A deep dive into the world of cryptocurrency
One of the great things about working at Bakken & Bæck is that you get to work with a whole range of clients, each with their own unique wants and needs. What this means in practice is that we are constantly being challenged to get to grips with new technologies and problems that we’ve never really dealt with before.
Luckily, learning new things and finding solutions for difficult problems is something we love doing! Recently one of our clients asked us to take a head-first leap into the world of cryptocurrency; something that was fairly new to us. This is what we learned.
We vaguely understood some of the concepts of cryptocurrency, we were aware of recent developments, and a few of us were the proud owners of some Bitcoin. This task however, would require us getting up close and personal with the inner-workings of a different cryptocurrency; Ethereum.
Ethereum, much like Bitcoin, is a decentralised cryptocurrency. Instead of banks being responsible for keeping track of peoples balances there is a publicly shared balance sheet that is maintained by a network of computers across the world. This network of computers is constantly communicating and informing each other about new transactions that need to be processed. Anyone with a computer can join the network and begin helping out; but that’s not what we were going to be doing. We were going to allow a user to receive and spend money on the network, and for that we needed a wallet.
Making a wallet
You probably haven’t spent too much time thinking about how your wallet was made and what the main features of your wallet are. That changes when you begin talking about an ethereum wallet, because an ethereum wallet doesn’t physically exist — it’s completely virtual. One of the challenges with a virtual wallet is that you can’t just take it out of your pocket and stuff a few notes in it. Instead, your virtual wallet has a unique address which can be used to put money in it. It’s almost as if your wallet has its own email address and people can email you money.
If you can only send money to a wallet, all you’ve actually got is a piggy bank. Taking money out of your physical wallet is so simple that you probably don’t even think too much about it. It’s not as easy with a virtual wallet, but it can be done. All you need to do is prove that you are the rightful owner of the wallet, and to do so you need a “private key”.
Give me the key to your wallet
Every single ethereum wallet has a private key, it is a secret that only the wallet owners know. If you know the key then you can open the wallet. It’s like having a password on your email account — by providing your password you are proving you should have access to the email account.
When it came to us implementing this in code we naively assumed that we could piggyback off existing code written for the bitcoin environment. We started looking at bitcoin libraries to see if they could be tweaked to work with ethereum. We soon learned that things wouldn’t be quite so easy and we were going to have to get our hands dirty with some cryptography.
We started by reading and learning as much as we could but this in itself was surprisingly difficult. Ethereum is relatively new so it can be difficult to find good documentation and when we did find something useful it was sometimes outdated or contained a lot of terminology that we didn’t understand yet. We went through quite a few tough days where we felt like we weren’t making much progress.
It can be very tiring when you feel like you’re just spinning the wheels and not making much progress, but through a combination of blog posts, white papers, yellow papers, IRC, and speaking to experts we made our breakthrough. We finally had understood how to make a valid wallet from scratch.
1. Create a private key
This is 64 randomly selected characters. That’s it! You can choose them however you want but it’s best to let a computer generate them. Not only is this the secret you’ll need to prove you own a wallet, it is also the building block for the rest of the wallet.
2. Convert the private key into a public key
Now we’re in to the cryptographic heart of the wallet creation process. We’ll need to take the private key and transform it into a public key using something called the elliptic curve digital signature algorithm. That’s a bit of a mouthful though, so most people refer to it as ECDSA which is much easier to say. ECDSA is a type of one way function; meaning it’s very good at calculating things in one direction and not so good at doing the same in reverse. It might seem as if such a thing wouldn’t be much use but this is perfect when you are trying to keep your private key secret.
Think about it this way: if you take any two numbers and multiply them, you end up with a third number. If you give only the third number to another person it would be difficult for them to work out what the original two numbers were.
In this example the original two numbers are your private key and the third number is your public key. ECDSA doesn’t multiply numbers together. Instead it performs some algebraic functions on a predefined 2D curve — but the concept is similar.
3. Get the wallet address
Once your private key has gone through the ECDSA factory and made a public key you are ready to create a wallet address. All you really need to do here is give the public key a quick cleanup and you’ve got the address.
A one way function is again used during this process but ECDSA gets to take a break whilst another algorithm gets a chance to shine. In place of ECDSA we use an algorithm with just as catchy a name — Keccak-256. It’ll take the public key and return the address with a bit of extra information at the start. Simply remove the first 12 characters, add “0x” on to the front, and you’ve managed to create an address from a private key! Next time someone owes you some money you can send them this address for payment.
Being able to create our first ever wallet from scratch was a truly amazing experience. We were ready to being making transactions.
You never give me your money
We knew from earlier research that to pay from your wallet you needed to have the private key. But you can’t just go around giving your private key to anyone who asks for it — otherwise they can just pretend that they are the wallet owners. As odd as it sounds, what you need to do is to prove that you have the private key without ever giving the private key away. Fortunately this is possible using the power of our old friend ECDSA.
When you want to spend some money you create a transaction which states how much you want to spend and where you want to spend it. This transaction is then sent to the ethereum network. To prove that you have permission to spend this money you need to sign your transaction.
ECDSA allows you to sign the transaction with your private key in a way that the network can verify. It’s not so different from signing a paper contract. People can verify that you have signed the contract but it doesn’t mean that they can copy your signature. This idea of being able to sign a transaction is crucial to cryptocurrency. If it didn’t exist you wouldn’t be able to buy anything without the seller emptying your whole wallet.
The next challenge
It has definitely been a challenge working with cryptography and ethereum. One of the problems with working in uncharted territories is you spend a long time just trying to understand the problem. Even when you’ve understood the problem, it’s not immediately obvious how you go about solving it. The world of cryptography is full of complex algorithms that you need to understand and work with. The joy of working with challenging things is that it make the rewards all the sweeter. It’s the kick of seeing things working that keeps us eager for our next challenge.