*The content of this page has evolved over the years (check wayback machine for previous iterations) and was last updated in July 2019, with an excerpt from the book Token Economy which builds – among others – on the educational blogposts that have been published on this website since 2015.*

Cryptography is used to trustfully identify all network actors, and allows for transparency of interactions while maintaining the privacy of all network actors. It is an important tool for managing tokens through an application called “wallet.” Cryptography is furthermore an integral part of the blockchain consensus protocol.

For the history of cryptography read more in the previous post here: Cryptography & Blockchain Part 1.

The Bitcoin Network mainly uses hashes in combination with digital signatures to protect the integrity of the data owing through the blockchain, using public-key cryptography. Hashes are furthermore used in the context of the consensus protocol “Proof-of-Work.” Bitcoin uses public-key cryptography, and more especially, elliptic-curve cryptography. Please note that alternative blockchains might use alternative cryptography to the ones described below. Some blockchains, for example, use more privacy-preserving cryptography, such as “Zcash” (zero-knowledge proofs3) and “Monero” (Ring Signatures). The Bitcoin community itself is currently looking into alternative cryptographic signature schemes that are more privacy-preserving and more scalable, for example with “Mimblewimble”. While these alternative algorithms are interesting and important from a privacy perspective, and in some cases also a scalability perspective, it is beyond the scope of this book to deep-dive into these algorithms.

#### Hashing in Bitcoin and Similar Blockchains

Cryptographic hashing is a method for transforming large amounts of data into short numbers that are di cult to imitate. One can convert a text or a picture, which represents a variable-length bit sequence, to produce a fixed-length bit sequence in the form of a hash. Hashes are mostly used in combination with digital signatures. These functions ensure data integrity. Hashing in the Bitcoin Network is used for four processes: (I) encoding wallet addresses; (II) encoding transactions between wallets; (III) verifying and validating the account balances of wallets; and for the consensus mechanism (IV) “Proof-of-Work.”

The Bitcoin Network uses SHA (Secure Hash Algorithm), such as SHA-256. An important property of hashes is that if one single bit of input data is changed, the output changes significantly, which makes it easy to detect small changes in large text files, for example. As you can see from the example below, an entirely different hash gets generated when we change only one letter. This is based on the so-called avalanche effect, and it is useful for easily providing data integrity. An entirely different string results from hashing the hash. “Avalanche effect” describes the behaviour of a mathematical function where even a slight change in an input string should cause the resulting hash value to change drastically. This means that in a document of several hundred pages, if one ads only one word, or even a comma, the whole hash will change. A document‘s hash value can, therefore, serve as a cryptographic equivalent of the document – a digital fingerprint. This is why one-way hash functions are central to public-key cryptography. When producing a digital signature for a document, we no longer need to encrypt the entire document with a sender‘s private key, which can take a lot of time. It is sufficient to compute the document‘s hash value instead.

- The corresponding SHA-256 of the sentence “
**How to buy Bitcoin?**” looks like this:

156aedcfab1d49f73abddd89faf78d9930e4b523ab804026310c973bfa707d37 - If we remove only one symbol, for example, the question mark “
**?**”, the hash looks like this: 4314d903f04e90e4a5057685243c903fbcfa4f8ec75ec797e1780ed5c891b1bf - If we
**hash the existing hash**, this would be the result:

4c9622e1148 0b855de50e62999d194039eb2faa9e715cc9d9ef604015aa1fe

#### Public-Key Cryptography

The main purpose of using public-key cryptography for the Bitcoin blockchain is to create a secure digital reference about the identity of a user. Secure digital references about who is who, and who owns what, are the basis for P2P transactions. Public-key cryptography allows proving one’s identity with a set of cryptographic keys: a private key and a public key. The combination of both keys creates a digital signature. This digital signature proves ownership of one’s tokens and allows control of the tokens through a piece of so ware called the “wallet.” Digital signatures prove ownership of one’s tokens and allow one to control one’s funds. Just as we sign a bank transaction or a cheque by hand, or we use authentication for Internet banking, we use public-key cryptography to sign Bitcoin transactions or other blockchain transactions.

In public-key cryptography, two parties distribute their public keys and allow anyone to encrypt messages using their public keys. The public key is mathematically generated from the private key. While it is very easy to compute the public key from the private key, the reverse is only possible with sheer brute force; guessing the key is possible but prohibitively expensive. It is, therefore, not a problem if a public key is known, but the private key must always be kept a secret. This means that, even though one’s public key is known to everybody, nobody can derive one’s private key from it. A message can now travel securely to the owner of the private key, and only the owner of this private key is able to decrypt the message using the private key associated with the public key. This method also works the other way around. Any message signed with a private key can be verified with the corresponding public key. This method is also referred to as a digital signature.

