Security
Reader small image

You're reading from  Rust for Blockchain Application Development

Product typeBook
Published inApr 2024
PublisherPackt
ISBN-139781837634644
Edition1st Edition
Concepts
Web Security
Right arrow
Author (1)
Akhil Sharma
Akhil Sharma
author image
Akhil Sharma

Akhil Sharma is a Software Engineer and an entrepreneur. He is the CTO of Dominate, a SaaS product company, and the founder of Myrl Tech, a tech services company providing technology consulting to some of the top enterprise companies in the world such as HP, 3M, Honda, Bose, and Adobe. He has 12+ years of industry experience and a solid understanding of building digital products. He is adept at multiple programming languages such as Golang, Rust, Ruby, Python, and JavaScript. He has mentored hundreds of engineers offline and discovered that they knew the programming language and the concepts around it but were unable to use them in real-world applications. He aims to close this gap by teaching how to apply the concepts practically and build projects in real time.
Read more about Akhil Sharma

Right arrow

Understanding decentralization

Decentralization is the guiding principle for Web 3.0. It’s designed to create a win–win environment for the builders of a platform, the people that build on the platform decentralized applications (dApps), and the people that interact with the platform (users of dApps).

Let’s try and understand why decentralization is so important. In 2013, Twitter had a centralized developers platform where developers could use their APIs to build apps on the Twitter platform. A few years later, Twitter stopped the API support and also brought in a few restrictions, and every few months, the API’s terms and conditions would change. This affected many app developers who were either banned from the platform due to the restrictions or were unable to stay up to date with the changing terms for API usage.

Similarly, Facebook had an app developer program as well, which many developers built their apps with. However, developers faced similar problems here as well, and this problem is quite common wherever a centralized platform is involved. Play Store and App Store can ban any app from their platform, and Amazon can decide which sellers can sell and Uber can decide which drivers get more rides.

The issue is not just about getting banned from the platform and the policy changes, but it’s also about monetization. For example, the Apple App Store can take about 30% of the entire revenue from app developers. To prevent institutions, banks, and governments from curbing the freedom of individuals and communities, decentralization is a popular solution that ensures everyone gets a voice and a few owners of the platform do not end up controlling the entire platform.

It’s shared ownership where the ownership of the platform is not held closely by the founding team or the committee; rather, it belongs to the community at large where each user can hold tokens and gets a say in the system. We will read about this further in the DAOs section.

A blockchain network implements decentralization in a highly efficient manner, and this is why it’s the primary technology for a decentralized use case.

So, now that we have a clearer understanding of decentralization, let’s dig into some of the concepts that are closely related with decentralization that make it possible.

Replication

Replication is at the core of decentralization. Multiple copies of the same data exist at different participatory nodes. If one of the copies gets corrupted, there are other copies to reference the final state of the data. If one of the participatory nodes fails completely, there are mechanisms by which a new node can be appointed to take its place, and this ensures that the entire network can’t go down easily.

Even if the network does go down, recoverability is way easier when the data is replicated as opposed to having a centralized store of data. In decentralized systems, both the data and the power to govern the system can also be decentralized. This means that multiple nodes that have access to and copies of the data or that simply have a stake in the network can come to a consensus on the new data that gets added and how the network behaves/can be improved.

This leads us to the next important topic of governance.

Governance

Every blockchain follows a unique way of governance, but, in general, blockchains are governed by token holders that can be users, developers, investors, the founding team, or nodes. Governance tokens are issued to reward the loyalty of token holders and are usually issued when they have a high stake in the network. Owners of governance tokens can propose changes and vote for the implementation of those changes to the protocol.

Each governance token is equal to one vote, so this leads to a very fair and just system, as the holders with more stake in the network get more influence. The details of each vote are publicly available for all to see. Blockchain networks sometimes suffer from the whale problem, where some network participants end up holding most of the tokens. This can lead to the network becoming more centralized than expected. In most cases, whales end up being the founding team, and votes are cast to push the agenda of the founding team. This ends up centralizing the network.

For a blockchain network to be more effective, it is important to ensure a fair distribution of tokens to ensure decentralization. Governance usually aims to ensure that the blockchains update continuously and the protocols align with the right direction. However, it’s worth noting that in certain cases, due to the influence of governance token holders, updates might not occur, potentially causing a divergence from the intended path.

Cryptocurrencies and gas fees

In the earlier sections, we read about cryptocurrencies and gas fees, and now that we have preliminary knowledge of blockchains, it’s a great time to understand this topic even better. We will look at cryptocurrencies and gas fees from a slightly different perspective to get a more wholesome understanding of the topic.

Cryptocurrency is simply a currency that’s cryptographically secure and is backed by a blockchain. Since a hashing algorithm is used to create hashes in a blockchain and this secures the blockchain cryptographically, using blockchains to store currency-related financial information makes a currency a cryptocurrency.

