Lecture on 18 December 2018
Role of Cryptography in Blockchain
RSA and SHA
Blockchain for Beginners
Elective course from the Faculty of Information Technology, Thai - Nichi Institute of Technology, Bangkok for undergraduate students.
#BlockchainTNI2018
Blockchain Technology - Week 6 - Role of Cryptography in Blockchain
1. Blockchain Technology
Week 6
Unit III – Role of Cryptography in Blockchain
Ferdin Joe John Joseph, PhD
Faculty of Information Technology
Thai-Nichi Institute of Technology, Bangkok
Venue: D603
2. Week 6 – Unit III
Agenda
• Role of Cryptography in Blockchain
• RSA and SHA
2
Faculty of Information Technology, Thai-Nichi Institute of
Technology
7. Bitcoin Hash
• The corresponding SHA-256 of the sentence “How to buy
Bitcoin?” looks like this:
156aedcfab1d49f73abddd89faf78d9930e4b523ab804026310c973bf
a707d37
• If we remove only one symbol – for example the question mark “?” –
the hash of “How to buy Bitcoin” looks like
this: 4314d903f04e90e4a5057685243c903fbcfa4f8ec75ec797e1780e
d5c891b1bf
Faculty of Information Technology, Thai-Nichi Institute of
Technology
7
8. What is hashing
• Hashing means taking an input string of any length and giving out an
output of a fixed length.
Faculty of Information Technology, Thai-Nichi Institute of
Technology
8
9. Properties of Hashing
• Deterministic
• Quick Computation
• Pre-image resistance
Faculty of Information Technology, Thai-Nichi Institute of
Technology
9
10. Properties of hashing - Deterministic
• No matter how many times you parse a particular input through a
hash function you will always get the same result.
• This is critical because if you get different hashes every single time it
will be impossible to keep track of the input.
Faculty of Information Technology, Thai-Nichi Institute of
Technology
10
11. Properties of hashing – Quick Computation
• The hash function should be capable of returning the hash of an input
quickly.
• If the process isn’t fast enough then the system simply won’t be
efficient.
Faculty of Information Technology, Thai-Nichi Institute of
Technology
11
12. Properties of hashing – Pre-image resistance
• It is infeasible to determine A, where A is the input and H(A) is the
output hash.
Faculty of Information Technology, Thai-Nichi Institute of
Technology
12
14. The RSA Algorithm
• Based on the idea that factorization of integers into their prime
factors is hard.
★ n=p.q, where p and q are distinct primes
• Proposed by Rivest, Shamir, and Adleman
in 1977 and a paper was published in The Communications of ACM in
1978
• A public-key cryptosystem
15. RSA Algorithm
• Bob chooses two primes p,q and compute n=pq
• Bob chooses e with gcd(e,(p-1)(q-1))=
gcd(e, ψ(n))=1
• Bob solves de≡1 (mod ψ(n))
• Bob makes (e,n) public and (p,q,d) secret
• Alice encrypts M as C≡Me (mod n)
• Bob decrypts by computing M≡Cd (mod n)
16. Proof for the RSA Algorithm
• Cd ≡ (Me)d ≡ Med ≡ M1+kφ(n) ≡M (mod n) by Euler’s theorem and
Exercise 19 on p.192
• p=885320963, q=238855417,
• n=p.q=211463707796206571
• Let e=9007, ∴ d=116402471153538991
• M=“cat”=30120, C=113535859035722866
17. Another Example
• n=127x193=24511, φ(n)=24192
• e=1307, d=10643
• Encrypt “box” with M=21524, then
C=?
