Interview Questions for Cryptographic Proofing and Verification

Symmetric and asymmetric encryption differ fundamentally in how they manage encryption keys. Symmetric encryption uses the same secret key for both encryption and decryption. Think of it like a shared secret code: both the sender and receiver need the same code to lock and unlock a message. This is efficient but poses a key distribution challenge – how do you securely share the secret key without compromising it?

Asymmetric encryption, on the other hand, uses a pair of keys: a public key for encryption and a private key for decryption. The public key can be freely shared, while the private key must be kept secret. This solves the key distribution problem because anyone can encrypt a message using the public key, but only the holder of the private key can decrypt it. It’s like having a publicly available mailbox (public key) where anyone can drop a letter (encrypted message), but only you have the key to your house (private key) to open it and read it.

• Symmetric Example: AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm.
• Asymmetric Example: RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) are examples of asymmetric encryption algorithms.

A digital signature is a cryptographic technique used to verify the authenticity and integrity of a digital message or document. It’s like a handwritten signature, but far more secure. It ensures that the message originates from the claimed sender and hasn’t been tampered with during transmission.

The process involves using the sender’s private key to create a digital signature for the message. Anyone can then use the sender’s public key to verify the signature’s validity. If the signature verifies, it confirms that the message is authentic and unaltered. This is crucial in many applications:

• Secure Email: Prevents email spoofing and ensures message authenticity.
• Software Distribution: Verifies that downloaded software hasn’t been tampered with by malicious actors.
• Digital Certificates: Used to authenticate websites and online transactions (e.g., SSL/TLS certificates).
• Blockchain Technology: Used to secure transactions and prevent double-spending.

Cryptographic hash functions are one-way functions that take an input of any size (message) and produce a fixed-size output called a hash value or digest. The main security properties are:

• Pre-image resistance: Given a hash value, it’s computationally infeasible to find the original input message.
• Second pre-image resistance: Given an input message and its hash value, it’s computationally infeasible to find a different input message with the same hash value.
• Collision resistance: It’s computationally infeasible to find two different input messages that produce the same hash value.

These properties ensure data integrity. Any change to the input message, no matter how small, will result in a completely different hash value, allowing for easy detection of tampering.

A collision-resistant hash function is one where it’s computationally infeasible to find two different inputs that produce the same hash output. In simpler terms, it’s extremely difficult to find two different documents that have the same digital fingerprint (hash value). This property is crucial for ensuring data integrity and preventing forgery. If a collision were found, it could compromise the security of systems relying on the hash function, potentially allowing malicious actors to create fraudulent documents with the same hash value as a legitimate one.

Many widely used hash functions, such as SHA-256 and SHA-3, are designed to be collision-resistant, although the level of resistance depends on the algorithm’s design and the computational power available to an attacker.

RSA and ECC are both widely used asymmetric encryption algorithms, but they have different strengths and weaknesses:

• RSA: Based on the mathematical difficulty of factoring large numbers. It’s been around longer and is well-understood, but it requires larger key sizes for the same level of security as ECC.
• ECC: Based on the algebraic structure of elliptic curves. It offers the same level of security with smaller key sizes than RSA, making it more efficient for resource-constrained devices and faster computations.

Advantages of RSA: Mature technology, widely implemented, good for digital signatures.

Disadvantages of RSA: Larger key sizes, slower performance compared to ECC.

Advantages of ECC: Smaller key sizes, faster computations, more efficient for mobile and embedded systems.

Disadvantages of ECC: Relatively newer technology, some concerns regarding long-term security (though continually improving).

The choice between RSA and ECC depends on the specific application’s needs and security requirements. For many modern applications, ECC is preferred due to its efficiency.

The Diffie-Hellman key exchange allows two parties to establish a shared secret key over an insecure channel without ever explicitly transmitting the key itself. It relies on the mathematical properties of modular arithmetic. Imagine two people wanting to agree on a secret code, but they can only send messages through a public forum where anyone can read them.

