Meet Horst Feistel, one of the midwives of the blockchain.
Horst Feistel - Wikipedia
"Feistel was born in Berlin, Germany in 1915, and moved to the United States in 1934. During World War II, he was placed under house arrest, but nevertheless gained U.S. citizenship on 31 January 1944. The following day he was granted a security clearance and began work for the U.S. Air Force Cambridge Research Center (AFCRC) on Identification Friend or Foe (IFF) devices until the 1950s. He was subsequently employed at MIT's Lincoln Laboratory, then the MITRE corporation. Finally, he moved to IBM, where he received an award for his cryptographic work. His research at IBM led to the development of the Lucifer and Data Encryption Standard (DES) ciphers. Feistel was one of the earliest non-government researchers to study the design and theory of block ciphers.
Feistel lent his name to the Feistel network construction, a common method for constructing block ciphers (for example DES).
Feistel obtained a bachelor's degree at MIT, and his master's at Harvard, both in physics. He married Leona (Gage) in 1945, with whom he had a daughter, Peggy."
Feistel cipher - Simple English Wikipedia, the free encyclopedia
"In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. A large set of block ciphers use the scheme, including the Data Encryption Standard.
The Feistel structure has the advantage that encryption and decryption operations are very similar, even identical in some cases, requiring only a reversal of the key schedule. Therefore the size of the code or circuitry required to implement such a cipher is nearly halved.
Feistel construction is iterative in nature which makes implementing the cryptosystem in hardware easier.
Feistel networks and similar constructions are product ciphers, and so combine multiple rounds of repeated operations, such as:
Bit-shuffling (often called permutation boxes or P-boxes)
Simple non-linear functions (often called substitution boxes or S-boxes)
Linear mixing (in the sense of modular algebra) using XOR
to produce a function with large amounts of what Claude Shannon described as "confusion and diffusion".
Bit shuffling creates the diffusion effect, while substitution is used for confusion."
Feistel cipher - Wikipedia
"Feistel networks were first seen commercially in IBM's Lucifer cipher, designed by Horst Feistel and Don Coppersmith in 1973. Feistel networks gained respectability when the U.S. Federal Government adopted the DES (a cipher based on Lucifer, with changes made by the NSA). Like other components of the DES, the iterative nature of the Feistel construction makes implementing the cryptosystem in hardware easier (particularly on the hardware available at the time of DES's design)."
"Block ciphers are symmetric ciphers operating block-wise, i.e., on bit strings of a fixed length. In the following we will see two examples of widely used block ciphers, namely the somehow outdated DES and its successor AES. In the sequel we will learn how such ciphers can be used to securely encrypt a larger amount of data, and we will briefy discuss some attacks on block ciphers. First, however, we will introduce the concept of Feistel networks, which constitutes an important design principle underlying many block ciphers.
3.1 Feistel Networks
Feistel networks are a specific construction for designing symmetric encryption schemes. They were described first by Horst Feistel during his work on the cipher Lucifer at IBM. Lucifer was the predecessor of the Data Encryption Standard (DES), and both are built upon the same design. Other ciphers using Feistel networks include IDEA, RC5, and Skipjack."
"Feistel networks are appealing because of their simple design, and have the additional nice property that the same hardware circuit can be used for both encryption and decryption. This was particularly important in the 60's and 70's when the first block ciphers were designed, and when hardware was still much more expensive."
"3.2 The Data Encryption Standard (DES)
For a long time DES was one of the most widely applied block ciphers. It was designed by IBM in collaboration with the NSA and published as a standard in FIPS PUB 46-3. There were rumors about weaknesses the NSA had built into it, but until now no evidence was found for this. The main point of criticism against DES was its limited key length, which is nowadays the reason why pure DES is no longer used. In fact, the first DES break, in the sense of a total break given a certain number of plaintext/ciphertext pairs, was reported in 1997 by the DESCHALL project and took about three months. In 1998 the Electronic Frontier Foundation (EFF) built a specialized hardware device resulting in a break in roughly three days. Later they where cooperating with distributed.net breaking a DES challenge in 22 hours. The world record for breaking a DES encryption is currently 10 hours, and this is likely to decrease in the future. A variant called Triple-DES(3DES), which we will discuss later in this chapter, is still deployed and seems to provide good security."
