An introduction to cryptography in distributed ledger technology
Cryptography is the backbone of distributed ledger technologies like blockchain and other consensus-oriented distributed networks. If you are interested in building decentralized applications, it's essential to understand the wallet generation and transaction signing processes. Both of which rely heavily on underlying cryptographic protocols.
In addition to distributed networks, cryptography is a critical component of cybersecurity. With cybercrime on the rise and cyberattacks costing businesses an average of 2.3 Million dollars per malware attack source, it is increasingly important to have your cybersecurity up to par. With the proper use of cryptography, you could save your business big time by ensuring the confidentiality of sensitive information.
Modern cryptography is mathematically robust and plays a critical role in securing sensitive information like your bank account numbers and social security number. While the mathematics may be complex, the concepts are graspable without a complete understanding of the encryption algorithms.
One of the key components of cryptography is ciphers. Ciphers are algorithms used to conceal (encrypt) and decrypt information. The encrypted information is called ciphertext, while decrypted information is called plaintext. There are two types of ciphers, symmetric ciphers, and asymmetric ciphers. We will go into the difference and some examples throughout this article.
The Earliest Known Cipher: Caesar’s Cipher
One of the earliest known ciphers is the Caesar Cipher or shift cipher. Caesar's cipher is a symmetric cipher, meaning the same key used to encrypt information is used to decrypt it. The cipher works by mapping the current character of the plaintext to a character of a predetermined distance (the key) adjacent in the alphabet. For example, if the key is a right rotation by three, then 'A' gets mapped to 'D.' The whole keymap has been constructed below for your convenience. The plain-text, "CIRCERO," would be enciphered as "FLUFHUR."
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: DEFGHIJKLMNOPQRSTUVWXYZABC
Notice the wraparound of the alphabet is modeled by modulus arithmetic. We can mathematically represent an encryption function and a corresponding decryption function En=(x + n) mod 26 and a corresponding decryption function Dn= (x - n)mod 26. Here is an excellent repository of the implementation of this algorithm in several different languages. Below is an example constructed in JavaScript.
For some time, transposition ciphers like the shift cipher provided adequate protection of sensitive information. However, enumerating over 26 possible keys isn't very hard, and the cipher is easily broken.
Ciphers in Blockchain Wallets
The ciphers used today that make Distributed ledgers like blockchain possible are known as asymmetric ciphers. Asymmetric ciphers use a different key to encrypt information than they do to decrypt information. These keys are known as the public and private key pair. They contrast symmetric cryptography, where the same Key used to encrypt information also decrypts information.
If you've poked around the distributed ledger space, chances are you've generated a wallet consisting of a private Key, to keep secret and your Public Key, which acts as your wallet's address. We will go over how crypto wallets use asymmetric cryptography.
Before asymmetric cryptography, it was a big challenge to share keys with people over long distances. To share private information over a secure communication channel, you and the receiving party need to share a key. You can see this chicken or the egg problem forming. How do you securely share the key? Asymmetric ciphers addressed this issue.
Asymmetric cryptography works as follows. Say Alice and Bob want to send a secret message without an eavesdropper, Eve, able to read the message. Alice and Bob each have a public key (viewable by anyone) and a private key (only known by the owner of the corresponding public key). Alice encrypts her message with Bob's Public Key so that the only key that can decrypt the information is Bob's Private Key. Alice sends the message to Bob. Even if Eve can intercept the message, she cannot read its contents without Bob's Private Key. Bob can then decrypt the message with his private key and read the secret message from Alice.
So how do crypto wallets leverage this technology? When you are authorizing transactions, you want to prove that you are the owner of the private key corresponding to funds in the wallet. This is done using a Digital Signature Algorithm.
When a user authorizes a transaction, they prove that the user is the owner of the private key corresponding to the public key’s funds. Because of the mathematical relationship between the public and private keys, users can sign a transaction with their private key, creating a digital signature. A digital signature reveals no information about the private key but can be verified with the corresponding public key. Thus proof can be constructed.
The currently best performing asymmetric encryption algorithm is the Elliptic Curve, providing fast, secure encryption with a smaller key than RSA.
For readers interested in the mathematics of RSA or the Elliptic Curve, the following resources are excellent learning tools.
- Elliptic Curve
- RSA (Rivest, Shamir, Adleman)
- DSA (Digital Signature Algorithm)
- ECDSA (Elliptic Curve Digital Signing Algorithm)
Resources on the implementation and available cryptography libraries are presented below. These are all open source and generally respected and implemented for various purposes.
- Crypto-js Is a great JavaScript library to explore additional ciphers
- elliptic is a JavaScript library for elliptic curve encryption including digital signature algorithms.
- Cryptography is an expansive python library with access to digital signature algorithms and the most commonly used ciphers.
- OpenSSL is commonly used by system administrators to generate TSL certificates and perform a variety of cryptographic functions.
- Botan is a crypto library for C++.
- Bouncy Castle has a Java and C# library and is a provider for the Java Cryptography Extension (JCE).