely input, a hacker could search for it specifically and know that the input was “apples”! 😱

⚠️ For security purposes, it’s important to remember to use a random salt which you can add to your input to make it unguessable via the methods mentioned above!

🏁 Your Goal: Find the Color
Given a SHA256 hash, find the color input that would generate that hash. You can assume that all the hashes be generated only from colors provided in the COLORS array.

To take the hash of a color, first use utf8ToBytes to translate the string to bytes. Then, use sha256 to hash it.
When you want to compare two hashes, first use toHex to turn each hash from a Uint8Array to a string of hexadecimal characters.
So comparing two hashes would look like this:

1
2
3
4
5
6
7
8
9
10
11
const a = 'apple';
const b = 'banana';

const aBytes = utf8ToBytes(a);
const bBytes = utf8ToBytes(b);

const aHash = sha256(aBytes);
const bHash = sha256(bBytes);

console.log(toHex(aHash) === toHex(aHash)); // true
console.log(toHex(aHash) === toHex(bHash)); // false

Wondering what utf8 stands for? The UTF-8 standard translates all the possible keyboard characters you can think of into bytes. This is an agreed upon standard to ensure we all get the same bit values representing the letters and words we see on the screen. Learn more about utf8 here.

Details:

Rainbow Table
A rainbow table is simply a table which maps common inputs to their hash output. For instance, we could map common passwords to their SHA256 hashes:

COMMON PASSWORDS SHA256 HASH
password 0x5e8848…1542d8
qwerty 0x65e84b…2337c5
111111 0xbcb15f…09802a
12345678 0xef797c…98a64f
abc123 0x6ca13d…118090

Even though the password should be unguessable, given a hash output, these common passwords make it easy to create a rainbow table to find what the plaintext input would be.

⚠️ If a company were to lose their database of passwords (which happens way too often) and they do not protect their password hashes with a salt, it may be relatively easy for a hacker to use a rainbow table to find which passwords you use. From there, they can try those passwords on other services.

My solution:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
const { sha256 } = require('ethereum-cryptography/sha256');
const { toHex, utf8ToBytes } = require('ethereum-cryptography/utils');

// the possible colors that the hash could represent
const COLORS = ['red', 'green', 'blue', 'yellow', 'pink', 'orange'];

// given a hash, return the color that created the hash
function findColor(hash) {
    let c = '';
    COLORS.forEach((color) => {
        if (toHex(sha256(utf8ToBytes(color))) === toHex(hash)) {
            console.log(color, 'foun it');
            c = color;
            return;
        }
    });
    return c;
}

module.exports = findColor;

Test to run against:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
const { assert } = require('chai');
const findColor = require('../index');
const { sha256 } = require('ethereum-cryptography/sha256');
const { utf8ToBytes } = require('ethereum-cryptography/utils');

const COLORS = ['red', 'green', 'blue', 'yellow', 'pink', 'orange'];

describe('findColor', () => {
    COLORS.forEach((color) => {
        it(`should work for ${color}`, () => {
            assert.equal(findColor(sha256(utf8ToBytes(color))), color);
        });
    });
});