"3.2.3 The Security of DES
DES withstood attacks quite successfully apart from some attacks based on linear and differential crypt-analysis which we shall discuss later. However, the major weakness of DES is its limited key length of 56bits which is nowadays not enough to provide a reasonable level of security. For this reason, several improvements on the plain DES have been proposed. We will discuss some of them in the following.
3.3 The Advanced Encryption Standard (AES)
The advanced encryption standard (AES) is the successor of the outdated DES standard. It was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and standardized as US FIPS PUB 197 in November 2001. It works on blocks of 128 bits, supports key lengths of 128, 192, and 256 bits and operates in 10, 12 and 14 rounds, respectively. AES is motivated by algebraic operations, and its implementation in hardware and software is compact and fast."
"3.3.3 Security of AES
AES can, to a certain extent, be attacked with linear and differential crypt-analysis. However, these attacks can only reduce the effective key length of AES with128-bit key by a few bits, i.e., AES currently yields a very comfortable degree of security. It is worth noting that AES with 256-bit keys is even used for protecting "top secret" documents of the NSA (this is the highest NSA secrecy level). It is the first time in history that a publicly known algorithm is used for these highly classified documents."
"Exhaustive Key Search in Practice: The DES Challenge was put forward by RSA Security to encourage research on the security of DES. A reward of 10000$ was offered for solving the challenge, i.e., for computing the key that was used to encrypt a specific plaintext/ciphertext pair of the form. The unknown message is: _____. In 1997 the DESCHALL project needed about three months to break the DES challenge with a distributed search. In 1998 The Electronic Frontier Foundation (EFF) built the specialized hardware device Deep Crack that was able to break DES keys in roughly three days, at rather moderate costs of about 250:000$. While this is certainly too expensive for individuals, this amount is reasonable for large organizations or governments. Later the EFF and distributed.net together broke the challenge in 22 hours."
"Horst Feistelís Work at IBM
1. He wrote programs in APL 14
(A Programming Language).
2. IBM files several patents based on his cryptographic ideas.
a. Block Cipher Cryptographic System, US#3798359A [filed June 30, 1971];
b. Key Controlled Block-Cipher Cryptographic System Employing a Multidirectional Shift Matrix US# 4195200A [filed June 30, 1976];
c. Stream/Block Cipher Cryptographic System, US#4316055A [filed December 30, 1976]
3. Horst originally chooses DEMONSTRATION as name of his block cipher APL program
- Early versions of APL limit the character length of the names of APL programs
- DEMON became its truncated name; Horst realized that LUCIFER was a sexier choice. "
"IBM Enters the Crypto Business (1966)
IBM 2984 (Cash Issuing Terminal)
- Lloyds Bank Cashpoint System
- ATM is operational in Essex, England (1972).
IBM Program Product management at IBM SCD in Kingston
Kingston proposes Hill polyalphabetic substitution to provide the
relationship between PIN and PAN in ATM transaction.
+ Potentially large key space size;
- Linear encryption is susceptible to a (partial) known plaintext attack.
Walter Tuchman, the IBM project manager realizes weakness of Hill
- DSD-1 successor to modified LUCIFER used in the IBM 2984 15.
- DSD-1 becomes DES 16 (FIPS 46-1; 11/1976) "
"What Horst Feistel Did Achieve?
1. He invented the first of several strong 20th century cipher algorithms.
2. DES (a commercial version of LUCIFER) approved as a Federal Information Processing Standard (FIPS) in 1976. Reluctantly reaffirmed as a standard several times; in 1993 affirmation included the statement
At the next review (1998), the algorithm specified in this standard will be over twenty years old. NIST will consider alternatives, which offer a higher level of security. One of these alternatives may be propose d new standard at the 1998 review.
3. Rijndael the successor to DES announced as the winning algorithm in 2000; augmented and designated as the Advanced Encryption Standard (AES) (2001).
4. Cryptographic Encryption prior to DES - electro-mechanical machines 25
- Electro-mechanical machines imply some algebraic structure in the encipherment.
- Starting point in their cryptanalysis; Enigma machine [x? y? x].
- Weak session key protocol of the Enigma.
5. New 1971+ crypto algorithms differed from the 19th and 20th century cipher machines. LUCIFER, DES and AES were only the first of a class of Shannon-inspired (diffusion, confusion, mixing) encipherment systems.
