A blockchain is a distributed database or a distributed ledger whose beneficial attributes include permanency and security. These attributes, however, depend on information security techniques implemented using cryptography. Certain security standards may be used to support these techniques. Blockchain entries consist of blocks of information that can include transactions, transaction record components, transaction entities, and the like. Generally, the blockchain can be used to store, monitor, or document public and sensitive information related to an industry. The blocks may be digitally signed by a blockchain owner, blockchain facilitator, or service provider to ensure their integrity and origin authenticity. In order to allow subscribers to provide and document sensitive information and still provide general access to the blockchain, the sensitive entries may be cryptographically protected. The cryptographic algorithms, parameters, modes of operation, cryptographic keys, and associated cryptographic material used in the blockchain environment can vary over time.
There are many reasons cryptographic algorithms and associated materials may change. For example, the current cryptographic algorithms may come under attack and become compromised or flaws may be discovered. New algorithms may be developed that are stronger or feature superior characteristics of faster processing speed, or more efficient memory and storage requirements over previous versions of cryptography. Additionally, algorithms may need to be replaced due to changes in organizational security policies, government export restrictions, or changes in the legal or regulatory environments in the jurisdictions in which they are deployed. Consequently, for a given block in a blockchain, multiple cryptographic algorithms, varying versions of cryptographic algorithms, and entity-specific cryptography may be active.
Digital signatures are mathematical schemes for demonstrating the authenticity of digital messages or electronic documents. A variety of cryptographic techniques are used to encrypt data and to create digital signatures. With symmetric key cryptographic systems, a pair of users who desire to exchange data securely use a shared “symmetric” key. With this type of approach, a sender of a message uses the same key to encrypt the message that a recipient of the message uses to decrypt the message. Symmetric key systems require that each sender and recipient establish the shared key in a secure manner. Public key systems may also be used to exchange messages securely. With public-key cryptographic systems, two types of keys are used—public keys and private keys. A sender of a message may encrypt the message using the public key of a recipient. The recipient may use a corresponding private key to decrypt the message.
Additionally, public key cryptographic systems (e.g., asymmetric key cryptographic systems) may be used to produce digital signatures. A recipient of a message that has been digitally signed can use the digital signature to verify the identity of the message's sender and to confirm that the message has not been altered during transit. In a typical digital signature arrangement, a sender uses a cryptographic hash function to produce a message digest. The message digest is much smaller than the original message, but is still unique to the message for practical purposes. The sender then uses the sender's private key to sign the message digest. The process of signing the message digest uses a mathematical operation that can only be performed by the sender who possesses the private key. The message and signed message digest (the “digital signature”) may then be sent to a recipient. The recipient is an entity that can use the digital signature and the message sender's public key to determine that the sender is the message signer and that the integrity of the message has not been compromised.