From 8ca2c69e67c5b5cc3166af0c0a56e16078176b21 Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Tue, 19 Aug 2025 22:39:50 -0500 Subject: summary of commits from minimal-enhancements --- content/about/index.org | 27 +++ content/blog/2025-06-02-private-ios-apps.org | 238 +++++++++++------------ content/blog/2025-06-27-how-blockchain-works.org | 197 ------------------- 3 files changed, 138 insertions(+), 324 deletions(-) create mode 100644 content/about/index.org delete mode 100644 content/blog/2025-06-27-how-blockchain-works.org (limited to 'content') diff --git a/content/about/index.org b/content/about/index.org new file mode 100644 index 0000000..b583085 --- /dev/null +++ b/content/about/index.org @@ -0,0 +1,27 @@ +#+title: About +#+slug: index + +Hey, I'm */~cmc/*. + +I'm a technology audit manager, working on financial statement audits (SOX/MAR), +SOC 1-3 reports, and other attestations for KPMG. + +Read up on my [[https://cv.cleberg.net][CV]] or [[https://cleberg.net/salary/][salary]] for more information. + +In my spare time, I like to: + +- Run linux servers +- Enhance my home lab network +- Write personal programs, mostly in Python +- Research various topics (history, geography, science, etc.) +- Write blog posts and general documentation +- Converse with others on IRC and Matrix +- Play video games and watch television + +If you want to chat, you can find me in the following spaces: + +- [[mailto:hello@cleberg.net][hello@cleberg.net]] ([[https://cleberg.net/gpg.txt][GPG]]) +- [[https://lemmy.cleberg.net/u/cmc][@cmc]] on Lemmy +- [[https://matrix.to/#/@cmc.:matrix.org][@cmc.:matrix.org]] on Matrix +- @cmc.01 on [[https://signal.org/][Signal]] +- [[https://sr.ht/~cxc][~cxc]] on Sourcehut diff --git a/content/blog/2025-06-02-private-ios-apps.org b/content/blog/2025-06-02-private-ios-apps.org index b015bc2..14c744c 100644 --- a/content/blog/2025-06-02-private-ios-apps.org +++ b/content/blog/2025-06-02-private-ios-apps.org @@ -4,16 +4,14 @@ #+slug: private-ios-apps #+filetags: :ios:privacy:security: -In a world where our phones are extensions of ourselves, balancing convenience -with privacy can feel like a losing battle — especially on iOS, where platform -restrictions narrow the options. But it's not impossible. There's a growing -ecosystem of privacy-respecting apps, tools, and communities focused on helping -iPhone users take back some control. +The world is evolving into a privacy nightmare, where our own devices are being +used by numerous parties to constantly track and report on our activities. This +is especially prevalent on iOS, where platform restrictions leave users without +many options to lock down their data. -Below is a curated list of privacy resources, directories, and testing tools -specifically useful for iOS. Whether you're looking for a better email client, a -trustworthy VPN, or simply places to learn more, these links are a solid -starting point. +However, there are apps that exist that can help enhance the privacy of an iOS +device. The post below details a number of privacy resources, directories, and +tools for iOS. **Resource Table** @@ -36,38 +34,28 @@ starting point. #+begin_quote *Note*: This list focuses solely on iOS-compatible resources and tools. No -Android comparisons here — just options for those of us living in Apple's walled -garden. +Android comparisons here as I have not used Android in many years. #+end_quote * Email -First and foremost, I like to consider email as my first app on a new device. -However, the iOS market lacks a wealth of open-source and private email clients. -There are a few options, such as Proton Mail and Tuta, which are open source and -private, but they lock you into their ecosystem. Tuta doesn't allow for custom -domains and neither allows SMTP/IMAP access. - -Canary Mail is a decent option, as it is a classic SMTP/IMAP client - and does -more than most as it's one of the only PGP email clients on iOS - but is closed -source and the company behind it seems more focused on AI than privacy. - -- [[https://proton.me/mail][Proton Mail]] - A more mainstream-feeling app with PGP support built-in. Good if - you're looking for something that feels like Apple Mail but with privacy - upgrades. -- [[https://tuta.com/][Tuta]] - Tuta (formerly Tutanota) takes privacy a step further by encrypting - subject lines, message content, attachments, and calendar events. It