Topic 2 Blockchain Fundamentals - Cryptography BW.pdf

Blockchain Fundamentals
Cryptography
HKUST
Professor Allen Huang

Outline
• Blockchain Overview
• Basics of Cryptography in the Blockchain
• Decentralized Digital Identity

Fundamental Nature of Blockchain: Decentralized
Centralized
• The centralized
system holds the final
state of the records
• Users need to
reconcile the records
from the centralized
system
• Resolve disputes by
negotiating with the
centralized system
Decentrazlied (distributed)
• All nodes should have
some access of the
records
• Nodes can retrieve the
final state of the
records from peers
• Resolve disputes by a
predetermined
protocol (a.k.a.
consensus)
The first application of blockchain is bitcoin,
a decentralized digital currency.
How to achieve consensus?

Desired Features of Digital Currencies
• For the currency to thrive, need to establish trust in its
value:
– The record of “who owns what” is correct
• No one can forge the currency: create fake ones out of thin air
• No double-spending: one cannot spend the same money twice
– Recorded transactions need to be correct
– Only the owner can spend the money

Interdisciplinary of Blockchain
Mathematics
Cryptography
Computer Science
Distributed System
(State Machine Replication)
Microeconomics
Game Theory/Mech. Design
Macroeconomics
Monetary Policy
Blockchain
• We will focus on two things:
– cryptography and economic incentives
– Bitcoin combine the two to create trust

Cryptography
• How to ensure security of ownership and truthfulness of
transaction records in a decentralized network?
• First, we need Cryptography
1) Allows us to verify the truthfulness of past transaction records
2) Allows owners to prove themselves with a digital signature
• Ensure that only owners can spend
– Replaces the centralized authority in keeping record

Essential Cryptography in Blockchain
Truthfulness of data: Cryptographic Hash Function
A function that takes arbitrary size inputs have fixed-size outputs
Prove ownership: Public-key Cryptography
Uses a pair of asymmetric keys for encryption
a private / secret key (sk) and a public key (pk)

Blockchain is immutable
• Blockchain is a linked series of blocks
• Each block contains two items: transaction data and a
summary of the previous block
• The summary is produced using a hash function.
Prev Block: H( )
Data
Prev Block: H( )
Data
Prev Block: H( )
Data

• A hash function produces a succinct and unique summary.
• If a block is changed, its hash will not match the following block.
– Also referred to as temper-evident.
• The only way to modify a block and keep the consistency of the
chain is to change all subsequent blocks.
Prev Block: H( )
Changed Data
Prev Block: H( )
Data
Prev Block: H( )
Data
Blockchain is immutable

The SHA-256 Hash Function (used in bitcoin)
• A “one-way” function
 Input: a string of any size
– You can hash any document or file
 Output: a 64-digit hexadecimal number
– Base-16: 0123456789ABCDEF
– Fixed length: 64 digits
7F1BF88D2CAEC81184C3BA941364F0B6E587D80FDEEF7B921DA4814F866CAFF1
HKUST is an awesome place!
SHA-256 Hash Function

The Hash Function
• Useful features:
1) The hash function is deterministic:
– The same message always return the same hash
2) Impossible to “reverse engineer” the input given the output
3) Avalanche effect
– Very small change to input leads to large change in output
– Easy to detect changes; make it hard to guess inputs
HKUST is an awesome place
d6f4129e6ef8e5b31bf1714797e541b2fe8cc69062486ca9ac526216ce33ad51
HKUST is an awesome place!
7f1bf88d2caec81184c3ba941364f0b6e587d80fdeef7b921da4814f866caff1
HKUST is an awesome place! 
80a16d0fd4f458969969b1f2eabff159fa2422ce31cd98b8bbfbfe31dfa81ac8
• Try it at an online hash calculator, e.g. https://emn178.github.io/online-tools/sha256.html

The Hash Function
𝑥
𝑦
𝐻 𝑥 = 𝐻(𝑦)
4) Collision Resistance:
– A Hash function H is collision-resistant if it
is infeasible to find two values, x and y,
such that x ≠ y and H(x) = H(y)
– Otherwise, it would be easy to manipulate
data on blockchain without detection.
Prev Block: H( )
Changed Data
Prev Block: H( )
Data
Prev Block: H( )
Data
?

How Safe is Hash Function?
• It seems that there is no pattern one can use to reverse-
engineer the input from output
– Computer scientists have tried very hard but haven’t been
able to find useful patterns
• The only way is to use a brute-force attack
– Keep trying random inputs until you obtain the same hash
– For Bitcoin’s Hash function, needs to compute on average
2256 hashes to succeed!
• One of the fastest computer on earth
– Sunway TaihuLight 神威·太湖之光
– 7.32 x 1012 or 7.32 terahashes per second
– Would take 5 x 1056 years to find a collision
– Age of universe is about 13.8 x 109 years.

