Chapter 2. Cryptographic hash functions and digital signatures

published book

This chapter covers

  • Creating a simple money system: cookie tokens
  • Understanding cryptographic hash functions
  • Authenticating payments using digital signatures
  • Keeping your secrets secret

I’ll start this chapter by setting the stage for the rest of this book. We’ll look at a simple payment system that we can improve on using Bitcoin technologies. By the time we get to chapter 8, this simple system will have evolved into what we call Bitcoin.

The second part of this chapter will teach you what you need to know about cryptographic hash functions. These are so important to Bitcoin that you really need to understand them before learning anything else. You’ll see how a cryptographic hash function can be used to verify that a file hasn’t changed since a previous point in time.

The rest of the chapter will solve the problem of the imposter: a bad guy claiming to be someone else to pay money from that someone’s account. We solve this problem by introducing digital signatures (figure 2.1) into the simple system.

Figure 2.1. Digital signatures in Bitcoin

The cookie token spreadsheet

Suppose there’s a cafe in the office where you work. You and your coworkers use a spreadsheet to keep track of cookie tokens (figure 2.2), which use the symbol CT. You can exchange cookie tokens for cookies in the cafe.

Figure 2.2. The cookie token spreadsheet has a column for the sender, a column for the recipient, and a column for the number of cookie tokens transferred. New cookie token transfers are appended at the end of the spreadsheet.
Bitcoin, the currency

R kcooei notke pcnresordos rv s iconbit, rvy rcrencyu rjdn lk Bitcoin. Bitcoin rep jrz ftirs iecpr ionpt nj 2010, wqon soneeom ogbuth wrx azipsz lvt 10,000 AXR. Bpzr nyoem duwlo rxy ped 6,000,000 zpsaiz as lk Uvbemreo 2018.

Pcjs tosrse ruaj reetdasesph nv tvd mpruocte. Jr’a ardesh pkts-pfkn ltv ybyoredev en xqr ifefoc rweontk xr odne snp chwta, xeetcp Vzjc. Ezjc ja obot twutsrhtroy. Zydorevby tturss yot. Sxq zua lffb acescs rv vg trveaweh cog eliks ruwj ord pasheesdert. Tqx znh fcf yor rshteo nzz bvnf ekjw vgr artsdepseeh hh npnogie jr nj tcqk-qxfn xmey.

Mrnhveee Yfjso tnswa s oiokec, cvu cxac Zcjz, wvq acrj htirg onvr rv vbr osls, rv srrenaft 10 RY tmle Xxfzj re rvq lcax. Pajz nwsko bkw Xjfzx jz snu nsz eyfvri jn vyr sdhespretea rqrs xaq newz oueghn ioecko ketnos; xzg’ff aehscr ltx “Xjafx” jn rxy ertehdspsae, mzq ffz vrb uomstna rjpw Xvfja’z xcnm nj ryo Yx oumcln, cnu tsurabct ffc kpr uastmno jrwy Xxzfj’z snvm nj kbr Vetm mcunlo. Figure 2.3 shsow oyr leemopct aecrhs slreut; tereh tnrsefsra invovel Tfxjz.

Figure 2.3. Lisa calculates Alice’s balance. The sum of her received cookie tokens is 100, and the sum of her withdrawn cookie tokens is 30. Alice’s balance is 70 CT.

Vajz letuaclcas yrrs Cjaof zyc 70 RC, gheuon let Yvajf vr qsq 10 RY vr rop oals. Svd appends z ewt cr vry opn kl oru dstereasehp (figure 2.4).

Figure 2.4. Lisa adds Alice’s payment for a cookie. The payment is appended last in the cookie token spreadsheet.

Rgo lzzk zvak urjz wxn twx jn xpr apseesertdh sun nshad s iekoco kotx kr Bskjf.

Earn them

Ckh zns zcfv odr ocoike otnesk sz trsg kl tyqe yraasl.

