Blockchain for smart people*
*Who feel like dummies when someone says blockchain. It’s a big topic, but this primer can get you started by looking at how it relates to electronic signatures.
Blockchain at a glance
Blockchain is the term for a technology that was first implemented in 2009 and is best known for its use with cryptocurrency. Blockchain has become a widely-used technology that is rapidly disrupting sectors as diverse as cybersecurity, elections, real estate, analytics and ridesharing.
For the purpose of cryptocurrency, a blockchain serves as a distributed public ledger, a secure method for recording peer-to-peer transactions and making them publicly verifiable. Blockchain doesn’t rely on a central authority, and most importantly, it makes double spending and forgery impossible. Theoretically, double spending and forgery are possible, but the time required is longer than the current age of the Universe.
To explain blockchain technology thoroughly in the space of this article would be even more impossible! Instead, we will explain a few fundamental concepts in the context of how Scrive uses blockchain. Depending on how tech-savvy you are, the following is either a high-level glance or a granular deep dive.
Why Scrive uses blockchain
Scrive guarantees the integrity of your document by sealing it with a digital signature. Blockchain technology provides a method of securing the digital signature by entering it into a permanent, verifiable public record. This means that in the event of a dispute, you can prove that your document:
- has not been altered
- is not a forgery
- was created on the precise date and time indicated by the digital signature
It’s possible to create a unique, unforgeable fingerprint of any digital file by applying an algorithm to the binary data. The resulting fingerprint is a value known as a cryptographic hash.
An example of a very simple hashing function:
- use every other letter
- maximum 6 letters in the hash
- pad with X if needed
Blockchain –> BOKHIX
To be, or not to be, that is the question –> TBONTO
Given the possible combinations of letters, this algorithm would fail to create truly unique fingerprints for these text chains. However, there are much more sophisticated ways of doing it. You could use binary representation of letters and apply functions far more interesting than “every other letter”. Considering that a simple file of 100 Kb can be represented by an 800,000-digit string of 1’s and 0’s, it’s no surprise that people do PhD projects on hashing functions.
In the case of a Scrive document, the file is a PDF of the electronically signed document, the Evidence Package and any attachments. To seal an electronically signed document, Scrive uses the SHA-256 algorithm, which makes it impossible to generate an identical hash from any other document or file. And the nature of a cryptographic hash is such that it’s impossible to use it to re-create the document’s content. The hash is then submitted to Scrive’s supplier and partner Guardtime.
To secure the integrity of multiple files, you can incorporate their hash values into a structure called a Merkle tree. Each hash is a node in the tree structure.
Each of the leaves (the nodes on the lowest level of the tree) is a hash representing a digital file (not the file itself). You can combine the hashes of two adjoining leaves (Hash G and Hash H) and use the same hashing function (the SHA-256 algorithm) to compute a third hash value, creating a node one level up on the tree (Hash C). Continuing this process up the tree, you can compute the top level hash (Top).
All the nodes in the tree (the leaves as well as the intermediate hash values) are related to each other in such a way that you can only compute the correct top level value if all the hashes in the tree are correct. Meaning: they have not been altered or forged. This method of computation makes forgery impossible because if a single hash is changed, you can’t compensate by changing another hash in the tree in order arrive at the correct top level hash.
If your document is represented by Hash G in the diagram, you would need the values for Hash H, Hash D, and Hash B to compute Top.
Blockchain: secure storage
A blockchain is an efficient and secure way of storing the records of multiple Merkle trees. You can think of a blockchain as a database. Unlike most conventional databases, composed of tables with columns and rows, a blockchain is composed of sequential blocks securely linked to each other using cryptography. Another difference is that the security does not depend on access permissions; instead, the data is verified independently.
In most conventional databases, there are four types of actions you can perform: create, read, update and delete (CRUD). But with blockchain, it’s only possible to create and read. To create new data, a new block is added to the chain, so the last block in the chain is the most recent. As each new block is added, it’s validated by multiple independent parties to guard against fraud.
A KSI blockchain, in fact, is one big, continuously growing Merkle tree. Each block is a hash value linked to the previous block in such a way that if any record in the chain were altered, it would be impossible to correctly compute the hash values of the blocks added later.
Adding new data to the blockchain is the same as creating a new node in a Merkle tree. You combine the hash of the root of a Merkle tree (that is not yet connected to the blockchain) and the hash of the previous block. Then you use the same hashing function (the SHA-256 algorithm) to compute the hash of the new block. The newest block is unbreakably chained to the previous block as well as to the Merkle tree that has just been added to the blockchain.
Returning to the example of cryptocurrency, each of the leaves in the Merkle tree contain ledger information. Since the ledger is public and unchangeable, anyone can compute the balance of an individual account, and no one can arbitrarily change a balance.
In the case of sealing and verifying a Scrive document, on a periodic basis (once per month), Guardtime publishes the top level hash of the continuously-growing Merkle tree. This hash is linked to the hashes of all the Scrive documents that were signed and sealed during the previous month.
To validate the new block, Guardtime publishes the hash in Financial Times, which meets the legal standard of “widely witnessed media”. Loosely speaking, the hash has been entered into the public record. The alteration of a single leaf of one Merkle tree would break the blockchain. Publishing the hash in Financial Times is a means for verifying the correct value of any block independently from Scrive or Guardtime.
Upon publication, all the Scrive documents represented by the new hash are sealed a second time. The second seal provides a pathway to the top of the tree, i.e., the intermediate hash values you would need to re-compute the published hash.
Verification only requires the sealed document and access to the hash published in Financial Times. The process would be as follows:
- Re-compute the hash of the document.
- Re-create the Merkle tree using the information in the seal.
- Compare the top level hash to the hash published in Financial Times.
Not the end
Given the variety of blockchain applications, implementations and new developments in the technology, you are likely to find a variety of explanations of these topics. There’s no fast and easy way to understand blockchain technology, and most of us will never understand the fine details. So if you’re interested, take your time, and consult multiple sources.
Learn more about the technology behind Scrive’s solutions, the legal aspects of e-signing and more by visiting the Trust Center.