Welcome to the second article of the Blockchain 101 series!

At this point you probably have heard that cryptography is one of blockchain’s foundational technologies. In this article I will introduce some of the cryptography used in blockchain. I hope this brings some clarity to all the key concepts surrounding this matter and helps you build a strong foundation that let you understand how blockchain works.

Introduction

When we transmit valuable data online, there are four important properties which we often need:

Confidentiality – The ability to keep data hidden from unauthorized parties.

– The ability to keep data hidden from unauthorized parties. Authentication – This property involves being able to verify that the other party is really who they say they are.

– This property involves being able to verify that the other party is really who they say they are. Integrity – If data retains its integrity, it means that it hasn’t been altered or tampered with by anyone else.

– If data retains its integrity, it means that it hasn’t been altered or tampered with by anyone else. Non-repudiation – This property essentially means that the individual or entity who was responsible for an action cannot claim that they weren’t involved.

Without each of these properties, how could we be confident that important data really represents what it is supposed to, and it hasn’t been accessed or changed by someone else?

This is where cryptography comes in. Blockchain makes use of digital keys, hashes, and digital signatures to enable:

Decentralized trust and control

Ownership attestation

Cryptographic-proof security model

Data integrity

Asymmetric cryptography, also known as public-key cryptography, is one of the key components of blockchain technology. This form of cryptography allows everyone to verify the integrity of transactions, protect funds from hackers and much more. But how does it work?

Public key cryptography (aka Asymmetric cryptography)

Public key cryptography plays a key role in modern-day information security which uses unique keys to secure information. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. The “one-way” nature means that it is computationally infeasible to recreate the input data if one only knows the output.

In blockchain, we use public key cryptography to create a key pair that controls access to your funds and contracts secured by the private key. The key pair consists of a private key and, ​derived from it, a unique public key. The public key is used to receive funds, and the private key is used to sign transactions to spend the funds or interact with smart contracts. As I said earlier, public key is calculated using a one-way function, so that anyone can easily calculate the public key from the private key, but it is not possible to calculate the private key from the public key.

Wallets serves a custody solution to store and make use of your digital keys. In most wallet implementations, the private and public keys are stored together as a key pair for convenience. However, the public key can be calculated from the private key, so storing only the private key is also possible.

Think of the public key as similar to a bank account number, and the private key as similar to the secret PIN. The private key must remain secret at all times and must also be backed up and protected from accidental loss. If it’s lost, it cannot be recovered and the funds secured by it are lost forever too. The public key can be openly distributed without compromising security.

Generating a private-public key pair

Bitcoins and Ethereum both use Elliptic Curve cryptography (secp256k1 curve) with 32 byte (256 bits) private keys (which is a random number) and 64 byte public keys.

A private key is a 32-byte number chosen at random. In OpenSSL (a cryptography toolkit), we can create this random number with:

openssl ecparam -name secp256k1 -genkey -out priv.pem

If we execute the previous command a new priv.pem file will be generated that contains a private key in pem format:

-----BEGIN EC PARAMETERS----- BgUrgQQACg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHQCAQEEIFqTD06nXZzhOAEshcZi5iY07UmznLgZWOhMfJ5CIPpqoAcGBSuBBAAK oUQDQgAEu1BaDw4uT/sidIwfv0cCpzodIjsAzVWVuClP/YQYDQ1C+savNRv4p1YI dUNnpf445IZdR8+BzZIWTwIXBU27rw== -----END EC PRIVATE KEY-----

Most times you will see the private key represented in hexadecimal format (256 bits shown as 64 hexadecimal digits, each 4 bits). You can convert the PEM format to hexadecimal with:

openssl ec -in priv.pem -outform DER|tail -c +8|head -c 32|xxd -p -c 32 > bitcoinPriv.key

This will generate the bitcoinPriv.key file with the private key in hexadecimal format:

5a930f4ea75d9ce138012c85c662e62634ed49b39cb81958e84c7c9e4220fa6a

As mentioned earlier, Bitcoin and Ethereum both use the same elliptic curve (secp256k1), thus the same private/public key pair can be used in both networks. However, as we will see later in this article, addresses are calculated in a different way.

Surprising fact!

The private key generation process is an offline one; it does not require any communication with the network, or indeed any communication with anyone at all. The private key is just a random number and anyone can generate one. One way to pick your private keys randomly is to simply use a coin: toss a coin 256 times, writting 1 if you get a head and 0 if you get a tail. There you have your private key! The public key and address can then be generated from the private key.

If anyone can generate their private key offline, how likely is that two people generate the same private key? Well, a 256 bits number is approximately 1077 in decimal; that is, a number with 77 digits. For comparison, the visible universe is estimated to contain 1080 atoms. Thus, there are almost enough private keys to give every atom in the universe an account. If you pick a private key randomly, there is no conceivable way anyone will ever guess it or pick it themselves.

The public key has 64 bytes, and is made up of two 32 byte values (x,y) and is a point on the secp256k1 elliptic curve function of:

y2=x3+7

secp256k1’s elliptic curve

and relates to an (x,y) point in relation to the private key (n) and a generator (G).

In simpler terms, a public key is two numbers, joined together. These numbers are produced from the private key by a calculation that can only go one way. That means that it is trivial to calculate a public key if you have the private key, but you cannot calculate the private key from the public key.