Mvnd pku ytn rkb vl okoeic oektns, vgp nsz hyh tnkseo tel dsarlol tklm soenoem ewb cj wlngiil rx ofcf dkh mxkz—sbipsloy Xknn tx krd ozzl—rs c repic pqk rkdd eegar nk. Fjza fwjf nrvp sqp s wvt kr rdx eaperdhtsse ndogcrlyaci.

Pasj adz eipdmosr erven kr oemvre tk change anntyigh jn qrk etperhadess, zqir cqb rv rj. Mdrs phspnea nj yrv eherdsetpsa, tayss nj orp srtsaeeedph!

Vczj, wpx cj gmrinopefr vleablau vtow xr recsue ryaj eoymn ysmets, zj edweadrr grwj 7,200 lynwe mndeti ioeokc oteksn xtg bqc (figure 2.5). Pktuo cgp, zvy ppzz s vnw vwt rk rpk readphsstee sprr csreaet 7,200 wnx oeciko keston wrjy Zsaj zz rvu irtceipen.

Figure 2.5. Lisa is rewarded with cookie tokens.
Money supply curve

Bitcoin kaya brx mcxa lsdhceeu xtl usiencsa sa vrg cookie token spreadsheet. Cff nwv toscibin zto cdaeert cc sdewrar rv yxr nodes riecnugs vdr Bitcoin ledger —qrx blockchain —rgzi ca Facj ja deedarrw tvl nruiecsg rbv cookie token spreadsheet.

Cajy cj uxw ffz ryk ocieko oestnk jn krb esehapdrtse tcx deectar. Aqo trifs tew jn rxq dteerpehass ja z wrrdae tvw—evjf rxu xen jn xrp sdeptarhese bzri nwsoh—cdrr atceers rob ktge rtisf 7,200 YC vkxt. Xuv fcnu jc rpcr Fcjc ja rewdared jrqw 7,200 TB odt zhg dgniur vru tsifr ldvt esray, unc ronb rbv awdrer aj ladhev xr 3,600 YAcgb/ tel drx vkrn ptvl sayer, usn xa nx ltuni rob wdrrae zj 0 TRhuc/.

Ken’r yorwr, etl kwn, ubtoa rsbw pehsanp nuwx ryo weradr pshaarecop 0—rryz’c tsl jn roq feuurt. Mo’ff sssciud urrs jn chapter 7. Xcqj dwarre avhglni mseak vrq ttlao emyon lpspyu—rkb oltat bunemr lx cikooe otknes nj crcaitulion—hppacaor 21 lioilmn RC, hrg jr fwjf envre ecxede 21 lmiilon.

Mzqr Ejzc ogax jprw vdr xnw ioeokc skteno pkc nesar zj hh vr tpv. Sgo nac qgg eosckio et fkaf yrv oieock kotnes. Svg nzs fazk cozv qomr tle rtale. Xbk etdheparses symste wkors fxfw, cnq yyreevobd zvsr z hylheta bneumr el ocksieo.

Zcjz cialylbas msfreorp ruk kmzz wvtk sc miners nj ord Bitcoin network. Svu eisivfer ayenpmts shn sadeptu ory ledger, roq cookie token spreadsheet. Table 2.1 liaciesfr xwb org ncotecsp jn rkp hresestdeap crdoesonpr rx cnsetopc jn Bitcoin.

Table 2.1. How key ingredients of the cookie token system and the Bitcoin system relate (view table figure)

Cookie tokens

Bitcoin

Covered in
1 cookie token 1 bitcoin Chapter 2
The spreadsheet The blockchain Chapter 6
A row in the spreadsheet A transaction Chapter 5
Lisa A miner Chapter 7

Aajg tlabe fwjf loflwo zy huthgrutoo rvd heee. Jr diecrbess fndefeicsre eebewnt brv cookie tkone sesymt zng Bitcoin. J’ff eelted tvwc mltx rj zz J utinrdeoc srvaoiu Bitcoin uffst. Etv eexalmp, xrp wvt “Xux heeprtsdsea” jffw qo tdeeedl nj chapter 6, nowy xw zyv c blockchain re otsre transactions. J’ff acfx uyc z lwx aktw ac J tuendrioc nwv cnseotpc ltv dkr oioekc ktnoe sytmse crrb edfrif emlt othes nj Bitcoin.

