Welcome! This is part one of a deep dive into the technologies powering blockchains and crypto. As you might expect, the “crypto” in cryptocurrency refers to cryptography. As a result, if we want to build a deep understanding of blockchains and cryptocurrencies, we should first understand cryptography. Luckily, that’s the goal of this post.
If you want to keep up with the rest of our deep dive, hit that subscribe button!
Introduction to Cryptography
Said simply, Cryptography is the science of using mathematics to encrypt and decrypt data. The first evidence of cryptography popped up around 2000 BC in the hieroglyphs used to decorate the tombs of dead pharaohs and kings. Since then, cryptography has had a long, fascinating history and evolved to be core component in almost every modern technology.
But a history lesson isn’t what we’re here for, is it?
We’re here to learn how cryptography works! If you’re completely unfamiliar with cryptography, I’ve listed some core definitions you’ll need to be familiar with below.
Encryption: The process of converting data (called plaintext) to a jumble of unintelligible numbers and letters (called ciphertext)
Decryption: The process of converting ciphertext back into plaintext.
Cipher: An algorithm, or formula, used to determine the output of an encryption and decryption process.
Key: A unique piece of information that gives a user the ability to utilize a cipher.
The “Unbreakable” Algorithm Fallacy
Oftentimes, people who are not familiar with cryptography made the assumption that a secure cryptographic cipher must be unbreakable. After all, if you can break the algorithm, it can’t really be that secure, can it?
Imagine that someone told you, “Bitcoin is totally secure, but also, it can be hacked, and here’s how you do it.”1 If you’re like me, that statement wouldn’t leave you feeling very confident. Luckily for Bitcoin, modern cryptography is a little counterintuitive -- it actually doesn’t rely on creating “unbreakable” algorithms or ciphers.
Why, you ask? Because outside of a few impractical cases (see the one-time pad), unbreakable cryptoraphy doesn’t exist.
Instead, modern cryptography relies on the computational hardness assumption, which states: A cipher is secure if the process to break it is computationally infeasible. In other words, if breaking a cipher would take you ~20,000 years, it’s probably safe to assume you have nothing to worry about. Since the advent of modern cryptography, several methods emerged that achieve computational hardness. I’ve listed the most important below.
Integer Factorization describes the process of reducing a number into its smallest prime components. For example, the prime factorization of 21 results in (7, 3), and the prime factorization of 16 results in (2, 2, 2, 2). With small numbers, prime factorization calculations are quite simple. However, with large numbers, especially large semiprime numbers, the computation required to perform prime factorization calculations becomes exponentially more complex.
The Discrete Logarithm Problem describes the difficulty of computing the following: Given a group2, G, with elements a, b, and k, what is the value of k such that bk= a. This can also be written as k= logba. Certain instances of this problem, such as when b=10, are easy to calculate and commonly used in many different fields. However, for more complex groups, G, utilizing modular arithmetic3 or elliptic curves, these calculations become exponentially more complex.
Lattice Problems refer to the difficulty of finding the best, or most optimal, solution to various calculations in relation to Lattices. This article does an incredible job of explaining Lattice problems. If you wish to dive deeper, you can take a look here and here.
On their own, these problems are enough to stump any modern computer for tens, hundreds, or even thousands of years. Additionally, most cryptographic algorithms implement these methods over several iterations and in conjunction with other complex mathematical formulas to secure the algorithm further. We won’t dive into the details here, but this lecture series covers this topic extensively if you’re interested in learning more.
I also want to draw your attention to one crucial commonality between these algorithms; within each, the calculation is complicated to compute on its own, yet easy and quick when given a missing variable, known as a key. Key-based cryptography makes up a significant portion of the field and is comprised of two main types:
Symmetric Cryptography: Utilizes a single, shared key in both the encryption and decryption process. Symmetric cryptography is computationally efficient and commonly used in cell phone and email encryption. Unfortunately, it relies on the assumption the key is kept secret at all times, severely limiting its use cases in trustless systems like blockchains.
Asymmetric Cryptography (Public Key Cryptography): Utilizes a pair of keys, including an encryption key (the public key) and a decryption key (the private key). Asymmetric cryptography requires significantly more computation than symmetric cryptography but also provides significantly more functionality. Often, cryptographers use asymmetric cryptography to securely transport keys used in symmetric cryptographic algorithms.