also - avoids using phone numbers or third-party services for registration. The iOS - app is reliable for the basics. Downsides: no IMAP/SMTP support, so you can't - plug it into your own mail clients, and notifications require a premium plan - if you want them in real-time. Great if you care about metadata exposure. -- [[https://canarymail.io/][Canary Mail]] - A more polished, user-friendly email client that supports - end-to-end encryption using PGP and their own “SecureSend” feature for - encrypted messages. Canary works with multiple mail providers (Gmail, Outlook, - etc.), so it's more of a privacy enhancement for existing services rather than - a private mail provider itself. Downsides: it's a proprietary, closed-source - app, and some privacy features require a subscription. Better than stock Mail - for security, but you're still trusting their implementation. +First, I like to consider email as my first app on a new device. However, iOS is +\extremely\ lacking in this area. Certain options are private, such as Proton +Mail and Tuta, but they have certain restrictions and ecosystem lock-in methods +that I try to avoid. + +Canary Mail was a decent option for a while, although a bit mysterious, but they +have recently leaned into the AI hype pretty heavily, which is concerning. +However, it's still one of the only options for PGP emails on iOS. + +- [[https://proton.me/mail][Proton Mail]] - One of the more popular private email options available on iOS. + Allows custom domains, but does not allow for IMAP/SMTP usage, so you're + locked into using their apps. Open source. +- [[https://tuta.com/][Tuta]] - Tuta also locks you into their clients and they do not allow you to use + custom domains. Open source. +- [[https://canarymail.io/][Canary Mail]] - Closed source, so you can't verify anything about what they are + building into the app. However, it's one of the only options for PGP mail on + iOS. Advanced features are locked behind a paywall. Another suggestion is to use a browser-based web client. You can install browser mail clients as progressive web apps (PWAs). For example, I have been using @@ -91,35 +79,29 @@ releases for iOS, I will probably use that. * Browsers -Your browser is basically the front door to the internet — and also the window, -mailbox, and security camera. It's where trackers, ads, fingerprinting scripts, -and data leaks happen most often. Even on a locked-down phone, if your browser -isn't protecting your traffic, your personal info can quietly leak out through -third-party scripts, embedded media, and background connections. Choosing a -privacy-respecting browser is one of the most impactful decisions you can make -for mobile privacy. - -- [[https://apps.apple.com/us/app/firefox-focus-privacy-browser/id1055677337][Firefox Focus]] - A stripped-down, no-nonsense browser from Mozilla. It - automatically blocks trackers, erases your browsing history with a tap, and - skips extras like tabs or bookmarks. Great for one-off searches and quick - visits to privacy-sensitive sites. -- [[https://duckduckgo.com/app][DuckDuckGo]] - A full-featured private browser with built-in tracker blocking, - HTTPS upgrades, and a clear data button. It also integrates DuckDuckGo search - and email protection. Solid for daily use if you don't want your browsing - activity tied to a bigger tech company. -- [[https://onionbrowser.com/][Onion Browser]] & [[https://orbot.app/][Orbot]] - Your best bet for anonymous browsing on iOS. Onion - Browser routes traffic over Tor, while Orbot can proxy other apps system-wide - through Tor. Slower than normal browsers, but excellent for masking your IP - and avoiding surveillance. -- [[https://brave.com/][Brave]] - Privacy-focused with ad and tracker blocking built-in, Brave also runs - its own private search engine and supports things like Tor tabs (on desktop, - not iOS). On iOS, it's basically a privacy-enhanced Safari/WebKit shell — - better than nothing, but subject to Apple's browser engine limits. -- [[https://www.apple.com/safari/][Safari]] (with caveats) - Surprisingly decent for privacy if you tweak the - settings. Enable “Prevent Cross-Site Tracking,” block all cookies, and disable - preload for best results. Still, it's tied to your Apple ID and iCloud syncing - unless you're careful, so don't treat it as anonymous. For a great baseline - configuration, read PrivacyGuide's [[https://www.privacyguides.org/en/mobile-browsers/#safari-ios][Safari]] section. +Your choise of browser is very important if you're concerned with privacy. Any +and all links you click will be opened in your default browser, so you need to +make sure you choose the right browser and configure it properly. Trackers, ads, +fingerprints, and data leaks are constant threats that should be avoided when +possible. + +- [[https://apps.apple.com/us/app/firefox-focus-privacy-browser/id1055677337][Firefox Focus]] - In my opinion, the best option for privacy on iOS. + Automatically blocks trackers, erases data and history upon app close, and + focused on private usage. However, it won't support your bookmarks or keep you + logged into sites long-term. +- [[https://duckduckgo.com/app][DuckDuckGo]] - Another good option, built on chromium. Like Focus, it allows you + to clear all data with a button tap. +- [[https://onionbrowser.com/][Onion Browser]] & [[https://orbot.app/][Orbot]] - Tor - what can I say? It's been the most popular + privacy browser for ages for a reason and now it's available on iOS. Onion + Browser is a Tor browser and Orbot can proxy any number of iOS apps through + Tor. As with all Tor traffic, it will be slower than "regular" traffic. +- [[https://brave.com/][Brave]] - Another chromium-based privacy browser. Can sync with other Brave + browsers via a secure linking process (no account). Fully-featured and great + privacy defaults. There have been some concerns in the past about the company + behind Brave, but I still think it's a decent option for most peoplel. +- [[https://www.apple.com/safari/][Safari]] (with caveats) - Great option if the browsers above don't work for you. + Be sure to read PrivacyGuide's [[https://www.privacyguides.org/en/mobile-browsers/#safari-ios][Safari]] section for more information on what you + need to do to lock it down before relying on it full time. #+begin_quote *I use*: Hardened safari in private mode for every day use, and Onion Browser @@ -128,30 +110,26 @@ for anonymous browsing. * Messaging -If you're trying to keep conversations off surveillance infrastructure, choosing -the right messaging app is crucial. Between metadata collection, insecure cloud -backups, and shady server practices, most mainstream chat apps aren't -privacy-friendly by design. On iOS, you're a little more limited than on -Android, but there are still solid options built around end-to-end encryption -and metadata minimization. - -- [[https://signal.org/][Signal]] - The gold standard for secure messaging. Open source, end-to-end - encrypted, and runs its own private push notification infrastructure so Apple - can't read your message content. Downsides: phone number required for signup - (a known metadata weak point). +Next up are messaging apps. If you have an iPhone, it's a good bet that you will +be messaging other people on it. The threats for messaging apps tend to be +metadata/data collection from cellular providers, ISPs, and Apple itself. If you +want to protect the privacy of your messages, who your messaging, and the +metadata around those messages (time, method, location, etc.), you'll need to +think about which apps you're using. + +- [[https://signal.org/][Signal]] - My personal favorite and still the gold standard for secure and + private messaging. Open source, end-to-end encrypted, and runs its own private + push notification infrastructure so Apple can't read your message content. A + phone number is required to sign up, but you can create a username immediately + after signing up and share that with others instead of sharing your phone + number. - [[https://simplex.chat/][SimpleX]] - A decentralized, phone-number-free messaging system. Uses anonymous - message relays and asymmetric keys. Great for pseudonymous chats or if you're - tired of number-based identity systems. + message relays and asymmetric keys. - [[https://getsession.org/][Session]] - A fork of Signal's protocol that eliminates phone numbers entirely. - Routes messages through a decentralized onion network (like Tor). Excellent - for metadata resistance, though message delivery can sometimes lag. + Routes messages through a decentralized onion network (like Tor). - [[https://element.io/][Element]] - Based on the Matrix protocol, offering decentralized, federated - chat. Great for groups and communities, with optional end-to-end