Here’s a simplified explanation:

1. Agree on public parameters: Both parties agree on a large prime number (p) and a generator (g) which is a number less than p. These are public and can be known by everyone.
2. Choose private keys: Each party secretly chooses a private key (a and b for party A and B respectively).
3. Compute public keys: Each party computes their public key using the formula: A = ga mod p and B = gb mod p. These public keys are exchanged openly.
4. Compute shared secret: Each party uses the other party’s public key and their own private key to compute the shared secret: SA = Ba mod p and SB = Ab mod p. Mathematically, SA = SB.

The shared secret (S) is now the key they can use for symmetric encryption. Even though the public keys (A and B) were exchanged publicly, it’s computationally infeasible to derive the shared secret (S) without knowing the private keys (a and b).

A zero-knowledge proof allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. Think of it like proving you have a solution to a puzzle without showing the solution. The prover convinces the verifier that they possess knowledge without divulging that knowledge.

For example, imagine a prover claiming to know the password to a specific door. They can demonstrate this by repeatedly opening and closing the door without revealing the actual password. The verifier observes that the door is opened and closed correctly, building confidence in the prover’s claim.

Zero-knowledge proofs are crucial in various applications where privacy is paramount, including:

• Anonymous authentication: Verifying identity without revealing personal information.
• Secure multi-party computation: Performing computations on private data without revealing the individual inputs.
• Blockchain privacy: Enhancing the privacy of transactions in blockchain systems.

A Merkle tree, also known as a hash tree, is a tree-like data structure used in cryptography to efficiently verify the integrity of a large dataset. Imagine you have a large collection of files; verifying each file individually would be time-consuming. A Merkle tree solves this by creating a hierarchical hash structure.

Each leaf node of the tree represents a hash of a data block (e.g., a file). Parent nodes are calculated by hashing the concatenation of their children’s hashes. This process continues recursively until a single root hash is generated at the top of the tree. This root hash acts as a digital fingerprint for the entire dataset.

To verify a specific data block, only the path from that leaf node to the root needs to be checked. This significantly reduces the computational burden compared to verifying every single data block. This is highly efficient and widely used in blockchain technology (like Bitcoin) to verify the integrity of transaction blocks, and in content delivery networks (CDNs) for efficient data verification.

Example: Let’s say we have four data blocks (A, B, C, D). We hash each block individually (hash(A), hash(B), hash(C), hash(D)). Then we hash pairs of these hashes: hash(hash(A), hash(B)) and hash(hash(C), hash(D)). Finally, we hash these two resulting hashes to get the root hash. If any block changes, its hash and all parent hashes will also change, making the integrity violation immediately apparent through comparison with the root hash.

Cryptographic attacks aim to compromise the confidentiality, integrity, or availability of data protected by cryptographic systems. They can be broadly categorized as:

• Ciphertext-only attacks: The attacker only has access to the ciphertext (encrypted data). This is the most challenging attack type.
• Known-plaintext attacks: The attacker has access to both the plaintext (original data) and the corresponding ciphertext. This gives them more information to work with.
• Chosen-plaintext attacks: The attacker can choose plaintexts and obtain their corresponding ciphertexts. This is more powerful than known-plaintext attacks.
• Chosen-ciphertext attacks: The attacker can choose ciphertexts and obtain their corresponding plaintexts (or partial information). This is the most powerful attack type, but also the hardest to achieve in practice.
• Side-channel attacks (discussed in the next question): These attacks exploit information leaked from the physical implementation of a cryptographic system, such as timing or power consumption.

These attacks can be further subdivided based on the specific cryptographic algorithm or protocol being targeted, such as brute-force attacks (trying all possible keys), or attacks exploiting specific weaknesses in the algorithm’s design.

Side-channel attacks are a sneaky way to break encryption by observing information *leaked* during the cryptographic operation, rather than directly attacking the algorithm itself. Think of it like eavesdropping on a conversation without directly listening to the words; you might gather clues from body language or background noise.

These attacks exploit unintended information leakage from the physical implementation of a cryptographic system. Examples include:

• Timing attacks: Measuring the time taken to perform cryptographic operations can reveal information about the secret key. For example, decryption might take longer for certain keys.
• Power analysis attacks: Analyzing the power consumption of a cryptographic device during operation can reveal information about the secret key. This is because different operations consume different amounts of power.
• Electromagnetic analysis attacks: Similar to power analysis, this attack measures electromagnetic emissions from the device.
• Fault injection attacks: Introducing faults into the cryptographic hardware or software can lead to errors that reveal information about the secret key.