An analogue example for a public key would be the example of a padlock. Let’s assume that Alice and Bob want to communicate privately, and therefore both buy padlocks. If Bob wants to send a message to Alice, but is scared that somebody might intercept and read it, he will ask Alice to send her padlock (unlocked) over to him and to keep her key. Bob can now put his letter in a small box and lock it with the padlock that Alice sent him, closing it with a simple push. The letter can be sent around the world without being intercepted by an unauthorized person. Only Alice, who has the key to her padlock, can open the letter. Of course, someone could try and break the box (brute force), instead of using the key. It is possible, but the dif- culty depends on the resilience of the box, and the strength of the lock. The same basic principle applies to modern cryptography.

The crucial question in public-key cryptography revolves around the question of how one can widen the computational e ort between deriving the private key from the public key, compared to deriving the public key from the private key. How hard it is to break the encryption by guessing the result, how long would it take to guess the private key, and how expensive would it be? The private key hereby is represented by a number, which means that the larger the number, the harder it is to guess by someone who does not know that number. As computers become faster and more efficient, we must come up with more sophisticated algorithms, either by using bigger numbers or by inventing more resilient algorithms.

If it takes a couple of decades to guess a random number, the number is considered secure. Every cryptographic algorithm is vulnerable to a so-called brute-force attack, which refers to guessing your private key by trying all possible combinations until a solution ts. To make sure that it is hard to guess the number, a resilient private key has minimum requirements: It needs to be a (I) randomly generated number. It needs to be a (II) very large number. It has to use a (III) secure algorithm for the generation of the keys. Randomness is important, as we don’t want any other person or machine to use the same key, and humans are bad at coming up with randomness. Large key sizes allow for further distribution of randomness, and are much harder to crack with brute force, but also slower to compute.

Due to their complexity, secure algorithms need to be scientifically proven and stress-tested against security breaches. One should avoid inventing one’s own algorithm. This issue became obvious when the team developing the IOTA Network decided to implement their own hash function called Curl. IOTA is an alternative distributed ledger solution to blockchain, that claims to resolve Bitcoin’s scalability problem with an alternative consensus mechanism and alternative cryptography. Their self-made Curl function, however, was later found to be “non-collision resistant.”5

Since the emergence of Bitcoin, cryptographic algorithms used for the Bitcoin blockchain have withstood all attempts of data-tampering. Without cryptography, there could be no distributed consensus in a network of actors who do not know or trust each other. As computers get more powerful and can guess numbers faster, the algorithms used will need to withstand time and rapidly evolving technological standards to maintain the current level of security. Many researchers and developers argue that supercomputers, in particular, quantum computers, will soon be able to crack most conventional encryption algorithms through brute-force. This is not entirely true and depends on the cryptographic algorithm. While quantum computers are not significantly better at cracking hashes, they are much more powerful when it comes to elliptic curves and prime factorization. The answers are complex and not fully resolved yet. This represents a mission-critical research area.

#### Wallets & Digital Signatures

This digital signature in the Bitcoin Network and similar blockchain is performed using a wallet so ware. A blockchain wallet is a piece of so ware that stores your private key, public key, and blockchain address, and communicates with the blockchain. This wallet so ware can run on a computer or a mobile phone (like “Bitcoin Core”, “Electrum”), or a dedicated hardware device (like “Trezor”, “Ledger”). The wallet so ware allows the management of tokens. You can (I) send tokens via digital signature, and (II) inspect receipts of tokens that were sent to you. Every time you send or receive Bitcoin, for example, you need to use a wallet to sign the transaction with your private key stored in the wallet. Subsequently, your personal balance of tokens is adjusted on all copies of the ledger, which is distributed across the P2P network of computers – aka the Blockchain. The blockchain address has a similar function to a bank account number in the context of traditional financial transactions, or an email address when people want to send you an electronic mail.

Similar to a handwritten signature, a digital signature is used to verify that you are who you say you are. By attaching a digital signature to a transaction, no-one can dispute that that transaction came from the wallet it purports to have come from, and that wallet can’t be impersonated by another wallet. The private key is used for signing transactions. The public key is then used to verify the signature by the validating computers.

When launched for the first time, a Bitcoin wallet generates a key pair consisting of a private key and a public key. In a first step, the private key is a randomly generated 256-bit integer. The public key is then mathematically derived, using elliptic-key cryptography, from the private key. This mathematical function works one way, which means that it is easy to generate a public key from a private key, but using reverse mathematics to derive the private key from the public key would take the world’s most powerful supercomputer trillions of years to crack, making it practically impossible.