encryption. A - little heavier on resources than the others. - -Privacy-friendly messaging isn't perfect on iOS — background sync restrictions -and notification relay challenges exist — but these tools will cover most needs -while keeping your data away from corporate servers. + chat. Great for groups and communities, with optional end-to-end encryption. + Other client options are available for Matrix on iOS, as well. #+begin_quote *I use*: Signal for private chats with known people, and Matrix for group chats. @@ -160,8 +138,8 @@ while keeping your data away from corporate servers. * VPNs & Networking Network traffic is where most surveillance happens. Even with encrypted -messaging and browsers, your IP address and DNS queries reveal a lot. A good VPN -or alternative network routing tool masks this, but not all VPNs are +messaging and browsers, your IP address and DNS queries reveal a lot about you. +A good VPN or alternative network routing tool masks this, but not all VPNs are trustworthy. Avoid “free” services or those lacking transparency. - [[https://mullvad.net/][Mullvad]] - A no-logs VPN that doesn't require an email or personal info to @@ -174,10 +152,10 @@ trustworthy. Avoid “free” services or those lacking transparency. polished for mobile but useful for hobbyists or building private networks between devices. -If you can't self-host or build your own mesh, Mullvad is hands-down the -cleanest option here. There are other VPN options available, but I haven't -tested them all so I will simply put my vote for Mullvad here and let you -research other options if you don't want to use Mullvad. +If you can't self-host or build your own mesh, Mullvad is hands-down the easiest +option here. There are other VPN options available, but I haven't tested them +all so I will simply put my vote for Mullvad here and let you research other +options if you don't want to use Mullvad. #+begin_quote *I use*: Mullvad for 24/7 usage, and Tor when anonymity is required. @@ -185,12 +163,12 @@ research other options if you don't want to use Mullvad. * Password Management -Weak, reused passwords are still one of the biggest risks for personal security. -A good password manager makes it possible to use strong, unique credentials +Weak and reused passwords are still the biggest risks for personal security. A +good password manager makes it possible to use strong, unique credentials without memorizing them all. -- [[https://bitwarden.com/][Bitwarden]] - Open source, audited, and free to self-host. The iOS app - integrates with system autofill and Face ID. Solid for most users. +- [[https://bitwarden.com/][Bitwarden]] - Open source, audited, and free to self-host (e.g., Vaultwarden). + The iOS app integrates with system autofill and Face ID. - [[https://keepassium.com/][KeePassium]] - A KeePass-compatible client for iOS. Local database storage, optional cloud sync, and no external accounts. Excellent if you want full control over your credential store. @@ -198,8 +176,8 @@ without memorizing them all. your database with a secure method like [[https://cryptomator.org/][Cryptomator]]-protected cloud storage, Syncthing, or local-only transfers. -Good password hygiene matters more than people realize, and these apps give you -control over your vault. +Good passwords matter are extremely important, and these apps give you control +over your vault. #+begin_quote *I use*: Bitwarden Families ($40/year) to protect passwords, passkeys, TOTP @@ -210,17 +188,20 @@ myself, I would prefer KeePassXC + Syncthing. * Multi-Factor Authentication (MFA) MFA is essential, but relying on SMS codes or untrusted proprietary apps defeats -the point. Use open, local, encrypted authenticators where possible. +the point. Use open, local, encrypted authenticators where possible. Also, use +passkeys if you can! I prefer passkeys, then TOTP, and then SMS/email, if other +options are not possible. -- [[https://bitwarden.com/products/authenticator/][Bitwarden Authenticator]] - Integrates with the password manager or works - standalone. Encrypted backups through Bitwarden. +- [[https://bitwarden.com/products/authenticator/][Bitwarden Authenticator]] - Integrates with the password manager or works as a + standalone TOTP app. Optional encrypted backups through your Bitwarden + account. - [[https://ente.io/auth/][Ente Auth]] - Open source, end-to-end encrypted TOTP manager. Syncs encrypted via Ente's infrastructure. - [[https://www.tofuauth.com/][Tofu]] - Minimal, offline-first TOTP app. No cloud, no telemetry. - [[https://raivo-otp.com/][Raivo OTP]] - Open source, native iOS app with secure iCloud backups. Clean interface. - [[https://apps.apple.com/us/app/otp-auth/id659877384][OTP Auth]] - A longstanding, trusted TOTP manager with encrypted backups and - Apple Watch support. Not open source. + Apple Watch support. *Not open source.