Blockchain is vulnerable against classic database approach

doi:10.15406/mojabb.2019.03.00112

MOJ

eISSN: 2576-4519

Applied Bionics and Biomechanics

Mini Review Volume 3 Issue 5

Blockchain is vulnerable against classic database approach

Yoshiyasu Takefuji,¹

Verify Captcha

Regret for the inconvenience: we are taking measures to prevent fraudulent form submissions by extractors and page crawlers. Please type the correct Captcha word to see email ID.

Harold Szu²

¹Keio University, Japan
²The Catholic University of America, USA

Correspondence: Yoshiyasu Takefuji, Professor of Keio University, Japan

Received: September 05, 2019 | Published: September 9, 2019

Citation: Takefuji Y, Szu H. Blockchain is vulnerable against classic database approach. MOJ App Bio Biomech. 2019;2(5):102?103. DOI: 10.15406/mojabb.2019.03.00112

Download PDF

Abstract

Blockchain has been used in many applications: financial services including virtual currency like Bitcoin, asset management, insurance services, government, and health care. We believe that a blockchain is resistant to modification of the data where each block uses a cryptographic hash. SHA256 is a hashing function used in the blockchain. We also believe that SHA256 cannot be reversed because it's a one-way function. However, as long as two keywords used in the blockchain-based system, it is reversible by using classic database approach from a hash string to two keywords without cracking SHA256 algorithm. This paper demonstrates how to reverse a hash string to keyword(s). The proposed database approach simply defeats its design goal of the blockchain without cracking the algorithm as long as the database can be created. This paper recommends that three or more keywords of the hash function SHA256 should be used for user account access in the blockchain-based systems.

Keywords: blockchain, SHA256, database approach, reversible

Introduction

Blockchain has been used in many applications: financial services including virtual currency like Bitcoin, asset management, insurance services, government, and health care. At least more than $1.3 billion has been globally invested to blockchain-based systems in 2018.¹ Blockchain has an interesting history such that we don’t know who actually invented blockchain. According to Wikipedia, blockchain was invented by a person (or group of people) using the name Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. The original paper entitled “Bitcoin: A Peer-to-Peer Electronic Cash System” was archieved.² Bitcoin is based on peer-to-peer encrypted open ledger.

Bettina Warburg is the first strategist to introduce Blockchain and its applications to broad audiences in public. Her transcript of TED talk entitled “How the Blockchain will Radically Transform the Economy” is detailed.³ She stated that the first person to really explore the idea of “Blockhchain” as a tool in economics to lower our uncertainties about one another and be able to do trade is the Nobel economist Douglass North. Harold Szu et al.,⁴ proposed the national strategy of digital cryptographic currency-digital bitcoin decentralized over the internet.⁴ As long as the main trustworthiness is overcome, “Blockchain and Cryptocurrency” might work this decade.⁴

We believe that a blockchain is resistant to modification of the data where each block uses a cryptographic hash. SHA256 is a hashing function used in the blockchain. We believe that SHA256 cannot be reversed because it's a one-way function. US military states that SHA256 is appropriate for protecting classified information.⁵ Researchers are building blockchain-based systems to encourage patients to securely share information.⁶ Many scientists and engineers are excited in building blockchain-based systems for healthcare and financial services.^7‒9

This paper demonstrates that a blockchain is vulnerable against the database approach. Blockchain uses a hash function, SHA256, for storing user access information as hash string instead of plain text keywords. As long as two keywords used in the blockchain-based system, it is reversible from a hash string to two keywords without cracking SHA256 algorithm. As long as the user access to the blockchain-based system is vulnerable, the robustness of blockchain will be lost. This paper shows the database approach for reversing the hash string to keyword(s). The limitation of the database approach is also addressed in this paper.

Why blockchain is vulnerable?

George Iosifidis et al.,¹⁰ wrote an article entitled “Cyclic motifs in the Sardex monetary network”.¹⁰ Many blockchain-based systems including Sardex use two keywords (username and password) used for user account access in the blockchain-based systems. Two keywords are converted to a single hash string by the hash function SHA256. If the hash string can be reversed, the blockchain-based system will be vulnerable. The blockchain vulnerability was demonstrated at Cibok forum (Cybercrime Investigation Body of Knowledge) on July 5, 2018 at Tokyo.¹¹ As long as a blockchain uses two keywords in hash function SHA256, without cracking the SHA256 algorithm, it is reversible.¹² This short paper gives a strong warning to the developers and users of the all blockchain-based systems.　

How to generate a hash string from keyword(S)

Consider a single keyword ‘ieee’. Instead of storing a plain text keyword used for user account access, the hash string is stored in the blockchain-based system. The hash string of ‘ieee’ can be generated by the following simple three-line Python program sha256.py:

import hashlib

ho=hashlib.sha256(b'ieee')

print(ho.hexdigest())

The generated hash string is as follows:

dda47a668088d1e402d0a8ce2b489870631ea5a1d0746c47291c3b0a5b672ede

Remember that the hash string converted from keyword(s) is stored in the blockchain-based systems.

How to reverse hash string to keyword(S)

Copy the generated hash string and paste it to the following site:

http://md5decrypt.net/en/Sha256/#answer

Then, click the Decrypt button on your browser. Within 0.041s, the keyword ‘ieee’ will be displayed on the browser. This demonstration shows that reversing the hash string to a keyword ‘ieee’ is successful. Without cracking SHA256, the hash string can be converted to a keyword using the database approach while k database must be prepared for reversing where k is the number of possible keywords. If you have two keywords for demonstrating the reversibility, we must use the k x k database where k is the number of possible keywords for reversing a hash string to two keywords. Even if k is million keywords with two keywords in a blockchain, building a tera (10^12) database is still feasible for reversing in the blockchain-based system. Therefore, we must use at least three keywords or more for securing the blockchain-based system. However, the current blockchain systems usually use two keywords (username and password) which should be avoided.

Conclusion

This paper recommends that three or more keywords of the hash function SHA256 should be used for user account access in the blockchain-based systems. The database approach simply defeats its design goal of the blockchain-based system without cracking the SHA256 algorithm as long as the database can be created.