One of the main selling-points of using blockchain technology is security. Many people rave about it, but how exactly does this often confusing technology ensure transactions are authentic? Let’s find out.
First off, every Ethereum transaction features 3 main properties: From, To and Value. Makes sense, right? In its simplest form, a transaction is an amount (value) of anything (MONEY, Chocolate!, Krabby Patties, etc.) going from one person to another. If that was enough to know that a transaction was valid, I wouldn’t be writing this. Every transaction also contains a signature, stored in two fields, r and s, which is what the blockchain will use to verify a transaction as authentic.
Let’s dig deeper into how that transaction signature works.
When you perform a transaction, you’re likely using a wallet. When it comes to Ethereum, a widely-used wallet is Meta Mask. When you create a Meta Mask account, you’re also assigned a Private Key. This key is stored by Meta Mask and used to sign every transaction you’ll ever perform. A Private Key is a combination of 32 random bytes (64 hex characters). As the name implies, it’s value should be kept private, or you run the risk of losing every last dime (Ether) you own. This is like that one dark secret you wrote down in your journal (ew, who still has journals?) and locked away for no one to see.
Your Private Key is passed through an ECDSA (Elliptical Curve Digital Signature Algorithm), which creates your Public Key. This pretty much takes your private key and makes it into something longer (nominee for over-simplification of the year?).
Your Public Key is 64 bytes long (because why not) and, as the name suggests, is public. You don’t really care about people knowing this one. If the Private Key is like your credit card number, then the Public Key is like your Middle Name. It may be embarrassing, but who cares?
Finally (well, almost finally), your Public Key is hashed using Keccak/SHA-3 (a super-awesome algorithm that does super-awesome algorithmic things) and the last 20 bytes of that value becomes your “Ethereum Account”. Phew!
What’s so special about this? What’s special is that someone may be able to reverse-engineer your Ethereum Account and obtain your Public Key, which is…public…but they can’t use your Public Key to determine your Private Key. This is thanks to the irreversible nature of the ECDSA.
When a transaction is signed, it’s done so using the Private Key. This Private Key populates the r and s fields, which become the signature. The r and s are used in transaction verification. Both fields are passed into a special ECRECOVER function, which outputs the Public Key and Ethereum Account. The blockchain does this, and verifies that the Ethereum Account in the transaction’s From field is the same account that is derived from the ECRECOVER function when you use the transaction signature.
This method of transaction verification works because if someone changes the signature of the transaction, it won’t correspond with the Account From, vice-versa. Additionally, if a transaction is modified in any way while being sent, it must be signed again, therefore if the person modifying it does not have access to the initial sender’s Private Key, the verification step would reject this transaction.
I hope you came out of this one knowing a little more about Ethereum and how blockchain ensures transaction authenticity. Otherwise, hey, at least there were Spongebob GIFs. Who doesn’t like those? Until next time…