WHAT WE HAVE LOOKED INTO DIGITAL SIGNATURE IN BLOCKCHAIN
- What is the difference between public and private key cryptography?
- The cryptographically secure Hash function
- Collision free
- Information hiding
- Puzzle friendly
- Hash Pointers and Data Structures
- Hash chain
- Hash Tree-Merkle Tree
So, in the last discussion we have looked into different aspects of cryptographic hash functions and how to do cryptographic hash function can be utilized for generating this secured and tamper-proof series of blocks which works as the fundamentals behind the blockchain architecture. Now, in today’s discussion, we will look into the details of another fundamental behind secured blockchain architecture which is the digital signature. So, we look into the concept of digital signatures in detail.
what we have looked till now that we have looked into the cryptographic hash function and it is properties like the collision-free property, the information hiding property, and the puzzle friendly property and how these properties help in the development of the hash point architecture and different kind of hash-based data structure like a Hashchain and a Merkle tree and by utilizing this concept of Hash Chain and a Merkle tree how can you utilize it for the development of the entire blockchain architecture.
- A digital signature, which can be included with an electronically transmitted document to verify
- The content of the document is authenticated
- The identity of the sender
- Prevent non-repudiation-sender will not be able to deny the origin of the document
we will look into this concept of a digital signature. So, our digital signature is a digital code that can be included with an electronically transmitted document with this digital code you can verify first of all whether the content of the document is authenticated or not.
it works like a sign saying whenever you are sending a document or say a physical document from one person to another person in an administrative domain you need to physically sign the document and then send it which works as verification that The physical document is the authenticated document.
So, in the same way whenever we are transmitting some kind of digital content or digital file you put an electronically generated code with that particular file that will authenticate that file. Second this concept of the digital signature it also helps you to identify the user like who has signed the document and the person who has signed the document that person should not be able to deny later that he or she has not been side sign the document or his or her signature should not be forced by another person.
So, it broadly prevents one kind of security attack which we called as non-repudiation. So, this non-repudiation attack is basically a scenario a type of attack where the sender denies that he or she has signed this particular document. So, whenever we are preventing a non-repudiation attack we say that the sender and the receiver will not be able to deny that he or she has signed the documents.
So, it works as a verification of the origin of the document. So, this way the digital signature works pretty similarly to a physical signature only like it is a digital entity that is transmitted with the electronically generated content or electronically generated document.
PURPOSE OF DIGITAL SIGNATURE
- Only the signing authority can sign a document, but everyone can verify the signature
- Signature is associated with the particular document
- The signature of one document cannot be transferred to another document
the purpose of the digital signature is that first only the signing authority can sign a document, but everyone else will be able to verify the signature. So, the signing authority will be signing the document, and no one else will be able to force that sign. So, the signing authority, later on, will not be able to deny that he or she has not been signed, but everyone else should be able to verify that the sign is originally signed by the intended authority.
Now, the signature is also associated with a particular document which actually helps in proving the authenticity of the documents; that means, like the signature of one document that should not be transferred or that cannot be transferred from one document to another document. So, you cannot cut the signature from one document and paste it over another document. So, that way the digital signature
should provide the authenticity of the document and at the same time, it provides an identity of the origin of that particular document.
PUBLIC KEY CRYPTOGRAPHY
- Also known as asymmetrical cryptography or asymmetric key cryptography
- Key: a parameter that determines the functional output of a cryptography algorithm
- Encryption: the key is used to convert a plain-text to a cipher-text;
M’ = E (M,k)
- Decryption: the key is used to convert the cipher-text to the original plain text; M = E(M’,k)
Now, this concept of digital signature we can realize it with the concept of public-key cryptography, this concept of public-key cryptography is an interesting concept in the cryptographic domain it is also known as asymmetric cryptography or sometimes people call it as asymmetric key cryptography because we use 2 different keys. Now before going to the public key cryptography concept let us look into the concept of a key in the context of basic cryptography.