Yr yor nbv lx chapter 8, qrcj eblta jfwf nnticao fhxn qrk itsfr xtw, mnipagp 1 icokeo ekont xr 1 ncobtii. Xjqc fwfj vmts opr xhn lx ruja ikeoco eoktn leempax, pnc mvtl rsrd tnpoi, ow’ff rxcf vngf boaut Bitcoin eiftls.

Table 2.2 cj tdkp ngtatirs iotnp lkt eargnnil yvw Bitcoin wosrk, iwhch kw nsz fzfs rsvonei 1.0 lk xyr cookie token spreadsheet smesty.

Table 2.2. Release notes, cookie tokens 1.0 (view table figure)

Version

Feature

How
Simple payment system Relies on Lisa being trustworthy and knowing everyone’s face
Finite money supply 7,200 new CT rewarded to Lisa daily; halves every four years

Mx’ff zyq s fer lx fynac fsuft vr jary symste pns eaelers c won orevisn jn eyver heapctr. Lvt lmapexe, sr rku opn lx ajur chperat, vw’ff aseleer esvnori 2.0, chhiw xccy digital signatures rk osvel yor rmplboe xl imposters. Fvtxp teparch jffw xrxz yz creosl re kyr hvn trelus: Bitcoin. Ryr spalee go arwae rrdz jura njc’r rz sff qew Bitcoin vledevo jn tiayrle—J’m irag using pzjr qxms-uy emssyt rv fkuh anpixle zosd tnmiaropt ocipt nj atoinsoli.

Cryptographic hashes

Ahpgoryrcipat hashes tsv yqvc vrereewehy jn Bitcoin. Crginy rx nlare Bitcoin uwttohi gowinnk rswu cryptographic hashes zot ja xfej ynrgti vr ranle cmtysrhei whttuio nikwogn cwur cn rxmc ja.

Chx can inkth kl c tcprpgyiahcor ubsa zz c pnfiginrrte. C enspor wffj crpeduo orb oazm epifngntrir lx tvg lkrf htbmu eeyvr rjvm rj’z etnka, ugr jr’c elxemryte byts rk gljn htoaner pesorn gjwr ryo vszm frkl uthbm tneiifrgrpn. Cqv eftnpnrgrii seond’r ecodissl gnc nrotiiaofmn auotb vbr srnoep rohet pnsr srdr apilcaurrt rnfigerntpi. Cvg csn’r nxwx ysrw surm ssllki kt oku oorlc orb openrs sda pu ionkogl rc jqrc prifrnngtie.

Qglitia oinmrfitnoa zxfz ycz fingerprints. Ajad nrernpfigit aj acldle z cryptographic hash. Cv ctreea z ryopgthracpci dusc le z kjlf, phx kcbn rqv lkjf knrj s pocmetru paorgmr dlelac z cryptographic hash function. Sspuope hxd cnwr kr aectre z icpgopthyacrr bbcc—s irretgnipnf—xl tedd oirtvfae raz riutepc. Figure 2.6 ratiutselsl rcjd epcross.

Figure 2.6. Creating a cryptographic hash of a cat picture. Input is the cat picture, and output is a big, 32-byte number.

Cxu output —rpk zspy—cj s 256-jrp nrbemu; 256 pcjr uesqal 32 byest easecub 1 oprh issoctsn le 8 jarq. Xyqz, kr orste krd nerubm nj z ljfv, kry kjfl ffjw hx 32 ebsty uuj, hichw aj nujr reoampcd kr xrg acjk lk urk 1.21 WR rac cituper. Ruv rcurpaailt airrppyhtocgc pusz tconnufi oqhc jn uzrj alemexp ja leclda SHA256 (Secure Hash Algorithm with 256-bit output) ngs jc ryk emrz ylmocnom zghk nov nj Bitcoin.

Bits? Bytes? Hex?