• Many known cryptographic hash functions in history
– Many published by US government
– MD5: 128-bit output
• Introduced in 1992; Collisions have been found in 2005
– SHA-1 (Secure Hash Algorithm 1): 160-bit output
• Introduced in 1995; Collisions have been found in 2017 by Google
– SHA-2 family
• SHA-256, SHA-384, SHA-512, etc.
• Introduced in 2001; Still considered safe to collision attacks
– SHA-3 family
• published in 2015 by NIST as potential alternatives to SHA-2
• Just because it’s safe now does not mean it will always be safe.
• For example, Quantum Computer
– Easier but not easy: cost consideration; parallelization
– Satoshi started discussing the contingency plan (in 2010!)

Quick Summary of Hash Function
Produce a summary digest of any input data
• Deterministic
• A given input must always generate the same hash.
• One-way Trapdoor
• Difficult to obtain the original input data given the digest
• Avalanche effect
• A small change in input will cause a big change in output
• Collision Resistance
• Difficult to find two different input with the same output digest
Try it!
Try it!

Applications of Hash Functions
1. Document Integrity
• When you download a file from a website, the website can also
provide the SHA-256 hash of the file.
– After you download the file, you can compute the SHA-256 hash and
compare with the one published on the website.
– If the two hashes match, the file has not been comprised. Much quicker
than downloading the file again and compare.
• In blockchain, the temper-evident nature of hash functions ensure
that transaction histories cannot be changed

2. Commitments
• Alice and Bob are both trying to get the answer to a mathematical
problem.
• Alice got her answer first…..
She needs to commit to her answer,
but she does not want to reveal it.
• She can give the hash of her answer to Bob.
• Bob cannot reverse engineer Alice’s answer
from the hash, but Alice can prove her answer
later.

Commitment Scheme: Rock-Paper-Scissors
• Alice and Bob want to play Rock-Paper-Scissors online
• Different from the real world, the internet is not synchronous
• One solution: a trusted arbiter
• But what if there is no arbiter?

3. Password Storage
• Websites often store passwords of clients in hashed forms.
• When a customer enters a password, its hash will be compared with
the stored hash for verification.
– Pros: Passwords will not be easily compromised (e.g., when site is
hacked).
– Cons: Passwords stored this way cannot be recovered and has to be
changed if lost. i.e., you can only reset your password.

3. Password Storage
• Popular attack
– Dictionary (input)
– Rainbow table (output)
attack
• Solution: add salt
Password + Salt is
much less likely to
exist in a dictionary or
rainbow table than
password alone

Application in blockchain: Digital Signature
 Provides authentication, data integrity and non-repudiation
 Authentication: verify the identity of the message sender
 Control integrity of message: the data has not been altered
 Proof of sender: cannot deny that the message is sent by him
 With digital signature, we can ensure that the transaction is
authorized by the owner of digital asset
Public-key Cryptography

Public-key Cryptography: Digital Signature
• A digital signature scheme consists of:
1) Key generation
– Generate a pair of secret/private key and public key: (sk, pk)
– Secret key is simply a random number
– Secret and public keys are mathematically related
2) Signature
– With the secret key (secret key: sk), one can produce a signature,
signature, for a message.
signature = SIGN(secret key, message)
3) Verification
– With the public key (public key: pk), one can verify that the message
is signed by the secret key (secret key: sk).
VERIFY(public key, message, signature) = True

Digital Signatures Features
• A digital signature scheme should satisfy:
1) Valid signatures must verify
2) Signatures cannot be forged without the secret key
– One can observe the public key, many previous messages and their
signatures, but still cannot produce the signature of a new message
– Important because public key, messages and signatures are public.

Public-key Cryptography: Key Generation
Pool of
Secret Keys
SK (Secret Key) of Alice
PK (Public Key) of Alice
1. Randomly Draw
(Generate)
2. Derive
3. Broadcast
public key
Try it!
Try it!
Irreversible
Literally pick a number
between
1 and 2256 (1.158 x 1077)
Visible universe is
estimated to contain
1080 atoms.

Public-key Cryptography: Signing and Verifying
• Alice is sending $10 to Bob. She needs to broadcast the transaction
so that it can be recorded on blockchain. But how to ensure that it is
Alice sending the money? Not others sending from Alice’s account?
• Use her secret key to sign the transaction to ensure authenticity
SK of Alice
Alice sends $10 to Bob
at 11/11/2011 11:11:11
1. Alice use her
SK to sign the
transaction
2E77…4ACE
2. Broadcast
transaction + signature
to blockchain PK of Alice
3. Anyone can use Alice’s
PK to verify that the
signature matches the
transaction
Try it!
Try it!
Signature

Quick Summary of Digital Signatures
• Can be used to achieve secure ownership of digital assets
 The owner of a digital asset has a public and secret key pair
 The public key is shared with public while only the owner knows the secret
key
 Only the owner can sign a transaction with his secret key to prove
that it is authorized (to spend the digital asset)
 Such signatures can be easily verified by anyone.
 It is impossible to forge a signature without the secret key
 Note that one cannot simply copy a signature from an existing
transaction to a new transactions because signature depends on
the message
• It is important to safeguard the private key!