6. The two major missions of NSA are Information Assurance (IA) and Signals Intelligence (SIGINT); IA protects our country's communications, SIGINT (aka COMSEC) is described on a NSA website --- `` Ö collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and ...? Edgar Allan Poeís story The Gold Bug Poe contains the oft-quoted statement
"Yet it may be roundly asserted that human ingenuity cannot concoct a cipher that human ingenuity cannot solve"
Horstís Achievement: Poeís statement may not remain accurate today; it may be too (time) costly for NSA to decipher messages encrypted with DES, DES3, AES or subsequent commercial or intelligence agency successors of these algorithms.
7. NSA is forced to make use of trapdoor (or backdoor)26 attacks in place of cryptanalysis to fulfill its SIGINT mission
- Entry by FBI and U.S. Naval Intelligence (OP-20-GY) into the Japanese consulate in Manhattan in 1941 to photograph codebooks.
- The 1958 agreement between the eminent and retired cryptographer William Friedman and Boris Hagelin, the CEO of the Swiss firm Crypto AG. It permitted NSA to secretly include NSA supplied backdoors in cryptographic equipment. Crypto AG sold this doctored equipment to some of their clients, various governments unfriendly to the U.S. through 1992.
8. Horst provided the impetus setting into motion the investigations and technology that led inexorably to todayís E-Commerce!
26 In a legitimate theatre, a trapdoor is a sliding or hinged door, flush with the surface of a floor, roof, or ceiling, or in the stage of a theatre. The door is used to make people appear or disappear in a puff of smoke, which hides the closing or opening of the door. In cryptography, it is an alteration of the enciphering program, which allows the trapdoor inserterís agents to read messages without the senderís knowledge.
CENTRALIZED VERIFICATION SYSTEM
United States Patent 3798605
International Business Machines Corporation (Armonk, NY)
This specification describes a multi-terminal data processing system having means and process for verifying the identity of subscribers to the system. Validity of a terminal request for communication with the data processing system are determined on the basis of a centralized verification system. Each subscriber to the system is identified by a unique key binary symbol pattern. The central data processing unit contains a listing of all valid keys for subscribers to the system. Two embodiments of the centralized verification system are presented, a password system and a handshaking system. In the password system, all data or information originating at the terminal under use of the subscriber is enciphered in combination with the unique subscriber key. Upon proper deciphering of the key or password at the central processing unit and arriving at a match with one of the keys in the processor's listing, the subscriber may communicate with the processing system. In the handshaking system embodiment, the user and the central processor exchange a plurality of messages each formed by a combination of new and prior received data. Received data messages are also maintained within the registers at both the terminal and the central processor for further verification upon the return of the portion of the message that was previously transmitted.
"BACKGROUND OF THE INVENTION
With the growing use of remote-access computers managing "data banks" to receive, store, process and furnish information of a confidential nature, the question of security has come to be of increasing concern. Data security has come to be one of the major concerns of the business community, especially in view of the fact that there is an increasing reliance on the automated data processing of all business information, both within and without the physical plant itself. Thus, large computing centers have available within their files various types of sensitive information ranging from business strategies to technological trade secrets and other useful data which should be maintained private for the exception of a restricted number of subscribers. "
"Due to the unsuccessful attempts in the prior art to obtain complete security within a data processing environment by automatic means, resort has been made to physical security systems which limit the physical presence of individuals at various points within the data processing network by identifying some physical characteristic of the person such as fingerprints or facial appearance. This type of approach may in some instances prove to be successful but have associated therewith a high cost factor."
"OBJECTS OF THE INVENTION
Therefore, it is the object of this invention to provide a data processing security system that will prohibit unauthorized access to data stored within a data processing network.
It is a further object of the present invention to provide a centralized verification system to prohibit unauthorized access to a data processing system in an economical manner without really restricting processing time.
It is a further object of the present invention to prevent unauthorized access and maintain privacy of confidential information within a data processing system by a process that identifies all authorized subscribers, each in possession of a unique combination of key symbols, which key controls ciphering and deciphering operations of cryptographic devices within the data processing system.
It is another object of the present invention to provide a system for cryptographically enciphering a unique subscriber identifier code in combination with a continuously changing password, the resulting cipher being capable of identification by a central processing device.