So, the key is a parameter that determines the functional output of a cryptographic algorithm. So, whenever you are applying a cryptographic algorithm the objective of the cryptography algorithm is to encrypt the particular information. So, that encryption of particular information is done with the help of a key and again by using another key you can decrypt the information and encrypt back the original information.
So, in this cryptography key there use for 2 different purposes for encrypting a document. So, the key is used to convert the plain text to an encrypted text which we call the ciphertext.
So, here key work this k works like a key. So, this encryption algorithm takes the input as the original information and a key as an input and produced the corresponding ciphertext that the cryptography text corresponds to the original information that has been passed into and the decryption algorithm here we can again use the key either the same key or a different key if we use the same key for decryption purposes we call it the private key cryptography or the symmetric key cryptography.
If we use different keys we call it public key cryptography or asymmetric key cryptography. So, in the case of decryption algorithm, you use either the same key or a different key which convert the ciphertext or the cryptographically encrypted text to the original plain text; that means, you take this encrypted text as the input and the key as the input and finally, produce the original text.
PUBLIC KEY CRYPTOGRAPHY
- Properties of a cryptographic key (you need to prevent it from being guessed)
- Generate the key truly randomly so that the attacker can not guess it
- The key should be of sufficient length – increasing the length makes the key difficult to guess
- The key should contain sufficient entropy, all the bits in the key should be equally random
So, the properties which should be there for a cryptographic key is that and this property is actually ensuring that you are you need to prevent the key from being guessed by others, if the others are able to guess the key they will be able to encrypt the particular content or will be able to decrypt the particular content. So, in the cryptographic purpose remember that the cryptographic algorithm is known to everyone what is known to what is not known to different people is the key.
the key is the secret thing which every person should possess, and with the key, it controls the output of your encryption or the decryption algorithm, if you provide the correct key then you will be able to decrypt and encrypt the data or you will be able to correctly encrypt the data otherwise you will not be able to do so.
So, the properties of a cryptographic key to preventing guess ability are as follows.
you need to generate the key truly randomly. So, that the attacker cannot guess it or no one will be able to guess that particular key unless that is informed explicitly to others, now the key should be of sufficient length. So, if this length of a key has a direct relation with your security of the encryption mechanism or encrypted text. So, if you increase the length it makes the key more difficult to guess.
So, a 2-bit key will be easier to guess compared to a 128-bit key. Now, the third property which is also important like the key should have sufficient entropy; means, all bits in the key should be equally random. So, this concept of entropy basically determines how much information is embedded inside a particular text or particular information.
whenever you are generating some say random key you should ensure that the entire thing is random or difficult to guess and at the same time every individual bit in the key they are also generated by a truly random mechanism, so they could not be guessable.
So, in case an attacker is able to guess some partial bit pattern it becomes easier for the attacker to guess the entire key. So, that is why you need to preserve the entropy of a particular key; that means, a particular key should have sufficient entropy so that all the bits in the key are equally random.
PUBLIC KEY CRYPTOGRAPHY
- Two key are used
- Private key: the only Alice has her private key
- Public key: “public” to everyone -everyone knows Alices public key
So, in the case of public-key cryptography as I have mentioned that we normally use 2 different keys one key is called the private key, and the second key is called the public key now in case of an encryption algorithm using this public-key cryptography. So, the private key is the key that only Alice knows so Alice only has her public key. On the other hand, Alice also possesses a public key which is public to everyone; that means, although the key belongs to Alice, everyone others in The universe they know that key.
So, whenever Alice is transferring some message to Bob in this case first Alice needs to encrypt the message with Bob’s public key. So, remember that Bob’s public key is known to Alice, but Bob’s private key is only known to Bob. So, that way the encryption is done with the help of public-key because everyone knows that particular key.
