How Digital Signatures and Hashing Protect Your Transactions
Digital Signatures and Hashing
Digital signatures and cryptographic hash functions comprise the secret sauce that makes cryptocurrency work. They put the crypto into currency, so to speak. Your digital signature proves you have the private key that claims ownership of assets described in a transaction. A hash function defines and secures a transaction.
Cryptography — Do You Want To Know A Secret?
Digital signatures and hash functions live in cryptography, so what is cryptography? Cryptography defines the art and science of encoding and decoding messages to maintain privacy between communicators.
The Salad Days of Cryptography
Different forms of cryptography predominate in different periods over the years. In the days of Julius Caesar, simply rotating the alphabet sufficed. And cryptographers thus refer to this as “the Caesar cipher.” Instead of the word “cat” an encrypted message might simply rotate all the letters one step to the left, so “cat” translates into “dbu”. In the movie 2001: A Space Odyssey, rotate the letters “HAL” in the same way, and what do you get?
As time goes by, systems of cryptography break as cryptanalysts solve each given system.
Public Key Cryptography
Asymmetric cryptography, also known as public key/private key encryption or simply public key cryptography, currently prevails. Public keys and private keys are simply numbers.
The term asymmetric distinguishes it from symmetric cryptography. In symmetric cryptography, the same key both encrypts and decrypts the message. Consequently, the key must remain hidden. This creates a key distribution problem — how to securely transmit the key to the recipient as well as the encrypted message?
Public key cryptography solves this problem by publishing a public key anyone can use to encrypt a message, and the user keeps a private key to themselves to be used to decrypt the message. This works through the magic of one-way mathematical functions. One-way functions compute simply and easily but resist reverse engineering.
Public Key Cryptography Example
To illustrate with a very simple example, multiply two prime numbers: prime1 * prime2 = result. Given numbers sufficiently large, anyone can look at the result, but determining which two prime numbers were used to arrive at that result presents great difficulty. The result represents the public key, and prime1 and prime2 represent the private key.
Asymmetric cryptography breaks when hackers use sufficient computing power against it. However, hackers need supercomputers to accomplish this within a reasonable time frame. Encryption will need to evolve when quantum computers grow to be the norm.
Created by the private key, a digital signature represents the private key and thereby shows the user signed off on the given transaction.
You can think of a digital signature as something of a variation of an encrypted message. Just as public key cryptography creates an encrypted message, a private key also creates a digital signature. With the public key, you can quickly verify the digital signature was created by the private key. Think of this as something of a jigsaw puzzle. The puzzle may be very difficult to complete, but when completed correctly you verify it at a glance.
Feasting at the Hash House
A cryptographic hash results from a mathematical function that maps data of an arbitrary size into a fixed sized string of bits, known as the hash value or simply the hash. The given input data always results in the same hash. Consequently, if a message does not match the hash value associated with it, you know the message has been tampered with. Two different messages should never create the same hash value. If they do, this constitutes a collision, and the hash function that created that value is fatally flawed.
A Simple Example of Hashing
To illustrate, assume we want to hash the simple string “ABCDE” as the input data.
Let’s create a simple hashing algorithm. First, we translate the letters into numbers: A = 1, B = 2, C = 3, D = 4, E = 5. Our resulting hash value must be one digit. An elementary method simply adds all the digits together: 1+2+3+4+5 = 15. This yields a two digit number, so our algorithm continues recursively to add each digit of this number: 1 + 5 = 6. This makes 6 our hash value, and 6 represents “ABCDE” as its hash.
If you receive “ABCDE” as a message represented by 6 as its hash, you trust the message is correct. But if you received the message “ABCXE” represented by the hash of 6 a mismatch exists, clearly because of message tampering.
Our simple hashing algorithm fails on many levels, of course. For one, the string “EDCBA” or any combination thereof creates the same hash as “ABCDE”, thereby creating collisions. Complex math overcomes these issues. The hashing algorithm most currently used in cryptocurrency goes by the name SHA-256 (the acronym stands for Secure Hash Algorithm). In the SHA-256 algorithm, the fixed size of the hash value comes to 256 bits.
Digital Signatures and Hashing in Cryptocurrency
Okay, so how do we actually use digital signatures and hashing in cryptocurrencies?
Let’s look at a Bitcoin transaction to see the technology in action.
A Bitcoin transaction separates into two parts: 1) the input section, and 2) the output section.
The input section contains the sender’s public key, information showing the sender owns enough the Bitcoins to cover the transaction, and other useful information. The sender’s private key creates a digital signature to sign this transaction. This digital signature goes into the input section of the transaction.
The output section contains the recipient’s wallet address, and an index because there are more than one outputs (various outputs will go to the recipient, the sender, and to the miner).
Hashing comes into play to protect the integrity of the transaction. Data such as the payer, the recipient, and the amount paid require hashing to protect against malicious actors altering this information. Combining the cryptographic key and these input parameters to feed the hash function creates the Transaction ID. We now know with cryptographic certainty the sender does in fact have the authority to make the payment and that the details of the transaction are correct and have not been tampered with.
A Fly in the Buttermilk
A known problem with Bitcoin transactions arose with something called transaction malleability.
Transaction malleability occurs because Bitcoin hashes various fields in the transaction. During the processing of the transaction, some of these fields might change in seemingly marginal and insignificant ways. But because they change, the hash value changes, causing the Transaction ID to change.
To visualize this, think of a field containing the integer 123, but during processing, the system expands this to become 0123. Both constitute the same number, and looking at them we know them to be the same, but the hash function sees them as different and subsequently creates different hash values for each. This quirk presents opportunities for bad actors to game the system.
SegWit to the Rescue
Segregated Witness (SegWit) technology fixed this problem. SegWit creates a structure separate from a block (segregated). This separate structure contains the information required to determine the validity of a transaction (witness the validity of the transaction) but does not contain the transaction data itself. Separating transaction data in this way removed the possibility for malleability.
Cryptography evolves as technology evolves. Computers in the future will certainly break the cryptography of today. But for the current world we live in, digital signatures and cryptographic hashes provide sufficient safeguards to ensure the security and integrity of our transactions.
What are the best crypto debit cards on the market in 2019? We compare fees, country availability,...
Is Bitcoin money laundering as much of an issue as the media makes it out to be?...
Michael Meisler, EY Glbobal BLockchain Tax Leader gives his thoughts on the current and future status of...
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Wilton Thornburg is a software engineer, currently based in the greater Boston area.