As blockchains don’t usually use symmetric cryptography, we will turn our focus toward public key cryptography. Most blockchains use a variation of public key cryptography to create user accounts, known as wallets. Each wallet has a public key to receive transactions and a private key to send transactions. To better understand, let’s compare a blockchain wallet to your email address:
When using your email, the address itself is public and can receive emails from anyone, anywhere in the world, regardless of your permission. It can also be used to log in to other platforms, represent your digital identity, or store important information without compromising these features' security. This is possible because your password is needed to log in, view, respond to, or adjust anything within your email. Blockchains operate similarly. Within your blockchain “account,” your public key is known, and anyone can send transactions to it from anywhere in the world. Furthermore, the capital held in that account is only accessible if a user has the private key needed to “log in. ”
Several types of public key cryptographic algorithms are used today, each with various benefits in security and speed. The most well-known can be found below:
RSA: Relies on integer factorization and allows users to choose two large prime numbers as their private key and multiply those numbers together to create a public key. This is a simplification, but it is sufficient for our purposes. RSA is a relatively slow algorithm, and as such, it is not commonly used outside of the transportation of shared keys used for symmetric cryptography.
Digital Signature Algorithm (DSA): Relies on the Discrete Logarithm Problem to create a pair of keys used to generate digital signatures attached to every transaction. This signature provides transaction authentication (the receiver can verify from where the transaction originated), message integrity (the receiver can verify a miner or other malicious party did not alter the transaction), and a proof the transaction occurred. Most blockchains require a signature to verify each transaction.
Elliptic Curves: Elliptic Curve Algorithms rely on a variation of the Discrete Logarithm Problem but use an elliptic curve-based cyclical subgroup as G instead of a group of integers. I’ll be honest, I still have difficulty wrapping my head around Elliptic Curve Cryptography (ECC), so for now, I’m not going to attempt to explain it. If you want to dive down the rabbit hole, I recommend you start here and then take on lectures 16 and 17 from Christof Paar’s Introduction to Cryptography course. If not, just know ECC is basically a next-generation form of the DSA that “should” provide significantly increased security while maintaining performance. As a side note, both Bitcoin and Ethereum use the Elliptic Curve Digital Signature Algorithm.
To make a long story short, Blockchains use public key cryptography to create secure accounts between which transactions can occur. Users know these accounts are secure because they are protected by a series of incredibly complex math problems. Users value that security because, unlike a bank account, the user doesn’t have to trust a third party to control their assets. Instead, the user has 100% of the control because they are the only ones to hold the account’s private key.
You might be thinking to yourself, “Well, this all sounds dandy, but if no entity is tracking the transactions that occur, how can I verify a transaction actually happened? What if someone says they sent me money, but I never received it?”
That’s where hash functions come in.
Hash Functions
A hash is a mathematical function that converts an input of arbitrary size or length into an encrypted, standardized output. Moreover, hash functions are deterministic, meaning given any input, the function will always spit out the same output, and any adjustment to that input will result in a completely different output (this is important). Finally, hash functions are not meant to be decrypted and do not have a key. See the following for a simple and in-depth explanation of the math behind hash functions. There’s a lot here, so let’s use an example to understand better how hash functions work.
Let’s say you want to send $10 to Johnny Apples on Wednesday, January 2, 2034, but to send that transaction, your bank requires a 10-digit string, such as “5KSI96HTK0,” that somehow comprises those three variables (the amount you want to send, the recipient, and date). Additionally, you have to do this in such a way that the function comes up with the same result every time you input those variables and a completely different result if you change even one minor thing (such as sending $11). Hash functions allow you to do this quickly, seamlessly, and deterministically. In other words, you can think of a hash function as a method of “adding” several pieces of information together such that the output always results in a unique, standardized output.
So how does this relate to keeping track of transactions? That’s where a blockchain comes in. We’ll spend more time on this next week but for now, just think of a blockchain as a list of transactions where every transaction (and that transaction’s hash) is linked to the transaction immediately before it. Because of this relationship, if any transaction in the list is adjusted, the input to the hash of the next transaction is also adjusted.
Do you remember what happened when the input of a hashing function changes, even slightly?
