Learn Ethereum in 2024. #11. Public-Key Cryptography.

Public key cryptography, also known as asymmetric cryptography, encompasses cryptographic primitives used for various purposes, including confidentiality, key exchange, authentication, non-repudiation of messages, and more. In essence, it extends beyond mere message encryption to address a spectrum of security needs. This technology is not only integral to the security of blockchains but also to the broader landscape of the Internet. To fully grasp its significance and revolutionary impact, let’s delve into the problems it was designed to tackle.

Symmetric (good-old) cryptography

In the classic encryption method known as symmetric encryption, the same key is used for both encrypting and decrypting the original text. While practical in scenarios where both communicating parties can agree on a key beforehand, this approach becomes increasingly impractical in the age of widespread communication. Consider the challenge of exchanging encrypted information with a website: How do you establish a shared key? Pre-arranging a key with every potential website you may need to communicate with is simply unfeasible.

Moreover, confidentiality alone does not suffice for secure communication; authentication is also imperative. In other words, how can one ensure that the received information indeed originated from the intended website and was not altered en route? While traditional encryption ensures message confidentiality, it does not inherently provide verification of the sender’s identity. These communication challenges remained unaddressed by symmetric cryptography, leading to a pivotal revolution in the 1970s with the advent of public key cryptography.

Asymmetric cryptography, or public key cryptography

In asymmetric cryptography, two types of keys are utilized: a public key and a private key. As the name implies, the public key is openly available and can be accessed by anyone. Conversely, the private key must be safeguarded and kept confidential. With these two keys, it becomes possible not only to encrypt messages but also to ensure their authenticity. Let’s delve into how these processes work.

Let’s consider a scenario where a person, such as Alice, generates two keys: a public key and a private key. Alice then shares her public key openly while safeguarding her private key. Now, suppose another individual, Bob, wishes to send an encrypted message to Alice. Bob encrypts the message using Alice’s public key and sends the encrypted message to her. Upon receiving the encrypted message, Alice can decrypt it using her private key, thus recovering the original text. This process allows anyone to send encrypted messages to Alice that only she can decrypt.

Similarly, if Bob also desires to receive encrypted messages from Alice or others, he can simply generate his own pair of keys and distribute his public key to those he wishes to communicate with.

Hybrid cryptograph

Thus, one utility of asymmetric encryption is its ability to encrypt messages without the necessity of prearranging a key. Bob and Alice can simply exchange their public keys to enable secure communication. However, asymmetric encryption tends to be less performant in terms of encrypting and decrypting messages due to its reliance on intensive mathematical calculations. Unlike symmetric encryption, which employs a heuristic construction designed for speed, asymmetric encryption involves complex mathematical operations, demanding heavier computational resources.

Typically, asymmetric encryption is utilized alongside symmetric encryption within a hybrid protocol. Initially, Alice and Bob employ asymmetric cryptography to establish a shared key. Alice initiates the process by sending an encrypted message containing the key to Bob, who responds with an encrypted message confirming the key agreement. Subsequently, Alice and Bob utilize this symmetric key to encrypt and decrypt messages using a symmetric encryption algorithm such as 3DES or AES. This approach addresses the challenge posed earlier, as the two parties do not require pre-agreement on a key, and once the key is established, they can leverage the efficiency of symmetric encryption.

Digital signatures

Another compelling use of asymmetric encryption lies in digitally signing documents. Have you ever pondered how we can accomplish this task securely? An insecure method would involve physically signing a sheet of paper and scanning the document, yet this approach poses vulnerabilities as the signature could be cut out and applied to a different document. A fundamental requirement of digital signatures is their exclusivity to the document being signed — they must remain valid solely for that document and no other.

Asymmetric cryptography enables the signing of documents using the private key. Once a document is signed with the private key, anyone can verify the document’s authenticity using the corresponding public key. This aligns with the nature of asymmetric cryptography, where the private key is kept secret by the signer, while the public key is openly available. Consequently, only Alice, for instance, can sign the document, but anyone possessing her public key can verify its authenticity. Moreover, the signature remains valid solely for that specific document; even minor alterations to the document would render the signature invalid.

