How to Create a Private Ethereum Blockchain from Ground-up?

Ethereum is a decentralized platform that runs smart contracts, applications that run exactly as programmed without possibility of downtime, censorship, fraud or third party interference. In this blog post I will take you through all the steps required in setting up a fully functioning private ethereum blockchain, inside your local network — which includes:

  • Setting up a private blockchain with ethereum using geth.
  • Setting up the MetaMask ethereum wallet to work with the private blockchain.
  • Transfer funds between multiple accounts.
  • Create, deploy and invoke a smart contract on the private blockchain using remix.
  • Setting up ethereum block explorer over the private blockchain.


Everything You Wanted To Know About Blockchains but were too afraid to ask

Ah, blockchains.

Kind of a big deal. You’d have to be a total square not to have heard about them. Me? I’ve got eight.

Often over-complicated, over-mysticised, over-singularised (I don’t even know what the right word for it is, but people say The Blockchain a lot). What are they? Join me for a rough tour from the ground up and I’ll try to make sure you leave here knowing the answer to one question:

What are people talking about when they talk about blockchains?

There’s a lot to cover, so it’s actually going to come in two parts. This, the first, will look at the data structures known as blockchains and their properties, along with any other bits and pieces you need to make sense of them.

The second part will apply what you’ve learnt to the practical and widespread applications of blockchains to power distributed ledgers, cryptocurrencies such as Bitcoin and Litecoin and smart-contract based chains like Etherium.

A Guide to Crypto Currencies

This guide is meant to serve as both an easy-to-understand introduction to the world of cryptocurrencies as well as an insightful view into the different projects competing for your investments and market dominance and a look at the underlying technology, history and trends.

For many years Bitcoin would occasionally appear in the media after it spiked in price. I didn’t think there was anything inherently useful about it. I thought it was a novelty, a ponzi scheme, hysteria. It was only after the most recent price spike in another cryptocurrency, Ethereum, that the crazy returns finally tempted me. What started out as a skeptical look into a get-rich-quick scheme led me down a rabbit hole and my mind was promptly blown at the potential of the technology. The hype surrounding it is nothing short of mania, but it’s not without merit. Cryptocurrencies will almost certainly revolutionize everything from insurance, logistics and the stock market to ownership and even create entire economies which don’t currently exist. You may feel skeptical when hearing something so optimistic but when banks, governments and research institutions start to take notice and want to work with these projects maybe it’s time we paid some attention.

Many of you reading may be likening the current craze with the dotcom bubble and I’m afraid I absolutely agree with you. The speculation surrounding cryptocurrencies and the ease of which the average person can invest has created an environment where an idea can raise hundreds of millions of dollars without even a proof of concept. This is part of the reason this guide was written, to steer you clear of these massively overvalued “” equivalents and towards the future Amazons and Googles.

New AWS Encryption SDK for Python Simplifies Multiple Master Key Encryption

The AWS Cryptography team is happy to announce a Python implementation of the AWS Encryption SDK. This new SDK helps manage data keys for you, and it simplifies the process of encrypting data under multiple master keys. As a result, this new SDK allows you to focus on the code that drives your business forward. It also provides a framework you can easily extend to ensure that you have a cryptographic library that is configured to match and enforce your standards. The SDK also includes ready-to-use examples. If you are a Java developer, you can refer to this blog post to see specific Java examples for the SDK.

In this blog post, I show you how you can use the AWS Encryption SDK to simplify the process of encrypting data and how to protect your encryption keys in ways that help improve application availability by not tying you to a single region or key management solution.

How does the AWS Encryption SDK help me?

Developers using encryption often face three problems:

  1. How do I correctly generate and use a data key to encrypt data?
  2. How do I protect the data key after it has been used?
  3. How do I store the data key and ciphertext in a portable manner?

The library provided in the AWS Encryption SDK addresses the first problem by implementing the low-level envelope encryption details transparently using the cryptographic provider available in your development environment. The library helps address the second problem by providing intuitive interfaces to let you choose how you want to generate data keys and the master keys or key-encrypting keys that will protect data keys. Developers can then focus on the core of the application they are building instead of on the complexities of encryption. The ciphertext addresses the third problem, as described later in this post.

The AWS Encryption SDK defines a carefully designed and reviewed ciphertext data format that supports multiple secure algorithm combinations (with room for future expansion) and has no limits on the types or algorithms of the master keys. The ciphertext output of clients (created with the SDK) is a single binary blob that contains your encrypted message and one or more copies of the data key, as encrypted by each master key referenced in the encryption request. This single ciphertext data format for envelope-encrypted data makes it easier to ensure the data key has the same durability and availability properties as the encrypted message itself.

The AWS Encryption SDK provides production-ready reference implementations in Java and Python with direct support for key providers such as AWS Key Management Service (KMS). The Java implementation also supports the Java Cryptography Architecture (JCA/JCE) natively, which includes support for AWS CloudHSM and other PKCS #11 devices. The standard ciphertext data format the AWS Encryption SDK defines means that you can use combinations of the Java and Python clients for encryption and decryption as long as they each have access to the key provider that manages the correct master key used to encrypt the data key.

Let’s look at how you can use the AWS Encryption SDK to simplify the process of encrypting data and how to protect your data keys in ways that help improve application availability by not tying you to a single region or key management solution.

Announcing the first SHA1 collision

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.

Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure.

We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256.