That’s right; the hash output becomes something completely different. This then changes the input of the next transaction and every transaction following it. This feature, and the resulting cascade of adjustments that occur down the rest of the chain, is known as the Avalanche effect. If you take nothing else from this part of the lesson, remember this: Because of hash functions, if a single transaction in a blockchain is altered, all following transactions in the chain become invalid. This means once a transaction occurs, it will forever exist on that chain, and for all practical purposes, it can never be adjusted.4
Hash functions are fantastic, but like anything else, they aren’t perfect. For example, hash functions have a few different attack vectors (namely, Preimage Attacks and Collision Attacks), and due to their standardized output, they cannot be compressed to take up less memory or “space.” Because of this, blockchains often use a data structure called a Merkle Tree to store hashes more efficiently.
Merkle Trees consist of hashed transactions, which are concatenated (or added together) in an upwards hierarchy, the top of which is called a “root.” A basic Merkle Tree is shown below.
Essentially, Merkle Trees allow us to store data more efficiently by combining the hashes of several transactions into one final hash, known as the root. We’ll dive deeper into Merkle Trees next week.
In summary, hash functions offer several benefits to blockchains, including:
They make transactions unique (as every set of inputs to a hash function generates a unique output).
They are deterministic, meaning the hash output will always be the same given any specific input.
The computations are quick and one-way, meaning hashes are easily generated but incredibly difficult to reverse engineer.
A slight change in the data (even adjusting a single letter of your message) results in the Avalanche effect, in which the output hash changes completely. This effect is incredibly powerful in the case of a blockchain because if a single transaction in the chain is altered, the hash of every following transaction becomes invalid.
Let’s review
We’ve covered a lot so far, so let’s review. Cryptography is this cool technology that allows us to transfer data and value across the internet securely. Cryptography works because it encodes that data with really hard math problems that only the intended recipient can efficiently solve. These methods have proven to be so secure that entire transaction networks, called blockchains, have been built on top of this technology. These blockchains operate by using public key cryptography to create user “accounts” in the network and hashing algorithms to track the transactions between users within the network. Finally, because blockchains use efficient data structures to store transactions, they take up less space and are more accessible to the average user.
Quantum Computers and the Future of Cryptography
Quantum computers are a huge topic of discussion in cryptography as many assume they will break the computational hardness assumption of both integer factorization problems and Discrete Logarithm problems. Peter Shor proved this through the development of Shor’s Algorithm, which given a sufficiently large number of qubits, could theoretically solve each problem in minutes. There is a lot of debate on the number of qubits needed to run Shor’s algorithm effectively, but the general consensus states we are still a minimum of 10 years away from quantum-related security issues.
Additionally, there is a ton of work being done on potentially quantum-resistant cryptographic algorithms, with Lattice problems showing up most often. One item worth noting is most potentially quantum-proof cryptographic algorithms require significantly larger key sizes than what is currently on the market.
In a situation where quantum computers pose a real threat to the security of decentralized networks like Bitcoin or Ethereum, it’s likely (but not guaranteed) that the community would propose an adjustment to the code. This adjustment would lead to a hard fork and, subsequently, two new chains: one running the old code and one running the new code. In this situation, nodes would choose to support one chain, and the one with more extensive node support would likely become the new, dominant chain. This is likely not a worry in the next 3-4 years, but it is something to keep an eye on.
That’s pretty much it for this week!
Next week, we’ll dive into the actual structure of blockchains, how they operate in a decentralized manner, why they might be valuable, and what types of blockchains exist on the market today. Additionally, below is a list of resources you can use to dive deeper into any of the topics discussed in this lesson.
In preparation for next week, check out the following readings. See you then!
Recommended Readings for Week Two
Byzantine Fault Tolerance: est: 5 min
The Byzantine General’s Problem: est: 2 min
Proof of Work Solution: est: 1 min
Consensus: est: 10 minutes
Bitcoin Whitepaper: est: 20 min
Ethereum Whitepaper: est: 45 min
Proof of Work: est: 15 min
Proof of Stake: est: 20 min
Relevant Resources
This is totally the case, by the way, but it isn’t something to worry about. We’ll get into Bitcoin’s security next week.
If you’re unfamiliar with Groups, see this quick primer.
Modular arithmetic is at the core of most cryptographic functions and is essential if you care to dive deeper into cryptography.
Please note, this isn’t actually the case, but for our general understanding right now, let’s assume it is. We’ll discuss this more next week.
Wow. Can't believe this barely got attention. Been a crypto daytrader for a while but it's admittedly my first time trying to understand the tech behind it. Appreciate the readings too. Subbed!