Where does the crypto in cryptoeconomics or cryptocurrencies com from?
The original Bitcoin Blockchain protocol introduced the concept of Cryptoeconomics, a combination of cryptography and economics to create robust, fault tolerant and attack resistant decentralized P2P networks. While cryptography is used to preserve privacy and transparency at the same time, economic incentives are used to encourage desired behaviour of network actors who do not trust or know each other, nor have any legally binding agreements with each other.
Permissionless Blockchains like Bitcoin, Ethereum and similar derived protocols are therefore based on the combination of three technologies: P2P networks, cryptography and game theory. The aim is to make sure that a disparate network of actors, who do not know or trust each other, reach consensus over which transaction is correct, without the help of a centralized party. This is why it is also referred to as the consensus protocol. This unique combination allows us to have true P2P transactions without clearing institutions.
The Bitcoin blockchain uses public key cryptography and cryptographic hash functions to reach that goal. But before we get into those details: what is cryptography, and how does it work?
History of Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties. Cryptography literature often uses the name Alice “A” for the sender, Bob “B” for the intended recipient, and Eve “Eavesdropper” for the adversary. The history of cryptography dates back to the advent of analog plaintext and has significantly evolved in the computer age.
Early Analogue Cyphers
Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting a piece of information (plaintext) into unintelligible text ( ciphertext). Cyphertext is encrypted or encoded information that contains a form of the original plaintext but is unreadable by a human or computer without the proper cipher to decrypt it. Cyphers were one of the first encryption techniques developed to encrypt plain text with either substitution ciphers (units of plaintext are replaced with single letters, pairs of letters, or triplets of letters) or transposition ciphers (units of the plaintext are rearranged in a different and usually quite complex order). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher is a pair of algorithms that creates the encryption as well as the reversing decryption: it is easy to encrypt a message, but very hard to reverse it if you don’t know the code. With the invention of computers classical ciphers became redundant because they were very easy to guess with simple brute force attacks, where a computer algorithm runs all possible combinations, until it guesses the right code. The earliest known use of cryptography is some carved ciphertext on stone in Egypt. Different forms of ciphers have been used In India (Kautiliyam and Mulavediya), Sassanid Persia, by the Ancient Greeks, the Romans, Hebrews, just to name a few.
Prior to the early 20th century, cryptography was chiefly concerned with linguistic and lexicographic patterns. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become increasingly complex and its application more widespread. The emphasis has shifted, and modern cryptography exists at the intersection of mathematics, computer science, electrical engineering, communication science, and quantum physics. With the advent of quantum computer there is also active research examining the relationship between cryptographic problems and quantum physics
Computers and electronics not only enhanced the possibilities of cryptanalysis (breaking encryption), they also made more complex ciphers possible. Computers also introduced new forms of encryption of any kind of digital information, not only language texts. Continuous improvements in computer processing power have increased the scope of brute-force attacks, so when specifying key lengths. The potential effects of quantum computing are already being considered by some cryptographic system designers developing post-quantum cryptography; the announced imminence of small implementations of these machines may be making the need for this preemptive caution rather more than merely speculative.
Cryptographic algorithms are designed around computational hardness assumptions: while it is theoretically possible to break such a system, they are designed to be infeasible to break by any known practical means (time and/or money).
The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography’s potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Furthermore questions around human rights in a digital era, and how to interpret the constitutional right to the privacy of communication (“secrecy of the letter”) and whether or not it corresponds to the right to encrypted communication, still need to be addressed more publicly and broadly across jurisdictions worldwide.
Early encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for electronic commerce, chip-based payment cards, digital currencies, digital right management, password management, message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, etc. There are two kinds of cryptosystems: symmetric and asymmetric.
- Symmetric Cryptography
Two parties agree on a secret key (private key) and use the same key for encryption and decryption. The problem with this approach is that this method does not scale. If you wanted to communicate privately with somebody you would need to physically meet and agree on a secret key. In the world of modern communications, where we need to coordinate with many actors, such methods would not be feasible. Furthermore. Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths. On the other hand, encrypting files and messages with asymmetric algorithms might not always be practical. The main reason is performance. Symmetric key cryptography is much faster and handles better the encryption of big files and databases, therefore, is still widely used.
- Asymmetric Cryptography (Public Key Cryptography)
Asymmetric systems use a public key to encrypt a message and a private key to decrypt it. Use of asymmetric systems enhances the security of communication. Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography). Each party generates their own public-private key pair. Private keys should be kept secret and a public key could be freely distributed between parties. In an asymmetric encryption scenario, two parties would distribute their public keys and allow anyone to encrypt messages using their public keys. Because of how a key pair mathematically works it is impossible to decrypt a message which got encrypted with a public key. This message can travel securely to the owner of the private key and only he/she would be able to decrypt the message using the private key which is associated with the public key (padlock). This method works the other way around. Any message encrypted with a private key can only be decrypted with the corresponding public key. This method is also referred as a Digital Signature. Public key cryptography has been around since 1970s and used in computer and communication security since then.
Public-key cryptography – Imagine a Padlock
Imagine following scenario: Let’s assume that Alice and Bob want to communicate privately and therefore both buy padlocks. If Bob wants to send a message to Alice, but is scared that somebody might intercept and read it, he will ask Alice to send her padlock (unlocked) over to him, and keeps her key. Bob can now put his letter in a small box and lock it with the padlock that Alice send him, closing it with a simple push. The letter can be sent around the world without being intercepted by an unauthorized person. Only Alice, who has the key to her padlock, can open the letter. Of course, someone could try and break the box (brute force), instead of using the key. It is possible, but the difficulty depends on the resilience of the box, and the strength of the lock. The same applies to modern cryptography. Every cryptographic algorithm is vulnerable to brute force attack, if someone tries to guess your the private key.
Brute Force Attack
The crucial question is: how long would it take to guess the number, how much resources would you have to spend? As computers become faster and more efficient, we must come up with better and more secure algorithms, either by using bigger numbers or inventing more resilient algorithms. The crucial question is: how long would it take to guess the number, how much resources would you have to spend? To make sure that it is really hard to guess the number, a resilient private key has minimum requirements:
- It has to be a randomly generated number
- It has to be a very large number
- It has to use a secure algorithm for the generation
Every number could be guessed with enough computing power. The question is how long it would take a computer system to guess a number? If it takes a couple of decades the random number is considered secure. This kind of attack is called brute force attack. With time computers get more powerful and can guess numbers faster.
Public Key Cryptography: RSA Encryption Algorithm
How secure is 256 bit security?
Keeping information secret from third parties. Only authorised entities are allowed to see it.
A way to associate information with an entity.
A record of the time when information got created
Acknowledgment that information is authorized or true?
- Verification – to test the correctness of a fact or value
- Data origin
Where information comes from.
- Data integrity
Ensuring that information has not been tampered with.
- Plain text
A message that will be converted into a secret. Usually a simple written language or a number.
- Brute force attack
When an attacker is trying to break the password by guessing all possible combinations
- Private key
A secret random number generated by the user. It should be kept secret.
- Public key
A public key is mathematically derived from the private key. It is made available to everyone.
- Public Key Cryptography: RSA Encryption Algorithm
- Public-key cryptography
- The Decryptionary
- Crypto 101, PDF
Also published on Medium.