DevLog250320

Devlog 250320: Exploring Blockchain Hashing and Solidity Cryptography

Overview

Today’s focus was on understanding how blockchain handles cryptographic hashing and how Solidity interacts with cryptographic functions. This is essential for data integrity, digital signatures, and secure transactions in smart contracts.

1. Understanding Hashing in Blockchain

A hash function is a one-way function that takes an input and produces a fixed-length output (hash). On Ethereum, hashing is commonly used for:
- Storing and verifying data without revealing the original input.
- Checking integrity to ensure data hasn’t been tampered with.
- Generating digital signatures for authentication and security.

Ethereum primarily uses Keccak-256, a variant of SHA-3, as its hashing function.

Example of Keccak-256 in Solidity

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

contract HashingExample {
    function generateHash(string memory input) public pure returns (bytes32) {
        return keccak256(abi.encodePacked(input));
    }
}

How it Works

• keccak256(abi.encodePacked(input)) → Hashes the input string.
• This output cannot be reversed, ensuring security in smart contracts.

2. Where Hashes Are Stored in Blockchain

Hashes can be stored on-chain inside contract storage or logs, but because blockchain space is expensive, many projects:
- Store the hash on-chain but keep the raw data off-chain (e.g., IPFS, Arweave).
- Use Merkle Trees to efficiently store and verify large datasets.

Example: Storing & Verifying a Hash in Solidity

contract HashStorage {
    mapping(bytes32 => bool) public storedHashes;

    function storeHash(string memory data) public {
        bytes32 hash = keccak256(abi.encodePacked(data));
        storedHashes[hash] = true;
    }

    function verifyData(string memory data) public view returns (bool) {
        bytes32 hash = keccak256(abi.encodePacked(data));
        return storedHashes[hash];
    }
}

How it Works

1. User submits data → Hash is stored in mapping(bytes32 => bool) storedHashes.
   
2. Later, the same data can be submitted → The hash is recomputed and checked against storage.
   
3. If hashes match → The function returns true, confirming the data was previously stored.

This is how blockchain ensures data integrity without storing raw files.

3. How Solidity Interacts with Cryptography

Solidity doesn’t provide built-in asymmetric encryption but supports:
- Keccak-256 hashing for data integrity.
- ECDSA (Elliptic Curve Digital Signatures) for verifying signatures.
- Merkle Trees for efficient data verification.

Using ECDSA for Digital Signatures

Ethereum uses secp256k1, the same cryptographic curve as Bitcoin.

Example: Recovering a Signer’s Address from a Signature

import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

contract SignatureVerification {
    using ECDSA for bytes32;

    function verifySigner(bytes32 hash, bytes memory signature, address expectedSigner) public pure returns (bool) {
        return hash.recover(signature) == expectedSigner;
    }
}

How it Works

1. A user signs data off-chain using their private key.
   
2. The signed message is sent to the contract.
   
3. The contract recovers the signer’s address from the signature and verifies its authenticity.

This is the foundation of wallet authentication and message verification in Web3.

4. Hashing Use Cases in Solidity

1. Hash Commitments (Anti-Tampering Mechanism)

• Used in secure auctions, commit-reveal voting, and lottery systems.
  
• Users submit hashed values first, revealing the original value later.

contract CommitReveal {
    mapping(address => bytes32) public commitments;

    function commit(bytes32 hash) public {
        commitments[msg.sender] = hash;
    }

    function reveal(string memory secret, uint number) public view returns (bool) {
        return commitments[msg.sender] == keccak256(abi.encodePacked(secret, number));
    }
}

• The commit function stores a hash of a secret value.
  
• Later, the user reveals the original value, proving they committed to it beforehand.

2. Merkle Proofs (Efficient Data Verification)

Used for batch verification of data, such as whitelisting users for NFT mints or validating ownership.

import "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";

contract MerkleExample {
    bytes32 public rootHash; // The Merkle Root

    function verifyProof(bytes32[] memory proof, bytes32 leaf) public view returns (bool) {
        return MerkleProof.verify(proof, rootHash, leaf);
    }
}

• MerkleProof.verify() confirms that a given hash is part of a known dataset.
  
• Saves gas by verifying only a hash, rather than storing entire lists on-chain.

5. Takeaways & Next Steps

• Keccak-256 is Solidity’s core hashing function for securing data.
  
• Hashes are stored on-chain but often used as references for off-chain data.
  
• ECDSA enables digital signature verification, critical for Web3 authentication.
  
• Merkle Trees allow efficient batch verification, optimizing gas fees.

Next Steps

• Experiment with commit-reveal voting using hash commitments.
  
• Implement on-chain signature verification for Web3 login authentication.
  
• Investigate Layer 2 solutions that optimize cryptographic proofs on Ethereum.

Today’s session deepened my understanding of how Solidity interacts with cryptography and how hashing secures blockchain operations. The next focus will be practical implementations of cryptographic methods in smart contract security and Web3 authentication.