In our last article, we discussed how to create a Bitcoin wallet. In its basic form, a wallet is made up of a private key and public key. The public key is shareable but the private key must remain a secret.
Now we will discuss how Bitcoin transactions work, using these public and private keys. One important (and perhaps, surprising) point is that Bitcoin does not store wallets or balances on its blockchain. It is a purely transaction-based system.
In every transaction, there is an input and output. The input references a previous transaction output. The owner of the previous output provides a signature that verifies ownership of the coins.
The challenge of such a system is this: how do you verify that a given output belongs to an individual to spend? The Bitcoin ledger is public, so it must do so without revealing the owner’s private key.
That is where Elliptic Curve Cryptography (ECC) comes in. If you’ve never heard of ECC before, prepare to be amazed.
Elliptic Curve Cryptography
Elliptic curve cryptography (ECC) is a form of public key cryptography invented in 1985 and further developed by the NSA in the early 2000’s. It relies on a geometric set of points that form a curve and uses operations that are mathematically unsolvable.
The formula for an elliptic curve is as follows:
y² = x³ + ax + b
Check out the Elliptic Curve calculator to see what one looks like:
We learned earlier that Bitcoin private keys are 256-bit random numbers. We use elliptic curve multiplication with this number to generate the geometric point that is the public key. The nature of the elliptic curve makes it impossible to trace a public key back to the private key. We can then use the private key to generate digital signatures, as in Bitcoin.
Let’s code up an example of creating and verifying a digital signature.
When we run this locally, we can see that only the correct private/public key pair is verified:
How it Works (Breakdown)
- At the top level of our code, we import three libraries. The most important of these is the
ellipticlibrary for creating our digital signature. The two others (
js-sha256) are for hashing our message for uniformity and security.
- After this, we specify that we are using the
secp256k1subset of the Elliptic Curve. This is a specific set of parameters used for creating digital signatures. It sets the starting point of the curve and adds an upper bound for the size of private keys.
Hash()function processes our message through two hashing algorithms, as described above. In the
createSignature()function, we first hash the provided message. Then we generate a key pair with our private key, and sign the hashed message. This is the same signature used in Bitcoin transactions.
- In our
verifySignature()function, we take the message body, public key, and signature as inputs. We then use the public key to validate the signature — all without knowing the signee’s private key!
Other Uses of Elliptic Curves
If you thought that was cool, just wait — there are other uses of Elliptic Curve Cryptography. What we just covered was the Elliptic Curve Digital Signing Algorithm, or ECDSA. Here are some other protocols that use the same underlying math:
This protocol allows a user to encrypt a message with a public key so that only a person with the corresponding private key can decrypt it. This is useful in a variety of privacy use-cases.
In this protocol, two users can each create a “shared secret” that only the two of them know. A user generates a shared secret with his or her private key and the other user’s public key. This is also useful for secure communications.
How Bitcoin Uses ECDSA
In Bitcoin, transactions take the following format:
You might have noticed that the output contains the recipient’s “public address.” You may have seen Bitcoin addresses, which are much shorter than ECDSA public keys. Why is that?
In our last article, we explained how to convert a public key into a shortened Bitcoin address by hashing it. This adds another layer of security in the transaction, by not exposing the recipient’s public key. It is considered cryptographically secure to share a public key, but not exposing it makes the system even more robust.
Furthermore, popular Bitcoin wallets such as Trezor take security to another level with HD wallets. These products make it easy to only use a single public/private key pair for a single transaction. Using a protocol called “hierarchical determinism,” these wallets generate millions of key pairs from a single seed. This means that if a private key is compromised, the other transactions would be unaffected.
Future Advances in Cryptography
A positive effect of the rise of cryptocurrencies is that they serve as a testing ground for cryptographic technology. Many mathematicians and computer scientists are invigorated in the quest to further blockchain security through new protocols, such as HD wallets, zero-proofs, and more.
These technological advances will have effects not just on Bitcoin, but on a whole new wave of decentralized technology. We are already starting to see it happen.