III. Transfer Ownership
Without a central authority to verify an account owner’s consent, consent must be proven.
The blockchain network balances openness and security. To securely manage assets blockchain systems must be designed to allow only an account’s true owner to withdraw resources. Without a central authority to verify an account owner’s consent, consent must be proven.
Introduction to Cryptography
Cryptography is a discipline that allows us to recreate security — objects like keys, locks, and doors — with mathematics. Pairing cryptographic methods with computation is a powerful tool for enabling security at scale. Blockchain systems use cryptography to protect property and identify account owners.
Cryptography builds boxes around information to restrict its access. Putting information in a secure box is called “encryption.” Encrypted information is called Cypher Text. Cypher Text looks like non-sense unless it is decrypted, or unlocked. Decrypting Cypher Text requires the appropriate “key,” which turns the Cypher Text back into its original form.
The Cryptographic Process:
1. Start with information that you want to protect.
2. Encrypt the information with a Cryptographic Key, turning it into Cypher Text.
3. Preserve this Cypher Text for safe keeping or send it to someone for them to Decrypt.
4. Use the Decryption key to open the Cypher Text and retrieve the original information.
Cryptography is a complex field with a simple process. A basic understanding of cryptography allows for amazing functionality.
Cryptography’s fairly direct process can be applied differently. Imagine a bunch of mathematicians throwing around core components — Encryption Key, Cypher Text, Decryption Key — like they were alchemists. These basic cryptographic components can be rearranged, duplicated, and manipulated to create different cryptographic processes. The goal of cryptography is always to protect and reveal information regardless of how cryptographic components are arranged.
Blockchain systems use cryptography to protect asset ownership. We protect access to accounts with cryptography and use cryptography to create “digital signatures.” Let’s compare and contrast two cryptographic processes.
In Symmetric Cryptography we have a single box and a single key. We encrypt information with the same key used to decrypt it. Notice a problem here? It’s a familiar one: centralization.
Symmetric Cryptography relies on a single key. If a thief manages to steal this key the thief can access and replace the encrypted information without a trace. If the one key is lost information cannot be decrypted or encrypted.
Blockchain systems must remain secure while being decentralized. A cryptographic configuration called Asymmetric Cryptography is used extensively on blockchain systems. Asymmetric cryptography allows blockchain systems to secure accounts and prove ownership consent.
Asymmetric Cryptographic is a clever reconfiguration of cryptographic components. In Asymmetric Cryptography our one secure box, our Cypher Text, is accessed with two separate keys. Separating keys by function protects information and enables specific functionality.
- A box with two sides and two keyholes is created.
- Cypher Text is encrypted with one of the keys.
- Cypher Text is decrypted with the other key.
Cypher Text is created with one key and is decrypted with the other. The keys themselves are created without default roles. We simply decide which key will be used to encrypt data and which will be used to decrypt data. Both keys are needed to complete the Cryptographic process.
Asymmetric Cryptography is also called “Public-Private-Key Cryptography.” One key is simply designated as the “Public Key.” The other key is the “Private Key.”
The Public Key and Private Key form a unique pair that cannot be recreated. Having a separate Public Key and Private Key allows us to direct the flow of cypher text. Asymmetric Cryptography can be used to create an efficient and secure messaging system.
Public Key Encrypts, Private Key Decrypts: Drop-box
Imagine you’ve moved to a new city. It’s a metropolis: millions of people, lots of confusing roads, and, everyone on your street has the same last name as you. You’re expecting a package delivery while you’re at work. How will the delivery driver know which mailbox is your’s? Use Asymmetric Cryptography.
- Create a Cypher Text dropbox with two complementary Keys.
- Use the Public Key as your street address.
- The delivery driver identifies your dropbox by your Public Key.
- To drop the package inside the delivery driver encrypts it with the Public Key.
- The cypher text package is secure. Only your Private Key can decrypt the cypher text to retrieve your package.
Anyone can leave you a message in cypher text by encrypting it with your Public Key. Only you, the Private Key holder, can decrypt the cypher text to read your messages.
Private Key Encrypts, Public Key Decrypts: Digital Signatures
You are a shoe designer in high demand. The market is flooded with counterfeit copies of your designs. Your online customers want to make sure they are receiving your legitimate products, your special touch. How can you securely mark your products to assure customers of their authenticity? Use Asymmetric Cryptography.
- Design a cypher text shoe-box.
- Place your custom shoes inside and encrypt the box with your Private Key.
- Attach a copy of the complementary Public Key to the cypher text box. When your customer unlocks the cypher text with the Public Key your authorship is proven. The cypher text can only be decrypted by the Public Key if your unique Private Key encrypted it. Counterfeiters do not have access to your Private Key.
Private-Key-to-Public-Key verifies that cypher text has been authored by the owner of a Private Key. Decrypting the cypher text encrypted with a Private Key demonstrates the authorship, and therefore consent, of the Private Key’s owner, like a signature.
Accounts on blockchain systems, called “wallets,” are direct implementations of Asymmetric Cryptography. A wallet is composed of two complementary cryptographic keys. Public Keys are blockchain wallet addresses. Anyone can deposit an asset into a wallet address. However, transferring an asset out of a wallet address requires the wallet’s Private Key. Blockchain systems assume that only the wallet owner has access to their Private Key.
Prior to blockchain technology intermediaries were required to verify transaction information and allow a transaction to occur. The transaction information to be verified included the identities of account owners in question, the consent of these account owners to a transaction (traditionally given by a signature), and whether these accounts contained enough assets to make the transaction. Blockchain systems verify transaction information and permit secure asset exchange without an intermediary.
To enable decentralized verification every transaction made between blockchain accounts must follow strict guidelines. Transactions begin as “Transaction Requests” that contain specific information. These requests are checked for validity before the asset exchange can occur.
Imagine we have two wallets: A and B. A wants to send an asset to B’s wallet. To do this, A combines required information:
- An identifier of the account that is to hand off ownership to another account: A’s Public Key.
- An identifier of the account that is to receive ownership: B’s Public Key.
- The amount of assets to transfer. A’s claim to this amount of assets will be verified by deriving the Inventory Record from the Transaction Records.
- The time the transaction is to be executed.
- A fee paid to the system for verifying and executing the transaction.
- Proof that A consents to transfer assets to B: A’s Private Key signature
A demonstrates consent to transfer their assets to B’s by encrypting — or “signing” — the transaction information with their Private Key. This transaction information then becomes a formal “Transaction Request” sent to the network. Nodes witnessing the request prove A’s consent by decrypting A’s signature — generated with A’s Private Key — via A’s Public Key, their public wallet address. A successful decryption verifies that the request was truly authored by the wallet’s owner. Only the owner of the wallet should have access to the wallet’s Private Key.