We can now generate the public from the previous private key by executing the command:

openssl ec -in priv.pem -pubout -out pub.pem

The public key in the pub.pem file will have the format:

-----BEGIN PUBLIC KEY----- MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEu1BaDw4uT/sidIwfv0cCpzodIjsAzVWV uClP/YQYDQ1C+savNRv4p1YIdUNnpf445IZdR8+BzZIWTwIXBU27rw== -----END PUBLIC KEY-----

You can convert the public key in hexadecimal format by executing:

openssl ec -in priv.pem -pubout -outform DER|tail -c 65|xxd -p -c 65 > bitcoinPub.key

This will create a bitcoinPub.key file with the public key:

04bb505a0f0e2e4ffb22748c1fbf4702a73a1d223b00cd5595b8294ffd84180d0d42fac6af351bf8a75608754367a5fe38e4865d47cf81cd92164f0217054dbbaf

The public key is the result of concatenating the x and y coordinates that satisfies the previous equation preceded by the prefix 04.

You can find more information here.

Digital signatures

There is a mathematical relationship between the public and the private key that allows the private key to be used to generate signatures on messages. This signature can then be validated against the public key without revealing the private key.

Let’s see this with an example:

Let’s say that Alex signs the original message with his private key. This will generate a unique digital signature. John would then be able to verify with the resulting digital signature and Alex’s public key that the message hasn’t changed and that only the person with the private key associated was able to create this digital signature for this message.

Summarizing, the digital signature achieves the following purpose:

Ensures that the message has not been tampered with

Provides verification that it is the correct person who signed the message

No one else has forged or copied the signature

Once signed, the signature cannot be repudiated

.For blockchain transactions, the details of the transaction itself are used as the message

When a transaction is sent to the network in order to move funds or interact with smart contracts, it needs to be sent with a digital signature created with the private key corresponding to the address in question. Anyone can then verify that a transaction is valid, by checking that the digital signature matches the transaction details and the address to which access is being requested. The verification doesn’t involve the private key at all; that remains private. However, the verification process determines beyond doubt that the transaction could have only come from someone with the private key that corresponds to the public key behind the address. This is the “magic” of public key cryptography.

Cryptographic Hash Functions

A cryptographic hash function is a one-way hash function that maps data of arbitrary size to a fixed-size string of bits. The only way to determine a possible input is to conduct a brute-force search, checking each candidate for a matching output; given that the search space is virtually infinite, it is easy to understand the practical impossibility of the task.

Let’s take a closer look at the main properties of cryptographic hash functions. These include:

Determinism: A given input message always produces the same hash output.

Verifiability: Computing the hash of a message is efficient (linear complexity).

Noncorrelation: A small change to the message (e.g., a 1-bit change) should change the hash output so extensively that it cannot be correlated to the hash of the original message.

Irreversibility: Computing the message from its hash is infeasible, equivalent to a brute-force search through all possible messages.

Collision protection: It should be infeasible to calculate two different messages that produce the same hash output.

The combination of these properties make cryptographic hash functions useful for a broad range of security applications, including:

Data fingerprinting

Message integrity (error detection)

Proof of work

Authentication (password hashing and key stretching)

Pseudorandom number generators

Message commitment (commit–reveal mechanisms)

Unique identifiers

Addresses

Addresses are unique identifiers that are derived from public keys using the one-way hash function.

Bitcoin addresses

A bitcoin address is a string of digits and characters that can be shared with anyone who wants to send you money. Addresses produced from public keys consist of a string of numbers and letters, beginning with the digit “1.” Here’s an example of a bitcoin address:

1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy

Even though it is possible to send funds to public key, the bitcoin address is what appears most commonly in a transaction as the “recipient” of the funds. The main reasons behind the use of addresses instead of public keys are:

Addresses are shorter than public keys It adds an extra layer of security. If someone wants to calculate the private key from the address they would need to conduct two brute-force search instead of just one.

How can I calculate the address from a public key? Starting with the public key K, we compute the SHA256 hash and then compute the RIPEMD160 hash of the result, producing a 160-bit (20-byte) number:

SHA256(bb505a0f0e2e4ffb22748c1fbf4702a73a1d223b00cd5595b8294ffd84180d0d42fac6af351bf8a75608754367a5fe38e4865d47cf81cd92164f0217054dbbaf) = 9d4eea764887e107c0413a3d6c90849a6fc8a81883b0d3400b0cf4d1443c12e4

RIPEMD160(9d4eea764887e107c0413a3d6c90849a6fc8a81883b0d3400b0cf4d1443c12e4) = 3188035793c548c74686ae18441eac3890b986cc

or MYgDV5PFSMdGhq4YRB6sOJC5hsw= in Base 64.

Ethereum addresses

In Ethereum there two types of accouns, external owned accounts (controlled by people) and contract accounts. Therefore, a Ethereum address can represent both types of accounts. Ownership of ether by EOAs is established through digital private keys, Ethereum addresses, and digital signatures.

As we mentioned earlier, Ethereum uses a different approach to calculate addresses.

We use Keccak-256 to calculate the hash of this public key:

Keccak256(bb505a0f0e2e4ffb22748c1fbf4702a73a1d223b00cd5595b8294ffd84180d0d42fac6af351bf8a75608754367a5fe38e4865d47cf81cd92164f0217054dbbaf) = b11f47705e406e3f176f9cde7fda390e15db85c6b6bcca353af902d204b09a50

Then we keep only the last 20 bytes (least significant bytes), which is our Ethereum address: 007fda390e15db85c6b6bcca353af902d204b09a50

Ding! Ding! Ding!

And this is the end of our second Blockchain 101 class. After reading this article you have now the knowledge to deeply understand how blockchain and its security model works.

I hope you enjoyed this article and see you in our next class!

Sources:

Matering Bitcoin. Andreas W. Antonopoulos. https://github.com/bitcoinbook/bitcoinbook

Mastering Ethereum. Andreas W. Antonopoulos, Dr. Gavin Wood. https://github.com/ethereumbook/ethereumbook

Elliptic Curve Key Generation. https://asecuritysite.com/encryption/ecc