Blockchain technology is an important concept for investigators to understand as it is the “information highway,” if you will, for cryptocurrencies. Bitcoin, and other altcoin alternatives, would not be possible without the blockchain. Not understanding the blockchain concept will make the investigator appear inept and unprepared and possibly jeopardize any evidence presented during a trial that the investigator may be asked to testify about.
Understanding the blockchain can also assist analysts in understanding how criminals use blockchain technology to leverage illegal purchases, commit money laundering, or carrying out any number of other illegal and fraudulent activities. Obviously, understanding the underlying technology behind blockchain will allow you to conceptualize other fraudulent activity possibilities and stay ahead of the criminals.
On its most basic level, the blockchain can be understood as a new kind of database, at least this was its original design, but what’s different about this database is that while its distributed digital databases have been around for a while now, recently they’ve been designed to centralize information on one computer or within one organization.
The blockchain, though, uses a distributed network of computers to maintain a shared database. The blockchain is then a set of protocols and encryption methods that enable a network of computers to record data within a shared open database securely. This database consists of a series of encrypted blocks that contain the data. The blockchain is a continuously growing list of these data blocks linked and secured using cryptography. This makes it a trusted database, with this trust being maintained by open, secure computer code and encryption instead of any single institution. The database stores information in blocks linked together through hash values, with entries to this database being made by computers with a database copy. All must come to a consensus about its state before they can update it. So, these are three central concepts to understanding the system’s workings, blocks, hashing, mining, proof of work distributed consensus. We will go over each of these in-depth.
A blockchain may be considered a series of blocks of securely chained data in terms of its structure. New blocks are formed as participants create new data or wish to update existing data. These blocks are encrypted and given a hash value representing a unique identifier of the data within that block. This hashing works by running a standard algorithm over the block’s data to compress it into a hash code unique to that document. No matter how large the file or information is contained, it is compressed into a 64-character secure hash. This hash value can be recalculated from the underlining file, confirming that the original contents have not changed, but the reverse is impossible. Given just the hash value, you cannot recreate the block’s data contained within it, as it is encrypted. All blocks of data formed after the first block are securely chained to the previous one. This means that the hash value of the next block in the chain is dependent upon the previous one. Thus, once recorded, the data in any given block cannot be altered afterward without altering all subsequent blocks and the hash pointer linking to the previous block. Each block typically contains a timestamp as well so that we know what happened and when it happened. This hashing and linking of blocks make them inherently resistant to modification, making them immutable records. You can only write data to the database, and once it’s there, it’s very hard to change, almost impossible; thus, data is stored on the blockchain is generally considered incorruptible.
Blockchain security methods include the use of what we call public-key cryptography. A public key, a long random-looking string of numbers, is an address on the blockchain. Value tokens sent across the network are recorded as belonging to that address. A private key is like a password that gives its owner access to their digital assets or the means to otherwise interact with the corresponding data. A public key is associated with the private key so that anyone can make an encrypted transaction to the public key address. Still, that encrypted message can only be deciphered with the private key that corresponds to that public key. As such, effective security only requires keeping the private key private. The public key can be openly distributed without compromising security. For example, to receive funds from another person on the Bitcoin blockchain, you use a software called a wallet, which creates a public key that you give to someone else for them to send bitcoins to that address. With your corresponding private key, you can then access that address with those bitcoins on it.
The blockchain is a distributed system; this means there is no centralized organization to maintain and verify the entries on the database. The database is instead maintained by many computers, called nodes, that are incentivized to provide computing resources by earning some form of tokens in exchange. But, these computer nodes in the network themselves cannot be trusted individually; therefore, it is required that the system provide a mechanism for creating consensus between scattered or distributed parties. These parties do not need to trust each other but need to trust the mechanism in which they obtained their consensus. Any computer connected to the blockchain network and using a client can validate and relay transactions. Each of these so-called “miner” computers gets a copy of the blockchain, which gets downloaded automatically upon joining the network. When new entries into the database are made, these changes are automatically broadcast across the network.
Mining nodes validate transactions, add them to the block they are building, and then broadcast the state of the complete block to other nodes on the network. To randomize blocks across the nodes and avoid certain service abuses, blockchains use various time stamping schemas such as proof of work. Proof of work describes a system that requires a certain amount of resources or effort to complete an activity. Typically, this resource is computing time. In the case of the Bitcoin blockchain, this is realized on some form of the challenge so that no one actor on the network can solve the challenge consistently more than everyone else on the network. Miners compete to add the next block in the chain by racing to solve a very difficult cryptographic puzzle. The first to solve the puzzle wins the lottery. As a reward for their efforts, the miner receives small amounts of newly minted bitcoins and a small transaction fee.
A consensus algorithm, like bitcoins proof-of-work, functions to ensure that the next block in the blockchain is the only version of the truth, and it keeps powerful adversaries from de-rating the system. Blockchains are trying to create a secure, trusted shared database through encryption and hashing, proof of work, and network consensus. The hashing and linking of blocks make it difficult to go back and change a previous block once it’s entered but, this alone would not be enough to ensure that the data is truly tamper-proof. So then, the proof of work system intentionally makes it computationally more difficult to alter the database, making it extremely difficult to alter all the blocks. Additionally, it puts a distributed consensus mechanism into place so that even if someone did manage to do this, their record would not match that of others and would not be accepted as a valid record. So, to successfully tamper with the blockchain, you would need to alter all the blocks on the chain, then redo the proof of work for each block and take control of more than 50% of the peer-to-peer network. Only then would your altered block become accepted by everyone else. On a blockchain of almost any size, this would be almost impossible to do. The Bitcoin blockchain is very good proof of this, given that it now secures hundreds of billions of dollars using this method without the network having yet to be compromised. At the end of the day, this technology enables a database that is secured with automatic trusts that are enabled by open-source code and encryption. The data is tamper-proof. Once information is put into the database, it cannot be altered afterward. It is a shared database, and many people across a network have a copy, which is continuously being updated so that all have a single source of truth. Likewise, it is transparent, meaning everyone can see all the transactions and alterations made to the database if needed. Data quality and the network’s resilience are maintained by massive database replication across many different nodes on the network. No centralized official copy exists, and no user is trusted more than any other. Having started life as simply a mechanism to enable Bitcoin, it has become increasingly recognized that the system is secure enough to work as a ledger to record and exchange any value for what we now call a distributed ledger.
The following modules will explain the concept and key components of blockchain technology and its use as a distributed ledger.