Now, whenever the encrypted message is transferred now because Bob only knows our private key. So, Bob will only be able to decrypt that particular message no one else in the universe will be able to decrypt that message. So, that was the intention of an encryption algorithm that whenever I am transferring some data to you during that time you will only be able to decrypt the message, but none in the universe will be able to decrypt that particular message.
that is ensured with the help of this kind of public-key cryptography concept where the public key is used to encrypt the message whereas, the private key is used to decrypt the message. So, the destination note or the final note he or she only knows the private key information he or she only has the private key information. So, he or she will be able to decrypt the message with the help of that private key.
PUBLIC KEY ALGORITHM – RSA
- Named over (Ron) Rivest- (Adi) Shamir – (Leonard) Adleman – inventors of the public key cryptosystem
- The encryption key is public and the decryption key is kept secret (private key)
- Anyone can encrypt the data
- Only the intended receiver can decrypt the data
Now, let us look into a public key encryption algorithm although this particular algorithm is not used in the concept of blockchain in blockchain or I will not say blockchain rather in bitcoin purpose in the blockchain you can use any kind of public-key encryption algorithm based on your design, but bitcoin uses a separate public key encryption algorithm but we will use this particular RSA algorithm in our discussion because it was one of the fundamental public-key algorithms which were proposed initially by the inventor of this public key cryptography concept and that particular public-key cryptography algorithm is widely accepted in our community.
So, this RSA algorithm is actually named by the inventor of this algorithm Ron Rivest- Adi Shamir and Leonard Adleman. So, they together developed this public-key encryption algorithm. So, R comes from Rivest, S comes from Shamir and A comes from Adleman that way we have this RSA algorithm.
in the RSA algorithm the like a normal public key algorithm technic the encryption key is public and the decryption key is kept secret which is the private key. So, anyone can encrypt the data with the help of the public key, and only the intended receiver he or she will be able to decrypt the information with the help of his or her private key.
- Four phases
- Key generation
- Key distribution
So, this RSA algorithm works in 4 phases of key generation, key distribution, encryption, and decryption. So, as I have mentioned here, the public key is used to generate the ciphertext from the plaintext and the private key is used to generate the plaintext from the ciphertext. So, this is(upper part) basically your encryption part and this is(lower part) your decryption part.
PUBLIC AND PRIVATE KEYS IN RSA
- It is feasible to find three very large positive integers e, d, and n; such that modular exponentiation for integers m(0≤m<n):
(m^e)^d ≡ (mod n)
- Even if you know e,n, and m; it is extremely difficult to find d
- Note that
(m^e)^d ≡ m (mod n ) ≡ (m^d)^e ≡ m (mod n)
- (e,n) is used as the public key and (d,n) is used as the private key. m is the message that needs to be encrypted.
Now, let us look into what is the mathematics behind the public and private keys in RSA. So, the fundamental mathematics we use in the RSA algorithm to generate the keys in the RSA algorithm is as follows: it is always feasible to find out 3 very large positive integers e, d, and n such that the modular exponential for integer m.
this modulo operation is the remainder after a division operation. So, you can always find out e, d, and n 3 such large integers such that (m^e)^d is functionally equivalent to m mod n. So, m mod n is second the mod n is the divisor remainder of the division operation.
So, m to the power e, whole to the power d that will be the functional equivalent to m mod n so, in this case even if you know e n or m 3 parameters of this particular operation it is always very difficult to guess the fourth parameter.
that comes from the discrete logarithm problem where if you say know e m and n it is very difficult to find out this value of d. Now, one interesting observation of this function is that if you do me to the power d which is equivalent to m mod n which is further equivalent to (m^d)^e m mod n. So, you can change the order of this exponentiation and this helps you to generate 2 different keys: the private key and public key.
in this particular context e and n it is used as the public key, and d and n it is used as the private key in case of RSA algorithm now if you have this information e d and n then you can encrypt a particular message at the same time you can decrypt a particular message. So, in case of a public key, we use this e and n as the public key part and public key pair, and this d and n are used as the private key pair.