The key takeaway is that side-channel attacks exploit the *implementation* of cryptography, not necessarily vulnerabilities in the algorithm’s design itself.

Protecting against timing attacks requires carefully designing and implementing cryptographic algorithms to ensure consistent execution time, regardless of the input data. The goal is to prevent attackers from deducing information based on timing variations. Here are some key strategies:

• Constant-time algorithms: Design algorithms where the execution time remains constant regardless of the input data. This eliminates timing differences that could leak information. This often involves careful programming techniques to avoid data-dependent branches and conditional statements.
• Blinding: Before performing cryptographic operations, the input is randomized (blinded). The result is then unblinded after the operation. This masks the input data and prevents timing attacks.
• Random delays: Introducing carefully designed random delays into the execution process to mask timing differences.
• Secure hardware implementation: Using hardware designed specifically to mitigate timing attacks, offering consistent execution time irrespective of input data.

It’s crucial to understand that completely eliminating timing variations is incredibly difficult, but minimizing them through these methods significantly reduces the attack surface.

A secure random number generator (RNG) is a crucial component in many cryptographic systems. It produces sequences of numbers that are statistically random and unpredictable, making them suitable for cryptographic applications such as key generation, initialization vectors, and nonces. The quality of randomness is paramount; a predictable RNG could severely compromise the security of the entire system.

Why is it crucial? If an attacker can predict the output of the RNG, they can potentially guess cryptographic keys or break other security protocols that rely on randomness. For example, if a system uses a weak RNG to generate encryption keys, an attacker might be able to predict those keys and decrypt the data.

There are various methods for generating secure random numbers, including using hardware-based RNGs (which are generally considered more secure), and software-based RNGs that utilize techniques like cryptographic hash functions and system entropy sources. Properly seeded and regularly tested RNGs are essential to building trust and security in any system employing cryptography.

Homomorphic encryption allows performing computations on encrypted data *without* decrypting it. This is a powerful concept with implications for privacy-preserving computation. Imagine being able to analyze data without ever seeing the underlying information – that’s the essence of homomorphic encryption.

For example, if you have two encrypted numbers, you could perform addition or multiplication on them without ever needing to access the decrypted values. The result will also be encrypted, and only the holder of the decryption key can see the final result. This is unlike standard encryption schemes, where decryption is required before any computation can be performed.

There are different types of homomorphic encryption, including:

• Fully Homomorphic Encryption (FHE): Allows performing arbitrary computations on encrypted data. This is the most powerful but also the most complex type.
• Somewhat Homomorphic Encryption (SHE): Allows performing a limited number of computations (e.g., only addition or only multiplication).
• Partially Homomorphic Encryption: Allows performing a specific type of computation (either addition or multiplication, not both).

Homomorphic encryption has applications in cloud computing, secure multi-party computation, and various other areas where preserving data privacy during computation is vital.

Digital signatures are used to verify the authenticity and integrity of digital data. They provide a way to prove that a message originated from a specific entity and hasn’t been tampered with. Different types of digital signatures exist, each with its strengths and weaknesses:

• RSA-PSS (Probabilistic Signature Scheme): This is a variant of the RSA signature scheme that uses a probabilistic approach to improve security against attacks targeting weaknesses in the original RSA signature scheme. It’s known for its strong security properties and is widely used.
• ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA is based on elliptic curve cryptography (ECC), offering similar security levels to RSA but with smaller key sizes. This makes ECDSA more efficient for resource-constrained devices while maintaining high security. It’s widely used in various applications, including Bitcoin.
• DSA (Digital Signature Algorithm): DSA is an older signature scheme that’s less commonly used than RSA-PSS and ECDSA. It relies on the discrete logarithm problem.

The choice of a digital signature algorithm often depends on the security requirements, computational resources available, and the specific application. Each algorithm has its own mathematical underpinnings and security considerations.

Using weak random number generators (RNGs) in cryptography has severe security implications because they compromise the unpredictability crucial for secure encryption and key generation. Cryptography relies heavily on randomness; if the numbers aren’t truly random, an attacker can potentially predict patterns and break the encryption.

