Basic Crypto Primitives

What You’ll Learn

 Basic cryptographic primitives behind the blockchain technology

 Cryptographically Secure Hash Function
 Digital Signature

 Hash Function: Used to connect the “blocks” in a “chain” in a tamper-proof way

 Digital Signature: Digitally sign the data so that no one can “deny” about their own
activities. Also, others can check whether it is authentic.
Cryptographic Hash Functions

 Takes any arbitrarily sized string as input

 Input M: The message

 Fixed size output (We use 256 bits in Blockchain)

 Output H(M): We call this as the message digest

 Efficiently computable
Cryptographic Hash Function: Properties

 Deterministic
 Always yield identical hash value for identical input data

 Collision-Free
 If two messages are different, then their digests also differ

 Hiding
 Hide the original message; remember about the avalanche effect

 Puzzle-friendly
 Given X and Y, find out k such that - used to solve the mining puzzle in Bitcoin Proof of Work
Collision Free

 Hash functions are one-way; Given an , it is easy to find . However, given an , no

deterministic algorithm can find

 It is difficult to find and , where , but

 Note the phrase difficult to find, collision is not impossible

 Try with randomly chosen inputs to find out a collision – but it takes too long
Collision Free – How Do We Guarantee

 It may be relatively easy to find collision for some hash functions

 Birthday Paradox: Find the probability that in a set of randomly chosen persons, some
of them will have the same birthday
 By Pigeonhole Principle, the probability reaches 1 when number of people reaches 366 (not a
leap year) or 367 (a leap year)
 0.999 probability is reached with just ~70 people, and 0.5 probability is reached with only ~23
people
Collision Free – How Do We Guarantee

 Birthday paradox places an upper bound on collision resistance

 If a hash function produces bits of output, an attacker need to compute only hash
operations on a random input to find two matching outputs with probability > 0.98

 For a 256 bit hash function, the attacker needs to compute hash operations – this is
significantly time consuming
 If every hash computation takes only 1 microsecond, it will need years
Hash as A Message Digest

 If we observe , it is safe to assume

 We need to remember just the hash value rather than the entire message – we call this as
the message digest

 To check if two messages and are same, , simply check if

 This is efficient because the size of the digest is significantly less than the size of the original
messages
Hashing - Illustration

 http://www.blockchain-basics.com/HashFunctions.html

Courtesy: Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher

Information Hiding through Hash

 Given an , it is “computationally difficult” to find

 The difficulty depends on the size of the message digests

 Hiding helps to commit a value and then check it later

 Compute the message digest and store it in a digest store – commit
 To check whether a message has been committed, match the message digest at the digest store
 Message Commitment through Multiple Parties

Bob Jane
Alice

H(M,KA),M,KA H(M,KA),M,KA

Commit Verify Verify

KA is the public key of Alice – A public identity that only Alice can have
Puzzle Friendly

 Say is chosen from a widely spread distribution; it is computationally difficult to

compute , such that , where and are known a priori.

 A Search Puzzle (Used in Bitcoin Mining)

 and are given, is the search solution
 Note: It might be not exactly a particular value Z, but some properties that Z satisfies, i.e., Z could
be a set of possible values

 Puzzle friendly property implies that random searching is the best strategy to solve the
above puzzle
Hash Function – SHA256

 SHA256 is used in Bitcoin mining – to construct the Bitcoin blockchain

 Secure Hash Algorithm (SHA) that generates 256 bit message digest

 A part of SHA-2, a set of cryptographic hash functions designed by United States

National Security Agency (NSA)
SHA256 Algorithm - Preprocessing

 Pad the message such that the message size is a multiple of 512
 Suppose that the length of the message M is and
 Append the bit “1” at the end of the message
 Append zero bits, where is the smallest non-negative solution to the equation
 Append the 64-bit block which is equal to the number written in binary
 The total length gets divisible by 512
 Partition the message into 512-bit blocks , ,…,
 Every 512 bit block is further divided into 32 bit sub-blocks , ,…,
SHA-256 Algorithm

 The message blocks are processed one at a time

 Start with a fix initial hash value

 Sequentially compute ; is the SHA-256 compression function and + means mod addition.
is the hash of .
 SHA-256 Algorithm

M(0) M(1) M(N)

256 bit Message

Initialization
Vector
C C C Digest
Patterns of Hashing Data

 Independent hashing
 Repeated hashing
 Combined hashing
 Sequential hashing
 Hierarchical hashing

Courtesy: Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher

 Types of Hashing

 Independent hashing

 Repeated hashing
Types of Hashing

 Combined hashing

 Sequential hashing
 Types of Hashing

 Hierarchical hashing
 Hash Pointer
 A Cryptographic Hash Pointer (Often called Hash Reference) is a pointer to a location
where
 Some information is stored
 Hash of the information is stored

 With the hash pointer, we can

 Retrieve the information
 Check that the information has not been modified (by computing the message digest and then
matching the digest with the stored hash value)
Hash Pointer
H(DATA)

DATA
Hash Pointer

Reminds you of a linked list??

