The content of this page has evolved over the years (check wayback machine for previous iterations) and was last updated in July 2019, with an excerpt from the book Token Economy which builds – among others – on the educational blogposts that have been published on this website since 2015.

Cryptography is used to trustfully identify all network actors, and allows for transparency of interactions while maintaining the privacy of all network actors. It is an important tool for managing tokens through an application called “wallet.” Cryptography is furthermore an integral part of the blockchain consensus protocol.

Cryptography is the practice and study of secure communication in the presence of third parties. The aim is to create information systems that are resilient against eavesdropping, manipulation, and other forms of attack. While the history of cryptology dates back to the advent of handwritten texts, it has significantly evolved in the computer age. Cryptography represents a sub eld of cryptology and refers almost exclusively to encryption, which is the process of converting a piece of information (plaintext) into unintelligible text (ciphertext). A ciphertext is encrypted or encoded information that contains a form of the original plaintext but is unreadable by a human or computer without the proper cipher to decrypt it. Cryptographic literature o en uses the name Alice „A“ for the sender, Bob „B“ for the intended recipient, and Eve „Eavesdropper“ for the adversary. This terminology will also be used in the context of the following chapters.

Ciphers were one of the first encryption techniques developed to encrypt plain text with either substitution ciphers (where units of plaintext are replaced with single letters, pairs of letters, or triplets of letters) or transposition ciphers (where units of the plaintext are rearranged in a different and usually quite complex order). Decryption is the reverse process: It allows moving from the unintelligible ciphertext back to the original plaintext. A cipher is, therefore, a pair of algorithms that creates the encryption as well as the reversing decryption: It is easy to encrypt a message, but very hard to reverse it if you don‘t know the code. With the invention of computers, classical ciphers became redundant because they were very easy to guess with simple brute-force attacks, where a computer algorithm runs all possible combinations until it guesses the right code. The earliest known use of cryptography is carved ciphertext on stone in Egypt. Different forms of ciphers have been used in India, Sassanid Persia, and by the Ancient Greeks, the Romans, and the Hebrews, just to name a few examples.

Since the development of the enigma machine – a rotor cipher machine – in World War I, and the advent of computers in World War II, methods of cryptography and cryptanalysis have become increasingly complex and its application more widespread. Computers and electronics not only enhanced the possibilities of cryptanalysis, which is the process of breaking encryption, they also made more complex ciphers possible. Continuous improvements in computer processing power have increased the scope of brute-force attacks. Cryptographic algorithms are designed around computational hardness assumptions: While it is theoretically possible to break such a system, they are designed to be infeasible to break by any known practical means in terms of time and money.

Computers furthermore introduced new forms of encryption of any kind of digital information, not only pieces of text. Modern cryptography exists at the intersection of mathematics, computer science, electrical engineering, and communication science. With the advent of the quantum computer, there is also active research examining the relationship between cryptographic problems and quantum physics. Potential effects of quantum computing are already being considered and post-quantum cryptography is being developed by some researchers and engineers.

The growth of cryptographic technology has also raised a number of legal issues in the information age. Cryptography‘s potential as a tool for espionage has led many governments to limit or prohibit its use, and in some cases even classify it as a weapon. Certain jurisdictions might permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Furthermore, cryptography can be an interesting factor when discussing human rights in the digital era. The question of how to guarantee privacy in the machine age is slowly becoming a discussion led by a wider general public, and will probably become more dominant in the years to come. The crucial question in this context is whether and how the constitutional right to privacy of communication, or the sanctity of one’s home, could correspond to the right to encrypted communication or encrypted data trails.

While early encryption attempts of electronic communication focused on secrecy in the communications of spies, military leaders, and diplomats, the eld has expanded to include technologies for electronic commerce, digital payments, digital right management, password management, message integrity checking, authentication of identity, digital signatures, interactive proofs, and secure computation. There are three kinds of cryptographic building blocks: (I) hash functions, (II) symmetric cryptography, and (III) asymmetric cryptography (public-key cryptography).

