ANZ Finance blog | The Road to Cryptocurrency part 5 – securing crypto| McGraw Hill ANZ

The Road to Cryptocurrency, Instalment # 5

Published 30 July 2021

By Dr Peter J Phillips, Associate Professor (Finance & Banking) University of Southern Queensland

The Road to Cryptocurrency Part 5 -- McGraw Hill ANZ Finance Blog – securing crypto

"What matters most is that your ownership is secure."

We ended the last instalment with the idea that cryptocurrency might be thought of as being analogous to the serial number printed on a banknote issued by the Reserve Bank. Rather than being printed on a note issued by a central bank, the number associated with units of cryptocurrency can be printed on any piece of paper. In fact, cryptocurrency is based around two numbers. The first we can call the public key. The public key is 256 bits long. The public key plus another series of 160 bits corresponds to a particular address (digital wallet). To authorise a transaction, you need the matching private key. If you have both, you can authorise transactions for the cryptocurrency associated with that digital wallet.

Cryptocurrency exists only within the list of units registered to different addresses. There are no notes and coins to withdraw and put under your mattress. As such, the list is the be-all and end-all of crypto. When people use a public key and private key to authorise a transaction from one address to another, they are authorising a change to the list or registry. Once authenticated, the cryptocurrency is associated with a new address.

"People who own things like to have their ownership recorded or, perhaps more accurately, they like to have their ownership secured."

The subject of this instalment is the maintenance of this list or registry. Who maintains it? How is it updated? If you go to a platform like Coinbase, set up an account, and buy some cryptocurrency, how is your ownership secured?

People who own things like to have their ownership recorded or, perhaps more accurately, they like to have their ownership secured. It does not matter whether your ownership of $10 million in gold is recorded somewhere against your name. What matters most is that your ownership is secure. That you alone have the power to dispose of the gold. We have developed various ways of securing this “right to dispose”. If you own a house, the ownership is secured by a government department and only you can make decisions about the house (to live in it, sell it, rent it, knock it down). If you own shares, the ownership is secured through the share registry system (CHESS). If you’ve got money in the bank, your bank secures your ownership through various security measures (online or by having a secure vault). If you’ve got a Swiss bank safe deposit box, the ownership is secured by the key to the box and the vault that the box is in. In each case, there is a central party involved.

Have you seen the movie Die Hard? In the movie, the villain, Hans Gruber wants to steal the $700 million in “bearer bonds” held in the vault at Nakatomi Plaza. Bearer bonds, as the name implies, have no registered ownership. If you have the bond certificate, you are the owner. Such a system has obvious problems, including the possibility that characters like Hans Gruber might show up to steal your bonds. Your only way to secure your ownership is to put the bearer bonds in a safe place. Cryptocurrency has an important similarity. If you have the private key for a particular address, you control the cryptocurrency associated with that address. The difference between private keys and bearer bonds is that you could, theoretically, commit the key to memory and destroy all physical record of it. Or you might copy parts of the private key and put the parts in a bunch of different secure places. Being just a single (long) series of bits (letters, numbers, symbols), it’s far easier to store than bearer bonds or gold.

"It may startle some readers to learn that there is no government department, no company, no security firm, or any other single party “in charge” of maintaining and updating the list that associates units of cryptocurrency to addresses."

Obviously, the list or registry that we referred to above does not say (cannot say) that Tony Hancock of East Cheam owns a certain amount of crypto. The crypto is registered to an address not a person. If no-one has the private key (because it’s been lost), then the crypto is inaccessible. If Tony had his private key stolen or if he lost it and someone found it, then that person controls the cryptocurrency associated with the address. Provided that no-one knows your private key, your ownership is secure.

The next question relates to the way in which the list or registry is maintained and updated. The private key notwithstanding, ownership cannot be secure if it’s possible to construct and enter fake transactions or to use the same units of cryptocurrency for more than one transaction. Your Swiss bank deposit box isn’t safe if the bank allows people to wander into the vault and take crowbars to the boxes. Likewise, something must maintain the integrity of the list. It may startle some readers to learn that there is no government department, no company, no security firm, or any other single party “in charge” of maintaining and updating the list that associates units of cryptocurrency to addresses. There is no single party to oversee the transactions and no central authority enforcing integrity. Rather, the list is what we call a distributed ledger maintained by a peer-to-peer network. This is a decentralised system vis-à-vis a centralised system, like CHESS.

The technology facilitating the distributed, decentralised ledger for most (not all) cryptocurrencies is called Blockchain. It’s called a blockchain because each update to the list for a cryptocurrency is called a block. Because each block must be consistent with and related to the previous block, the blocks form a chain. Blockchain. As mentioned, two numbers are required to create an instruction to be added to the list or registry or blockchain. These numbers are the public key and the private key. If you have these two numbers, you can authorise changes to the list. A sophisticated cryptography ensures that only the people who have these numbers can authorise changes to the blockchain. Unauthorised transactions will not be ‘squared’ during the next update of the list and will not be recognised. For now, it is practically infeasible to ‘fudge’ the ledger.

"The idea that a secure record of ownership, a ledger, could be maintained by a network of peers without any oversight by a central authority (company, government, etc.) is bold to say the least. But it’s not an especially new idea."

The best story I can think of to help explain why this is the case is Alan Turing’s and others’ fabled efforts to crack the Enigma code during World War II. You might have seen the movie, The Imitation Game. The German Enigma machine was used to send encrypted messages throughout the German army. The Allies could not crack the sophisticated code. Adding to the challenge, the code was changed each day by changing the Enigma machines’ settings, meaning that you had 24 hours at most to crack the code and you had to keep cracking the code each day to continue reading the messages. The task was impossible until Turing’s team made their much-storied breakthroughs. Corrupting a blockchain would require an even more ingenious breakthrough, something that has been deemed virtually impossible given current computing standards.

The idea that a secure record of ownership, a ledger, could be maintained by a network of peers without any oversight by a central authority (company, government, etc.) is bold to say the least. But it’s not an especially new idea. The American computer scientist David Chaum came up with nearly all the blockchain concepts/protocols back in 1982. It was not until 2008, however, that the blockchain that is core to cryptocurrency was operationalised. Mysteriously, no-one knows for sure who came up with this operationalised version. It is attributed to a person or persons going by the name Satoshi Nakamoto. Not surprisingly, people have speculated that David Chaum is Satoshi. Whatever the case may be, the result is a decentralised and secure record of ownership. Ownership is not personal. It depends on who has the private key that permits authorised instructions to be entered into the blockchain.

Discussion Question

The ASX has been working on replacing CHESS with a blockchain. What progress has been made on this so far?

Further Reading

The CHESS system is discussed in Chapter 4 of the textbook. We included an account of CHESS and blockchain at the end of that chapter.