It is another object of the present invention to provide a centralized verification system which maintains privacy between a terminal device and a central processing unit by encrypting all communications so as to form a block cipher of a unique password formed partially from the previous received transmission at both the terminal and the central processing unit.
In accordance with this invention, a centralized verification system is provided which prevents unauthorized users from depositing, withdrawing or altering data stored within a terminal-oriented computer system.
In a first embodiment, a password method is utilized to identify subscribers of the system and make available to them all information to which they are authorized to have access. Every subscriber or user of the computer system has in his possession a unique key combination of binary symbols known only to himself and the computer's system to control the ciphering of all transmissions from the terminal by means of a block cipher cryptographic device. Initially, a block of binary digits consisting of a combination of data and a continuouly changing password is enciphered as a block by means of a cryptographic device. The resulting block cipher output of the cryptographic device is then transmitted across a channel to the central processing unit which receives the block cipher. Upon receipt of the ciphertext, an identical deciphering device, as units at the terminal, and operates under the control on the inverse of the subscriber binary key, deciphers the ciphertext into a clear message. If the communication is uncorrupted, then the transmitted data and password are retrieved. The receiving central processor performs a match of the continuously changing password to determine whether the subscriber is in fact authorized to continue communication with the data processing system.
In a second embodiment, a handshaking approach to communications between the terminal and the central processor is utilized to maintain privacy. In this system, as with the password system, the user or subscriber must first identify himself at the terminal to the central processing unit by name or some other non-enciphered representation. Upon receipt of this identifier, the central pprocessor selects the appropriate block key which will control the cryptographic device of the central processor which deciphers all subsequent received messages. Following the initial identification sequence, the subscriber enters a message at the terminal which is enciphered in accordance with his unique subscriber key KA. At the receiving central processing station, a portion of the received message is stored until verification is complete, and the remaining second portion of the message is utilized in combination with other data obtained from the central processor to form a reply which is enciphered by the central processor with the same user key KA. This reply message is then transmitted to the terminal.
Upon receiving the reply message, the terminal deciphers the reply which results in recovery of a selected portion of the received ciphertext which if properly deciphered corresponds with a portion of the first data transmission from the terminal to the central processor. If a comparison is successful at the terminal, a second transmission is sent from the terminal to the central processor again utilizing a portion of the received message as a part of this transmission. In a similar manner to operations at the terminal, the central processor also deciphers the received ciphertext and makes a comparison of a portion of the deciphered message with prior transmitted data that is retrieved by the terminal. Upon successful comparisons, both the central processor and the terminal user each determines that the other is in fact a valid communicator and authorized to receive further communications. "
BLOCK CIPHER CRYPTOGRAPHIC SYSTEM
United States Patent 3798359
International Business Machines Corporation (Armonk, NY)
A cryptographic system for encrypting a block of binary data under the control of a key consisting of a set of binary symbols. The cryptographic system is utilized within a data processing environment to ensure complete privacy of data and information that is stored or processed within a computing system. All authorized subscribers who are permitted access to data within the network are assigned a unique key consisting of a combination of binary symbols. The central processing unit within the computing network contains a complete listing of all distributed authorized subscriber keys. All communications transmitted from terminal input are encrypted into a block cipher by use of the cryptographic system operating under the control of the subscriber key which is inputed to the terminal device. At the receiving station or central processing unit, an identical subscriber key which is obtained from internal tables stored within the computing system is used to decipher all received ciphered communications. The cryptographic system develops a product cipher which is a combination of linear and nonlinear transformations of the clear message, the transformation being a function of the binary values that appear in the subscriber key. In addition to the transformation, the key controls various register substitutions and modulo-2 additions of partially ciphered data within the cryptographic system.
"BACKGROUND OF THE INVENTION
With the growing use of remote-access computer networks which provide a large number of subscribers access to "Data Banks" for receiving, storing, processing and furnishing information of a confidential nature, the question of data security has come to be of increasing concern. Generally, present day computing centers have elaborate procedures for maintaining physical security at the location where the central processor and data storage facilities are located. For example, some procedures which are used are restricting of personnel within the computing center, utilization of mechanical keys for activating computer systems and associated terminal devices, and other techniques of this type. These security procedures while providing a measure of safety in keeping out unauthorized individuals from the computing center itself, are not effective with respect to large remote access computer networks which have many terminals located at far distant sites or systems which have a capability of accepting terminal inputs via telecommunication lines. "
"One well known technique for generating ciphers from clear text messages, is the use of substitution systems. Technically, in such a system, letters or symbols of the clear text are substituted by some other symbol in accordance with a predetermined "Key". The resulting substituted message, comprises a cipher which is secret and hopefully cannot be understood without knowledge of the appropriate key. A particular advantage of substitution in accordance with a prescribed key is that the deciphering operation is easily implemented by a reverse application of the key."