In a second step, the blockchain address is derived from the public key, using a different type of cryptographic function from the one that was used to derive the public key, adding metadata like checksums and preffixes. Using a different type of cryptographic function to derive the address adds an extra level of security: if the first layer of security, elliptic-key cryptography, is broken, then someone who has the public key would be able to crack the private key. This is important, as elliptic-key cryptography is especially vulnerable to being broken if and when quantum computers become a reality, while the hashing, which is used in a second layer to derive the address, is not as vulnerable to quantum computer brute-force attacks. This means that if someone has the blockchain address, and has cracked the elliptic-key cryptography, that person would still have to get through the second layer of security, that was used to derive the address from the public key. This is similar to why locking your bicycle twice, with two different locks that have different security mechanisms (key or number lock), gives you an added layer of security when locking your bike in the street. As a result of this, the address acts as a digital fingerprint of the public key. While this digital fingerprint is unique, it does not give any information about the person’s public key (unless they send their first transaction).

Contrary to popular belief, a blockchain wallet does not store any tokens. It stores the public-private key pair associated with your blockchain address, but it also keeps a record of all transactions where the wallet’s public keys are involved. The wallet furthermore stores special information necessary for special transac- tions, like multi-signature transactions onine, as well as some additional info, but it never contains any tokens. Therefore, the term “wallet” is a bit misleading. The word “keychain” would be more appropriate, as it acts as a secure key storage, and as a communication tool with the blockchain. A blockchain wallet has more simila- rities to a keychain and your home keys. If you lose the keys to your apartment, the apartment is still yours, but you cannot access your apartment as long as you don’t recover the key; maybe you have a backup key that you le with a neighbour, friend, or family member, or nd a locksmith to help you break into your own house. Breaking your lock would translate to a brute-force attack to guess your private key.

Your private key must always be kept secret and should not be shared with other people unless you want to give them deliberate access to your tokens. If you lose your wallet, without having a backup to your address and private key, or if you lose your private key, you will lose access to your funds. The tokens will still be on the blockchain, but you won’t be able to access them. If you lose the device on which your wallet is hosted, or if it breaks down, your funds won’t be lost if you have a backup of your seed phrase6 or private key. Many people, therefore, prefer to host their tokens on online exchanges. Similar to banks today, these online exchanges act as custodians of one’s funds. The two-step process of deriving the public key from the private key and the address from the public key is the reason one only needs to back up the private key because everything else can be derived from the private key.

*Full text and high-resolution graphics available as paperback & ebook: ** Token Economy, by Shermin Voshmgir, 2020*

**About the Author: **Shermin Voshmgir is the Author of the Book “Token Economy“ the founder of Token Kitchen and BlockchainHub Berlin. In the past she was the director of the Research Institute for Cryptoeconomics at the Vienna University of Economics which she also co-founded. She was a curator of TheDAO (Decentralized Investment Fund), an advisor to Jolocom (Web3 Identity), Wunder (Tokenized Art) and the Estonian E-residency program. Shermin studied Information Systems Management at the Vienna University of Economics and film-making in Madrid. She is Austrian, with Iranian roots, and works on the intersection of technology, art & social science.

**About the Book**: This is the second edition of the book Token Economy originally published in June 2019. The basic structure of this second edition is the same as the first edition, with slightly updated content of existing chapters and four additional chapters: “User-Centric Identities,” “Privacy Tokens,” “Lending Tokens,” and How to Design a Token System and more focus on the Web3. *Blockchains & smart contracts have made it easy for anyone to create a token with just a few lines of code. They can represent anything from an asset to an access right, like gold, diamonds, a fraction of a Picasso painting or an entry ticket to a concert. Tokens could also be used to reward social media contributions, incentivize the reduction of CO2 emissions, or even ones attention for watching an ad. While it has become easy to create a token, which is collectively managed by a public infrastructure like a blockchain, the understanding of how to apply these tokens is still vague. *

*The book refers to tokens, instead of cryptocurrencies, and explains why the term “token” is the more accurate term, as many of the tokens have never been designed with the purpose to represent a currency. This book gives an overview of the mechanisms and state of blockchain, the socio-economic implications of tokens, and deep dives into selected tokens use cases: Basic Attention Token, Steemit, Token Curated Registries (TCRs), purpose-driven tokens, stable tokens, asset tokens, fractional ownership tokens, Libra & Calibra (Facebook), and many more. *