Although cryptography is used for many more purposes than simply
encrypting and decrypting secret messages, encryption is the most wellknown
use of cryptography, so let’s start with this. Blockchains are not
generally encrypted, but understanding encryption provides a good
background to cryptography which is used extensively in blockchains.
Encryption is the process of turning a plaintext (i.e., readable) human
message into cyphertext (a jumble, gobbledegook), so that if the
encrypted message is intercepted a snooper can’t understand it.
Decryption is the process of turning the gobbledegook cyphertext back
into readable plaintext. ‘Breaking’ the cyphertext means working out how
to decrypt cyphertext without being given the ‘key’ (see below).
Let’s say Alice wants to send a message to Bob, so that only Bob can read
it (it is always Alice and Bob, and we will see why later). Alice and Bob
first agree on a scheme. Let’s use a very simple scheme where they
encrypt the text by shifting each letter a set number of places later in the
alphabet. They agree to use ‘+1’ as the ‘key,’ meaning that each letter is
moved one place later in the alphabet. So A becomes B, B becomes C, C
becomes D etc. This scheme is called the Caesar cipher.
Alice writes the plaintext note ‘Let’s meet, Bob’.
Alice encrypts it by shifting each letter once to the right: ‘Mfu’t nffu, Cpc’.
Alice sends the cyphertext to Bob.
Bob decrypts the cyphertext by shifting each letter back by one position
and gets back the plaintext: ‘Let’s meet, Bob’.
This type of encryption is part of a family called ‘symmetric encryption,’
because the same key (+1 in this case) is used in both the encryption and
This method of encryption is not used in real life nowadays. Firstly,
because it is too easy to spot and break using techniques such as letter
frequency analysis. Secondly, and more importantly, Alice and Bob first
had to communicate to agree what key to use for the scheme. They had to
agree on the ‘+1’ in the first place. How do they know that someone
wasn’t snooping when they agreed that?
wasn’t snooping when they agreed that?
Perhaps Alice and Bob met physically earlier and agreed on the ‘+1’ in
person, but if they suspect at any stage that a snooper has compromised
them, either in that meeting or during the course of their conversations,
how would they then agree on a new key without the snooper being aware
of that new communication?
In a world where our devices are constantly initiating connections with
new websites, any initial ‘handshake’ where a symmetric key is agreed
and shared between your device and the website is a weak point, and any
eavesdropper who snoops on that initial exchange can decrypt the secret
messages for the rest of the conversation. So later we will explore
asymmetric cryptography, a much more commonly used form of
How is encryption relevant to blockchains? Actually, it is not very
relevant. Many journalists and management consultants talk about
encrypted blockchains, but they are confusing encrypted data, not used
in first generation blockchains66, with cryptography which is used
extensively in blockchains for hashing and digital signatures, as we will
see later. Nothing on the Bitcoin network is encrypted by default. The
whole point is that plain text transaction data is replicated across the
network so that anyone can read and validate it.
However, other cryptographic schemes such as public key schemes,
discussed next, are used extensively in Bitcoin, as are cryptographic
Public Key Cryptography
The Caesar cypher just described is known as a symmetric cypher
because the same key is used to encrypt and decrypt the message. In
public key cryptography, the key used to decrypt a message is different
(but mathematically linked) to the key used to encrypt the message.
Public key cryptography is described as an asymmetric scheme, because
the key used to decrypt the message is not the same as the key used to
encrypt it. This makes it more secure.
Using asymmetric cryptography, if you want to receive encrypted
messages you create two mathematically linked keys: a public key and a
private key. Together they are called a key pair. You can share your public
key with the world, and anyone can use it to encrypt messages for you.
You use your private key, known only to you, to decrypt those messages.
Anyone who sends you encrypted messages using your public key knows
that only you can decrypt them.
Source: Sachi Mani’s blog
As we have seen, one of the biggest problems of symmetric cryptography
is how to share a key in the first place when all forms of communication
are tapped. It is hard to be sure that you can share a decryption key with
your friend without the eavesdroppers also getting that key. With public
key cryptography, you broadcast your public key to everyone, not caring if
the eavesdroppers can see it or not. Your friend then encrypts the
message and sends it to you. Only you can decrypt it because only you
have the private key. If an eavesdropper gets the encrypted message, they
can’t decrypt it because they don’t have your private key. It is a beautiful
system and a huge improvement over symmetric schemes because you
never need to communicate a shared or common key.
What do keys look like? There are number of different schemes. PGP
(Pretty Good Privacy) is a scheme originally developed in the 1990’s for
encrypting, decrypting and digitally signing messages such as emails.
This scheme was so powerful that the US Government didn’t like it and
had it classified as Munitions, an ‘Auxiliary Military Equipment,’
meaning that anyone found exporting it from the US would be in deep
trouble. Phil Zimmermann, the creator of PGP, found a way around this
by publishing the source code as a hardback book using First Amendment
protection of the export of books68. This marked the height of tensions
between the US Government and individuals who are passionate, quite
rightly so, about privacy. To learn about this story in depth, I recommend
Steven Levy’s book Crypto which documents the history of PGP and the
revolution of cryptography.
Back to public and private keys. I downloaded GPG Suite69, an open
source and free set of tools that conforms to the OpenPGP standards, and
I created a new keypair. Here is what the public and private keys look
Of course this specific keypair is useless now, as I have made both keys
available to the public.
So that is PGP. Bitcoin uses a different scheme called ‘ECDSA’—Elliptic
Curve Digital Signature Algorithm. It works like this:
• Pick a random number between 0 and 2256-1 (that, written out, has
seventy-eight digits: 115, 792, 089, 237, 316, 195, 423, 570, 985, 008,
687, 907, 853, 269, 984, 665, 640, 564, 039, 457, 584, 007, 913, 129,
639, 935). This is your private key.
• Do some ECDSA maths on it to generate a public key. The ECDSA
algorithms are well known and there are plenty of tools to help with
That is it! You now have a randomly chosen private key and you have
mathematically generated a public key from it. From your public key you
can generate your Bitcoin address to tell the world, but make sure you
don’t tell anyone your private key. Although it was easy for you to convert
your private key into a public key by doing some ECDSA maths on it, it is
mathematically impossible for someone to ‘work backwards’ and derive
your private key from your public key.
For a real example, go to www.bitaddress.org and wiggle your mouse a bit
to generate some randomness. I did it with the following result:
The Bitcoin address is derived from the public key. By pasting the private
key into the ‘Wallet Details’ section of the website, you can see all of the
gory details including the public and private keys in various formats:
Again, of course this keypair is useless now and I wouldn’t recommend
sending any bitcoins to it!
So there you have it. Bitcoin addresses (accounts) are derivatives of
public keys, and when you make a Bitcoin transaction, you use your
private key to sign, or authorize, the transaction which moves bitcoins
from your account to someone else’s. Most blockchain schemes operate
this way. Digital assets are held in accounts made from public keys, and
the respective private keys are used for signing outbound transactions.