Public-Key Cryptography in Blockchain
How public-key cryptography works
Public-key or asymmetric cryptography is one of the two main types of encryption algorithms. Its names come from the fact that it uses two different encryption keys: a public one and a private one.
Public and private keys
The private key used in public-key cryptography is a random number with certain properties (length, primality and so on). The public key is derived from the private key.
The security of public-key cryptography is based upon a mathematically “hard” problem. This is an operation that is “easy” (polynomial complexity) to perform and “hard” (exponential complexity) to reverse. Commonly used “hard” problems include:
- Factoring problem: Multiplication of two prime numbers is “easy,” factoring is “hard”
- Discrete logarithm problem: Exponentiation is “easy,” logarithms are “hard”
The hardness of the problem is vital to the balance of security and usability. Since certain operations are easier than others, it is possible to design an algorithm that allows legitimate users to perform the “easy” operation while forcing attackers to perform the “hard” one. By increasing the size of the values used, the difficulty of the problems can be adjusted so that the system is usable but immune to attack.
Encryption and digital signatures
The use of two different keys in public key cryptography also enables it to be used in a couple of different ways:
- Encryption: Someone with knowledge of a user’s public key can encrypt a message with it. This message can then be decrypted using the corresponding private key
- Digital signatures: A message can be digitally signed using a private key and the signature can be verified with the associated public key
These two operations can use the same algorithm. The important fact in both cases is that one key makes it possible to undo what the other does, producing the original message.
Blockchain applications of public-key cryptography
The blockchain is designed to be a distributed and decentralized system. Each node in the network is responsible for maintaining its own copy of the digital ledger, and data — in the form of transactions and blocks — is transmitted between nodes via a peer-to-peer network.
Public key cryptography and digital signatures are essential to making this system work. They provide the following features in blockchain:
- Authentication: A digital signature proves that a message can only have been created by someone with knowledge of the appropriate private key. Since public keys are linked to particular accounts, this ensures that only someone with knowledge of an account’s private key can create transactions originating from that account
- Integrity protection: A transaction or block may pass through multiple different nodes on its path from its creator to a particular node in the network. Since the blockchain is designed to minimize the need to trust in other nodes, this data needs to be protected against malicious modification. A digital signature is only valid if the associated data has not been tampered with, enabling it to provide both authentication and integrity protection
- Identity management: On the blockchain, identity is managed using public key cryptography. Account addresses are based on public keys, so creating a valid account only requires the generation of a private/public keypair and the associated address. This enables blockchain users to remain anonymous (a private key is a random number not linked to their real identity) while ensuring that any transactions made using an account were authorized (since they carry a valid digital signature)
Security of public-key cryptography in blockchain
Public-key cryptography serves a vital role in ensuring the security of the blockchain. As a result, its security is of paramount importance.
While the public key cryptography algorithms most commonly used in blockchain are generally regarded to be secure, their security can be undermined or threatened in a number of different ways. Three of the primary ways in which public key cryptography’s security is threatened in blockchain are:
- Poor random number generation: Anyone with knowledge of a user’s private key can generate a valid digital signature using it. If a private key is generated using a weak random number generator, then it may be easily guessable by an attacker. This type of mistake enabled the “Blockchain Bandit” to steal millions of dollars’ worth of Ether in 2019
- Lost/stolen private keys: Even if an account’s private key is generated securely, it can still be compromised if it isn’t stored securely. Most blockchain “hacks” involve the theft of private keys from insecure cryptocurrency exchanges or via phishing and SIM hijacking attacks
- Quantum computing: The security of public key cryptography depends on the “hardness” of the problems that it is based on. Shor’s algorithm runs on a quantum computer and solves the factoring problem in polynomial time. This destroys the asymmetry of this problem because both legitimate and malicious operations have the same complexity, making it impossible to develop an algorithm with it that is usable and secure. Post-quantum algorithms are based on problems that are still “hard” for quantum computers
Public-key cryptography and blockchain security
Public-key cryptography is one of the building blocks that the blockchain protocol is based upon. The guarantees provided by cryptographic algorithms make it possible to implement a distributed, decentralized and secure digital ledger.
This makes the security and secure use of public key cryptography essential to the security of the blockchain. If private keys are not properly protected or an algorithm in common use is shown to be insecure, then the security of the blockchain itself is placed at risk as well.