Cryptography is the core of blockchain technology. All transactions information is encoded in blocks, which are linked together and form structure of the blockchain. In this article, we go over the fundamentals of blockchain cryptography.

The History of Cryptography

The need to encode information emerged concurrently with the development of writing. Encrypted writing was first used in ancient Egypt, Mesopotamia, and ancient India. With time, people learned to use special tools to encode text. One of the first known cryptographic devices was the scytale, used to send messages by the Spartan military. The technology of cryptography has been constantly evolving. As existing encryption methods stopped being effective, people would invent new ways to encode information.

During World War II, the Third Reich used very complex electro-mechanical rotor cipher devices called Enigma machines to encode its military communications. An Enigma machine consisted of a keyboard, rotors, circuit boards, and lamps. The input text was transformed into a cipher by the rotors, whose position would change with every keystroke. It took years of effort by a 10 000 person decryption center to crack the Enigma code.

With the arrival of computers, cryptography reached a new level. Many countries, especially the US, created new state-sponsored cryptography programs. Among them is the Security Hashing Algorithm SHA-256, developed by NIST. Now, among many other applications, this algorithm is used to create blocks in Bitcoin. The Ethereum blockchain network uses an algorithm Keccak, based on which a new standard of hashing algorithm SHA-3 was created, first published in 2015.

SHA-256 and the Block Creation Process

The process of creating a block consists of validating a transaction and recording it. This process is called mining. Transactions are recorded in a block through hashing. Hashing is the process of converting a text of any length to a fixed-length value. Bitcoin transactions are hashed using the SHA-256 algorithm.

Here is an example of text versus its hash:

As you can see, the length of the text converted using SHA-256 does not affect the length of the hash, which always consists of 64 symbols and is 256 bytes in size. The SHA-256 algorithm is even sensitive to the case of the input letters: the hashes for the words Hello and hello (capitalized vs not capitalized) are completely different.

The purpose of mining is to determine the hash of the block being generated that will be suitable to all transactions in a given network. The difficulty of mining increases as more computing power is needed to create an individual block. As the computing power to create blocks grows, the amount of zero in a hash-code grows, too. Currently there are 20 successive zeros in the beginning of Bitcoin hash, and a huge volume of computational resources are needed to create a block. The maximum time for generating a block remains constant, however, and stands at 10 minutes. The difficulty of mining is automatically compounded after every 2016 blocks are created. This switch rate was fixed by the initial Bitcoin code.

So, the process of creating a block consists in recording the hash of a certain amount of transactions contained within it. Each Bitcoin block includes the following fields: a magic number, a blocksize, a blockheader, a transaction counter and transactions field that contains information about transactions in it.

Each block header has the following components:

version, previous block header hash, Merkle root hash, timestamp, difficulty target and nonce value.

Merkle root shows the hash of current block transactions and computed according to a Merkle tree algorithm, also called a binary hash tree. It works as follows:

Initially the system computes the hashes of all transactions in the block Next, the system divides these transactions by pairs and computes the hash of the sum of these pairs of transactions. Then the system divides the calculated sums by pairs and computes them again and again, until a single hash-code, rhe so-called root, is calculated.

Here is a Merklel binary hash tree:

As can be seen, a Merkle tree has a binary structure so it must have an even number of elements. In the event that a Merkle tree emerges with an uneven number of elements, the system doubles it in order to form a pair.

A Merkle tree with an uneven number of elements might look like this:

In this way, all data about transactions in a given block is calculated and recorded .

Each block is linked with the previous and the following block in a blockchain series. If you try to modify even one transaction in a block, it will cause a chain reaction. At first, this will alter the hash of the modified transaction and this, in turn, will change Merkle tree branch and, ultimately, the Merkle Root. After this, a modified Merkle Root will change the block header and this will change of all subsequent blocks in the blockchain sequence. In this way, even one modification will force the recalculation of all computational work initially performed to create this particular sequence of blocks.

