Consica Labs

Consica Labs
Chapter 7

Cryptography Basics

Public and private keys explained

Definition

Cryptography is the practice and study of techniques for secure communication in the presence of adversaries. In blockchain, Cryptography serves three essential purposes: hashing (creating unique digital fingerprints of data), digital signatures (proving ownership and authorization), and Encryption (protecting data confidentiality). Without Cryptography, blockchain security would be impossible. Key concepts include Decryption.

Two cryptographic primitives are foundational to blockchain. Hash functions (like SHA-256) take any input and produce a fixed-size output that is deterministic (same input = same output), one-way (cannot reverse the output to find the input), and collision-resistant (extremely unlikely for two inputs to produce the same output). Public-key Cryptography (like ECDSA) uses a mathematically linked key pair — a Public Key that anyone can see and a Private Key that only the owner knows. Digital signatures prove you know the Private Key without revealing it.

Real-Life Example

Think of hashing like a fingerprint for data. Just as every person has a unique fingerprint that identifies them, every piece of data has a unique hash that identifies it. If you change even one letter in a document, the hash changes completely. For example, hashing 'Hello World' with SHA-256 produces one 64-character string, while hashing 'Hello World!' (with an exclamation mark) produces a completely different string. This sensitivity to change is what makes hashing useful for detecting tampering.

A real-world application: When you download software from the internet, the developer often provides a SHA-256 hash of the file. After downloading, you can compute the hash yourself and compare it to the developer's hash. If they match, you know the file has not been tampered with or corrupted during download. This same hash verification is used by Bitcoin nodes to verify that blocks and transactions have not been altered.

Interactive Diagram

Launch the interactive diagram to see this in action.

Open Interactive Diagram

The interactive diagram for this chapter demonstrates Digital Signatures. It shows a message being signed with a private key and verified with a public key.

What to explore:

  • type a message; click to sign it; watch the signature get created; verify it with the public key; try to tamper and see verification fail
  • digital signatures use public-key cryptography to prove that a message came from a specific sender and hasn't been altered

Introduction

Imagine you want to send a secret message to a friend across a crowded room. You could pass a note, but anyone could read it. You could speak in code, but your enemies might crack the code. Cryptography is the science of secure communication — it allows you to send messages that only the intended recipient can read, and to prove that a message came from you and was not tampered with.

Cryptography is the foundation of blockchain security. Every transaction is signed with a digital signature (proving identity), every block is linked with a cryptographic hash (preventing tampering), and every address is derived from a Public Key (maintaining privacy). Without Cryptography, blockchain would not be possible. The name 'cryptocurrency' itself combines 'Cryptography' and 'currency'.

In this chapter, you will learn the cryptographic building blocks of blockchain: hash functions, public-key Cryptography, and digital signatures. You will understand what each one does and why they are essential. By the end, you will see how Cryptography creates the trust and security that blockchain is known for.

How It Works

A hash function takes any input (a file, a message, a transaction) and produces a fixed-size string of characters, called a hash or digest. The same input always produces the same hash. But changing even one letter in the input produces a completely different hash. Hash functions are one-way — given a hash, you cannot reverse it to find the original input. Bitcoin uses SHA-256 (Secure Hash Algorithm 256-bit), which produces a 64-character hexadecimal string.

Public-key Cryptography (also called Asymmetric Cryptography) uses two mathematically related keys: a Public Key (which you can share with anyone) and a Private Key (which you must keep secret). Anyone can encrypt a message using your Public Key, but only you can decrypt it using your Private Key. This is like a mailbox with a slot — anyone can drop a letter in, but only the person with the key can open it and read the letters.

Household Object Analogy

Think of hash functions like making a smoothie. You put in apples, bananas, and oranges (your input). The blender (hash function) produces a smoothie (hash). Given the smoothie, you cannot tell what fruits went in. But if you use the same fruits in the same proportions, you always get the same smoothie. Change one fruit to a pear, and the smoothie tastes completely different. And there is no blender that can reverse a smoothie back into whole fruits.

Deeper Dive

Hash functions have five essential properties: deterministic (same input always produces same hash), quick to compute (easy to calculate), preimage resistant (cannot reverse a hash to find the input), small changes produce wildly different outputs (avalanche effect), and collision resistant (extremely unlikely for two different inputs to produce the same hash). These properties make hash functions ideal for verifying data integrity — if a file's hash matches the expected hash, you know the file has not been changed.

SHA-256 produces a 256-bit hash, usually displayed as 64 hexadecimal digits. An example SHA-256 hash is: '00000000000000000007e1c2c6b3c8a8b9d5c9a9b8c7d6e5f4a3b2c1d0e9f8a7b6'. In Bitcoin mining, valid block hashes must start with a certain number of zeros (the difficulty target). The probability of a random hash starting with 20 zeros is about 1 in a trillion — which is why mining requires so much computation.