* I recommend pairing one of these with strong passwords and a VPN for everyday security. @@ -231,9 +212,8 @@ security. * Notes & Personal Data -iCloud Notes and Google Keep aren't exactly privacy havens. If you're storing -sensitive personal notes, account details, or journal entries, opt for -encrypted, local-first apps. +If you're storing sensitive personal notes, account details, or journal entries, +opt for encrypted, local-first apps. - [[https://beorgapp.com/][Beorg]] - An Org-mode-compatible outliner and task manager for iOS. Great for Emacs fans and those managing plaintext files. @@ -248,15 +228,15 @@ These options help decouple your data from major cloud platforms while keeping notes portable and encrypted. #+begin_quote -*I use*: Beorg, since I love org-mode and no longer use markdown. +*I use*: Beorg, since I love org-mode. #+end_quote * Photos & Media -Your camera roll quietly feeds metadata and images to iCloud by default. If you -want to self-host or encrypt your photo library, here's what works on iOS. At a -minimum, I suggest disabling iCloud for the Photos app, so the data stays local -on your device. +If you're using iCloud Photos, your camera roll quietly feeds metadata and +images to iCloud by default. If you want to self-host or encrypt your photo +library, here's what works on iOS. At a minimum, I suggest disabling iCloud for +the Photos app, so the data stays local on your device. - [[https://immich.app/][Immich (self-hosted)]] - Open source, feature-rich, self-hosted photo manager with facial recognition and live photo support. Requires a home server. @@ -290,14 +270,12 @@ require Instant PGP since Migadu's webmail client (SnappyMail) supports PGP. * News & Social -Mainstream news and social apps leak all kinds of usage metadata, even when -you're just lurking. These tools let you follow content with less exposure. +News and social apps leak all kinds of usage metadata, even when you're just +lurking. These tools let you follow content with less exposure. -- [[https://netnewswire.com/][NetNewsWire]] - Free, open source RSS reader for iOS. Follow sites without - tracking. -- [[https://www.talklittle.com/three-cheers/][ThreeCheers]] - Privacy-friendly Reddit client for iOS. No official API calls, - built-in filtering. -- [[https://getvoyager.app/][Voyager]] - Clean, independent Mastodon client. +- [[https://netnewswire.com/][NetNewsWire]] - Free, open source RSS reader for iOS. +- [[https://www.talklittle.com/three-cheers/][ThreeCheers]] - Privacy-friendly Tildes client for iOS. +- [[https://getvoyager.app/][Voyager]] - Clean, independent Lemmy client. - [[https://joinmastodon.org/][Mastodon]] - Federated, open source alternative to Twitter. - [[https://joinpeertube.org/][PeerTube]] - Decentralized video platform, accessible via web or PWA. - [[https://pixelfed.org/][Pixelfed]] - Federated, open source alternative to Instagram. @@ -305,17 +283,23 @@ you're just lurking. These tools let you follow content with less exposure. If you're going to be online, at least let it be on your terms. #+begin_quote -*I use*: NetNewsWire (via FreshRSS) for RSS feeds, and Voyager for Lemmy. I have -used all of these apps and they are great, but I am not very active on social -sites. +*I use*: NetNewsWire (via FreshRSS) for RSS feeds, Voyager for Lemmy, and Three + Cheers for Tildes. I have used all of these apps and they are great, but I am + not very active on social sites. #+end_quote * Final Thoughts -This isn't about paranoia — it's about awareness. Every app you use, every -service you sign into, quietly collects and trades your data. iOS makes true -anonymity harder than other platforms, but these tools and services give you a -fighting chance to keep your personal life personal. +Whether you just want to improve your privacy in small steps or you're +fashioning a tinfoil hat as we speak, moving to privacy-focused services and +apps does two things: + +1. It protects