Blockchain can be thought of as a distributed ledger, and therefore it is referred to as distributed ledger technology (DLT). This is where a ledger is being maintained for the transactions that are being recorded, but also, multiple copies of the ledger exist with different nodes.

Since multiple copies of this ledger exist with multiple different nodes, the nodes must commit their storage space for this ledger. We also learned that when the blocks are mined, substantial processing power is utilized (PoW). This implies that nodes also need to commit processors along with storage space.

Since in this section we have focused on decentralization, it is important to understand that the higher the number of independent nodes that maintain a copy of the ledger and participate in the mining of new blocks, the more decentralized the network is. Hence, it makes it more trustworthy for developers and users to either build on this or interact with it respectively.

To keep the nodes incentivized to dedicate substantial storage and processing resources to the network, we need to pay them a fee or reward them with new tokens, which is simply gas fees. We’ve read a little about this in the previous sections.

The gas fee is paid out to the nodes in simply the native cryptocurrency of the blockchain. For blockchains to be effective, a coin that represents some limited digital asset is introduced. Please note that coins and tokens have various similarities, but they also have differences, and we will learn about them in one of the later sections.

In this section, we have filled in many gaps in our knowledge. It is now clear to us that for blockchains to be effective, they need to be decentralized, and for them to be decentralized, they need to have more nodes in the network. If we’d like the nodes to dedicate resources, they need to be incentivized, and if they want to be incentivized, we need them to have some monetary benefit that can be created with the help of a coin. This is a cryptocurrency, as it is secured by a blockchain for which security originates from a hashing algorithm. This is a cryptography hashing algorithm, hence the term cryptocurrency. While the compensation given to nodes for their role in maintaining the system and keeping the records safe is referred to as a gas fee.

Decentralized platforms

In traditional Web 2.0 platforms, the data, as soon as uploaded or created by the users, legally belongs to the platform. Every time a user logs into a traditional Web 2.0 platform, the request for authentication is sent to the centralized server with a centralized database, both of which are entirely owned by the platform. The platform can decide if a user can stay on the platform or is asked to leave. This centralizes ownership and control.

Now, the platform has complete ownership rights over all the data that is generated by the users that use the platform.

Since the platform is the owner of the data, the platform is responsible and is also incentivized to keep the data secure.

But since the data is users’ data, it’s actually the users that stand to lose the most when the data actually gets hacked or stolen.

We have seen this pattern multiple times in the past; platforms get hacked often and user data is stolen and sold by hackers for a small profit.

So, even though the platform is incentivized to secure the data, the platform doesn’t really stand to lose much when it’s stolen, and therein lies the problem.

In addition to this, the platforms also sell this data themselves to third parties or use the data for advertising to these users, sometimes without consent. This further deteriorates the user experience and trust in the platform.

Web 3.0 re-imagines this model; the data instead stays with the user and they can choose to hold it in their own secure wallet and use this wallet as an authentication mechanism on different platforms. This means they can take their data with them.

This means that there’s no central ownership over the data and no control over the rules of the platform, as the data exists with multiple nodes. Multiple nodes can vote for governing the network. This creates a healthy ecosystem for developers to come and build decentralized applications on the platform that will further attract even more users. At the beginning of this section, we read that decentralization creates a win–win solution for all the parties involved, but we hadn’t understood why. Now we know the reason.

The whole purpose of Web 3.0 and decentralization is to create healthy, secure ecosystems where more people trust the system inherently, not because they trust the central authority that controls the system but because they trust the mechanism and processes around how the system is set up.

So, to summarize, in Web 2.0, the tagline was Don’t be evil (this is Google’s famous tagline), meaning that even though the platform owns the data and is responsible for securing it, everything depends on the trust that users have in the platform. This trust has been exploited multiple times, whereas in Web 3.0, the motto is Can’t be evil since the system is set up to not have a central authority. This means it’s built on a zero-trust system where users don’t have to trust the platform since the system takes care of the fact that the platform never ends up owning users’ information.

Tokens versus coins and ICOs

We learned that cryptocurrencies are created to incentivize the nodes in a network to dedicate their storage and processing resources. These native cryptocurrencies running on original chains and their forks are considered coins.

All native cryptocurrencies, without exceptions, run on their own blockchains and have an intrinsic value that’s linked to multiple factors, with the efficiency and security of the underlying blockchain being two of the primary ones.

Tokens, on the other hand, don’t need an underlying blockchain and can be used by the following:

  • Technology projects to raise capital
  • Technology companies to represent digital assets
  • Corporations, institutions, and individuals to represent a real-world resource in the digital world

Now, let’s discuss these three use cases in order.

