In my previous article, I explained the mechanics of the Blockchain and how blocks are linked into an immutable chain with clever crypto functions. These blocks contain many transactions which are supposed to be anonymous. But what do you need to do to prove these transactions are yours without revealing your identity?
A very relevant question as the technology for this in a typical blockchain is quite different from what most of us know as “user-id/password”.
A picture is worth a thousand words, and for me the way to explain how this works in my favourite 3 step approach. Be aware, cryptography is key in Blockchain and sometimes pretty hairy to follow, but with some simplification also very understandable for those who do not relate so much with mathematical functions. Also for this article, re-use is granted, keeping it “as is” and respecting the copyrights. (See below for downloads in OpenOffice and PDF format)
Blockchains can be classified into three types; Permission-less, Permissioned and Private. For the use of a permissioned type you need to get admission from the organization that has built or maintains this Blockchain and normally they issue some kind of identity. Private versions are typically for internal use within a company and not accessible from outside. Leaves us with the permission-less or public versions (e.g. Bitcoin and Ethereum) that can be used by anyone in an anonymous way.
Transactions in a Blockchain are referenced by an address comparable with an identity or identifier. He or she that can prove that an address/identifier is his or her's has ownership of the transaction and its content or value. Blockchain addresses and the control thereof is based on two key cryptographic elements: hashing and asymmetric digital signatures.
Let me start with explain hashing, a key-element in blockchain. Hashing is a mathematical function (software coded) that converts an arbitrary text into a fixed length digital key. This process is irreversible, every key produced is unique and even the slightest change in the input generates a completely different key. (Observe the W and w difference). This key, also called the HASH, can be seen as the unique signature or fingerprint of that piece of text or information, but is also very usable to act as a unique transaction address/identifier in a blockchain. For now, remember that you always need a seed text to generate a hash. (FYI: Hash functions are designed by the United States National Security Agency (NSA) and made available under a royalty-free license.)
Hand-written signatures have been and still are a unique prove that you, and only you, signed a document or transaction. Typically banks or notaries have signature-cards to prove that it is indeed you and not someone else. Debit and Credit cards use PIN codes for verification but that requires a middle-man with terminals. Neither does work in an anonymous digital environment, especially the verification is a challenge.
We need a mechanism to sign secretly and prove publicly that the signature is indeed original and authentic. This is possible with Asymmetric Digital Signatures consisting of a Signing-key and a related Verification-key. These keys form a unique pair and are also known as private and public-keys. (Keys are generated by mathematical functions (e.g. ECDSA), freely available on-line or as program)
Presenting the private-key and any text to the mathematical signing-function a unique signature is created for that combination. (Step 1). To verify if this signature is indeed belonging to this text, a verification-function can be called with the public/verification key, responding with a YES or NO reply. (Step 2) This is the prove that this address is indeed belonging to the claimer without revealing any identity. Remember the private- and public-key form a unique pair and one can create as many keys as needed, no need for a middle-man to create keys or prove signatures.
Combining the two cryptographic techniques (Hashing and Signing) makes it possible to create in a simple process valid addresses/identifiers with a prove of ownership. Remember, to create an Blockchain address with the Hash function we need to start with a seed text. We can take any arbitrary input for this, but why not use the public-key once we have created a digital signature key-pair? This way you only have to remember your key-pair to complete the full sequence;
Create Private- and the matching Public-key,
Use the Public-key as seed text to create a new hash-address,
Sign the new hash-address with your private-key
Validate the Signature/ Hash-address combination with the public-key.
So, “How do I prove a Blockchain transaction is mine?”
Instead of an user id you get control via keys and signatures, signing transaction-addresses and with that you can prove it is yours. But with that you also have a new/different responsibility being in charge of your keys and related addresses. If you lose them, it is like losing a banknote, anyone can spend it no questions asked.
To manage your keys, digital Wallets are a great support, but be aware there are pitfalls and does and don'ts. Wallets can be compared with a browser or an Email tool and are typically a computer program, browser plug-in or an app that manages your keys and addresses. Alternatively you can choose a web-based or hardware wallet (e.g. USB based). A full “Wallet ins en outs review” is beyond the topic of this article but keep following in mind and read more on-line about Wallets.
If you lose your keys, other people can access your transactions.
Web-based solutions store keys in the cloud, so do you trust your provider?
Create and use more addresses, spreading the risk.
Hardware Wallets provide best security.
Presentations on www.slideshare.net
Originally posted at LinkedIn