"Shannon, in his paper, presents further developments in the art of cryptography by introducing the product cipher. That is, the successive application of two or more distinctly different kinds of message symbol transformations. One example of a product cipher consists of a symbol substitution (nonlinear transformation) followed by a symbol transposition (linear transformation)."
"OBJECTS OF THE INVENTION
Therefore, it is an object of this invention to provide a cryptographic system capable of maintaining secrecy within a data processing environment.
It is another object of the present invention to provide a cryptographic system which enciphers binary data blocks into a cipher test that is not susceptible to successful cryptanalysis.
It is another object of the present invention to provide a cryptographic system that operates on block data by developing a product cipher which is dependent on a plurality of unique symbol keys, each key known only to assigned authorized users and to the system.
It is another object of the present invention to encipher a clear text message by means of a product cipher consisting of a combination of linear and nonlinear transformations that are functions of a subscriber symbol key combination.
It is another object of the present invention to provide a secrecy system to maintain privacy between a plurality of terminal users and a central processor with its associated data banks. "
"The size of the data block D is a function of the specific hardware implementation of the concepts herein disclosed and the principles of the invention are not limited to any particular block size."
" It should be recognized by those skilled in the art, that this message block size is arbitrary and other message block sizes would serve the purposes of the invention as well. Generally, it is more desirable to increase the message block size in order to increase the throughput of the cryptographic system and also to generate a more complex cipher text. "
On Government involvement...
Block-cipher cryptographic system with chaining
United States Patent 4078152
Tuckerman III, Louis Bryant (Briarcliff Manor, NY)
International Business Machines Corporation (Armonk, NY)
A Block-Cipher Cryptographic System utilizing a unique user supplied key to control the cryptographic function and including means for modifying an input data block prior to performing a key-controlled transformation operation thereon. Said means includes means for extracting a segment of data utilized in a prior cryptographic transformation of the system and combining said segment with the input data block. The means for combining comprises a transformation which is a discrete valued function which in the preferred embodiment is an exclusive-or. In the preferred embodiment of the invention a block of ciphertext data is combined with the just succeeding input data block by an exclusive-or operation prior to the key-controlled transformation operation which produces said ciphertext blocks.
A means for detecting and cryptographically transforming short blocks of data is also disclosed wherein an input short data block is combined in a mathematically invertible operation with a block of data which is passed through said key-controlled block cipher cryptographic subsystem prior to said combination. The so transformed short block is then output as a short block in cryptographically modified form.
"In an effort to effect a standard for government use which will aid government agencies in carrying out new privacy legislation, the National Bureau of Standards has recently proposed a Federal Information Processing Standards entitled, "Encryption Algorithm for Computer Data Protection". The proposed standard together with a complete technical description is contained in the Federal Register, Volume 40, No. 52, Monday, Mar. 17, 1975, on pages 12134 through 12139. The key-controlled block-ciper cryptographic system described in the NBS standard proposal is an algorithmic description of the specific hardware disclosed in the previously referenced co-pending U.S. application Ser. No. 552,685. "
"SUMMARY AND OBJECTS OF THE INVENTION
It has now been found that the repetitive nature of the output of such key-controlled block-cipher cryptographic systems may be removed by chaining each new data block to be transformed in the cryptographic system with a segment of data representative of some element or elements of past history of the data flow in the system, wherein such new input data block is combined with said past history data in a mathematically invertible transformation prior to the encryption operation. It has further been found that by combining each new input data block with a prior ciphertext block, very limited error propagation will occur.
Additionally, short blocks may be processed by combining said short block with a key-controlled transformation of a data block obtained externally of said short block.
It is accordingly a primary object of the present invention to provide a key-controlled block-cipher cryptographic system wherein identical input data blocks will produce different cryptographically transformed output data blocks.
It is a further object of the present invention to provide such a system which produces such variation by chaining.