Imagine a lock with a combination. A strong RNG is like choosing a truly random combination, making it extremely difficult to guess. A weak RNG is like choosing a combination based on easily guessable patterns, such as birthdays or consecutive numbers. An attacker could exploit these patterns to open the lock easily.

For example, if a weak RNG is used to generate cryptographic keys, an attacker might be able to predict the key, decrypting the secured data. This can lead to data breaches, identity theft, and financial losses. The impact can be particularly severe if these keys are used to protect sensitive information like financial transactions or personal health data.

Therefore, it’s paramount to use cryptographically secure pseudo-random number generators (CSPRNGs), which are designed to withstand advanced attacks. These generators are typically based on complex algorithms and often incorporate sources of entropy, like hardware randomness, to enhance unpredictability.

Confidentiality, integrity, and authentication are the three core principles of information security, and each addresses a different aspect of protecting data.

• Confidentiality ensures that only authorized parties can access sensitive information. Think of it like a secret code known only to the sender and the intended receiver. Encryption is a primary tool used to achieve confidentiality. For example, secure messaging apps encrypt your messages, preventing unauthorized access.
• Integrity guarantees that data remains unaltered during storage or transmission. It confirms the data hasn’t been tampered with or corrupted. Hashing algorithms and digital signatures are used to verify integrity. Imagine a sealed package; if it’s tampered with, you’ll notice. Similarly, hashing algorithms detect any data changes.
• Authentication verifies the identity of a user, device, or system. It proves that someone or something is who or what they claim to be. Passwords, digital certificates, and multi-factor authentication are common methods for authentication. Think of it like a passport; it verifies your identity.

These three principles work together to provide comprehensive security. For instance, a secure banking system needs confidentiality to protect account details, integrity to ensure transaction accuracy, and authentication to confirm the user’s identity before allowing access.

Key management is the cornerstone of secure cryptographic systems. It encompasses all aspects related to generating, storing, using, and destroying cryptographic keys – the secret codes that enable encryption and decryption. Poor key management is a major vulnerability that can compromise the entire security system, rendering cryptographic protection meaningless.

Effective key management includes:

• Key Generation: Keys must be generated using robust CSPRNGs, ensuring sufficient length and randomness.
• Key Storage: Keys need to be stored securely, often using hardware security modules (HSMs) to protect them from unauthorized access.
• Key Distribution: Secure methods are crucial for transferring keys between parties involved in communication. This often involves key exchange protocols.
• Key Usage: Defining clear protocols for when and how keys are used is vital to prevent misuse.
• Key Revocation: Mechanisms are needed to quickly invalidate compromised keys to prevent further breaches.
• Key Destruction: Secure methods to erase keys completely when no longer needed are essential.

Failure to follow proper key management practices can lead to situations where keys are stolen, guessed, or compromised, resulting in data breaches and security failures.

A Certificate Authority (CA) is a trusted third-party entity that issues digital certificates. Think of it as a notary public for the digital world. These certificates digitally bind a public key to an entity’s identity, verifying that the public key actually belongs to the claimed owner (individual, company, or website).

The CA’s role is critical because it ensures the authenticity of digital certificates. When you visit a website secured with HTTPS, your browser verifies the site’s certificate by checking its chain of trust back to a trusted root CA. If the verification succeeds, you know you’re communicating with the legitimate website, not an imposter.

Without CAs, establishing trust in the digital realm would be extremely difficult. Each party would need to individually verify the identity of every other party they interact with, a process that would be impractical and highly insecure.

Verifying a digital certificate involves checking its chain of trust, ultimately leading back to a trusted root CA. The process typically happens automatically in your web browser.

1. Certificate Inspection: The browser examines the certificate’s details, such as the issuer (the CA), the subject (the entity the certificate belongs to), the public key, and the validity period.
2. Chain of Trust Verification: The browser checks the certificate’s signature against the public key of the issuing CA. This process continues recursively up the chain of trust until it reaches a root CA certificate that’s pre-installed in the browser.
3. Root CA Validation: The browser verifies the root CA certificate’s validity. This typically involves checking the certificate’s revocation status (is it revoked?) and comparing its signature against the root certificate’s self-signed signature.
4. Validity Period Check: The browser verifies whether the certificate is currently valid, ensuring it hasn’t expired.