RSA KEY GENERATION AND DISTRIBUTION
- Chose two distinct prime integer numbers p and q
-p and q should be chosen at random to ensure tight security
- Compute n = pq; n is used as the modulus, the length of n is called the key length
- Compute Φ(n) = (p-1) (q-1) – Euler totient function
- Choose an integer e such that 1<e<Φ(n) and gcd (e,Φ(n)) = 1;e and Φ(n) are co-prime
- Determined d = e^-1 (modΦ(n)) : d is the modular multiplicative inverse of e (mod Φ(n)) [note d.e = 1 (mod Φ(n))]
Now, let us look inside the algorithm at how this RSA algorithm works. So, first, we will look into the key generation part and how the key is distributed. So, for that, we choose to distinct prime integers p and q remember p and q need to be prime integers so, that it is difficult to guess such kind of integers the primality test is a difficult test. So, p and q should be chosen at random to ensure the tight security of your algorithm. Now you compute the value n which is equal to p q so, n is used here as the modulus and the length of n is called the key length of the RSA algorithm.
Now we compute a function called Φ(n) is equal to (p-1) (q-1). So, this particular function is known as the Euler totient function apart from this Euler text totient function although the original RSA algorithm used this Euler totient function, there are multiple other totient functions that you can use ah in the RSA algorithm in the place of Φ n. So, here we are explaining the algorithm with this Euler totient function where Φ n = (p-1) (q-1).
Now, you have to choose an integer e such that e belongs to 1 and Φ n and gcd of e of Φn is equal to 1; that means, e and Φn these 2 integers are co-prime to each other. So, once you have found out this value of e then you determine the value of d which is the inverse mod Φn. So, here d is the modular multiplicative inverse of e of e mod Φn, nowhere you can see that d.e d multiplied e it is equal to one mod Φn. So, that way you have the value of de and n now you can generate the public and private key pairs.
RSA ENCRYPTION AND DECRYPTION
- Let m be the integer representation of a message M.
- Encryption with the public key (e,n)
C≡ m^e (mod n)
- Decryption with the private key (d,n)
M ≡ c^d(mod n) ≡ (m^e)^d (mod n)
So, once you have the private and the public key pairs now once you have generated your private key and the corresponding public key.
So, as you have mentioned earlier that your e and n it is used as the public key and d and n it is used as the private key. Now once you have generated the values the d e and n then you keep the private key with you and make the public key public to everyone. So, you publicly announced the public key, but do not announce the private key. Keep it with you.
Now, whenever you whenever someone else is going to transfer some message to you they can encrypt the message with your public key and send that message back to you once you receive that message then after receiving that message you can decrypt the message with the help of your private key, so that is the encryption and the decryption algorithm for this RSA mechanism.
So, let m is the message and this small m is the integer representation corresponds to this small m is the integer representation corresponds to this message. So, you encrypt with this public key e n whenever someone else is going to transfer the message with you and the encryption algorithm will be m to the power e mod n and whenever you are decrypting the original message. So, this is the encrypted message so, this is your ciphertext.
you transfer that ciphertext to me and whenever I have received that ciphertext after receiving the ciphertext I can decrypt the ciphertext at as (c)^d (mod n).
Now, note that (c)^d (mod n) it is equal to (m^e)^d (mod n) and what we discussed earlier that we have generated the e and d in such away. So, such that m such that (m^e)^d becomes equal to m(mod n). So, in that sense whenever you are making c^d (mod n) it becomes (m^e)^d (mod n) which comes to be the original message m. So, that way you can decrypt the message by applying ah this private key d n.
So, this way by applying the RSA algorithm you have a public key and a private key, whenever you are interested to transfer the message say whenever Alice wants to transfer some message to Bob Alice encrypt the message with Bob’s public key, and once Bob receives that ciphertext then Bob can decrypt the ciphertext and get back the original plain text by applying his private key.
