November 6, 2015 By Larry Loeb 2 min read

Bitcoin and other cryptocurrencies have been a hot topic ever since the seminal white paper “Bitcoin: A Peer-to-Peer Electronic Cash System” was written by someone (or a group of someones) using the pseudonym Satoshi Nakamoto.

Cryptocurrency is built on methods for blockchains used on a peer-to-peer network of independent nodes. Nakamoto (or whoever) figured out that to decentralize a currency, one had to overcome the double spending case where a coin is used twice. This was accomplished by time stamping all digitally signed transaction records and taking their hash in a specific way.

The Basic Method of Blockchains

The method seems complex on first viewing, but it’s actually recursive and simple. As Nakamoto put it, “The network time stamps transactions by hashing them into an ongoing chain of hash-based proof of work, forming a record that cannot be changed without redoing the proof of work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers.”

Proof of Work

OK, what exactly is this proof of work? First introduced in Adam Beck’s Hashcash system in 2002, proof of work is the idea tjat each node in the network has to show it has done some computational work on each block it creates before that block can be added to the chain. The specific method of this involves scanning for a value that, when hashed with a hash generator like SHA-256, will begin with a number of zero bits.

The average work required for the number of zero bits is exponential and can be verified by executing only a single hash. This means that as blocks are added to the chain, the work to change a past block would include redoing the computational work in all the blocks that follow it.

A node shows that it worked to create a block by creating a hash of its block header. This hash does not exceed a certain value.

How Do We Establish if a Node Is Honest?

Honest nodes don’t have to do the computational work needed to change the blocks in a blockchain. That means that they will be able to create longer blockchains than dishonest ones in the same length of time. As the blockchain gets longer, the probability of a slower attacker catching up to it grows exponentially.

New blocks will only be added to the blockchain if their hash is at least as challenging as a difficulty value expected by the network’s consensus protocol. The difficulty is established by checking the difference in the time stamps (and hence how long it took to generate the last blocks in the chain) every 2,016 blocks.

The amount of computational power needed to create multiple hashes on blocks both identifies good players and bad ones in a blockchain net. Good ones get their chains longer, faster — and all of this work helps blockchains secure themselves from malicious actors.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today