Elliptic Curve Cryptography (ECC) is the specific type of public-key Cryptography used by Bitcoin and most blockchains. ECC provides the same security as older systems (like RSA) but with much shorter keys, making it more efficient. Bitcoin uses the secp256k1 curve. The Private Key is a random 256-bit number, and the Public Key is a point on the Elliptic Curve derived from the Private Key through multiplication — easy to compute in one direction, impossible to reverse.

Key Insight

The name 'Cryptography' comes from the Greek words 'kryptos' (hidden) and 'graphein' (to write). It literally means 'hidden writing'. Modern Cryptography uses mathematics instead of secret alphabets, but the goal is the same: allow secure communication even when adversaries are listening.

Advanced

Quantum computing poses a potential threat to current cryptographic systems. Shor's algorithm, if run on a sufficiently powerful quantum computer, could break ECC and RSA by efficiently finding the Private Key from the Public Key. This is why researchers are developing post-quantum Cryptography — cryptographic algorithms that resist quantum attacks. Some blockchain projects are already planning quantum-resistant upgrades, though practical quantum computers large enough to break ECC are likely still years away.

Zero-knowledge proofs (ZKPs) are an advanced cryptographic technique that allows one party to prove to another that they know a value (like a password or Private Key) without revealing the value itself. ZKPs have exciting applications in blockchain: private transactions (prove you have enough funds without revealing your balance), identity verification (prove you are over 18 without showing your ID), and scalability (ZK-rollups process transactions off-chain with a validity proof on-chain).

Multi-party computation (MPC) allows multiple parties to jointly compute a function over their private inputs without revealing those inputs to each other. In blockchain, MPC enables features like threshold signatures (where a group must collectively sign a transaction) and secret sharing (where a Private Key is split into shares that must be combined to use it). MPC wallets distribute custody across multiple parties, enhancing security.

Vocabulary Table

TermDefinition
CryptographyThe practice of secure communication through codes and encryption.
Public KeyA cryptographic key that can be shared openly to receive encrypted messages.
Private KeyA secret cryptographic key that proves ownership and authorizes transactions.
Asymmetric CryptographyAn encryption system using paired public and private keys.
Elliptic CurveA mathematical curve used in blockchain cryptography for key generation.
EncryptionConverting readable data into an unreadable format to protect it.
DecryptionConverting encrypted data back into a readable format.
secp256k1The specific elliptic curve standard used by Bitcoin and Ethereum.

Fun Facts

The SHA-256 algorithm was developed by the National Security Agency (NSA) in 2001. Despite its origins, it is an open standard that has been extensively analyzed by cryptographers worldwide and is considered secure.

A Bitcoin Private Key is a 256-bit number. The total number of possible Private Key is approximately 10^77 — more than the estimated number of atoms in the observable universe.

The first public-key Cryptography system was invented in 1973 by Clifford Cocks, a British mathematician working for GCHQ. His work was classified and only declassified in 1997, years after RSA was publicly invented.

The 'avalanche effect' in hash functions means that changing a single bit in the input changes approximately 50% of the bits in the output. This is what makes hash functions so sensitive to tampering.

Bitcoin addresses are not Public Key — they are hashes of Public Key, adding an extra layer of security. A Public Key hash is 160 bits (20 bytes), shorter than the 256-bit Public Key itself.

Common Misconceptions

Misconception: Cryptography is only used for cryptocurrencies.

Truth: Cryptography is used everywhere: secure websites (HTTPS), messaging apps (WhatsApp, Signal), password storage, digital signatures on documents, and hardware security modules. Blockchain is just one application.

Misconception: A hash is the same as Encryption.

Truth: Encryption can be reversed (decrypted) with a key. Hashing is one-way — you cannot 'dehash' a hash. They serve different purposes: Encryption for confidentiality, hashing for integrity verification.

Misconception: Longer hashes are always more secure.

Truth: Hash length matters, but the security also depends on the algorithm. SHA-256 (256-bit) is currently secure. SHA-1 (160-bit) is broken and should not be used. Longer is generally better, but algorithm strength matters more.

Misconception: If you have the hash, you can crack the original data.

Truth: For properly designed hash functions, this is computationally infeasible. The only efficient way to find an input that produces a given hash is to try trillions of possibilities — a brute force search.

Knowledge Check

1. What is a public key used for in blockchain?

Answer: To receive transactions and verify signatures

2. Why can a private key not be derived from a public key?

Answer: Because the math is one-way and computationally impossible to reverse

3. What curve does Bitcoin use for its cryptography?

Answer: secp256k1