Digital signatures offer both authenticity and non-repudiation, enabling us to ascertain the identity of the document signer and preventing them from denying their signature. However, to ensure these assurances, it is imperative to securely store the private key. Any compromise of the private key could lead to unauthorized individuals signing documents on behalf of the legitimate owner.

Digital signatures in blockchains

Digital signatures play a fundamental role in blockchains, serving as a means to prove ownership of specific assets or accounts. In Bitcoin, the concept of traditional accounts is absent; instead, ownership is tied to individual coins. When a new coin is mined or created from an existing one, it becomes locked and can only be transferred by someone possessing the corresponding private key. Conceptually, a Bitcoin coin operates akin to a check, usable only by the individual with the correct signature — the holder of the corresponding private key.

The Bitcoin network operates on the basis of anonymity — it does not concern itself with the identities of users. Instead, the network’s primary focus is on verifying whether an individual possesses the necessary private key to correctly sign a transaction and unlock the associated coin. Consequently, billions of dollars’ worth of bitcoins have been lost indefinitely, as the private keys required to access and move these bitcoins have been misplaced or forgotten, likely never to be recovered.

Ethereum operates on a different paradigm than Bitcoin, utilizing accounts instead of coins. In Ethereum, transactions are initiated from accounts, and to execute a transaction, one must sign the message with the corresponding account’s private key. The private key serves as the irrefutable proof of ownership and authorization for account operations. If the private key is lost, access to the account becomes impossible, rendering it inoperable.

What does a key look like?

If you’re curious about the nature of these keys, the answer may surprise you: they’re numbers. In both Bitcoin and Ethereum, the private key is a 256-bit number, representing a value between 0 and 2²⁵⁶-1. This number is staggering in its magnitude, nearly on par with the number of atoms in the universe. Generating a private key involves producing a random number of this scale. However, humans are notoriously poor at generating truly random numbers, making it far more reliable to rely on secure algorithms for this task. Due to the immense size of these numbers, the likelihood of two identical keys being generated is virtually nonexistent.

Currently, there are several asymmetric encryption algorithms in use. The first and still the most widely used for digital signatures is RSA. However, both Bitcoin and Ethereum utilize a more modern asymmetric cryptography algorithm known as ECDSA (Elliptic Curve Digital Signature Algorithm), which is based on elliptic curves. As mentioned earlier, the private key is a large number, while the corresponding public key is a point on a two-dimensional elliptic curve, represented as an ordered pair (x, y), each containing 256 bits, totaling 512 bits (or 257 bits if compressed). Public keys are not as prominent in Ethereum, but account addresses are derived from public keys.

In a forthcoming article, we’ll delve deeper into the topic of accounts. However, I’ll outline the process of constructing an account address from a public key. Initially, we hash the public key using the Keccak-256 hash function, a cryptographic hash function standardized in the SHA-3 family. The resulting address corresponding to this public key consists of the 20 bytes on the right, also referred to as the 20 least significant bytes.

The signature

As you might imagine, the signature of a message is also a number. Specifically, it consists of a trio of values known as parameters r, s, and v. The r and s parameters are each represented by 256 bits, while the v parameter consists of only 8 bits. Therefore, the total size of a message signature is 520 bits. When signing a message or any document, the sender attaches the signature to the document, serving as proof that it was indeed signed by the sender.

Lastly, you may wonder how one can determine that a specific public key is associated with a particular individual or entity. In the realm of digital signatures for individuals or entities, certifying entities exist to certify the link between a key and a person or company.

However, in the context of Ethereum, such certification is unnecessary, as there are no individuals — only accounts. The owner of a particular account (excluding contract accounts, as we’ll discuss later) is not a person but rather anyone who possesses the associated key. In essence, on the blockchain, identities are represented solely by numbers.