Cryptography 101
The blockchain technology, which originated with Bitcoin, consists of a combination of existing technologies. Essential concepts are the asymmetric encryption (see Merkle, 1980), the digital signature (see Haber & Stornetta, 1997), the proof-of-work algorithm (see Back, 2002) as well as the concept of decentralization, which were combined for the first time by Nakamoto (2008) to a pure peer-to-peer digital cash system. With the Bitcoin whitepaper, Nakamoto solved the double spending problem of digital assets that had never been solved before. This involves the use of cryptographic hash functions for incentive design, validation and transaction concatenation in blockchain systems. Furthermore, asymmetric encryption forms the basis for transparency and privacy within the blockchain.
Deutsche Version verfügbar unter ledgerlabs.li
Symmetric and asymmetric encryption
Asymmetric cryptography, also known as public key cryptography, is one of the key components of the blockchain technology. This form of cryptography allows anyone to verify the integrity of transactions or securely store digital assets. To understand the advantages of asymmetric encryption, a comparison with its counterpart the symmetric encryption is helpful.
As the name suggests, symmetric encryption uses the same key to encrypt and decrypt data. To enable private communication, all involved parties must have the same key. In practice, this means that the key must be shared with the other party in secret meetings, sealed envelopes or trusted channels. Symmetric encryption is therefore poorly scalable and vulnerable to attacks when the key is transmitted.
Asymmetric encryption was developed to counteract the disadvantages of the symmetric encryption and represents an important basis from cryptography in the blockchain context. Asymmetric cryptography solves the coordination problem that existed in symmetric encryption when the key was transmitted. Instead of passing the “password” to decrypt a message, a combination of two keys is used — a public key and a private key. This is often referred to as private and public key encryption. The private key is only known by the owner and must be kept safe. The public key, on the other hand, can be passed on to anyone without hesitation. Both keys are cryptographically linked to each other.
The following example shows how a secure message can be transmitted by using the key pairs without having to send the password to the recipient for the decryption.
- Alice shares her public key with Bob
- Bob uses Alice’s public key to encrypt his message.
- The message sent by Bob can now only be decrypted by Alice, since only she holds her private key, which is needed for the decryption.
One application of asymmetric cryptography is the storage and transmission of cryptocurrencies. The public key is the address where the coins are located and can be used to encrypt data. The private key, on the other hand, is equivalent to the password that is needed to decrypt the data again. The private key therefore allows access to your own assets on the blockchain and should therefore be kept safe in any case. In addition to the safekeeping of assets, asymmetric encryption is also used to sign transactions concerning these assets.
Hash functions
Hash functions are cryptographic one-way functions that convert an input (text, documents, etc.) into a length-limited alphanumeric code (hash) as an output. Nowadays, they are used to sign emails or digital documents. In addition they also form the basis for the proof-of-work algorithm for validating transactions on the blockchain. (Voshmgir & Kalinov, 2018)
As shown in the figure, even a slight change in the function input leads to a completely different output. Nevertheless, using the same input and hash function always generates the same output. Hence, it is easy to check whether the hash (output) belongs to a certain data set (input). However, the hash value (output) cannot be traced back to the data set (input). Therefore, it is called a one-way function.
Hash functions like SHA256 (Secure Hash Algorithm) are usually open source. This means that anyone can try to crack the algorithm. Hash algorithms that have been around for a long time and have not yet been successfully cracked, can be considered secure.
TIP: An interactive tool for a better understanding of hash functions is provided by Anders Brownworth on the website https://anders.com/blockchain/hash
Sources
Back, A. (2002). Hashcash — A Denial of Service Counter-Measure. http://www.Hashcash.Org/Papers/Hashcash.Pdf.
Haber, S. & Stornetta, W. S. (1997). Secure names for bit-strings. Proceedings of the ACM Conference on Computer and Communications Security, 28–35.
Merkle, R. C. (2012). Protocols for public key cryptosystems. Proceedings — IEEE Symposium on Security and Privacy. https://doi.org/10.1109/SP.1980.10006
Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System [Whitepaper]. Retrieved November 3, 2019 from https://bitcoin.org/bitcoin.pdf
Voshmgir, S., & Kalinov, V. (2018, 11. September). Cryptography & Blockchain Infographic — BlockchainHub. Abgerufen 3. Februar, 2019, von https://blockchainhub.net/blog/infographics/cryptography-blockchain-infographic/
About the Author
Severin Kranz has worked for several years as a consultant in the Fintech sector and in asset management. Since 2015 he has also been intensively involved with crypto currencies and distributed ledger technologies. Through his Master in Business Innovation at the University of St. Gallen, he researches on governance mechanisms of distributed ledger technologies has specialized in business model innovations as well as human-centered innovations through design thinking.
Disclaimer
The author of this article has no connection or relationship with any company, project or event, unless expressly stated otherwise. None of the information provided can be considered financial advice. Investments in cryptocurrencies are risky. Ledgerlabs.li is a website for independent information about blockchain technology. Neither Ledgerlabs Kranz nor the authors are responsible, directly or indirectly, for any damage or loss incurred in connection with the use of or reliance on any content you read on the website.
