Michael's Wiki

A lot of my coworkers are feeling pressure from “blockchain” hype. Before throwing a blockchain at a problem, let's review some cryptography basics. There's a good chance a simpler cryptography technique will be more appropriate for whatever application someone wants to hit with the blockchain-hammer.

From building-blocks to blockchain:

  1. Cryptographic Hashing
  2. Symmetric Key
  3. Public/Private Key
  4. Blockchain

Architecting With Crypto

“Encryption is something you go around, not through” -I forgot who said this but it's true (common avenues: implementation backdoors, broken algorithms)

First consider when NOT to use cryptography. It's like Black Panther's suit:

It will stop bullets, but it doesn't make you invincible on its own.

Always keep in mind:

  • what is encrypted?
  • where are the keys?
    • (what are scope limits)
  • is usability practical?
    • if someone is going to put a vital password on a post-it in the break room, reconsider

This is where catastrophic problems usually come from. People get tunnel-vision on the encryption methods and forget to consider the context and environment it's playing around in.

Crypto Techniques

So before jumping into blockchain, consider:

Cryptographic Hashing

The basic building block of encryption. A cryptographic hash is considered “cryptographically secure”, which means it is mathematically-really-hard to invert the function. You effectively can't brute-force or guess what input created the output.

Cryptographic hashing is also quite versatile. This makes it such a powerful tool.

Symmetric-Key Methods

Closest to what we typically think of as “passwords”. Symmetric-key methods use a shared secret (a.k.a. “cipher”) to encrypt and decrypt data back and forth symmetrically. They're relatively cheap on computing resources.


  • password in your ZIP archive file
  • user account password used to encrypt the partition or files in your PC/Mac
  • keychain “master” passwords, used to store other passwords in an encrypted format

Public-Key Methods

A pair of hashing functions R and U are created together. R is “pRivate” and U is “pUblic”. They behave in a way that U can verify if some output came from R.

$$ R(x) \rightarrow y $$ $$ U(\{Y\}) \rightarrow \text{something sane} $$ $$ U(\neg \{Y\}) \rightarrow \text{error} $$

Common technology used is RSA. Used in e.g. SSH and Secure Signing.

Secure signing - Adobe PDF example
  • R is the “signature” file you create in Acrobat and save to your local computer for future use.
  • y is the “signature” left on a PDF you send to someone else.
  • U is built or saved in Adobe Acrobat that others use to verify the signature.


A blockchain combines a cryptographic hash chain with distributed data storage. Most blockchain issues reduce to distributed storage problems parity and replication efficiency.

Recall that cryptographic hash functions can take variable input and produce a fixed-length hash. Each “block” contains a previous block's hash and data, which are all used to compute that block's hash. This is shared across a distributed data storage network.

Replication methods are required to manage data parity across the network (see bittorrent or database clusters for other replication examples).

  • auditable
  • cryptographically secured by conjugate hashing
  • interference requires compromising enough of the network to sway consensus of the replication method