Now, we will look into how we can apply this public key cryptographic concept in the digital signature purpose. So, that is an interesting concept because during the normal encryption we encrypt a message using a private key, we encrypt a message using a public key and then we decrypt the message with the help of a public key.
Now you know that the private key is only available to the intended person, but the The public key is available to all with this concept what you can do that, if some person encrypts a particular message with his or her private key then it can work as a digital signature because you know that only in the universe every person has his or her own private key no one else and have the private key of Alice say, Alice.
So, that way Alice has her own private key with herself and if Alice encrypts something with her private key then everyone else can decrypt that message and check the originality of the message and can find out that the message has been encrypted with Alice private key and the private key was like a digital signature where by using the public key you are validating the digital signature whereas, the private key is used to sign the particular document.
DIGITAL SIGNATURE USING PUBLIC KEY CRYPTOGRAPHY
- Sign the message using the private key
- The only Alice can know her private key
- Verify the signature using the public key
- Everyone has Alice’s public key and they can verify the signature
So, that way in case of a digital signature you can use this concept of public-key cryptography where you sign the message using the private key because only Alice can know her private key, and whenever you are verifying the message you verify the message using the public key because everyone has Alice’s public key and using that Alice’s public key can verify the message.
So, whenever Alice is transferring some message to Bob, Alice signs the message with her private key using this public-key cryptography, and with the message, she transfers a sign. So, here M prime the ciphertext works as a signature. So, that ciphertext works as a signature here. So, you transfer the signature along with the original message.
Now, whenever Bob wants to verify it Bob can decrypt this message with Alice’s public key.
So, K A bar is Alice’s public key. So, he can decrypt the message using Alice’s public key and then check whether the original plain text is returned that plain text is equal to this plain text or not if this 2 plain text are equal; that means, the sign is valid The sign has been done by Alice because Alice can only possess her private key no one else in the universe can possess Alice’s private key so, it works as an authentic proof of signatures.
REDUCE THE SIGNATURE SIZE
Use the message digest to sign, instead of the original message
Now, by combining this concept of cryptographic hash and digital signature you can also reduce the size of the signature, say ideally if you are transferring say 1024 bit message with the 1024 message if you apply normal public key cryptography you will get a 1024 bit ciphertext.
Now your signature is also 1024 bit long, if that is the case then your signature size is huge, and in general, do not want a large signature. So, what we do is, we normally side on the message digest rather than on the original message. So, what you do is, whenever you are generating the signature during that time you first hash the message and get the message digest.
Alice wants to sign the message so, Alice first generate the hash of the message after generating the hash of the message then sign the message using the private key of Alice and generate the signature and whenever you are transferring the data along with the original data you also transfer the signature,
once Bob received this particular signature then Bob can verify it by decrypting the signature by applying the decryption algorithm we using Alice’s public key and then by applying this algorithm Bob will get the message digest and once Bob gets the message digest the original message was also available to Bob.
So, from this M Bob can compute HM and can check whether these 2 H M matches with each other or not if these 2 HM and matching with each other; that means, the signature is correct and it provides you the authenticity of the original document. So, that way you are able to reduce the size of the signature by applying the message digest, and at the same time, you can support the authenticity of a particular document.
DIGITAL SIGNATURE IN BLOCKCHAIN
- Used to validate the origin of a transaction
- Prevent non-reputation
- Alice can not deny her own transactions
- No one can else claim Alice’s transaction as his/her own transaction
- Bitcoin uses Elliptic Curve Digital Signature Algorithm(ECDSA)
- Based on elliptic curve cryptography
- Supports good randomness in key generation
Now, let us look into how we apply digital signatures in Blockchain. So, this digital signature in a blockchain is used to validate the origin of a transaction to prevent the nonrepudiation kind of attack that I have men mentioned earlier.
once Alice inserts a transaction inside the blockchain if that particular transaction is signed with Alice’s private key then later on Alice will not be able to deny that the message or the transaction has not been initiated by her. So, that is one thing and the second thing is that no one else will be able to claim Alice’s transaction as their own transaction because the transaction is associated with the signature, the digital signature provided by Alice.
