Blockchain Mechanics — Private and Public Keys

Understanding how the blockchain is secured

Ciaran Mcveigh
blockchaintechnologies
7 min readApr 19, 2018

--

This article will look firstly at how public and private key cryptography works as a concept and then delve into some of the more technical details around what the public and private keys actually represent. Some base knowledge around how blockchains work is assumed.

Public & Private Key Cryptography

Blockchains are distributed ledgers, they are decentralised and as a result, anyone can make an entry. The question then becomes if anyone can make an entry what stops Alice pretending to be Bob and making an entry which states Bob pays Alice £10.

In a centralised database, Bob can only make a request to update the database (pay Alice £10) if he first authenticates himself. The authentication is handled by the centralised entity, say in this case a bank and generally uses something you know, a password or pin number to authenticate your identity. So how does one authenticate who they are in a decentralised environment? This is where public & private key cryptography comes in.

Let us first look at encryption in general and how it used to work. Let’s say Alice and Bob want to exchange encrypted messages. Historically Alice and Bob would first have to decide on an encryption method so that both parties could decrypt the messages. This is known as symmetric encryption.

The question is then how does Alice let Bob know the proposed encryption method. She can’t send it in plain text in a letter or over the internet otherwise anyone who can intercept the message will then know how to decode all of the ensuing messages. If she wants to encrypt the encryption method we have a chicken and egg situation.

Because of this, the details of the encryption method were traditionally exchanged in person. In the digital age, this is not feasible when Alice who lives in London wants to interact with Bob who lives in New York.

Public-private key encryption is an asymmetric encryption technique meaning you don’t have to exchange an encryption method to send encrypted messages. You have a private key and a public key. I want you to think of each key as a padlock and key.

Let’s say Alice and Bob are again trying to exchange messages. Alice has a private key (padlock-Private-A and key-Private-A) and a public key (padlock-Public-A and key-Public-A). Bob also has a private key (padlock-Private-B and key-Private-B) and a public key (padlock-Public-B and key-Public-B). Your public key is public knowledge therefore, everyone has access to the public “padlock and key”. Note that key-Private unlocks padlock-Public while key-Public unlocks padlock-Private. If Alice wants to send a message to Bob, she encrypts it with Bob’s public key. Imagine Alice putting a message in a box and locking it with padlock-Public-B which is available to everyone. When Alice sends that message over the internet anyone who intercepts it cannot open it as they do not have key-Private-B (Bob’s private key). Therefore, Bob is the only one who can open the box and retrieve the message.

Here’s a nice diagram but in the other direction, in this case Bob is sending an encrypted message to Alice

You may ask what then is the other padlock and key used for. When Bob receives the message he can decrypt it, but how does he know if the message is from the real Alice, it could be someone impersonating Alice. All someone needs to send Bob an encrypted message is his public key which is available to everyone.

To solve this problem Alice also signed the message with her private key (padlock-Private-A). When the message arrives to Bob he can use key-Public-A (Alice’s public key) to verify it. If the verification does not work, then it wasn’t signed with Alice’s private key. From this one can infer that it wasn’t sent by Alice. If the verification does work you can be sure that the message is from Alice as she is the only person who has access to her private key and could have signed a message with it. Note that this only holds true if Alice’s private key has not been compromised.

An example of signing using the senders private key. Note 6DSJ092JSS282990 is the signature, the message, signature and public key are then used in the verification process

You may be wondering how mechanics of the padlock and key described above actually work. They work using trapdoor functions or a one-way function as they are also known. These are functions where given the output it is very hard to determine the inputs, but given a piece of information, the problem becomes trivial. The solving of the problem is the padlock and the piece of information that enables you to solve that problem is the key.

It is very easy to check if a provided key is valid. An example of a simple mathematical trapdoor is “6895601 is the product of two prime numbers. What are those numbers?” to determine these two number is hard as there are many different possibilities, however, given you are provided with the information “one of the numbers is 1941” (the key) you can quickly determine the other number must be 3571 and then check if these numbers are prime.