If all checks pass, the browser considers the certificate valid, establishing trust in the identity of the entity it represents. If any check fails, the browser will typically display a warning message, indicating a potential security risk.

Elliptic Curve Cryptography (ECC) is a public-key cryptographic system based on the mathematical properties of elliptic curves over finite fields. It’s an alternative to older methods like RSA, offering comparable security with smaller key sizes.

In essence, ECC uses points on an elliptic curve to perform cryptographic operations. These points are combined using an addition operation that’s mathematically defined on the curve. The private key is a randomly chosen integer, and the public key is a point on the curve calculated by multiplying the base point by the private key. This relationship is computationally hard to reverse, forming the basis for secure encryption and digital signatures.

ECC relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which is the problem of finding a private key given a public key and the base point. The difficulty of the ECDLP is significantly higher compared to the factorization problem used in RSA for a given key size.

ECC offers several advantages over RSA:

• Smaller Key Sizes: ECC provides the same level of security as RSA with significantly smaller key sizes. This leads to faster computations, reduced storage requirements, and improved bandwidth efficiency.
• Faster Computation: ECC operations are generally faster than RSA operations for comparable security levels. This is especially relevant in resource-constrained environments like mobile devices.
• Improved Efficiency: Smaller keys result in smaller digital signatures and certificates, reducing storage and transmission costs.

For example, a 256-bit ECC key offers comparable security to a 3072-bit RSA key. This translates into considerable improvements in performance and efficiency. ECC’s advantages have led to its widespread adoption in various applications, including secure communication protocols, mobile devices, and the Bitcoin blockchain.

Implementing cryptographic protocols presents a multitude of challenges, ranging from the complexities of the underlying mathematics to the practicalities of secure software engineering. One major hurdle is the correctness of the implementation. Even a minor flaw in code can render the entire system vulnerable. Another key challenge is efficiency. Cryptographic operations can be computationally intensive, and efficient implementations are crucial for performance, especially in resource-constrained environments. Furthermore, interoperability is a concern. Protocols need to work seamlessly across different systems and platforms, which requires careful standardization and testing.

For example, a subtle error in the implementation of an elliptic curve cryptographic algorithm could lead to weak key generation or vulnerabilities to side-channel attacks. Similarly, an inefficient implementation of a digital signature scheme could significantly slow down a transaction processing system. The challenge of interoperability is exemplified by the difficulty of integrating different implementations of TLS/SSL protocols, leading to compatibility issues.

Addressing these challenges requires a multi-faceted approach involving rigorous mathematical analysis, secure coding practices, extensive testing, and careful consideration of the system’s operational environment.

Ensuring the security of cryptographic implementations involves a layered approach combining robust design principles, secure coding practices, and rigorous testing and auditing. First, we start with a strong cryptographic foundation, selecting algorithms that are well-vetted and resistant to known attacks. This includes using well-established standards and avoiding custom algorithms unless absolutely necessary.

Next, we focus on secure coding practices. This entails avoiding common vulnerabilities like buffer overflows, memory leaks, and side-channel attacks. Techniques like code reviews, static and dynamic analysis, and fuzz testing are essential. We also employ defensive programming techniques such as input validation and output sanitization to protect against unexpected or malicious inputs. Furthermore, minimizing the attack surface by employing the principle of least privilege significantly enhances security.

Finally, rigorous testing and auditing are critical. This includes unit testing, integration testing, penetration testing, and independent security audits to validate the robustness of the implementation. Regular security updates and vulnerability patching are crucial for addressing newly discovered weaknesses. Imagine building a bank vault—strong materials (algorithms) are crucial, but flawless construction (secure coding) and regular inspections (auditing) are equally essential.

A cryptographic audit is a systematic and independent examination of a cryptographic system to assess its security and compliance with relevant standards and regulations. The process typically involves several key stages:

• Scope Definition: Clearly define the system’s boundaries, the cryptographic components to be audited, and the specific security objectives.
• Documentation Review: Analyze design specifications, source code, implementation details, and any other relevant documentation.
• Code Analysis: Examine the source code for vulnerabilities, weaknesses, or implementation errors. This may involve static analysis tools, manual code reviews, and dynamic analysis techniques.
• Testing: Perform various tests, including penetration testing, fuzz testing, and security assessments to identify potential vulnerabilities and weaknesses.
• Compliance Check: Verify adherence to relevant security standards, regulations, and best practices.
• Reporting: Generate a comprehensive report documenting findings, recommendations, and suggested remediation steps.

