Cryptography is an essential pillar of modern cyber security. It has a multitude of applications in digital currencies, blockchain technology, payment cards, password protection and electronic commerce. Cryptography can be defined as the science and practice of keeping information secure by way of employing mathematical principles and transforming that information into a form that would be unintelligible for someone who is not the intended recipient.
As the art of using codes in order to protect secret information, cryptography has an ancient history. Throughout the ages secrecy was usually achieved by way of ciphers that were known amongst a limited circle of addressees. The cipher or the code was employed to transform the original message into some unintelligible form so that only those who were familiar with the cipher could decode the message and read it in its original form.
One of the first established uses of cryptography for correspondence dates back to 400 BC when Spartan military commanders were using a device called “the scytale”. This simple device consisted of a baton and a piece of parchment on which a message was written and which was wrapped spirally around the baton. After being unwrapped from the baton, the letters on the parchment became scrambled and thus produced something resembling a cipher. However, when the piece of parchment was once again wrapped around a baton of similar proportions, the “decoded” message showed up and the cipher was effectively solved. In a similar manner, Julius Caesar used a specific cipher where a shift of three positions was employed for each letter, as a result encrypting the letter A into letter D or the letter B into E. This was revealed by Suetonius in his chronicle “The Twelve Caesars” in the following passage: “There are letters to Cicero too, and private letters to friends, the confidential passages written in code, using a rotational substitution cipher to disguise the meaning. Decipherment involves substituting a letter with the one three letters further on in the alphabet, thus D for A, and so on”.
Moving fast forward to the present day, we live in the realm of omnipresent digital communication where messages and content are conveyed on unencrypted public networks. Normally, when you send a digital message or digital content over the internet, travelling from one point to another, there will inevitably be one or many intermediaries along the path of the traffic. Those intermediaries could intercept and read the messages should they want to. What would be the solution then for modern day military commanders or just regular web users being interested in confidentiality? Could there be a framework to ensure security and confidentiality in a way that only the intended recipient of the message could read it?
The answer to the above question is provided by public key cryptography. Public key cryptography, also known as asymmetric cryptography, is a cryptographic system that uses a pair of keys – public and private keys. It is a newer and more efficient method as opposed to symmetric encryption.
In symmetric encryption, one and the same secret key is used to encrypt (lock) and decrypt (unlock) a message. However, the big disadvantage of this method is that the parties involved in the communication need to also exchange the key so that the information can be decrypted. Therefore, in the same way that intermediaries could intercept unencrypted information, they could also obtain the secret key while in transit and thus decode the cipher with ease. Unlike this, assymetric encryption uses a more advanced method to achieve security that will be presented below.
In public key cryptography, the encryption process is based on the use of two related cryptographic digital keys – a private key and a public key that are a matching pair. The public key is used to encrypt (lock) the message before sending it across the network. In turn, when the message is received, the private key, being a matching counterpart to the public key, decrypts (unlocks) it. The public key can be shared openly on the network as it can only be use to lock the message but not to unlock it. On the other hand, it is of utmost importance that the private key is always kept secret as it can decrypt the message. In asymmetric encryption, the private key is not transferred across the network with the encoded message but instead is safely kept by the intended recipient. Therefore, the risk that the private key can be compromised is significantly reduced.
To give a simple example, let’s say that User A wants to send a secret message to User B. User A would have to use the public key of User B and encrypt the message. Therefore, the text of the message would turn into gibberish and travel across the network without any risk for the intermediaries to read the message (as it would be unintelligible to them). Then the message would be received by B who will apply his private key and thus decrypt (unlock) the ciphered text and read the message. Therefore, the result will be that only the person in possession of the private key will be able to decrypt and read the message.
Public key cryptography plays a crucial role in achieving security on the blockchain. Two prominent practical applications are:
- the use of digital signatures for verified transactions
- the generation of a public address that is used in order to send and receive cryptocurrencies
Digital signatures
The use of public and private keys is instrumental in digital signing when transactions on the blockchain are initiated. In this sense, the private key is used for generating a signature for each transaction that a user sends out. This digital signature is used to confirm that the origin of the transaction is legitimate and it also prevents the transaction from being modified after it has been issued.
A digital signature can be viewed in general as the electronic equivalent of a physical signature. It performs the same function of attaching the identity of the signing party to the document that is signed. This result is achieved through a set of mathematical mechanisms.
The mechanism for cryptographic verification here is actually the opposite to the one used in achieving confidentiality of communication. Instead of encoding a secret message with a public key and then decoding it with a private key, the digital signing process involves the use of the private key first (the signing key) and then the use of the public key (the verification key). This process involves 2 steps – i) signing and ii) verification.
First, the transaction on the blockchain is signed with the private key of the person initiating the transaction. The digital signature represents a sequence of numbers. It is created as a result of an algorithm that uses as inputs the private signing key and the hash of the transaction that is to be signed. The hash is the result of a cryptographic hash function – an algorithm that produces a digital fingerprint of the transaction represented in a fixed output of numbers.
Then the person who is receiving the transaction could perform verification of the digital signature by using the public key (verification key) of the initiator. The verification algorithm uses 3 specific inputs in order to perform this function. These are: the digital signature, the hash of the transaction and the public verification key. The verification algorithm checks on the basis of these inputs whether the digital signature of the transaction was generated with a matching private key and returns a binary output – TRUE or FALSE, in response.
What is very important during this whole process is that the private key effectively remains secret and only the initiator of the transaction continues to have access to it. The verification only requires the use of the public key. If a third party was in any way able to obtain the private key of the user, the result would have been that this third party would be able to send to their own cryptocurrency address the holdings of the owner by signing the transaction with the obtained private key, thus effectively stealing the assets.
Cryptocurrency addresses
In addition to digitally signing transactions, the private key is also used on the blockchain to generate the public key and the corresponding cryptocurrency address.
The cryptocurrency address is a string of alphanumerical characters. The user could share this address with anyone who might want to send them cryptocoins and the user would also have to access the address in order to initiate transactions. The process for generating the address is the following. First, a public key is derived from the private key through the use of a one-way hash function. After the public key is derived, it is also transformed with a one-way hash function and it results into the public address that network participants would use if they want to initiate a transaction. In the particular case of Bitcoin, two algorithms are used to create the address from the public key. These are the 256-bit Secure Hash Algorithm (SHA-256) and the RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160).
It is the private key that gives a user access to their cryptocurrency address and therefore control over their holdings. A user would need a crypto wallet in order to send or receive cryptocurrencies. Unlike a regular wallet, the crypto wallet itself does not contain any amount of cryptocurrency but instead stores the private and public keys that are needed for accessing the funds and initiating transactions. The crypto wallet could take the form of a device, a program or a service. There are hardware wallets in the form of devices which are highly secure and also software wallets that take the form of desktop and mobile applications. There is a also the distinction between what is called a “hot wallet” – wallets that are connected to the internet such as web wallets that are hosted online by cryptocurrency platforms and exchanges, and a “cold wallet” which is not connected to the internet and is therefore considered to be a more secure storage option.
Finally, a key characteristic of the way mathematical algorithms are implemented and used in public key cryptography on the blockchain is that they are pretty much irreversible. It is very easy for the functions to operate in one direction and close to impossible for them to be applied in the opposite direction in terms of required computing power. As we already know, the private key is used as an input to derive the public key. However, it is close to impossible afterwards to reverse the algorithm and obtain the private key from the public key. In the same way, it is not really feasible to obtain the public key from the cryptocurrency address.