Please note that while the above example could easily be computed the trap door functions used in blockchains are much a harder to solve. So much harder that it would take all of the compute power in the world millions of years to find the correct answer. To go deeper into the actual method used for blockchain technologies take a look at Elliptic-curve cryptography.

The above method means we can exchange information with each other without needing to exchange a method prior to it. A huge amount of what we do online would not be possible without this technology. So how does this fit in with blockchain? When I encrypt something with my private key it is known as a digital signature, in the same way you sign a check to pay someone you will digitally sign a transaction (using your private key) to prove you are the owner of those funds. Anyone can check this signature using the corresponding public key. It is also used in verifying information. Let’s say we put degree certificates on a blockchain. A university would sign an entry with your results to verify that you did receive a 1st in Economics at their university.

Private Keys

So now we understand the general concept next I want to talk about private keys specifically what they are from a computer’s perspective. A large number of people have no idea what a private key is, they may know what it does but they don’t know what it represents. I think a large part of this is to do with the format it is often presented in. Most private keys are presented like this,

0xA0DC65FFCA799873CBEA0AC274015B9526505DAAAED385155425F7337704883E

This is hexadecimal and often leads people to think that private keys are written in some foreign language that they cannot comprehend. In actuality, the text above simply represents a decimal number that you and I encounter every day. In this case, the hexadecimal above represents,

72759466100064397073952777052424474334519735946222029294952053344302920927294

As you can see this is quite a big number and it’s the size of this number that protects cryptocurrencies from brute force attacks. Now would be a good time to take a look at this article on base systems to understand how hexadecimal, binary and decimal all relate to each other.

The range of possible numbers a private key can be is dictated by the private key size. The size refers to the number of bits in the private key. In bitcoin, the secp256k1 standard is used, note the 256 refers to the size of the private key in this case 256 bits. The corresponding 256 bit key to the number above is shown below,

1010000011011100011001011111111111001010011110011001100001110011110010111110101000001010110000100111010000000001010110111001010100100110010100000101110110101010101011101101001110000101000101010101010000100101111101110011001101110111000001001000100000111110

This is ultimately what the private key is. 256 1’s and 0’s that enable it to be interpreted by a computer. For us, it simply represents a number, a very large number that is virtually impossible to guess. To put in context how many possible private keys there are out there have a read of this quote,

Create a new Earth for every grain of sand on Earth, and there are 26 billion unique Bitcoin addresses for each grain of sand on each of those Earths.

Whats cool is that now that you understand what a private key actually is you can generate one yourself offline with a coin. Heads equals 1, tails equals 0 grab a piece of paper and flip the coin 256 times. Note down the numbers and there you have it your own private key.

Note that there is a valid key range dictated by the secp256k1 ECDSA standard which goes from 1 to 115792089237316195423570985008687907852837564279074904382605163141518161494336. Check out the python code below which simulates the coin toss described above.

Public Keys

Public keys are much the same, ultimately they just represent a number or collection of numbers. Public keys represent different concepts in different cryptography techniques. For example, in the Elliptic Curve Digital Signature Algorithm (ECDSA) the public key represents a point on that curve. ECDSA public keys can be generated using the private key. Note that when you send bitcoins to a public address that is not the public key. That bitcoin address is generated using the public key by putting the public key through a series of transformations such as encoding, adding checksums and various hashing.

Conclusion

We have only scratched the surface of what public and private keys are how they work however hopefully you now have a better understanding of some of the underlying mechanics of blockchains. You may now be wondering what that private key number actually represents in relation to ECDSA. An upcoming article on the Elliptic Curve will briefly touch on this showing how public keys are generated from the private key and what each key represents in relation to the Elliptic Curve.

Hope this article helped, any corrections or improvements are always welcome.

--

--