How blockchain security works.
Securing blockchain with hashes
A cryptography hash is a string of data that a cryptography algorithm generates for a set of data. When you have the original set, you can always generate the hash, but it does not work the other way around: if all you have is a hash, you can’t generate the data that the hash corresponds to. This makes hashes extremely useful in data verification. If you send someone a large set of sensitive data and want to make sure that they have received the data, all you have to do is have the recipient send you the hash for the data. What’s even better, the recipient doesn’t even have to send the hash via a secure channel because there is no way to recreate the data if all that is known about the data is the hash. Another important property of hashes is that a hash is typically much shorter than the corresponding set of data.
Here are some practical examples that explain how this works. The Bitcoin blockchain uses cryptography algorithm called SHA-256. SHA-256 was originally created by the National Security Agency. Every block of the Bitcoin blockchain has a hash that corresponds to the data about the transactions that the block contains. For instance, block #526990 of the Bitcoin blockchain contains information about 1538 transactions, including time stamps, amounts and addresses, yet the hash for all this data is 0000000000000000001fcf2592d3c22bac87be6898eca9c725abeb5dc1139a1b. You can see the information about all the transactions on the page of the block on the Bitcoin blockchain explorer at https://blockchain.info/block/0000000000000000001fcf2592d3c22bac87be6898eca9c725abeb5dc1139a1b and you can even generate the hash using the data, but if all you knew was 0000000000000000001fcf2592d3c22bac87be6898eca9c725abeb5dc1139a1b, there would be no way for you to come up with all the data about all 1538 transactions.
The necessity of having the parameter of difficulty on the blockchain networks
While cryptography hashes are a great way to verify the data, cryptography existed long before blockchain and generation of a hash for a set of data, no matter how large, is a very simple task for most modern computers, including home desktops and laptops.
The ingenuity of Bitcoin and blockchain is using cryptography in combination with the parameter of difficulty. In practice, difficulty means that a hash that seals a block needs to correspond to certain conditions. On the Bitcoin network, this condition translates into a number of zeros that a hash begins this. This is why if you pay attention to hashes on the Bitcoin network, you will see that most of them begin with a large number of zeros. For example, the hash for the block #526992 is 00000000000000000029d06234c65c3184177d5b8a621a2c4da5b08fd810466, the hash for the block #526989 is 0000000000000000003758c9ea039b1c7b828286017ba36469695f40fd4301dc and the hash for the block #444678 is 00000000000000000156e048637ef1e738f9aed433220f96e6a241d88adb15e5.
A set of data can only have one and only one hash in a cryptography algorithm and the hash is always going to be the same in the same algorithm. For this reason, miners on the Bitcoin blockchain add a random number to the data about transactions and then generate a hash. After this, they check if the resulting hash corresponds to the difficulty requirement. If it does, then the miner gets the right to mine a block on the blockchain, the block becomes a part of the blockchain and the miner gets a reward from the network for creating a block. The number is called nonce and once a miner comes up with a winning nonce, this nonce becomes a part of the winning block and becomes a part of the blockchain together with the data about transactions.
Practically speaking, this means several things. First, in essence, when sealing blocks miners are playing a lottery trying to guess a winning nonce. Second, when a difficulty on the network is high, guessing a winning nonce is not easy and requires powerful hardware and a lot of electricity. Third, this means that miners are exchanging real world resources (hardware and electricity) for rewards on a digital network. Finally, a process like this makes a blockchain network extremely secure because if someone were to change even just several digits in the information about one transaction, the hash for the block would be different and the existing nonce for the block would not be useful in meeting the difficulty requirement. A block’s hash is not just a part of the block. It also becomes a part of the next block and a block with modified data would simply not fit into the existing blockchain.
To make the block fit, the attackers would need to modify the blockchain from the block on, including all the hashes, which means that attackers will need to have more mining power than the network. On a popular network such as Bitcoin, this is very improbable, which is what makes the network so secure.