The first use case is for technology projects when the technology required to be built is complex or advanced and will require some runway expenses for the team to research and build the project.

For early-stage and research-driven tech projects, raising capital from the general public is not an option, as that space is highly regulated.

So, instead of raising capital from traditional venture capitalists, such tech projects can leverage initial coin offerings (ICOs) to raise capital wherein a particular amount of tokens are generated. A small percentage of these are distributed among the founding team, developers, and some early-stage users. After this distribution, the majority that are left are purchased by the next set of users.

When users buy the token, they are essentially buying into the vision of the tech project and funding the runway required to build it. This process can be likened to a crowd-funding process.

The second use case is related to representing digital assets, such as the following:

  • Smart contracts to indicate property ownership, mortgages, and digital identity
  • Non-fungible tokens (NFTs) to represent art, music, in-game assets, and so on

We will learn about both in the next section.

The third use case is related to representing real-world, physical resources and assets in the digital world. Tokens have the perfect use case for this. Real estate assets, crops, medicines, and so on can be tokenized in the digital world and represented on the blockchain. They can then be traded between users, each trade representing an actual transfer of value between the users.

The presence of blockchain ensures that the immutable ledger is maintained and updated, and the immutability and cryptographic security provided by the blockchain bring trust in trading such physical assets digitally. This opens the possibility of cross-border transactions and trades since such transactions are scalable digitally.

Smart contracts and NFTs

In the Tokens versus coins and ICOs section, we learned how tokens can be used to create smart contracts and NFTs. Now, let’s discuss what these are in a little more detail. It is important for us to understand them because as a blockchain developer, you will be creating smart contracts and even NFTs all throughout your career.

Let’s first tackle smart contracts. For a real-world, regular contract to take place, there is a governing, intermediary body such as a bank, legal authorities, or the government. This is basically an entity that has some enforceable power in the real world in case the parties signing the contract do not hold up their end of the bargain.

In the case of smart contracts, there is no intermediate party. Instead, there’s just a program/computer code that runs on the blockchain, and this code is cryptographically secure and immutable (the two properties that are induced due to the SHA-256 algorithm).

The smart contract ensures that none of the parties can back out of the contract or make any changes, and it also ensures that the parties hold up their end of the bargain without involving any manual intervention or human beings and institutions as authorities and witnesses.

Irreversible, immutable smart contracts are objective in nature, whereas regular contracts can be highly subjective in nature because the differences in interpretations of the contract usually lead to discord and conflict.

We mentioned that a smart contract runs on a blockchain, but how does that actually work? A smart contract gets its own hash, which is used to recognize it, and once the smart contract is executed in a particular way with different values, you get a different application binary interface (ABI) (a representation of your contract to be called from the external world). This is what’s stored onto the blockchain.

Let’s walk through a use case example to understand how this actually functions. Let’s say there are two parties involved. The first is a corporation that wants to transfer some stocks to an individual who works in that firm but the firm wants these stocks to be transferred based on the number of months that the individual works at the firm rather than all at once. This process can be completely automated with a smart contract that can be integrated to send push events to the stock vesting service based on a CRON script that runs every few months based on the frequency and schedule mentioned in the contract.

Now, this brings in a lot of trust between the corporation and the employee who will be given the stocks since there is no intermediary who can be swayed. There is just a computer program that gets executed and is immutable. Now that we have a solid understanding of smart contracts, let’s dive into NFTs, which are simply an extension of smart contracts.

In the previous section, we read that NFTs can be used to represent art, music, and in-game assets. Now, let’s understand how that works. NFTs are non-fungible tokens, meaning they are different from regular tokens that are fungible.

Although each NFT is distinguishable from another, they can be exchanged with each other. The fact that they are distinguishable makes them non-fungible, not their exchangeability.

We can convert images such as a JPEG file into an NFT by assigning it a hash, and this process is called tokenization. Each NFT token has a unique hash and it cannot be exchanged since each NFT is associated with only one unique hash.

But we know that a crypto token is fungible and can be exchanged (if you have one crypto token and your friend has one crypto token and you exchange them, it doesn’t matter because those tokens aren’t unique, thereby making them fungible).

Since you can assign unique hashes to NFTs, this means you can represent real-world contracts in the digital world using NFTs. This is quite different from a smart contract, which isn’t a real-world contract and has no authorities involved.

DAOs

In the previous sections, we learned how real-world assets can be represented in the real world with tokens and NFTs, but what if we applied the same concept to organizations and corporations?

Using blockchain, we can imagine a different future for organizations where the power will not be centralized. Currently, many issues can be pointed out in organizations that are centrally run by just a handful of people. Such organizations can sometimes work against the society and the community.

