Does blockchain technology support more secure communication than the internet?
We’ve all heard about the blockchain by now, whether through an eager Gen Zer, the news, or even a financial advisor bullish on crypto. The blockchain is advertised as a new technology that supports distributed communications, answering to no single company yet providing a single source of truth.
What is all the hype around this technology? Is it the newest internet, or just a fad? We’ll look at the blockchain from a security perspective and compare it to the internet below. But before we discuss the features blockchain provides and robustness of its security compared to the internet, what is the blockchain?
What is the blockchain?
The blockchain is a distributed digital ledger. Let’s break that down. We say the blockchain is distributed because there is not a single computer or organization that controls it. Instead, the blockchain can be downloaded and ran on any computer with sufficient resources.
For every digital transaction, when there is enough consensus from miners that validate it, the transaction is added to a block. This block is in turn added to the chain. And the longest chain is the true blockchain. This distributed system provides security so long as the majority of computers running the blockchain are not adversaries. Given this, valid transactions will be added to the true chain, and the true chain will remain the longest.
The blockchain is essentially one large distributed system determining which transactions are valid so there is a single source of truth. Current day systems rely on a trusted source of authority to determine the truth, while the blockchain aims to eliminate the reliance on one system or group.
To make this clearer, we can look at an everyday example. When buying a coffee with a credit card, visa or mastercard along with your card issuer must approve of the transaction. However if you were to use bitcoin or another cryptocurrency on the blockchain, this middle man is eliminated. Instead miners running the blockchain reach consensus to validate the transaction.
The distributed system reaches consensus in determining the truth rather than relying on a single company. This goal of shifting away from single points of failure in systems aligns with cultural shifts and modern technical standards.
How does the blockchain support communication between two parties?
Similar to public key cryptography, the blockchain uses public and private keys when communicating between two parties. These keys are held in a user’s wallet. When you create a blockchain wallet, it will already contain these keys for you to use in all future blockchain transactions.
The private key is used to sign a transaction, proving your identity. To verify use of the private key, miners use the users public key. These keys have a unique relationship so that the signature can be verified to be yours with your public key. The public key can also be used by other wallets to send money or execute transactions to you.
If you want to complete a transaction to your friend via the blockchain, you use their public key to determine the address to make the transaction to, and sign the transaction with your private key. Then miners validate the transaction with your public key, reach consensus that it is a valid transaction, and add it to a block. Making a transaction to a specific address is simple enough, but signing it is a bit more complicated. To securely sign the transaction, the elliptic curve digital signature algorithm is used.
The elliptic curve digital signature algorithm (ECDSA) is used to sign transactions, so a wallet can prove authentication and integrity when executing a transaction. The scheme relies on the fact that the sender must have known the private key to send the transaction. The recipient and any other blockchain user can verify message integrity and authentication with the senders public key.
The strategy of keeping transactions public while using ECDSA to sign them enables the distributed source of truth that is the blockchain. By transaction information being public and users public keys being known, anyone can efficiently confirm a transaction was executed by a particular user.
What features does blockchain communication provide?
In a previous post we discussed how there are three main features necessary for online communications to provide us with the trust and privacy society needs. These three features include confidentiality, authentication and integrity. Blockchain gives us authentication and integrity, but sacrifices confidentiality to support the distributed blockchain architecture.
On the blockchain transactions are public so that anyone can validate it with the signature and users public key. This visibility supports the distributed system architecture of the blockchain. This allows us to efficiently confirm the sender is who they say they are - providing authentication. It also ensures the message contents are not altered - providing integrity.
The drawback here is not having message confidentiality. Everyone can read what is on the blockchain. However given the intended distributed use of blockchain, having blockchain transactions be public is itself a feature. Rather than all messages or transactions being confidential between the parties involved, there is one source of truth with all information publicly available.
What cryptographic protocols does blockchain rely on and how does it compare to those used by the internet?
The blockchain uses the elliptic curve digital signature algorithm (ECDSA) and relies on the difficulty of the elliptic curve discrete log p
roblem. ECDSA uses a finite prime field and the dot product to sign transactions, proving communication integrity and authentication.
While the blockchain uses ECDSA, the internet uses an array of protocols. Public-key cryptography was a commonly used protocol by the internet, especially for HTTPS. In comparison, the elliptic-curve discrete log problem is significantly harder to solve than the large integer factorization problem public key cryptography relies on. There are known shortcuts for large integer factorization, such as the Quadratic Sieve and the General Number Field Sieve algorithms. However there are no known shortcuts for solving the elliptic-curve discrete log problem.
To quantify this difference in difficulty, it is equally as hard to solve a system using public key cryptography with a 2380 bit key as it is to solve a system using ECDSA with a 228 bit key. Although the elliptic-curve discrete log problem can be solved, the difficulty to solve this problem is more complex than the large integer factorization used in public key cryptography.
ECDSA is harder to break than public key cryptography. However the internet is catching up and has replaced public key cryptography with ECDSA for many applications. Therefore if you are using an up to date browser, the integrity and authentication of your message is just as secure on the internet compared to the blockchain.
Is the blockchain more secure than the internet?
We cannot answer this question with a simple yes or no. When looking at security, we can evaluate the security of the transaction, as well as the security of the system as a whole.
Above we compared the protocols used by the blockchain and internet to secure transactions. Modern systems are using ECDSA, making the technologies comparable in this area. Although the blockchain does not provide confidentiality, it provides integrity and authentication just as securely as the internet.
Next we look as the security of the system as a whole. Earlier we mentioned the blockchain is distributed, and aims to remove a single point of failure. To the contrary, internet communications rely on certificate authorities, and other essential parties. This dependence makes the technology more susceptible to single points of failure. The blockchains distributed architecture makes it more robust in comparison to systems that rely on a single company or group.
Conclusion
The blockchain supports communication that allows us to verify the integrity of a transaction and authenticate it was indeed executed by the claimed sender. But does it achieve integrity and authentication in a more secure way than the internet? Yes and no.
ECDSA, the protocol used by the blockchain, is more secure than public key cryptography. However the internet is catching up, and many systems are upgrading from using public key cryptographic protocols such as RSA to ECDSA. The blockchain is using a more up to date cryptographic protocol, but the internet has the same opportunity to improve security and adopt ECDSA.
Many argue the blockchain adds security by removing a central point of failure. The distributed system the blockchain provides reduces risk of a particular party controlling and manipulating communications.
Overall, the blockchain introduces a distributed information structure that provides an added level of security. By relying on all blockchain users, rather than being dependent on a single party, the blockchain aims to provide a more secure source of truth. Although the communications themselves are equally secure, the blockchain aims to remove trust and dependence on large parties involved.
For more readings on the security of the blockchain and resources that may help in determining if this technology is here to stay, check out the additional readings below.