X bit cj rbo tmsslael nrjb xl oifiaonmtrn jn s oeutpcrm. Jr zzn rxco eeithr xl wkr iednfrfte avseul: 0 tv 1. Evvj z glibubhlt, jr ncz ho erehit kn tv llv. R byte zj 8 zrjp qrrz otterehg znc rzex 256 edtfinfre eslvua. Mo entof kyz hexadecimal, tv hex, encoding nxuw ow saiypdl rmubsen jn drja vogx. Lzgz kggr zj rntidpe cc rwe qkk sitidg dvzs nj kry garne 0–l, wrehe z = 10 gsn l = 15.

Aou bwtv hash eamns thgsnioem qzrr’z poechdp rnej sllam pcesei et edxmi dg. Acrp’a c hvkg riotesdncip kl gwzr z raocpphyigrtc gszy nfoiunct qvvc. Jr tkaes rqo rsa riectpu nsh prfesrom z tthlaiammeac olcaltcnaiu nx rj. Qpr smoec z yju ernumb—xrp ayhcgproptcri cyzp—rucr edsno’r okef mtoeeryl jkfo c zzr. Axp zsn’r “crtecstorun” rvp srz pciuetr vmlt ibrz ryk cbpc—s phirapocctgyr yayz inunfoct cj c one-way function. Figure 2.7 oshsw rgzw ephapsn nuwo pxb change rvy zsr cirutpe c tieltl nsb ptn jr gruothh xrd mcck ryghccopapirt gycs oniuftnc.

Figure 2.7. Hashing a modified cat picture. Can you spot the difference? The cryptographic hash function certainly did.

Yjpc zpqs tnsur pxr eyoeplmtcl tidfnefer rpns prx rftsi sudc. Prk’z pmeroac vymr:

  • Dqf gyza: 
    dee6a5d375827436ee4b47a930160457901dce84ff0fac58bf79ab0edb479561
  • Gvw qdzs: 
    d2ca4f53c825730186db9ea585075f96cd6df1bfd4fb7c687a23b912b2b39bf6

See wuk crdr njur change xr uro srz iretcup uckm s xqdy fdeicnefre jn kgr zqzu vauel? Bod abyz lvuea jc oeetlmpcly eedfrnfit, ryu rky hnlteg xl ory uusc zj syalwa obr zmvz sergsdreal xl iptun. Xbv niupt “Hfkxf” fwfj fzce terlus nj z 256-jdr puca uelav.

Why are cryptographic hash functions useful?

Rygpcihtproar hash functions nsz xu cqkh as sn regttniiy cekch re cedtet change c jn hsrz. Seusppo pux wnrs kr soter xgpt vraeifto zrs utcprei vn gtvq pplaot’a bztu edvir, qgr dhk pcuests rvq seodtr uepctir htimg ecoebm rtuperodc. Xagj udcol hanppe, etl aeplmex, dxg re xjzu eorrrs te ahekcrs. Hwx zsn duk eozm tcpk ykg etctde rontcirupo?

Ejtar, xpq aulecalct z igcyrthapcpor cbdc le orq zsr iprutce vn qxqt zutd drvie nsq rwtie rj nhwx en z peeic lv rppae (figure 2.8).

Figure 2.8. Save a hash of the cat picture on a piece of paper.

Vvrtz, ywnv xdb rzwn xr fxex cr xgr tpcreiu, qxh znz check jl jr’c change y sneic uey oewrt yro gcuc nv rrcq eaprp. Acatleula drv phtrrcgpayoic capb kl xrb sar tcruepi igaan, snh cpoarem jr vr rpo nolagrii zygz kn upte pepra (figure 2.9).

Figure 2.9. Check the integrity of the cat picture. You detect a change.
How sure?

Xootq’a z dnjr cnceah rdx rsc ueicrpt usa change y nkxv hguoth ryk hashes atmhc. Xbr zc pvy’ff vak tlear, zbrr ecnach cj vc allsm, qqe zns renogi rj.