It is yet another object of the invention to provide such a cryptographic system wherein each new input data block to be cryptographically transformed is combined by a block of data which existed during a previous transformation operation.
It is still a further object of the invention to provide such a cryptographic system wherein each new data block is combined in a mathematically invertible transformation with the just prior cryptographically transformed data block.
It is yet another object of the invention to provide such a cryptographic system for cryptographically transforming short input data blocks as a key-controlled function of said cryptographic transformation and of a block of data which existed during a previous transformation operation, and outputting only the short encrypted data block. "
On trust ...
United States Patent Application 20170338957
A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held by a trusted party. The blockchains may include a series of blocks secured by a chameleon hash that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret. Rewrite circuitry of the system may determine randomness data from the chameleon hash and altered data from a rewrite. The randomness data may be written to the randomness field of a block overwritten with the altered data such that the block remains coding-consistent with the chameleon hash and other blocks in the blockchain.
Ateniese, Giuseppe (Hoboken, NJ, US)
Chiaramonte, Michael T. (New York, NY, US)
Treat, David (Wilmington, MA, US)
Magri, Bernardo (Rome, IT)
Venturi, Daniele (Rome, IT)
A blockchain may include a series of data blocks, the blocks including a code, such as a cryptographic hash or checksum, which may be coding-consistent with the content of previous blocks in the series. In some cases, determining multiple different sets of blocks that produce the same integrity code may be insoluble, prohibitively computationally complex, or otherwise effort intensive enough to frustrate attempts to tamper with the contents of the blockchain while maintaining the self-consistence of the integrity codes. However, in some implementations a trusted party may have access to a key secret, or portion of a key secret, such that the party, acting alone or with those in possession of the other portions of the key secret, may edit the blockchain contents without leaving indication of tampering."
"When a rewrite to one or more data blocks in a blockchain does not introduce coding-inconsistency among the integrity outputs and data block contents of the blocks in the blockchain, the rewrite may be characterized as preserving the validity of the blockchain."
"When a change is made to a block and no coding-inconsistency with the previously stored integrity outputs of the integrity code can be detected afterward, that change may be non-tamper-evident. In some cases, a non-tamper-evident rewrite may be implemented by substituting a first block with a second block with different data content that produces the same (or an equivalent) integrity output."
"Accordingly, a trusted party, for example a neutral third party, a governing party, or a group of individually untrusted parties, may rewrite, remove, or supplement data included in the blocks in a non-tamper-evident fashion. The systems and techniques described below implement technical solutions for rewriting blocks in the blockchain to allow trusted parties to redact information from the blockchain, without causing the blockchain to fail for its intended purpose. For example, the parties may use a modified blockchain as if it was the earlier, and unmodified, blockchain."
"In addition, the ability of a trusted party to rewrite a blockchain may improve tamper-resistance by providing an established rewrite solution. Accordingly, rather than having to jettison a blockchain due to inappropriate content, a trusted party may rewrite the existing blockchain. Accordingly, blockchain rewrite dramatically improves system efficiency, compared to recreating a new blockchain. Blockchain rewrite may also reduce the probability of a malicious party using a defunct blockchain, which may have been discarded due to inappropriate content, to spoof a system by notifying the system that it did not receive a prior notification of the blockchain discard. Accordingly, the rewritable blockchain may have the technical effect of improved data security and tamper-resistance. In other words, the techniques and architectures discussed herein comprise concrete, real-world applications of and improvements to existing technologies in the marketplace."
"Further, the techniques and architectures, including those for rewritable blockchains, distributed key secrets, dual-link blockchains, loops, and other techniques and architectures discussed require one to proceed contrary to accepted wisdom. In particular, conventional approaches to blockchain distributed databases require immutability of the blockchain as a foundational feature. Expressed another way, immutability has been repeatedly explained in prior work as an essential feature in establishing the technological value of a blockchain. Immutability in blockchains has been incorrectly viewed and dictated as the required way to ensure that parties using a blockchain trust the validity of the data contained in the blockchain. Accordingly, the techniques architectures described here that add rewritability to a blockchain proceed contrary to accepted wisdom. The present techniques and architectures proceed contrary to accepted wisdom by introducing rewritability, while still maintaining high security, and therefore the high technological value of the blockchain. As such, despite the significant departures of the present techniques and architectures from prior teachings, the present techniques and architectures provide high levels of trust in the blockchain despite its mutability."