Harvey's Blockchain Sessions - Post 6 : Cryptography

Note: This post is part of a series of posts on understanding Blockchain and its various real-world applications. Those coming directly to this post are advised to go through the previous posts as well. I have shared links to the earlier posts at the bottom of this post.

Chapter 4: Understanding various technologies that underpin or make blockchain successful

Now that we have spent some time demystifying what Blockchain is, its origin and its applicability to solve real-life problems, let us look at various technologies that underpin or make Blockchain successful.

In our Post number 3, we had discussed following design elements of Blockchain :

1. Distributed Ledger
2. Validation of transactions by participating nodes.
3. Aggregation of multiple transactions in Blocks.
4. Establishing authenticity of the transaction messages
5. Securing the Blocks from tampering

Let us understand the technologies employed by Blockchain to understand how exactly it works the way its evangelists claim it does,

Cryptography

Cryptography is the study and application of various methods to encrypt and decrypt messages in an environment wherein they can be intercepted by adversaries.

We discussed in the design elements of Blockchain that Blockchain is a distributed ledger and all transactions between participants of the blockchain network are broadcasted to the participating nodes for validation. That means the messages related to the transactions are not private to the sender and receiver, but are, by design itself, made available to other participants.

This poses the problem of privacy. If I send 10 Bitcoins to another party, I won’t like everyone in the network to know the complete details regarding my identity and that of the receiver as well as the details of the transaction that takes places between us. That would be like if I initiate a bank transfer of say, $ 1000 to you and the whole world gets to know our respective identities and our bank balances. Scary, right?

So, how does Blockchain solve this problem? Simple. It ensures that the message regarding our identities and the transactions are encrypted such that only the right recipient is able to make sense of it. It achieves this by employing cryptographic techniques or tools on the transaction message as well on identities of the sender & receiver of the message.

Cryptography, in general, is employed to achieve following information security objectives :

1. Confidentiality: The objective of confidentiality implies keeping the information or message hidden from unauthorized persons. Only the authorized person is able to decipher the meaning the message.

    2. Data Integrity: The objective of data integrity is to confirm if the message shared by the  

          sender has been altered or not.

    3. Authentication: The objective of authentication is to confirm that the message has been

         sent by an identified and verified sender.

    4. Non - repudiation: The objective of non-repudiation is to ensure that sender of a specific

         the message can’t subsequently disown that he/she sent the message to the receiver.

There are various cryptography tools that be used in conjunction with each other to ensure that the above 4 objectives of a good cryptography are met. Various such tools can be classified under following 4 categories.  We will study these in the context of the design of blockchain.

1. Encryption
2. Hash Functions
3. Message Authentication Codes
4. Digital Signatures

Let us take a look at these tools in brief and see how they are leveraged for blockchain deployments.

Encryption

Effectively, encryption tools are used to change a message ( called plaintext in this context ) into an encrypted message (called ciphertext) and relaying it in an open network such that only the intended recipient is able to decrypt the message and make sense of it. Encryption is achieved by using an encryption key and running the plaintext through an encryption algorithm using this encryption key to create the ciphertext.The recipient, on receiving this ciphertext runs it through another algorithm called decryption algorithm using the decryption key to convert it back to the plaintext.These keys are specific fixed bit size values known only to the sender & the receiver.

Based on how encryption & decryption keys are used, there are two types of Encryption systems.

1. Symmetric Key Encryption
2. Asymmetric Key Encryption

In case of Symmetric Key Encryption, both sender and receiver use the same key for the purpose of encryption and decryption respectively while in case of Asymmetric Key Encryption, sender and receiver use different keys for the purpose of encryption & decryption.

Blockchain doesn’t use Symmetric Key Encryption system.Blockchain network is supposed to be used by several participants on a common network. In case of Symmetric Key Encryption, sender and receiver need to share the common key between themselves before sharing of the message. In such a network with a large number of participants who can send messages to anyone else in the network, using symmetric key encryption would have meant using a very large number of such keys and managing them between each unique pair of sender and receiver. Moreover, the keys would need to be changed regularly to ensure security and the keys management in itself would have become a mammoth task.  

Therefore, Blockchain employs Asymmetric Key Encryption system to share encrypted messages between the sender and the receiver. It achieves this by deploying a system called Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

In case of PKI based encryption system, every user in the network gets a pair of keys :

1. Public Key.
2. Private Key

A public key, as the name goes, is public. These can be shared with anyone in the network. These are like your email IDs. If you want someone to email you, you can share your public email ID with them. Similarly, if you want someone to share encrypted and secure messages to you over blockchain network, you can share your public key with them.

Private Key, on the other hand, is like your email login password. You don’t share these with anyone. Rather, you take extra precautions to ensure that your private key is hidden from anyone else and that only you are in knowledge of this.

Are public key and private keys related?

Yes, they are mathematically related.

Can one calculate the value of someone’s private key from his/her public key?

No, it is not feasible.

That is the beauty of this system of using a public & private key pair.

So, how does it work in the case of the Blockchain?

When someone needs to send a data, say bitcoins, to a specific receiver, he/she first need to get hold of the recipient’s public address and then he uses this address in the transaction message and encrypts it using his/her private key. This encrypted message is called Digital Signature as it has been digitally signed by the sender using his private key, just like one signs a physical document using one’s unique signatures.

This digital signature is authenticated by applying sender’s public key to the message and the digital signature. Since the sender’s public and private keys are related, this authentication proves whether the message has been sent by someone with private key corresponding to the public key of the sender.  

This authenticates the message and also ensures that the messages can’t be hacked. In case of bitcoin use case of the blockchain, for example, it ensures that the bitcoins have been transferred by a legitimate party and that hackers can’t steal the bitcoins. The only way a hacker can steal in this case is by stealing the private key of participants and then using that to send bitcoins to themselves.

P.S. - You can also see the following posts in this series of Blockchain Sessions

1. Blockchain Overview
2. Harvey's Blockchain Sessions - Post 1
3. Harvey's Blockchain Sessions - Post 2
4. Harvey's Blockchain Sessions - Post 3
5. Harvey's Blockchain Sessions - Post 4
6. Harvey's Blockchain Sessions - Post 5 : History of Blockchain?

The Images used in this post belong to the original copyright holders.