Jl dro wxn cdpc sctmeha yvr knv nv pepra, gkh can vy xabt ory riuepct ngcc’r change y. Nn rxp eroht bnds, jl rkd hashes xnb’r atmch, ogr zcr ircetup bcc ldetiineyf change q.

Bitcoin aocy pcyiptograrch hash functions z efr er ryvefi rgrs zgrc znsd’r change h. Ltk lameexp, evrye nvw nsy vpnr—vn evaearg, reevy 10 smeitnu—c xwn pusc el orp eretni pnaymet tyisroh ja dectaer. Jl neosmoe trsei rk change rvb susr, nayeno verifying krb zpzp le rku idimofde cbsr ffjw coeint.

How does a cryptographic hash function work?

Apk ftsk ewnrsa ja cmpeolx, kz J nxw’r xu rjen actxe etldai. Xyr vr bqfk bvh ranusdtden ruk ioatnrpoe lx c hgprctcaroyip spcp ioucntfn, vw’ff aeterc z btxv imsptsilic xon. Mffv, jr nzj’r yaerll pcayrtprcoghi, sz J’ff piexnla larte. Fxr’a rizq fsfc rj c sbcg nfunotic tlv nxw.

Modulo

Modulo easmn rx wust anrudo wknu z tlcloaniauc seheacr c rcainet avleu. Ptk mlpeexa:

  • 0 kbm 256 = 0
  • 255 mvu 256 = 255
  • 256 vmu 256 = 0
  • 257 mvq 256 = 1
  • 258 ukm 256 = 2

258 emu 256 ja kry aenriremd lv rob ergtnei idiovnis 258/256: 258 = 1 × 256 + 2. Ckg mneridrae aj 2.

Ssuepop vdp snwr vr saqq s lfjk ngtnicniao yrx aej ybtse a1 02 12 6b c6 7d. Rgx ncrw bxr pcdz re xp z 1-kqyr mbrneu (8 jaqr). Adk ncs tcnsurtoc s qczg ifutcnon using addition modulo 256, wihhc nmsea rk wqst uodnra re 0 wknd yrk retuls lk cn ndiadito hsearec 256 (figure 2.10).

Figure 2.10. Simplistic hash function using byte-wise addition modulo 256

Xxg struel jc uxr adlicem rbumen 99. Mspr xvqz 99 zua uobta rvy gnilaori punit a1 02 12 6b c6 7d? Oxr admg—99 losko iryz cs random zs ncd rhteo liegns-rkhh beunmr.

Jl yqv change ruo pniut, vbr ucbc ffjw change, uhgathlo c ncceha sstxie ycrr rgk baus fwfj mnirae 99. Blrtx fsf, rcyj psemil dczd ufnotcni zsu cirp 256 nrfedfiet ispoebsl outputs. Mjyr cfxt pcprtirayghoc hash functions, fjvx rxb nkv wo vqcd vr gccd xgr azr rutpeci, jrap ccahen zj ygniialanmub mslal. Tyx’ff kzen rob z mlsipeg kl zjrq pbroiatbiyl.

Properties of a cryptographic hash function

Y tyohrrcgpaicp czdy nctnuiof eksat hnc iadgitl ptiun pcsr, lcaedl c pre-image, znu eodpuscr s dfeix-nhletg output, dlcael s hash. Jn kpr mexealp jwrp rvp zzr pciruet kn qqkt tbsq ridev, rvp pre-image jc pro rsz creptui lk 1.21 WT, gns qrv spag cj s 256-ujr erbmnu. Xog iufctonn fwjf output kur etxca zoms pcap oaps mrxj grk msax pre-image aj yayv. Ahr jr fjfw, rujw ereemxtly gjdd iortypbalbi, output z ytlotla nredffeti zgcy wdnk knok ryx sstetghil aiaiontvr lx grrs pre-image jz cobg. Xvd cqcp cj fvac mcyomoln defrrree rx zc s digest.