your privacy by ensuring that your data is being protected + through the many methods mentioned above; and +2. It provides money (for paid apps), support (in terms of download count, + reviews, ratings, etc.), and motivation for the developers and companies + behind these apps that provide a privacy haven for users on iOS. -If you have other privacy-friendly iOS tools you enjoy, [[mailto:hello@cleberg.net][email me]] — I'm always -looking for new things to test. +Every app you use, every service you sign into, quietly collects and trades your +data. iOS makes true anonymity harder than other platforms, but these tools and +services give you a fighting chance to keep your data private. diff --git a/content/blog/2025-06-27-how-blockchain-works.org b/content/blog/2025-06-27-how-blockchain-works.org deleted file mode 100644 index c31e5a8..0000000 --- a/content/blog/2025-06-27-how-blockchain-works.org +++ /dev/null @@ -1,197 +0,0 @@ -#+date: <2025-07-07 Mon 00:00:00> -#+title: Blockchain Series #1: How Blockchain Works Under the Hood: Hashes, Keys, and Signatures Explained -#+description: Dive into blockchain's cryptographic foundations. Explore how hash functions, Merkle trees, and digital signatures secure distributed, tamper-resistant ledgers. -#+slug: how-blockchain-works -#+filetags: :blockchain:encryption: -#+draft: t - -/This is Part 1 of a series I'm writing on blockchain. Stay tuned for further -editions./ - -Blockchain is one of those technologies that seems to generate more marketing -buzz than real understanding. Everywhere you look, people talk about -decentralization, trustless systems, and the next big disruption. But beneath -the hype, blockchain systems rely on well-understood cryptographic building -blocks to do something very specific: maintain a secure, tamper-resistant ledger -without needing a central authority. - -If you're serious about understanding blockchain, it's critical to understand -the cryptographic primitives that make it work. Hash functions, digital -signatures, and public-key cryptography aren't just jargon—they're the core -mechanisms that let a distributed network agree on a shared history no one can -easily rewrite. - -This post is Part 1 of a multi-part series on blockchain. Here, we'll focus on -these fundamental building blocks—how they work, why they're used, and how they -fit together to provide the security and trust that blockchain promises. - -* What is Blockchain? - -At its core, a blockchain is a distributed, append-only ledger shared among -participants in a network. - -What does this mean? Essentially, we can think of a standard, non-technical -ledger (book of accounts where transactions are recorded against accounts). When -introductin the idea of a blockchain, let's extend the idea of a standard ledger -and make a few connections: - -- Each block of transactions is connected cryptographically to the block before - it, via a [[https://en.wikipedia.org/wiki/Cryptographic_hash_function][cryptographic hash]]. This is what forms a =chain= of blocks, or - records. -- Each block consists of: - - A list of validated transactions - - A timestamp - - A cryptographic hash of the previous block (ensuring immutability) -- Each transaction within a block is initiated between addresses, signed with - cryptographic keys, and sent to the blockchain for validation (e.g., - proof-of-work, proof-of-staking, etc.). -- The blockchain is shared amongst nodes in the network, who agree on the state - of the blockchain through consensus mechanisms. - -As we can see, the decentralized nature and cryptographic linking of -transactions and blocks ensures that modifying the history is infeasible. - -If you're more of a visual person, here's a very basic diagram of a standard -blockchain structure. - -#+begin_example -+------------+ +------------+ +------------+ -| Block 1 | -> | Block 2 | -> | Block 3 | -|------------| |------------| |------------| -| Data | | Data | | Data | -| Prev Hash: | | Prev Hash: | | Prev Hash: | -| 00000000 | | | | | -| Hash: | | Hash: | | Hash: | -| | | | | | -+------------+ +------------+ +------------+ -#+end_example - -* What Problems is Blockchain Trying to Solve? - -I will be diving into the technical details of blockchains later in this post, -but what exactly is the reason blockchain exists? - -You may know of cryptocurrencies, such as Bitcoin, but that is only one of many -use cases for blockchains. - -As we learned in the section above, a blockchain can be equated to a ledger. -With this in mind, let's dive into a few interesting use cases: - -** Immutable record-keeping - -If you simply need a ledger that cannot be modified easily and can establish a -decentralized network to support that, blockchain is a great technology. - -** Trust without central authority - -The use of a decentralized system means that we do not need to rely on a -centralized authority (e.g., Social Security, a bank, etc.) to store and provide -access to information you need to record. - -Think of the US Social Security Number (SSN) system. Each time you want to -perform actions that require verifying your identify (e.g., opening bank -accounts, investment accounts, child birth, etc.), you are currently required to -provide your SSN. - -However, this is a singular number - which means that if someone learns it, they -can (essentially) now act as you. - -Now imagine a scenario where the SSN system is a blockchain where you have both -your private key for providing evidence to people that you are you. For example, -you open a bank account and sign your form with your private key. Now, the bank -can take that and use your public key to decrypt the message and verify that you -are you, without needing to know your private key. - -Another scenario is that, during a background check, a company could use your -public key and consult the related blockchain to validate specific pieces of -information. For example, if your identity alone is in one block, you could -provide that information to your employer without providing your full SSN and -all related personal information for as long as they keep your SSN on file. - -** Double-spending problem - -With the introduction of digital assets, such as cryptocurrencies and -non-fungible tokens, a new risk is introduced: without control, these assets -could be copied and reused at-will. - -To solve this problem, digital assets are transacted on a blockchain to ensure -that the decentralized system of nodes provide consensus on validating -transactions, transactions are recorded in a transparent and tamper-resistant -manner, and cryptographic functions are performed to order the transactions -logically on chain. - -* The Role of Cryptography in Blockchain -- Why cryptography matters -- Confidentiality vs. integrity/authenticity -- Core goals: - - Tamper-evidence - - Secure identification - - Non-repudiation - -* Hash Functions -- What is a cryptographic hash? -- Properties: - - Collision resistance - - Pre-image resistance -- How blockchain uses hashes: - - Chaining blocks together - - Block headers - - Transactions -- Example command: - #+begin_src bash - echo -n "Hello, Blockchain" | sha256sum - #+end_src -- Optional diagram: chain of blocks with hashes - -* Merkle Trees -- Summarizing many transactions in a single root hash -- Use case: efficient inclusion proofs -- Example diagram (ASCII art if desired) -- Why Merkle roots are in block headers - -* Public Key Cryptography -- Quick refresher -- Public/private keypairs -- Addresses derived from public keys -- Importance of keeping private keys secret - -* Digital Signatures -- Purpose: proving authorship without revealing private key -- Mention ECDSA / EdDSA -- How transactions are signed -- Example snippet: - #+begin_example - Alice signs transaction with her private key - → Anyone can verify with her public key - #+end_example -- Why signatures prevent forgery - -* Bringing it All Together: Blockchain Data Structures -- Block structure: - - Block header with previous block's hash - - Merkle root - - Timestamp, nonce -- How the chain ensures immutability -- Example flow: - 1. User creates a transaction - 2. Signs it - 3. Transaction included in block - 4. Block hash links to previous block - -* Proof of Work (Optional) -- Hash puzzles to add blocks -- Why it's hard to modify history -- Keep this section simple - -* Conclusion -- Summarize how these primitives work together -- Tease next post: "Next, we'll explore security threats and how blockchain - networks mitigate them." -- Optional links to further reading: - - Bitcoin whitepaper - - Ethereum docs - - Cryptography references - -* Optional Extras -- Glossary box with terms (hash, signature, Merkle tree) -- External references (e.g., NIST docs on hashes) -- cgit v1.2.3-70-g09d2