But here’s a revolutionary thought: what if an entire community takes up the responsibility of running an organization? This means tokens would be issued to the people from this community and they would represent ownership. Some of these tokens would be governance tokens and would have more weight in the voting process.

An elaborate voting process would take place for critical decisions, and the voting weightage would be based on the tokens you hold.

All of the decisions resulting from the voting process would be made public and the rest of the community that has regular tokens and not governance tokens would be apprised of the updates.

The public would also decide to buy these tokens and take up a seat at the table for governance.

Building such a community-led organization would ensure that the decisions are always taken for the benefit of a very small percentage of society. Since all the decisions are available on a public blockchain, they are mostly irreversible, so all the promises made by corporations would need to be fulfilled.

This model of organization is known as a decentralized autonomous organization (DAO).

This is a great model to run a highly democratic organization, and it is thought that even governments can run like this.

This presents us with a completely digital way to run a real-world organization fully remotely. Currently, many companies are experimenting with this model. It is important to note that the DAO model is not currently completely free of issues and vulnerabilities, and the factors that affect organizational decision-making in the real world can also affect DAOs. It is an evolving model and something that’s widely agreed upon as the future.

Non-censorable apps

Decentralization makes it extremely difficult to censor information since multiple copies of the same information exist, and it also makes it significantly more difficult to spread fake news and propaganda, as facts can be recorded on a blockchain. The facts are immutable, as the information cannot be changed later.

A significant number of dApp developers are focusing on creating Web 3.0 versions of apps such as Twitter, Reddit, and Quora where posts cannot be taken down by admins, firstly because there would not be any admins since the app would be community-driven and secondly because the information would be immutable so there would be no edit or delete functions. This enables true freedom of expression on an unprecedented scale.

So, now we have clarity on how information on apps can be resistant to censorship, we can go beyond by making websites and web apps censorship-resistant at the fundamental level.

This means that it shouldn’t be easy to take down websites by just restricting traffic to them. This is made possible by decentralized storage platforms such as Arweave and EmbassyOS, where independent individuals can buy special physical storage devices.

These storage devices can be used to store the websites on their own devices rather than on a cloud server, making it significantly more difficult to take websites down.

Digital assets with real-world limits

Blockchains would only matter to the common man if they’re able to affect the real world or our daily lives. So, let’s learn about how blockchains model real-world limits and how blockchains can be used to represent real-world resources.

Up until now, we’ve never had a way to represent real-world resources in a digital format, but blockchain and tokenization enable this for us. It’s important to discuss this, as it opens tons of possibilities, so let’s walk through a few use cases to understand it better.

Let’s say there’s an apartment in Japan with 1,000 square meters of space. If you want to buy this apartment, you must buy it as a whole, and you also need to meet a lot of criteria, such as being a resident of Japan. But what if there was a way to not buy the entire apartment and buy only a fraction of the apartment? With tokenization, this is made possible.

This is how the process works: a tech enablement company acquires this apartment and tokenizes the square meters. Each token represents one square meter of the apartment, and this currency is restricted to 1,000 tokens (since the total space of the apartment is 1,000 square meters). This total limit cannot change since it’s backed by a blockchain, and now these tokens can be purchased by anyone in the world.

This means that if you want to buy just two square meters of that apartment in Japan, you must buy two tokens. The benefit of this is that you can invest in the real estate market of Japan and the growth that Japan will see in the coming years by just buying the token. This opens the market up for multi-ownership models and removes long processes from the equation. Since these tokens can be traded, all trades will be recorded on the blockchain, and the latest ownership state will be maintained and updated. This same concept can be applied to many other things in the real world, and right now, we’re just at the cusp of a new wave of tech enablement that may end up changing our reality for the better.

We now know that blockchains have a lot of use cases, and for blockchains to be truly adopted, we need blockchains that can process a lot of transactions and handle a lot of users. In the next section, let’s look at how blockchains can be scaled to handle millions of transactions and users with ease.

Previous Page
Chapter 3 of 19, Page 4
Next Page
You have been reading a chapter from
Rust for Blockchain Application Development
Published in: Apr 2024Publisher: PacktISBN-13: 9781837634644
© 2024 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Akhil Sharma

Akhil Sharma is a Software Engineer and an entrepreneur. He is the CTO of Dominate, a SaaS product company, and the founder of Myrl Tech, a tech services company providing technology consulting to some of the top enterprise companies in the world such as HP, 3M, Honda, Bose, and Adobe. He has 12+ years of industry experience and a solid understanding of building digital products. He is adept at multiple programming languages such as Golang, Rust, Ruby, Python, and JavaScript. He has mentored hundreds of engineers offline and discovered that they knew the programming language and the concepts around it but were unable to use them in real-world applications. He aims to close this gap by teaching how to apply the concepts practically and build projects in real time.
Read more about Akhil Sharma

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages