Cryptography in Blockchain [Everything you need to know]

by

In this Blockchain tutorial, we are going to learn about Cryptography. And we will also discuss the following set of topics.

  • Introduction About Cryptography
  • Security Services provided by Cryptography
  • Primitives of Cryptography
cryptography
Contents show

Introduction About Cryptography

Cryptography is a method of establishing a secure communication channel in which a message given is received by a genuine recipient without being read by a third party.

  • Cryptography ensures that entire message is encrypted so that if any attacker finds it they won’t be able to read it.
  • The Cipher alrgorithm is applied to encrypt and decrypt the message.
  • Cryptography is primarily used to provide a confidentiality service on its own. Though it is not complete solution but plays a vital role in addressing the security problem.
  • Securing a blockchain ecosystem requires many different Security Services and cryptographic primitives.

Read Blockchain Architecture

Security Services provided by Cryptography

Security services play an important role in securing the blockchain ecosystem as they draw lines of control to prevent leakage of information and other incidents.

A secure system is comprised of policies, rules, and regulations, in addition to complex algorithms. There are 5 types of Security services:

blockchain sercurity services
Cryptography Security Services

1. Confidentiality

Confidentiality is the assurance that information is only available to
authorized entities.

2. Integrity

Integrity is the assurance that information can be modified or changed only by
authorized entities.

Read Types Of Blockchain

3. Authentication

  • Authentication provides assurance about the identity of an entity or the validity of a message.
  • There are two types of authentication:
    • Entity Authentication
    • Data origin authentication

Entity Authentication

  • Entity authentication is the assurance that an entity is currently involved and active in a communication session.
  • It confirms that credentials are being used by legitimate user for logging into the system.
  • Earlier, users uses username and password to access the platform. But in that case, it was not sure that legitimate entity is logging in or someone else is using the credentials. There was a posibility of password leakage.
  • This type pf pratice was known as single factor authentication as there is only one factor involved and it was not so secure.
single factor authentication
Single Factor Authentication
  • There was a need for additional factor that could validate the presence of legitimate entity at the time of logging in.
  • Then Multi-factor authentication also known as two-factor authentication was introduced wherein presence of legitimate enitity is assured using different modes.
  • These modes could be smartcard, token, one time password, iris verification, biometric, etc. User has to use login credentials plus any one mode out of these. If any of them is not available then access is denied.
two factor authentication
Two Factor Authentication

Data origin authentication

  • Data origin authentication assures that the source of information is verified. It is also known as message authentication.
  • It gaurantees data integrity, because it can confirm the received data by sender. If sender approves that received data is not altered that means data was securly transmitted.
  • Various data origin authentication method like Message Authentication Codes (MACs) and digital signatures are used by various companies in the United States of America or United Kingdom or Canada.

Read Consensus in Blockchain

4. Non-repudiation

Non-reputation is the assurance that an entity cannot deny a previous action or commitment by providing incontrovertible evidence.

  • This security service keeps a record of each and every transaction and commitment made so that this record can be presented during any dispute.
  • This service produces cryptographic evidence in electronic transactions so that in case of disputes, it can be used as confirmation of an action.
  • Disputes on transactions over the internet are very common issue but security service like this can help in resolves complex issues in no time with condition that both the parties honour the proofs.
  • When more than 2 parties are involved in the dispute then multi-party non-repudiation (MPNR) is applied.
  • MPNR refers to non-repudiation protocols that run between multiple parties instead of the traditional two parties.

Also, read, Digital Signature in Blockchain

5. Accountability

Accountability means someone should be responsible for an activity that occurred. Accountability security services trace back the responsible party for the security threat.

  • In simple words, the way cops catch the rules violator similary accountability services finds out the responsible party for security breach.
  • The process involve logging and audit mechanisms in systems where a detailed audit is required due to the nature of the business.

In order to provide all of the security services discussed in this section, different cryptographic primitives are used. In the next section, we will learn about cryptography primitives.

Read Decentralization in Blockchain

Primitives of Cryptography

Cryptography plays an important role when it comes to security. It keeps the message secure from intruders and only the rightful receiver with the decryption key can read the message.

To keep the blockchain ecosystem secure mainly three types of cryptography primitives have been used these types have further sub-topics. In this section, we will discuss them.

  • Keyless Primitives
    • Random numbers
    • Hash Functions
  • Symmetric Key Primitives
    • Secret Key Ciphers
      • Block Ciphers
      • Stream Ciphers
    • MACs
  • Asymmetric Key Primitives
    • Digital Signatures
    • Public Key Ciphers

Keyless Primitives

There are two types of keyless primitives namely Random numbers and Hash functions. In this section, we will discuss both of them.

Random Numbers

To make encryption unpredictable it is important that the pattern is hard to guess even by cryptanalysis and that is what Random number keyless primitive do.

  • Random ensures that cryptographic algorithm produce encryption that is way different from other encryptions created using the same algorithm.
  • If any attacker or cryptanalysis is able to understand the pattern then they can easily predict the future encryptions and that will ruine the purpose of cryptograph.
  • There are further two categories of random number in keyless primitive:
    • Random Number Generators (RNGs)
    • Seudorandom Number Generators (PRNGs)
  • Random Number Generators (RNGs) is a software or hardware that generates random information from the real world. It takes input from the real world and generates random information that is very hard to predict.
  • Seudorandom Number Generators (PRNGs) are deterministic functions that work on the principle of using a random initial value called a seed to produce a random looking set of elements. They are commonly used to generate keys for encryption algorithms.

Hash Functions

A hash function is defined as a program that can map data of arbitrary size (not fixed size) to fixed-size values. The output values returned by a hash function are mainly called hash codes, hash values, digests, or simply hashes.

The values are usually used to index a fixed-size table called a hash table.

  • Each key has same hash code no matter where ever it is run.
  • Hash functions are keyless, and they provide a data integrity service.
  • They are usually built using iterated and dedicated hash function construction techniques.
  • MD, SHA1, SHA-2, SHA-3, RIPEMD, and Whirlpool are the family of hash function.
$ echo -n 'bitcoin' | openssl dgst -sha256 
(stdin)= 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b 
$ echo -n 'Bitcoin' | openssl dgst -sha256 
(stdin)= b4056df6691f8dc72e56302ddad345d65fead3ead9299609a826e2344eb63aa4 
$ echo -n 'bitcoin' | openssl dgst -sha256 
(stdin)= 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Things to notice in the above example:

  • Hash code treats uppercase and lowercase characters separately.
  • Different hash code is generated for ‘bitcoin’ and ‘Bitcoin’.
  • Hash code always remain same on all the systems and platforms for a particular key.
  • Like in this case, hash code generated for the key ‘bitcoin’ will always be same on all the systems and platforms.

Read Methods of Decentralization in Blockchain

Symmetric Key Cryptography

In Symmetric key cryptography or shared key cryptography, a single key is used for both encrypting and decrypting the data.

blockchain symmetric key cryptography
Symmetric Key Cryptography
  • The key must be established or agreed upon before the data exchange occurs between the communicating parties.
  • Symmetric key is also called ‘secret key’.
  • Both sender and receiver has same secret key using which sender can encrypt and receiver can decrypt the data.
  • This type of cryptography is fast but less secure as attackers only have to steal one key to access the data.
  • Key generated in symmetric cryptography can also be:
    • ephemeral key
    • static key
    • master key
  • Ephemeral key: These are temporary keys generated for short period of time between the participants.
  • Static Key: These are for long-term usage.
  • Master Key: this key is used for protection, encryption, decryption and generatrion of other keys.
  • Symmetric Key Primitives are further divided into two parts:
    • Secret Key Ciphers has Block Ciphers and Stream Ciphers
    • Message authentication codes (MACs)

Secret Key Ciphers

Secret key ciphers have a block cipher and stream cipher that we are going to discuss in this section.

  • Block Cipher: Block ciphers are encryption algorithms that break up the text to be encrypted (plaintext) into blocks of a fixed length and apply the encryption block by block. Block ciphers are generally built using a design strategy known as a Feistel cipher.
  • Stream Cipher: Stream ciphers are encryption algorithms that apply encryption algorithms on a bit-by-bit basis (one bit at a time) to plaintext using a keystream. There are two types of stream ciphers: synchronous stream ciphers and asynchronous stream ciphers.

Message authentication codes (MACs)

Message Authentication Code is a short piece of information that confirms the message sent by the sender is not changed.

  • In other words, message authentication code provide data origin authentication.
  • MAC values are generated and verified using shared key or symmetric cryptography.
  • Message Authentication code can be created using block cipher or hash function.

Read Decentralized Applications in Blockchain – DApps

Asymmetric Key Cryptography

In Asymmetric key cryptography, a pair of keys are used for encrypting and decrypting the data.

blockchain asymmetric key cryptography
Asymmetric Key Cryptography
  • These pair of keys are called ‘Public’ and ‘Private keys’.
  • If sender uses public key to encrypt the data then receiver has to use private key to decrypt the data & vice-a-versa.
  • Asymmetric key cryptography is slower in terms of computation than symmertric key that is why this encryption is not applied on large files.
  • Asymmetric key encryptions are mainly used to exchange keys of symmetric key so that symmertic key algorithms can be used to encrypt the data.

Digital Signatures

A digital signature implements a mathematical algorithm that is used to assure the authenticity and integrity of a message, software, or digital document.

blockchain digital signature
  • It gives an assurance that message sent by sender is not tempered.
  • The imapct of Digital signature is similiar to handwritten signature where in everyone have trust that sender is the rightful owner of data.
  • Digital signatures are used in blockchains, where transactions are digitally signed by senders using their private key, before the sender broadcasts the transaction to the network.

Public Key Cipher

In a Public key cipher, a pair of keys are used to encrypt and decrypt the message. These pair of keys are called ‘public key’ and ‘private key’.

The sender encrypts the message using a public key and the receiver decrypts the message using the private key.

Also, check: Tokenization in Blockchain

Conclusion

In this tutorial, we have learned about cryptography, we have covered cryptography, its types, and sub-types. Cryptography is a huge concept and we have covered a major part of it.

But we will be covering all of this in detail in new blogs. Also, we will have covered these topics.

  • Introduction About Cryptography
  • Security Services provided by Cryptography
  • Primitives of Cryptography