Encrypt the following message
Formosa means a beautiful island
18. Selected Problems from P.192-200
(1) n=11413=101x113, so p=101, q=113
ψ(n)=(p-1)x(q-1)=100x112=11200
Choose e=7467, then gcd(e, ψ(n))=1
Solve de≡1 (mod ψ(n)) to get d=3
If the ciphertext C=5859, then the plaintext
M≡Cd ≡58593 ≡1415 (mod 11413)
19. Fast Computation of xd (mod n)
• 1235 mod 511
• 1235 ≡ 28153056843 mod 511
• 1232 ≡ 310 (mod 511)
• 1234 ≡ 32 (mod 511)
• 1235 ≡ 123101b ≡1234 ×123
≡ 359 (mod 511)
20. Fast Computation for xd (mod n)
y=1;
while (d != 0) {
if ((d%2) != 0) { y=(y*x)%n; d--; }
d>>1;
x=(x*x)%n; /* x^(2k) */
}
21. Fast Computation for xd (mod n)
Let t be the number of bits for integer d, e.g.,
If d=5=1012 , then t=3
y=1;
for (i=t; i≧0; i--) {
y=(y*y)%n;
if (d[i]==1) y=(y*x)%n;
}
22. The Concept and Criteria
1. Ek(Dk(m))=m and Dk(Ek(m))=m for every message m in M, the set of
possible messages, every key k in K, the set of possible keys
2. For every m and every k, then values of Ek(m) and Dk(m) are easy to
compute
3. For every k, if someone knows only the function Ek, it is
computationally infeasible to find an algorithm to compute Dk
4. Given k, it’s easy to find the functions Ek and Dk
24. Step 1 -- Padding
• Padding the total length of a padded message is multiple of 512
• Every message is padded even if its length is already a multiple of 512
• Padding is done by appending to the input
• A single bit, 1
• Enough additional bits, all 0, to make the final 512 block exactly 448 bits long
• A 64-bit integer representing the length of the original message in bits
CS 450/650 Lecture 8: Secure Hash
Algorithm
24
26. Example
• M = 01100010 11001010 1001 (20 bits)
• Padding is done by appending to the input
• A single bit, 1
• 427 0s
• A 64-bit integer representing 20
• Pad(M) = 01100010 11001010 10011000 … 00010100
27. Example
• Length of M = 500 bits
• Padding is done by appending to the input:
• A single bit, 1
• 459 0s
• A 64-bit integer representing 500
• Length of Pad(M) = 1024 bits
28. Step 2 -- Dividing Pad(M)
• Pad (M) = B1, B2, B3, …, Bn
• Each Bi denote a 512-bit block
• Each Bi is divided into 16 32-bit words
• W0, W1, …, W15
CS 450/650 Lecture 8: Secure Hash
Algorithm
28
29. Step 3 – Compute W16 – W79
• To Compute word Wj (16<=j<=79)
• Wj-3, Wj-8, Wj-14 , Wj-16 are XORed
• The result is circularly left shifted one bit
CS 450/650 Lecture 8: Secure Hash
Algorithm
29
30. Step 4 – Initialize A,B,C,D,E
• A = H0
• B = H1
• C = H2
• D = H3
• E = H4
CS 450/650 Lecture 8: Secure Hash
Algorithm
30
32. Step 5 – Loop
For j = 0 … 79
TEMP = CircLeShift_5 (A) + fj(B,C,D) + E + Wj + Kj
E = D; D = C;
C = CircLeShift_30(B);
B = A; A = TEMP
Done
+ addition (ignore overflow)
CS 450/650 Lecture 8: Secure Hash
Algorithm
32
33. Four functions
• For j = 0 … 19
• fj(B,C,D) = (B AND C) OR ( B AND D) OR (C AND D)
• For j = 20 … 39
• fj(B,C,D) = (B XOR C XOR D)
• For j = 40 … 59
• fj(B,C,D) = (B AND C) OR ((NOT B) AND D)
• For j = 60 … 79
• fj(B,C,D) = (B XOR C XOR D)
CS 450/650 Lecture 8: Secure Hash
Algorithm
33
34. Step 6 – Final
• H0 = H0 + A
• H1 = H1 + B
• H2 = H2 + C
• H3 = H3 + D
• H4 = H4 + E
CS 450/650 Lecture 8: Secure Hash
Algorithm
34
35. Done
• Once these steps have been performed on each 512-bit block (B1, B2,
…, Bn) of the padded message,
• the 160-bit message digest is given by
H0 H1 H2 H3 H4
CS 450/650 Lecture 8: Secure Hash
Algorithm
35