For example, an audit of a payment processing system might focus on the security of the encryption algorithms used to protect sensitive data, the integrity of digital signatures used to authenticate transactions, and the secure handling of cryptographic keys. The outcome of the audit provides assurance that the cryptographic system is secure and meets the required standards.

Cryptographic vulnerabilities can manifest in various forms, often stemming from weaknesses in the algorithms themselves, implementation flaws, or insecure key management. Some common types include:

• Algorithm weaknesses: Exploiting inherent flaws in the underlying cryptographic algorithms. For example, the discovery of vulnerabilities in older encryption algorithms like DES.
• Implementation errors: Bugs or vulnerabilities in the code implementing the algorithms. A classic example is the Heartbleed bug, which allowed attackers to extract sensitive data from servers.
• Side-channel attacks: Exploiting information leaked during cryptographic operations, such as timing variations or power consumption patterns. Timing attacks are a prime example.
• Key management vulnerabilities: Weaknesses in the processes for generating, storing, and managing cryptographic keys. This might involve using weak keys or insecure key storage.
• Padding oracle attacks: Exploiting the way that data is padded before encryption. These attacks can reveal sensitive information.

These vulnerabilities can lead to a range of consequences, from unauthorized access to data to complete system compromise. Understanding the nature of these vulnerabilities is crucial for developing secure cryptographic systems.

Mitigating the risk of man-in-the-middle (MITM) attacks requires employing techniques that ensure the authenticity and integrity of communications. The most effective strategy is to use digital certificates and public key cryptography to establish secure connections. Protocols like Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), leverage these techniques to authenticate servers and encrypt communications.

Digital signatures can also play a crucial role in verifying the authenticity of messages and preventing tampering. These signatures provide assurance that the message originated from a trusted source and hasn’t been modified in transit. Furthermore, using strong authentication mechanisms, such as multi-factor authentication, can make it significantly more difficult for an attacker to impersonate a legitimate user.

In essence, you need to build a secure tunnel for your data. By using encryption and strong authentication, you ensure that only the intended parties can read and modify communications. This protects against an eavesdropping attacker who could potentially manipulate data or impersonate legitimate users.

Perfect forward secrecy (PFS) is a property of key agreement protocols that ensures that the compromise of long-term keys does not compromise past session keys. In simpler terms, even if an attacker gains access to the server’s private key at a later date, they cannot decrypt past communications that were protected by ephemeral session keys. This is because each session uses a unique, short-lived key generated for that session only.

Think of it like a series of disposable lighters. Each time you need a light, you use a fresh lighter. Even if someone steals your entire box of lighters (the long-term key), they cannot know how you lit the previous cigarettes (past communications). PFS enhances security by minimizing the damage from a potential key compromise. Algorithms like Diffie-Hellman key exchange, when implemented correctly, provide PFS.

Protocols like TLS can be configured to support PFS, significantly enhancing the security of online communications.

Cryptography plays a foundational role in blockchain technology, providing the security and integrity that are essential for its functionality. The core components that rely on cryptography are:

• Hashing algorithms: Secure hash functions like SHA-256 are used to create cryptographic hashes of transactions and blocks, ensuring data integrity and preventing tampering. If even a single bit changes in a transaction, its hash will be completely different.
• Digital signatures: Used to verify the authenticity of transactions. Users sign transactions with their private keys, and anyone can verify the signature using the corresponding public key, guaranteeing the transaction’s origin and preventing forgery.
• Public-key cryptography: Underpins the creation and management of cryptocurrency wallets and keys. It allows users to send and receive funds securely without revealing their private keys.
• Consensus mechanisms: Cryptography contributes to consensus mechanisms (like Proof-of-Work or Proof-of-Stake) used to validate transactions and maintain the integrity of the blockchain. The security of these mechanisms relies heavily on the computational difficulty of cryptographic challenges.

In essence, cryptography secures the very foundation of blockchain, guaranteeing the integrity, immutability, and security of transactions and the overall blockchain network.