Monday, May 30, 2022

Hash Length of SHA 265

It is important to note that any hash algorithm always returns a hash of fixed length. 
SHA256 returns a hash value that is 256 bits - i.e. 32 bytes. 

These 32 bytes are typically represented as a hexademical string of 64 bytes. 
Hence to store a SHA256 hash, we just need 64 bytes (in database terms - varchar(64)).

Sunday, May 29, 2022

Does Bitcoin encrypt transactions?

 *It is important to note that the core bitcoin network/ledger does not use any encryption. It is all hashing as explained here - https://www.narendranaidu.com/2022/05/ruminating-on-proof-of-work.html 

But each and every transaction is digitally signed by a user (or wallet). 
Hence a bitcoin network uses digital signatures and as we know a digital signature is nothing but an encrypted hash of the data. 

You can digitally sign any data in the following way (creating an encrypted hash of the data)
  • Hash the data using SHA-256.
  • Encrypt the generated hash using your private key. 
  • Package this encrypted hash and your public key together. 
The public key is part of the digital signature, whereas the private key is securely stored in a digital wallet (never to be shared with anyone). 

In the bitcoin network, this digital signature is created using the Elliptic Curve Digital Signature Algorithm (ECDS). ECC encryption is not used! - Many folks get confused by this :)

Ruminating on Elliptic Curve Cryptography

When it comes to symmetric encryption, the most common standards are Data Encryption Standards (DES) and Advanced Encryption Standards (AES).

When it comes to asymmetric encryption (public key cryptography), the dominant standard is  RSA (Rivest-Shamir-Adleman). Almost all the digital certificates (HTTPS/SSL) issued used RSA as the encryption standard and SHA256 as the hashing algorithm. 

Given below is a screenshot of a digital certificate of a random HTTPs site. You can see the encryption algorithm and Hash function mentioned in the certificate. 


There is another asymmetric encryption standard called as ECC (Elliptic Curve Cryptography) that is very popular in the crypto world. 

ECC has the following advantages when compared to RSA:

  • It can run on low end devices (low CPU and memory).
  • It is faster - for both encryption/decryption.
  • Smaller key size - 256-bit elliptic curve private key is just as secure as a 3072-bit RSA private key. Smaller keys are easier to manage and work with.
While certificate issuers have started providing ECC standard based digital certificates, it is important to note that not all browsers (mobile, desktop) still support it. Also a lot of legacy apps may not have support for ECC standard and these have to be refactored for SSL to work again. 

Ruminating on Proof of Work

While I understood how bitcoin mining worked, there were still a few strings loose in my mind on why exactly was the 'Proof-of-Work' algorithm created that way? (i.e. finding a nonce that results in a hash lower than the target value)

The following video from Khan Academy gives an excellent understanding of PoW is very simple terms - https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/bitcoin/v/bitcoin-proof-of-work

Also the following snippets from Investopedia: https://www.investopedia.com/terms/n/nonce.asp would give a better idea on the challenge (finding the right nonce) that all bitcoin miners are trying to solve. 

"A nonce is an abbreviation for "number only used once," which, in the context of cryptocurrency mining, is a number added to a hashed—or encrypted—block in a blockchain that, when rehashed, meets the difficulty level restrictions. The nonce is the number that blockchain miners are solving forWhen the solution is found, the blockchain miners are offered cryptocurrency in exchange.

A target hash is a numeric value that a hashed block header (which is used to identify individual blocks in a blockchain) must be less than or equal to in order for a new block to be awarded to a miner.
The Bitcoin network adjusts the difficulty of mining by raising or lowering the target hash in order to preserve an average 10-minute interval between new blocks.

The block header contains the block version number, a timestamp, the hash used in the previous block, the hash of the Merkle Root, the nonce, and the target hash. The block is generated by taking the hash of the block contents, adding a random string of numbers (the nonce), and hashing the block again.

Determining which string to use as the nonce requires a significant amount of trial-and-error, as it is a random string. A miner must guess a nonce, append it to the hash of the current header, rehash the value, and compare this to the target hash. If the resulting hash value meets the requirements (golden nonce), the miner has created a solution and is awarded the block.

It is highly unlikely that a miner will successfully guess the nonce on the first try, meaning that the miner may potentially test a large number of nonce options before getting it right. The greater the difficulty—a measure of how hard it is to create a hash that is less than the target—the longer it is likely to take to generate a solution."

Ultimately it is all about guessing a nonce and calculating the hash and comparing it. Hence the capacity of a bitcoin mining farm is calculated in terms of hash rate - i.e. number of hashes that can be computed per second. The term 'Bitcoin mining' is actually misleading as what the miners are actually doing is finding a hash that satisfies the challenge and this also validates the transactions in the block (and the block gets added to the chain). 
But as many miners jump on the bandwagon, there is lot of wastage of compute cycles and this is a controversial topic for many people.  

Numeric value of a hash

In the bitcoin network, miners have to compare the hash value during the 'Proof-of-Work' process.

The target hash value is stored in the header and is expressed as a 67-digit number. Miners must find a new hash of the transaction block  that is below the given target. 

To solve the hash puzzle, miners will try to calculate the hash of a block by adding a nonce to the block header repeatedly until the hash value yielded is less than the target.

But how is the value of the hash calculated? In the bitcoin network, the value of a hash is calculated as follows:

  • Hashes are typically represented as a hexadecimal string. Convert the hexadecimal value to decimal value. 
  • Get the base-2 log of the decimal value. 
This is the value that is compared against the target in the block header. 

Thursday, May 26, 2022

Ruminating on dedicated instance vs. dedicated host

 Many folks get confused between the AWS terminology of 'Dedicated Instance' vs 'Dedicated Host'.

A simple way to understand the difference is to remember that a "host" is a physical machine that can host many virtual machine instances. 

Hence a "dedicated host" is a physical machine that is dedicated to your organization. On this physical machine (host), you can install many VMs/containers. So you control what VMs (instances) are going to run on that host. 

So what is a dedicated instance then? A dedicated instance is a virtual machine that runs on hardware that is not shared with other accounts. Dedicated instances are physically isolated at the host hardware level from instances that belong to other AWS accounts. Hence you can only be certain that the underlying hardware that is hosting your VM is not shared with someone else. But you have no fine-grained control over which VM would be launched on which host, etc. 

Tuesday, May 17, 2022

Cloud Native Banking Platform - Temenos

Temenos is the world's number one core banking platform. It is built entirely on the AWS cloud and uses all managed services. 

I was stuck with the simplicity of the overall architecture on AWS and how it enabled elastic scalability to scale-out for peak loads and also scale-back for reducing operational costs. 

Another interesting aspect was the simple implementation of the CQRS pattern to offload queries (read-only API requests) to DynamoDB. The pipeline was built using Kinesis and Lambda. 

An excellent short video on the AWS architecture of the Temenos platform is here: https://youtu.be/mtZvA7ARepM