Week 31 — Demystifying the Crypto in Cryptocurrencies
Cryptocurrencies or crypto in short, is a word spliced together by two completely different concepts, namely cryptography and currency.
Almost everyone that buys or transacts in crypto don’t usually think about the underlying cryptographic process that takes place in order to make the transaction happen. People just expect things to happen, almost as if it’s magical.
Arthur C. Clarke famously wrote: “Any sufficiently advanced technology is indistinguishable from magic”.
So, what exactly is cryptography? How does cryptographic processes power what we now know as cryptocurrencies?
It’s time to demystify cryptography in cryptocurrencies!
What is cryptography?
Cryptography is the practice and study of secure communication in the presence of third parties. The whole point of cryptography is to prevent unwanted parties from accessing information that they are not supposed to access.
It sounds a lot something that came out from a 007 movie, but the study of cryptography dates back to the very birth of handwritten texts. People have been finding means and ways to to encrypt their information away from prying eyes and ears. The ancient Egyptians carved messages on the walls, ancient Greeks, Romans, Indians and people all over the world made use of ciphers to secure their messages.
Obviously these ancient ciphers do not apply to people these days because of the advent of the computer. The first use of a computer was built (Turing) for the purposes of breaking or “brute forcing” the enigma machine in WWII to decrypt German messages sent over the radio waves.
A brute force attack explains itself. It literally means trying all possible combinations in order to break the code or message. It’s humanly impossible to do that with a pen and paper, but with computers, it becomes exponentially easier to break a cipher.
What Kind Of Cryptography Does Cryptocurrencies Use?
There are two kinds of cryptography, symmetric and asymmetric key cryptography
Symmetric cryptography uses the same key to encrypt and decrypt the message. One great example is shown in the Netflix series Lupin where Arsene’s dad encrypts a message on a book meant for Arsene by staining the chosen alphabets with coffee water. Arsene then gradually puts the message together using the key (book) that was given to him.
On the other hand, asymmetric cryptography is requires two keys: a private and a public. The private key is kept privately while the public key can be shown to any person(s).
In order to keep my explanation easily digestible, I will attempt to use an analogy to explain this concept as accurately as possible.
So, imagine Bob wants to deliver a message over to Alice securely, away from prying eye. Bob then asks Alice to pass him an unlocked padlock while she holds on to her own key that accesses the padlock.
Bob then places the letter into the box with the unlocked padlock and then closes the lock by pushing it. The closed box prevents anyone from reading the letter while being transported.
Once the box gets to Alice, she recognises the box as the one Bob was supposed to pass to her. She then unlocks it with her key and retrieves the message.
Obviously, this is in assumption that no nefarious party intercepts the box and cracks it with brute force to retrieve the message meant for Alice.
This leads us to the next question …
What is Hashing and How Secure Are Cryptographic Algorithms?
As you might already suspect, cryptocurrencies like Bitcoin and Ethereum both use asymmetrical cryptography as part of their technology.
And so, the next question to ask is, if my public key is known to everyone, can someone brute force their way to my private key via my public key?
Well, the answer is yes. However, it might take a couple of decades to guess the number. And because it takes so long to brute force into your private key, it is deemed to be secure, just think about risk-reward of doing something like that.
Since the private key plays such an important role, it has to be:
- Randomly generated
- A long and large number
- Provided by a secure algorithm to generate the keys
Randomisation is extremely important because you wouldn’t want anyone to randomly stumble upon your private key. Long numbers are way harder to brute force compared to shorter ones, and the algorithms need to be proven to be stress tested against any attacks. One must note that these 3 criteria are constantly being threatened by advancements in computer technology. Quantum computing is that bear in the woods constantly chasing the integrity of encryption algorithms.
So, if the encryption algorithm is so important to the make up of cryptocurrencies, what encryption is being use?
Bitcoin uses SHA-256 which basically stands for Secure Hash Algorithm. The key thing to note here about hashing is that if you change one single bit of data from your input, your output changes drastically.
If I use SHA-256 to hash the phrase “Hello I am Adriel”, I will get a hash of 805aadf293d1f34791d61639bcdf36023f7a6827f7ec14e3b26600385a14d065
If I change the phrase to “ello I am Adriel”, the hash changes drastically to 48a0f133a699624ad1468d31c077c027308e9b000e808fed5e7902ddf1c95d28
Or if I hash “Hallo I am Adriel”, it produces a completely different output of cd301e937b40cb2b91d8722df15e42ccfb46350341adeae4eff0485e1e366b12
The concept of hashing is used in many aspects of a blockchain network, from within the wallet, to creating a transaction and placing that transaction onto the chain.
So, if you’re struggling to grasp what a hash is, just think about it like a picture that was taken at a birthday party. It shows all the information about the birthday party, like who were the attendees, what year it was, what everyone was wearing, but it does not provide all the information about what went down. Like how did Bob smell after puking all over the car air-conditioning vents.
A hash just takes a snapshot of information. It does not contain the information per say.
Wallets and Digital Signatures
In one of my articles, I wrote about the different types of wallets out there that a newbie can try to set up quickly. While that is meant to be a tutorial, this section here seeks to help the reader understand the inner workings of how a wallet software works to reconcile your private key, public key and blockchain address.
A blockchain wallet is meant to be a software that stores all three key information that I mentioned above. On top of that, the wallet allows you to manage the assets (Tokens, NFTs) you possess and also works to authenticate users as well.
When you are given a wallet, the first thing that is done by the software is to provide you with a private key that is generated randomly.
The private key is then put through a elliptic-key cryptography process to derive your public key.
After which, your public key is then put through another cryptographic algorithm that is different from the one that derives your public key (for security purposes) to generate your blockchain address. This blockchain address is filled with checksums and prefixes.
Using different kinds of cryptographic algorithms increases the security level which prevents an individual from getting to the private key should they be able to brute force their way to getting the public key from the blockchain address.
This makes handing out your blockchain address to random people pretty safe, unless they happen to be in possession of a quantum computer.
A blockchain address is analogous to your bank account number or an email address. You can be identified based on your address, but no one can enter your wallet unless they are in possession of your private key.
Your private key can then be used to sign off on transactions, authenticating that you are the owner of the wallet and it’s tokens and you are looking to transfer the tokens out of the wallet. This is called a digital signature and it is has been used for years in traditional finance transactions, digital signing platforms, software licenses, etc etc.
How Cryptography Helps With Sending Tokens From Your Wallet
So now, Alice wants to send 10 Doge coins to Bob from her wallet
Her wallet software first creates the transaction, by including her public key information, Bob’s address (Alice needs to input this) and specify that she’s sending 10 Doge coins to Bob. The wallet then creates a digital signature of the transaction. This digital signature (which is a hash) is then signed by Alice’s private key in order to show the network that she is the owner of the address and tokens.
She then broadcasts this transaction to the rest of the network for any computer to verify the transaction.
The validators are looking for proof that Alice’s public key is synchronised with the signed hash and therefore verifies the transaction.
Once approved, this transaction is then placed on a block and hashed again to reflect that Bob is now the new owner of the coins.
Cryptography will remain a mainstay in the blockchain ecosystem, although right cryptographic technological advances outruns current computing power, who knows what will happen in the future with the rise of quantum computing technology.
We can only watch and see how the story plays out.
I hope you’ve enjoyed reading this as much as I do writing this!
Till next week!