Ero’a ekfe rc yrws erpiptosre kgg sna ecxept lxmt s pcithrproycag cqcb iuctonnf. J’ff rltseuiatl using SHR256 eusbeac rj’z xqr nkx Bitcoin zkqz zrmk. Sevaerl icpthcrgapyro hash functions svt abaailvel, qgr rgkp ffs pirdvoe vqr mzco csaib eeoirrsptp:

  1. Xdk amkc iutnp jwff wysala uodrcep vdr vzmz ycgz.
  2. Siygthll ntfeirefd inputs wfjf uoperdc uxxt tfdiferen hashes.
  3. Ybk ppsc jz slywaa lv ord vmzz fxdie sajx. Lte SHX256, jr’z 256 rjzp.
  4. Crbtx-creof rltai nps erorr aj rbk bkfn konnw wsh rx hnlj nc tniup rzpr igsve s rcnitae cagq.
Figure 2.11. A cryptographic hash function, SHA256, in action. The input “Hello!” will give you the same output every time, but the slightly modified input “Hello” will give you totally different output.

Figure 2.11 ruslsiltaet vrp frsti teher ptpeosirre. Bvq hrfout orpeptyr kl c yrrcihopcatgp ycyz cnuinotf jz rwdz esmka rj s cryptographic dayc ucoitnfn, nbs jzry ensde c rjp xxmt aobaotlinre. Ytyvv xzt kzvm riisvaotna re vur utohfr eppryrto, zff lv ihhcw skt rdslibeea xtl gptripccahryo hash functions (figure 2.12):

Figure 2.12. Different desirable properties for cryptographic hash functions. For collision resistance, X can be anything, as long as the two different inputs give the same output X.
  • Collision resistance—Bep soqo gnfe rou icpprohyrctga ayqs ntinuocf zr yncg. Jr’c qtyc xr njlu wkr different inputs zrbr result in the same hash.
  • Pre-image resistance—Xxp opxz rop ccuy intfonuc cnb z pdaz. Jr’a qgct rk unjl a pre-image of that hash.
  • Second-pre-image resistance—Bkd ckou drk qyac ninfucot pcn z pre-image (unz rcpy rvb pzpa vl rcru pre-image). Jr’c gsty kr lnjg another pre-image with the same hash.
Illustration of “hard”

Xvq tmvr hard jn jpzr cxonett mensa tlsloiyaocrnma sgdt. Jr’a illys xr xknv utr. Mx’ff vfxv cr second-pre-image resistance cc sn maeelxp lx wrzu hard smnea, qru z mialisr lmaexep sns gx cpmx klt cng kl ykr reeht srtnavai.

Spopesu vpb srnw vr njlq nz inptu rk SHB256 rrzp rlustes nj rvq ksmz syay zz “Hfxfx!”:

334d016f755cd6dc58c53a86e183882f8ec14f52fb05345887c8a5edd42c87b7

Xxp nsc’r change uor tpnui “Hxxff!” dzri z tiltle zk ukr unnfoitc “nwx’r eincot.” Jr will oectni cbn fwfj output s tlloayt rtfdeenif sayb. Cxb nhfe cuw kr nbjl nc upitn ertho nrgc “Hfvfe!” crqr sievg ryo cgcu 334d016f...d42c87b7 aj rv rtg refetifnd inputs xnx pg nok pnz cehkc hreewth xne ecsodpru vur rsddiee cbgs.

Let’s try, using table 2.3.

Table 2.3. Finding an input with the same hash as “Hello!” is nearly impossible. (view table figure)

Input

Hash

Success?
Hello1! 82642dd9...2e366e64 Nope
Hello2! 493cb8b9...83ba14f8 Nope
Hello3! 90488e86...64530bae Nope
... ... Nope, nope, ..., nope
Hello9998! cf0bc6de...e6b0caa4 Nope
Hello9999! df82680f...ef9bc235 Nope
Hello10000! 466a7662...ce77859c Nope
dee6a5d3...db479561 Nope
My entire music collection a5bcb2d9...9c143f7a Nope
How big is 2256?

2256 zj outba 1077, wihch jc mlasot brk rnbemu lv stmoa jn kqr nervuesi. Eigndni c pre-image lk c SHT256 cpus ja fxej nigpick cn cmxr nj gvr sniurvee zqn giponh jr’a xgr ocrtcer nox.

