DISCLAIMERS:
I am writing this article to test my knowledge on this topic (by using the Feynman technique). This means that mistakes can be made. Therefore, if you notice any, please let me know.
This article is a high-level explanation of the topic so some details might not be 100% correct or might be simplified to make the reader understand them.
I will not be covering everything that uses cryptography in the crypto-landscape, just the most prominent places.
Cryptography in crypto is primarily used to prevent people from spending coins that they don’t own. In this article, I will explain how it does this.
We will start by exploring cryptographic key pairs. Cryptography can be done symmetrically and asymmetrically. Symmetric cryptography is where you use one key/password to encrypt/decrypt information. It is however asymmetric cryptography that is used in crypto. Asymmetric cryptography makes use of two keys, the public key, and the private key.
A private key is an enormous number (256 bits or 64 hexadecimal characters in Bitcoin and Ethereum’s case) and must be kept secret. The generation of a private key involves randomness and often uses a hash function. This is a function that takes some input, performs mathematical computations on it, and outputs a digest of that input (usually as a string of numbers or hexadecimals).
Hash functions have a few important characteristics:
- They are deterministic. The input of a hash function always has the same output.
- They have to be a one-way function, meaning that you can’t derive the input from the output.
- The hash function’s output can’t give anything away about the input. Good hash functions respond to the slightest change in the input. Changing a single thing in the input should result in a huge change in the output.
try for yourself
The output of a hash function is often of the same length. This way the length of the output doesn’t reveal anything about the input. This also implies that there is a finite number of outputs for an infinite number of inputs. - That brings us to our fourth characteristic, collision resistance. Hash functions have to make it almost impossible to find two inputs that map/hash to the same output.
For example, metamask uses the seed integer of a mnemonic phrase as input and generates a private key from it. The public key is abstracted from the private key using elliptic curve cryptography. An important thing to note about a key pair is that they are mathematically related to each other. This mathematical relationship forms the basis of asymmetric encryption.
There are two types of asymmetric encryption, public key encryption, and digital signatures.
Public key encryption
In this case, the public key is used to encrypt data and the private key is used to decrypt data. The goal is to keep the data private and let the data only be decrypted by the person it is meant for.
Let’s say Bob wants to send Alice a message that only she should be able to read. What Bob then does is ask Alice for her public key and encrypt his message with that key. He then sends Alice the encrypted message. Now only Alice, who has the corresponding private key, can decrypt the message.
However, in crypto, the public key is not used to encrypt data and the private key is not used to decrypt data. It is closer to the opposite.
Enter digital signatures
In crypto, digital signatures are used to verify ownership. Ownership on the blockchain means that you own the private keys that have access to your coins. To then send the coins, you need to prove that you own those coins by signing the transaction with the corresponding private key.
Before diving deeper into how digital signatures play their role in transacting on the blockchain, we will first take a look at addresses.
An address is derived from a public key by applying some hash functions to it.
Blockchains like Bitcoin and Ethereum use addresses (Bitcoin) or accounts (Ethereum) to keep track of the ownership of the native currency (BTC or ETH). They keep a record that maps an address or account to the coins (or UTXOs) that it holds.
Let’s say Alice wants to buy a piece of digital art from Bob for 1 Bitcoin. For her to send that transaction, she needs to prove that she owns that Bitcoin. To do so she needs to prove that she is the holder of the private key that corresponds to the address that maps to the Bitcoin. Alice does this by signing the transaction with her private key. Her public key can then be used by anyone to verify that she signed that transaction.
The signing process goes as follows:
- Alice hashes the transaction data (2) and signs it using her private key (3). This gets us the signature.
- Alice sends the signature together with her transaction data and her public key to Bob
- Bob then verifies that Alice sent the transaction by hashing the transaction data (5) and decrypting the signature with Alice’s public key (4). If the hashed transaction data and the decrypted signature are the same, the transaction is valid (6).
Bitcoin’s actual process is a little different. The transaction from Alice to Bob isn’t verified by Bob. This is the job of the Bitcoin miners and nodes. The miners construct blocks with transactions in them. For each transaction, they verify if it is a valid transaction, otherwise, they will reject it. If a miner does include an invalid transaction in a block, the nodes are there to make sure that other miners won’t build on that block. If Alice’s transaction eventually ends up in a block on the Bitcoin blockchain and some time passes, Bob can be sure that this transaction is valid and that it will remain on the blockchain. Bob can now send her his piece of digital art.
That was it for now.
Thanks for reading this article on the cryptography in cryptocurrencies. I would appreciate it if you could leave me some feedback. If you have any questions, please let me know in the comments, reach out to me via Twitter or send me an email @0xjules.tech@gmail.com.
(Re)sources
- https://en.wikipedia.org/wiki/Public-key_cryptography
- https://en.wikipedia.org/wiki/Digital_signature
- https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
- https://www.youtube.com/watch?v=dCvB-mhkT0w
- https://www.youtube.com/watch?v=NF1pwjL9-DE
- https://www.youtube.com/watch?v=U2bw_N6kQL8&list=PLzctEq7iZD-5jXhJkuiazqKCff9F5ZrkM&index=10