Public-key Cryptography Details: Key Generation
• Step 1: Generate a private key.
o In Bitcoin, a private key is a random 256-bit integer (each bit is 0/1) or a 64-digit
hexadecimal number (base-16 number, 0123456789ABCDEF).
o It is important to generate the private key with a good source of randomness.
o Do not write your own code to generate a random number.
• Step 2: Use the private key to generate a public key.
o Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to generate a
public key from a private key.
o Similar to hash functions, the elliptic curve multiplication operation is a one-way
function
o One can get public keys from private keys but not vice versa.
• ECDSA:
– Private key: 256 bits
– Public key: 512 bits
– Message to be signed: 256 bits
– Signature: 512 bits

Public-key Cryptography Details: ECDSA
Source: Mastering Bitcoin, Antonopoulos
• How ECDSA generate a public key from a private key:
pk = sk * G
• The G, generator, is the same for all Bitcoin keys.
Notes about * in ECDSA:
Multiplication:
– A * n = A+A+…+A
Addition:
– When B is added to A
– C is obtained
• For Bitcoin:
G = 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8
y2 = x3 + a (mod p)
n copies of A

Digital Signature and Digital Identity
• With digital signatures, you can have digital identity.
• Each identity just means a key-pair (sk, pk)
• For example, if you see a message with a signature from the
key-pair (sk, pk); that is, the message is signed with private
key (sk)
 Think of it as:
pk says, “[msg]”.
Similar to verified twitter account.
• To “speak for” pk, you must know its matching private key sk.

How to Create Digital Identities?
• In a centralized system, to have a
digital identity, you usually need to
submit an application with
documents, and wait for approval.
• In a decentralized system like
Bitcoin, all you need is to create an
identity is to generate a new,
random key-pair (sk, pk).
pk is the public “name” you can use
sk lets you “speak for” the identity
• It’s also very simple to verify identity.

How to Create Digital Identities?
• In a decentralized system like
Bitcoin, all you need is to create
an identity is to generate a new,
random key-pair (sk, pk).
pk is the public “name” you can use
sk lets you “speak for” the identity
• It’s also very simple to verify identity.

Decentralized Digital Identities
– Bitcoin Addresses
• No central point of coordination
– Any one can make a new identity at any time.
– No verification procedure
– Make as many as you want!
• In Bitcoin, these identities are called addresses.
– Any one can generate bitcoin addresses via a random procedure
– There are 2160 = 1.5×1048 possible Bitcoin addresses (HASH160) !
• As a reference point, there are 7.5×1018 grains of sand on earth.
– Essentially impossible to have duplicate addresses
• Try generating new Private Key, Public Key and Addresses online (do not
use them for real transactions):
https://www.bitaddress.org/

Privacy in a Decentralized System
• In a centralized system, central authority will protect your privacy
– Banks, brokerages
• In a decentralized system, you may be on your own
– The implication is huge
• Bitcoin addresses are not directly connected to real-world identity.
• But others can observe an address’s activity over time and make
inferences.
 E.g., if you keep using the same address, or transfer across your addresses
• Privacy in cryptocurrency becomes a new area... (will discuss in
details in the Topic: Practical Use of Crypto)

Bitcoin Addresses and Wallets
• Bitcoin keys and addresses are awfully long
– There is no way to remember them
• How to manage them? Use Wallets.
– Software that manages bitcoins
– There is no physical bitcoins; the wallets
store bitcoin keys/addresses
– Coins are “stored” on blockchain in the form
of transactions
• Wallets also offer additional functions
– Send or receive cryptocurrency
– Monitor balance
– Create new addresses
• Very important for privacy purpose

One wallet can store many addresses.
• Non-deterministic (random) Wallets
• Just a Bunch of Keys (JBOK)
• Keys are independent and thus
have to backup frequently
• Deterministic (seeded) Wallets
• Keys are all derived from a
common seed, through the use of
a one-way hash function
• Only need initial backup

• Most wallets can hold
different types of cryptos
(Bitcoin, Ether, etc)
• Types of wallets
– Online wallet
• E.g., Exchanges
– Local wallets
• Desktop or mobile wallet
• Hardware wallet
• You can even have a paper wallet
• Will discuss more details about wallets in the Topic: Practical Use of Crypto

Topic 2 Blockchain Fundamentals - Cryptography BW.pdf

More Related Content

Similar to Topic 2 Blockchain Fundamentals - Cryptography BW.pdf

Recently uploaded

Topic 2 Blockchain Fundamentals - Cryptography BW.pdf