Crypto Guides

Can Blockchain Be A Potential Solution For Personal Data Leaks?


Personal identity has been a matter of concern in this digital world. Wherever you go, you have to prove that you are indeed the person whom you claim you are if it is a physical world with some government-issued ids. Mostly all the banks in the world have to have the customary Know Your Customer (KYC)/Anti Money Laundering (AML) laws if you have to open a bank account. The government mandates this.

This process is very costly and time consuming for the banks but is of no personal benefit for the organization. If we have to log in to a website, we input our details or login using Google or Facebook account, given all our personal information to these websites. By this, we are entering our details into a server that we don’t have any control over. Which means they can do anything with our data.

All this process creates a lot of siloes of data, with different government or private organizations around the world. Most importantly, we never have control over what they can or cannot do with the data they collect.

Can Blockchain be a solution for our data?

Instead of giving access to our data to anyone and everyone as the government or organization demands to use their services, what if we create a central repository of data in a blockchain platform. Can this be a solution to secure our data? We can say it’s a yes.

Let us examine how using a Hyperledger Indy project which is a platform being developed for identity management.

Hyperledger Indy

Hyperledger Indy is a decentralized ledger platform for Identity Management. Works on the plenum platform, which is similar to smart contracts but tuned for verifying digital identity. Uses Redundant Byzantine Fault Tolerance as a consensus algorithm. Trust anchors play the role of miners and verify transactions in the platform.

Let us understand Hyperledger Indy using an example.

Let’s say Bob is required to apply for a job, and he needs an academic transcript for the same. Bob gets in touch with his university by creating a unique DID, Distributed Identifier using her public key. This DID verifiable by the trust anchors ascertaining that the request is indeed coming from Bob. If the trust anchors accept the transaction, then only a unique pairwise relationship is formed between Bob and the university. Hence Bob gets the academic transcript using this unique pairwise relationship using DID.

Bob applies for the job by creating a new DID with the company and produce his academic transcript. Again, a unique pairwise relationship is formed in this case because Bob doesn’t want his academic transcript to be leaked. Here the employer can verify the academic transcript with the university with Bob’s consent. But the information cannot be leaked with the same DID to some other employer or some other institution because the DID is already used, and Bob didn’t give his consent to share the information with anyone else. Trust anchors reject the transaction.

This is how unique pairwise relationships can be formed using DID’s and personal data can be protected without leaking the data with the owner’s consent.

Self-Sovereign Identity

A self-sovereign identity, i.e., a user should have complete control over his or her identity. If the user has self-control, then how to prove that the identity being shared is indeed true or not without any third-party intervention? Blockchain is the solution. A platform that is publicly available but individually confidential can be created with issuing authorities given permission to authenticate the identity.

Blockchain stores only cryptographic hash functions, and the concerned authorities can verify even without knowing that it is you who they are validating, they have to cross-check if they indeed issue the proof. If we have to submit an age proof, only age can be authenticated without giving away any other details. A project called Sovrin is already working on this type of identity management.

Blockchain is going to be the future for Identity Management. It has already been proven with the platforms described above.

Crypto Guides

Understanding Merkle Tree & Its Importance In Blockchain


Merkle tree is the essential component of a blockchain. Data entered into the blockchain is immutable, and this is a critical future of blockchain. Even though there are many futures, many deploy blockchain for this one significant future. This future is primarily achieved using the concept of a Merkle tree. Before dwelling into further about the idea, it is essential to understand cryptographic hash functions.

What are cryptographic hash functions?

Cryptographic hash functions are another integral part of blockchain technology. Cryptography is often used for military purposes. In war zones, the data is shared between two parties of a country at different places using cryptography.

Cryptographic hash functions are algorithms that transform any input given to the algorithm in the output of fixed length. The outputs change drastically, even if a single letter of the input is changed. At the same time, the same input gives the same output all the time. It is highly unlikely to determine the output based on the input unless one has a set of public/private keys. Any length of the input gives a fixed-length output; this feature is handy when a large amount of data sets is used. To check any set of data is modified or not, we can check the fixed-length hash.

Let us see the usage of cryptographic hash functions in the bitcoin blockchain network. Blockchain is essentially a series of blocks of transactions joined together using cryptographic hash functions. Each block has header data and transactions associated with it. Header data contains the previous hash, nonce, Merkle root, block hash.

Data of the complete block, including the header data, is hashed, and this hash is stored in the present block and also in the next block as the previous block hash. This previous block hash represents the entire state of the blockchain at any given point of time. Hence if we make any changes to the transactions in the last block, the hash of all the blocks up to the present block will be disturbed, which is why it is highly impossible to change the transactions and hence the concept of immutability.

Now how do we verify the hashes to check the data integrity? It is highly inefficient and time consuming to check the hash of every block. Hence the concept of Merkle tree is used as it is efficient to check the data integrity.

What is a Merkle tree, and how is it used?

Merkle tree developed by Ralph Merkle is also called a Binary hash tree. It is a data structure used to store hashes of individual data in an extensive data set in a way to make the verification of the date set efficient.

An example of the Merkle tree is as below.

It would be easy to understand the Merkle tree with the example above. It is essentially a tree of hashes with branches of individual hashes. These hashes come from the transactions of the blockchain platform when it comes to a cryptocurrency platform.

In the above figure, we have transactions from TA  represents a transaction, while HA represents a hash of that transaction. All the transactions are hashed to produce a hash value of its own transaction. Then adjacent transactions are hashed together to form a hash of both transactions. Like HAB is the hash of transactions A and B. If there are an odd number of transactions, then the transaction is combined by its own, and a hash value is created. The same process is repeated until the last hash value is generated, which is called the Merkle root. In this case, HABCDEFGH is the Merkle root of transactions from TA to TH. This is how a Merkle tree is formed.

Hence because of the tree, it would easy to find if any transactions are tampered with, uses very few resources to check any fraudulent behavior, and easy to add new transactions to the block.

This allows for simple payment verification, and the new nodes need not download the entire blockchain but only the block headers of the longest chain. Thus Merkle trees help to maintain the immutability and integrity of the blockchain.