What is Cryptography?
A lot of people use cryptography on a daily basis without realizing it as many popular messaging apps use encryption. It is also one of the core aspects of blockchain technology. In this segment of the Lisk Academy we will provide a simple yet detailed explanation of cryptography, both symmetric and asymmetric key cryptography.
Cryptography is the method of disguising and revealing, otherwise known as encrypting and decrypting, information through complex mathematics. This means that the information can only be viewed by the intended recipients and nobody else. The method involves taking unencrypted data, such as a piece of text, and encrypting it using a mathematical algorithm, known as a cipher. This produces a ciphertext, a piece of information that is completely useless and nonsensical until it is decrypted. This method of encryption is known as symmetric-key cryptography.
An early example of cryptography was the Caesar cipher, used by Julius Caesar to protect Roman military secrets. Each letter in a messages was substituted with the letter 3 spaces to the left in the alphabet, this knowledge was essentially the key that encrypted the message. Caesar’s generals knew that to decode the letters they only had to shift each to the right by three, whilst the information remained safe if intercepted by Caesar’s enemies. Modern cryptography works on a similar concept, albeit with far greater levels of complexity.
The code base for most ciphers are open source projects, meaning their code can be examined by anyone. The most widely used cipher in the world called is AES and is free for anyone to use. The AES libraries, that are implementing the algorithm, are open to viewing by the public and have been fully investigated over a five year period. As a result, it has been studied in considerable detail and to date no vulnerabilities have been discovered. So much so, that the cipher is also used by the NSA, the United States intelligence agency, as the tool of choice for encrypting information.
In blockchain, cryptography is primarily used for two purposes:
- Securing the identity of the sender of transactions.
- Ensuring the past records cannot be tampered with.
Blockchain technology utilizes cryptography as a means of ensuring transactions are done safely, while securing all information and storages of value. Therefore, anyone using blockchain can have complete confidence that once something is recorded on a blockchain, it is done so legitimately and in a manner that preserves security.
Despite being founded upon a similar framework, the type of cryptography used in blockchain, namely public-key cryptography, is considerably better suited to the functions associated with the technology than symmetric-key cryptography.
What is Public-Key Cryptography?
Public-key cryptography, also known as asymmetric cryptography, represents an improvement on standard symmetric-key cryptography as it allows information to be transferred through a public key that can be shared with anyone.
Rather than using a single key for encryption and decryption, as is the case with symmetric key cryptography, separate keys (a public key and a private key) are used.
A combination of a users public key and private key encrypt the information, whereas the recipients private key and sender's public key decrypt it. It is impossible to work out what the private key is based on the public key. Therefore, a user can send their public key to anyone without worrying that someone will gain access to their private key. The sender can encrypt files that they can be sure will only be decrypted by the intended party.
Imagine it like this, Blaine has a two-tiered box that, when locked, allows items to pass through to the second tier. This box has two separate keys - one for each tier. The key to the first tier is the public key, and the key to the second is the private key. Blaine gives copies of the public key to all of his friends, but only keeps the private key for himself. Anyone needing to send Blaine a secret note can open the box, insert the note, and close it again so that it’s secure. However, once the box closes the note passes through to the second tier, to which only Blaine has access. On a simple level, this is how public-key cryptography works.
Furthermore, through public-key cryptography a digital signature is produced, securing the integrity of the data that is being shown. This is done by combining a user's’ private key with the data that they wish to sign, through a mathematical algorithm.
Since the actual data itself is part of the digital signature, the network will not recognize it as valid if any part of it is tampered with. Editing even the slightest aspect of the data reshapes the whole signature, making it false and obsolete. Through this, blockchain technology is capable of guaranteeing that any data being recorded onto it is true, accurate and untampered with. Digital signatures are what give the data recorded on a blockchain its immutability.
In some ways, digital signatures do what their names suggest: they provide validation and authentication in the same way signatures do, in digital form. In this segment we will discuss how they work as well as how multisignatures (multisigs) can be used to add an extra layer of security.