Cryptography in Verifying Bitcoin and Ethereum Transactions

Data in Bitcoin and Ethereum transactions is verified with the signature produced by something called an Elliptic Curve Digital Signature Algorithm (ECDSA). This algorithm uses elliptic curves and finite fields.

The processes of signing and verifying a transaction are distinct. A tool called a private key is used for signing a transaction and another called a public key is used to verify it. A private key is randomly generated in the process of creating a wallet. A public key is mathematically derived from the private key using elliptic curve multiplication on a finite field. The private key is to be known only to the person who signs a transaction and the public key — to anyone who wants to verify it.

An elliptic curve consists of following parametres: an equation, a prime modulo and a base point with a prime order. The equation of an elliptic curve has the form y² = x³ + ax + b.

In Bitcoin, Ethereum, BKX, EOS, Litecoin and many other cryptocurrencies, an elliptic curve called secp256k1 is used. The equation of this curve looks like y² = x³ + 7 mod p. The prime modulo of the secp256k1 curve is =2²⁵⁶–2³²–2⁹–2⁸–2⁷–2⁶–2⁴–1 (or FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F in hex form). This is essentially a large prime number, hence the name prime modulo.

The elliptic curve over field of real numbers looks like this:

Base point G has a prime order n that can be thought of graphically as the number of times the point can be added to itself until its slope is infinite, or a vertical line. The base point is selected so that the order is a large prime number.

For the secp256k1, the base point G in compressed form is: G = 02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798, and the order n of G is: n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141.

To generate a public key, we should multiply the private key by G:

Keypub = Keypriv × G

It is not so difficult to discover a public key through a private key. However, Keypriv is a very large number, so to derive a private key through public key and hack the ECDSA algorithm, 2¹²⁸ operations for additional points need to be computed. For a regular computer, such an operation would take more than ten billion years, a process compatible with the age of the universe.

After private and public keys have been generated, the transactions must be signed using private key.

To do this, we need to complete the following operations:

Compute z = hash( transaction ) mod n Select a random integer k, which is equal to or more than 1 and less than or equal to n-1 (1 ≤ k ≤ n-1). Derive a point (x, y) by multiplying k by G;

Note that k is a temporary secret value and must be destroyed right after step 5. Leaking secret value k is just the same as leaking private key: if attacker knows k and signature, then she(or he) can calculate private key.

4. Compute r = x mod n. If r = 0 then return to step 1;

Function x mod p divides x on p and returns only the remainder of division. For example 78 mod 33 = 12 as 78 = (33x2)+12, or 98 mod 31 = 5 as 98 = (31x3)+5).

Note that the multiplicative inverse of s modulo n is denoted as 1/k mod n, and 1/k mod n is equal to the solution of equation kx = 1(mod n). This equation is solved with the help of Euclid’s algorithm in the following way. Let’s assume that s = 3 and n = 5, then the equation appears as 3x = 1(mod 5), or, with Euclid’s algorithm, as 3x = b(mod 5). This extends to the linear Diophantine equation ax — by = c, or sx — ny = b, or 3x — 5y = 1, where x = 2 and y = 1 (6–5=1), so s-1 will be 2.

5. Compute s = (1/k mod n) × (z + r × Keypriv) mod n. If s = 0 then go back to step 1;

6. The computed pair (r, s) will be the signature of the transaction.

After the signature of the transaction is generated and received, any third party can verify it with the help of public key in the following way:

Confirm that the signature components, numbers r and s, are both in the range of 1 to n-1; Compute z = hash( transaction ) mod n Compute w = 1/s mod n. Compute u = z × w mod n; Calculate v = r × w mod n; Calculate the point (x, y) = (u × G) + (v × Keypub); Confirm that r = x mod n. The verified signature will be invalid if r ≠ x mod n.

As we can see, the security of the ECDSA algorithm relies on the randomness of the k integer and on the impossibility of deriving a private key within a reasonable time using ordinary computing power. Blockchain technology has the highest level of security through this new form of encryption and the only way to break it is to create a quantum computer with more than 2000 qubits of computing power, something impossible at the present time.