Hash Function: A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size (message) onto data of a fixed size (hash value or hash). It is a one-way function. This means that the only way to recreate the original input data (message) from the hash, is to attempt to try all possible inputs to see if they produce a match. While this is possible, it is time-consuming and therefore expensive. Hash functions are essential cryptographic building blocks which can be used for assuring the integrity of transmitted data, privacy, and message authentication. Selected applications are digital signatures, any type of authentication, fingerprinting, detection of duplicates, unique identification, or as checksums to detect data corruption. In order to be considered resilient, cryptographic hash functions need to fulfil certain properties: They need to be designed in a way that they are (I) easy to compute; (II) deterministic, meaning the same message always results in the same hash; (III) infeasible to generate a message from its hash value except by trying all possible messages, and (IV) small changes to the original input value should change the hash value. It should furthermore be (V) infeasible to nd two different messages (input) with the same hash value (output).

Symmetric Systems: Before the emergence of public-key cryptography, two parties relied on one encryption key that they exchanged over a non-cryptographic method, through secret meetings, sealed envelopes, or trusted couriers. If you wanted to communicate privately with somebody, you would need to physically meet and agree on a secret key. In the world of modern communications, where one needs to coordinate over a network of many untrusted actors (the Internet), such methods would not be feasible. This is why symmetric encryption is not used for communication in public networks. It is, however, faster and more efficient than asymmetric encryption, and therefore used for encrypting large amounts of data, certain payment applications, random number generation, or hashing.

Asymmetric Key Cryptography infographic

Asymmetric Systems, also referred to as public-key cryptography, resolved the coordination problem by introducing two keys, a public key and a private key. The private key is only known to the owner and needs to be kept private, while the public key may be given to anyone. Any person can encrypt a message using the receiver‘s public key. This message can only be decrypted with the receiver‘s private key. Senders can combine a message with their private key to create a digital signature on the message. Anyone can now verify with the corresponding public key whether the signature is valid. How the keys are generated depends on the cryptographic algorithms used. Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic-Curve Cryptography), which is also used in Bitcoin. Use of asymmetric cryptography enhanced the security of communication in untrusted networks, like the Internet, in a scalable way.

Symmetric Key Cryptography Infographic

The next part will focus on how cryptography is used in Bitcoin and similar blockchain protocols.


Full text and high-resolution graphics available as paperback & ebook: Token Economy, by Shermin Voshmgir, 2020

Token Economy Book - Web3, Blockchain, Smart Contracts, CryptocurrenciesAbout the Author:Shermin Voshmgir is the Author of the Book “Token Economythe founder of Token Kitchen and BlockchainHub Berlin. In the past she was the director of the Research Institute for Cryptoeconomics at the Vienna University of Economics which she also co-founded. She was a curator of TheDAO (Decentralized Investment Fund), an advisor to Jolocom (Web3 Identity), Wunder (Tokenized Art) and the Estonian E-residency program. Shermin studied Information Systems Management at the Vienna University of Economics and film-making in Madrid. She is Austrian, with Iranian roots, and works on the intersection of technology, art & social science.

About the Book: This is the second edition of the book Token Economy originally published in June 2019. The basic structure of this second edition is the same as the first edition, with slightly updated content of existing chapters and four additional chapters: “User-Centric Identities,” “Privacy Tokens,” “Lending Tokens,” and How to Design a Token System and more focus on the Web3. Blockchains & smart contracts have made it easy for anyone to create a token with just a few lines of code. They can represent anything from an asset to an access right, like gold, diamonds, a fraction of a Picasso painting or an entry ticket to a concert. Tokens could also be used to reward social media contributions, incentivize the reduction of CO2 emissions, or even ones attention for watching an ad. While it has become easy to create a token, which is collectively managed by a public infrastructure like a blockchain, the understanding of how to apply these tokens is still vague.

The book refers to tokens, instead of cryptocurrencies, and explains why the term “token” is the more accurate term, as many of the tokens have never been designed with the purpose to represent a currency. This book gives an overview of the mechanisms and state of blockchain, the socio-economic implications of tokens, and deep dives into selected tokens use cases: Basic Attention Token, Steemit, Token Curated Registries (TCRs), purpose-driven tokens, stable tokens, asset tokens, fractional ownership tokens, Libra & Calibra (Facebook), and many more.