Reference: Coursera course on Bitcoin and Cryptocurrency Technologies

Tamper Detection using Hash Pointer

Courtesy: Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher

 Making Tampering a Hash Chain
Computationally Challenging

http://www.blockchain-basics.com/HashFunctions.html

Courtesy: Blockchain Basics: A Non-Technical Introduction in 25 Steps by Daniel Drescher

 Detect Tampering from Hash Pointers -
Hashchain

H(D(i-1)) H(D(i)) H(D(i+1))

D (i)
D (i+1)
D (i+2)
Merkle Tree – Organization of Hash Pointers in a Tree

Root Hash Merkle Root

Hroot=Hash(H0+H1)

L1 Hash L1 Hash
H0= Hash(H00+H01) H1=Hash(H10+H11)

L2 Hash L2 Hash L2 Hash L2 Hash

H00=Hash(T1) H01=Hash(T2) H10=Hash(T3) H11=Hash(T4)

T1 T2 T3 T4
 Blockchain as a Hashchain

Block Header Block Header Block Header

Previous Previous Previous

Nonce Nonce Nonce
Hash Hash Hash

Merkle Merkle Merkle

Block Hash Block Hash Block Hash
Root Root Root
Digital Signature

 A digital code, which can be included with an electronically transmitted document to

verify
 The content of the document is authenticated
 The identity of the sender
 Prevent non-repudiation – sender will not be able to deny about the origin of the document
Purpose of Digital Signature

 Only the signing authority can sign a document, but everyone can verify the signature

 Signature is associated with the particular document

 Signature of one document cannot be transferred to another document
Public Key Cryptography

 Also known as asymmetrical cryptography or asymmetric key cryptography

 Key: A parameter that determines the functional output of a cryptography algorithm

 Encryption: The key is used to convert a plain-text to a cypher-text;
 Decryption: The key is used to convert the cypher-text to the original plain text;
Public Key Cryptography

 Properties of a cryptographic key (you need to prevent it from being guessed)

 Generate the key truly randomly so that the attacker cannot guess it
 The key should be of sufficient length – increasing the length makes the key difficult to guess
 The key should contain sufficient entropy, all the bits in the key should be equally random
 Public Key Cryptography
 Two keys are used
 Private key: Only Alice has her private key
 Public key: “Public” to everyone – everyone knows Alice’s public key

Encrypt the Decrypt the

message with message with his
Bob’s public key private key

M’
Public Key Encryption - RSA

 Named over (Ron) Rivest – (Adi) Shamir – (Leonard) Adleman – inventors of the public
key cryptosystem

 The encryption key is public and decryption key is kept secret (private key)
 Anyone can encrypt the data
 Only the intended receiver can decrypt the data
RSA Algorithm

 Four phases
 Key generation
 Key distribution
 Encryption
 Decryption

Image source:
https://commons.wikimedia.org/
Public and Private Keys in RSA

 It is feasible to find three very large positive integers , and ; such that modular
exponentiation for integers :

 Even if you know , and ; it is extremely difficult to find

 Note that

 is used as the public key and is used as the private key. is the message that needs to be
encrypted.
RSA Key Generation and Distribution

 Chose two distinct prime integer numbers and

 and should be chosen at random to ensure tight security
 Compute ; is used as the modulus, the length of is called the key length
 Compute – Euler totient function
 Choose an integer such that and ; and are co-prime
 Determine : is the modular multiplicative inverse of [Note ]
RSA Encryption and Decryption

 Let be the integer representation of a message .

 Encryption with public key

 Decryption with private key

 RSA Encryption and Decryption - Example
Key Selection
 Select 2 prime numbers: p=17, q=11
 Calculate n=pq=17×11=187
 Calculate f(n)=(p-1)(q-1)=16×10=160
 Select e such that e is relatively prime to f(n)=160 and less than f(n); Let e=7
 Determine d such that d.e ≡ 1 mod 160 and d<160; Can determine d = 23 since 23×7 = 161 =
1×160+1
Encryption of Plaintext M = 88
 C=887 mod 187
 = [(884 mod 187)×(882 mod 187)×(881 mod 187)] mod 187 = (88×77×132) mod 187 = 11
Decryption of Ciphertext C = 11
 M=1123 mod 187
 =[(111 mod 187)×(112 mod 187) ×(114 mod 187) ×(118 mod 187) ×(118 mod 187)] mod 187
 =(11×121×55×33×33) mod 187 = (79720245) mod 187 = Courtesy:
88 Cryptography and Network Security by William Stallings
RSA Encryption and Decryption - Demo

 https://www.devglan.com/online-tools/rsa-encryption-decryption
 Digital Signature using Public Key Cryptography

 Sign the message using the Private key

 Only Alice can know her private key
 Verify the signature using the Public key
 Everyone has Alice’s public key and they can verify the signature

Sign the message Verify the

with her private signature using
key Alice’s public key

M, M’
 Reduce the Signature Size
 Use the message digest to sign, instead of the original message

M, S

Sign the message Verify the signature

with her private key using Alice’s public
key
Digital Signature in Blockchain

 Used to validate the origin of a transaction

 Prevent non-repudiation
 Alice cannot deny her own transactions
 No one else can claim Alice’s transaction as his/her own transaction

 Bitcoin uses Elliptic Curve Digital Signature Algorithm (ECDSA)

 Based on elliptic curve cryptography
 Supports good randomness in key generation
 A Cryptocurrency using Hashchain and Digital
Signatures

A:10, Sig(A)

 Alice generates 10 coins

 Sign the transaction A:10 using Alice’s private key and put that in the blockchain
 A Cryptocurrency using Hashchain and Digital
Signatures

H(1)

A->B:5, Sig(A)

H(0)

A:10, Sig(A)

 Alice transfers 5 coins to Bob

 Sign the transaction A-B:5 using Alice’s private key and put that in the blockchain
A Cryptocurrency using Hashchain and Digital Signatures

 Maintain the economy

 Generate new coins with time
 Delete old coins with time

 A central authority like bank can create and destroy coins based on economic policies

 Crucial Question: How can we distribute coin management (creation and destroy)
https://medium.com/bootdotdev/how-sha-2-works-step-by-step-
sha-256-90ecd4f09e4d
https://demoblockchain.org/block
https://bitcoinbook.cs.princeton.edu/

47