Now, Bitcoin uses this elliptic curve digital signature algorithm or ECDSA algorithm; it is another public key encryption algorithm based on elliptic curve cryptography which supports very good randomness in key generation. So, I am not going to explain the details of this ECDSA algorithm digital signature algorithm. So, if you are interested you can also look into that and explore how the ECDSA algorithm generates the keys and how it is used to encrypt and decrypt a particular message.
A CRYPTOCURRENCY USING HASHCHAIN AND DIGITAL SIGNATURE
- Alice generates 10 coins
- Sign the transaction A:10 using Alice’s private key and put that in the blockchain
Now, let us look into a very simple Cryptocurrency using by combining these cryptography primitives that we have discussed the concept of Hash Chain and the digital signature, say Alice wants to generate some coins. So, Alice generates
some 10 coins. So, Alice’s transaction Alice has cert initiates a transaction that she has 10 coins with her. So, with this particular transaction, it puts her own signature, so that way Alice will never be able to claim that this transaction does not originate from her and no one else will be able to claim this transaction from Alice.
A CRYPTOCURRENCY USING HASHCHAIN AND DIGITAL SIGNATURES
- Alice transfers 5 coins to bob
- Sign the transaction A->B:5 using Alice’s private key and put that in the blockchain
Then when Alice wants to make a transaction to bob what Alice does Alice make another transaction of saying some 5 coins to Bob. So, Alice makes another transaction that from A to B 5 Bitcoin has been transferred, and along with that she puts her own signature.
So, whenever Alice’s putting her own signature again Alice will not be able to deny later on that she has not transferred 5 bitcoin to Bob and no one else will be able to claim this particular transaction and we put all the transactions in the form of a blockchain using these hash pointer architecture where the hash pointers hash of 1 this particular hash value it will point to the hash of this first block.
So, everything is put in a blockchain architecture by utilizing this hash pointer and you have this records of transactions along with the digital signature and once you have this records of transactions by utilizing that records of transactions you can also always verify the old transactions that were the concept behind this blockchain.
you put all the transactions in the blockchain along with the signature of the person who has initiated the transaction. So, that way you are making the blockchain tamper-proof, and at the same time, you are ensuring that no one will be able to deny their own transactions or no one will be able to claim other other Transactions.
A CRYPTOCURRENCY USING HASHCHAIN AND DIGITAL SIGNATURES
- Maintain the economy
- Generate new coins with time
- Delete old coins with time
- A central authority like a bank can create and destroy coins based on economic policies
- The crucial question: how can we distributed coin management(creation and destroy)
So, the interesting problem here with the respect of cryptocurrency is that how will you maintain the economy. So, in case of your normal environment the bank they generates the new coins with time and they also deal it the old coins at the old money from the system, but in a digital environment where everyone is generating their own money and everyone is making the transaction so, one after another in a decentralized way.
in that particular bitcoin architecture if you take it as an example there you do not have a central authority like a bank who will create or destroy the coins with respect to time.
So, the important question is how can you bring this kind of economic aspect under the notion of digital currency. So, the coins are generated automatically with time, or the coins are destroyed automatically with time. So, that is another interesting concept that will be discussed in our next few discussion while will talk about the details of this bitcoin architecture.
in this particular discussion, we have given you a broad overview of the basic cryptographic primitives like the cryptographic hash function and the digital signatures which work as the fundamental building block behind this entire blockchain architecture as well as the bitcoin fundamentals. So, in the Next we will discuss the architecture of bitcoins and how we utilize bitcoin to maintain a digital currency ecosystem wherein a completely decentralized way people can maintain their own currency and they can make the transactions over the universe.
READ MORE ARTICLE: R3 CORDA
follow us on facebook