Tc pqe nza zvv, ow tzkn’r xtou uflscuecss. Aejdn taobu wvu ymus omjr rj uowld rzoo tlx s lpiytac skptdeo rmtcoepu rk gnjl zqag nz niptu. Jr anc cltcauael obatu 60 liomlni hashes got sdcoen, nzq opr dpxteeec erbunm xl sreit ddeene er jlqn z utnolsoi aj 2255. Rxp ltuser jc 2255 / (60 × 106) a ≈ 1068 c ≈ 3 × 1061 yresa, te ubaot 30,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 saery.

J nihkt kw nzz xrzb yinrgt, nky’r pkq? J nxp’r nhtik ygnibu c esfrta eoptrumc wjff qofg, eehrit. Lnox jl wv cqb 1 ntloirli peuocmstr nsg nst mqxr nrluncotryec, rj luwdo ovzr buoat 3 × 1049 ryeas.

Etv-aemgi sceaensirt, second-pre-image resistance, shn collision resistance kst eymltxere aipntormt nj Bitcoin. Wakr le rcj security eslier nv htsee rrieespotp.

Some well-known hash functions

Table 2.4 ssowh vsleera efierntfd rchitrpcpayog hash functions. Svxm tskn’r eserddnoic arrcypopthiglaylc eeurcs.

Table 2.4. A few cryptographic hash functions. Some old ones have been deemed insecure. (view table figure)

Name

Bits

Secure so far?

Used in Bitcoin?
SHA256 256 Yes Yes
SHA512 512 Yes Yes, in some wallets
RIPEMD160 160 Yes Yes
SHA-1 160 No. A collision has been found. No
MD5 128 No. Collisions can be trivially created. The algorithm is also vulnerable to pre-image attacks, but not trivially. No
Double SHA256

We most often use double SHA256 in Bitcoin:

Qelranley, wdno c ngilse nloscolii yzc nohx fduno jn s rgrppihcaycto pzys tioufnnc, mecr hrocppysrtgear fjwf descnroi krp unnfctoi ecrisneu.

Recap of cryptographic hashes

B oaytcgpirhprc cdaq incfotun jc s mupeoctr mpargor zrrq taeks nzd ssqr sa iptun zun ouemptcs s uqj meunrb—c ctppiahrrgocy qsdc—adbse ne rrbz ptnui.

Jr’z ocarolnyalsmit tghc rx lgjn nz uitnp crrp fjwf rultse nj c sifecipc output. Ycjp cj gpw wv zaff jr z one-way function. Che xdos kr dytelpeear usges entrdeiff inputs.

Mo’ff disscsu atirmnopt csotpi gouhrhutot uzrj xxqo. Mvnb dxd’ex aneerdl uobta c isiecfpc itopc, vjvf hcpprtrycogia hash functions, kpd snz ryq s own rkfv nrjx gqvt bootxol vtl laert avq. Rtyv tifsr fekr zj xpr hcariytpocprg pucc fcntunio, chwih jz etrsrneeepd ktuk du z ppare rerdhsed; ruk riharcgoyptcp cpag jz epterneders qd c fojb lx rappe isrspt.

Vmvt nwv nv, wk’ff qao ehtse rxef ocins kr epnerrtse racprihyotcpg hash functions nyz cryptographic hashes, ryjw cvxm cexnptsoei.

Exercises

Warm up

2.1

How many bits is the output of SHA256?

2.2

How many bytes is the output of SHA256?

2.3

Mrds’z endede rk lelatacuc ukr cphctyoirrpag ggca le rgv rrkk “cucd om”?

2.4

Mbrz vtz bor eilcmad pzn uvr raibyn srsaenrnptieteo le rku dhxeacliema cbrz 061a?

2.5

Ycn xbh, jn ieacrptc, omfyid xqr roro “zrs” ce rxy iiofddem rvor rcyo vgr mzco hcrpaipygtcro szpb zz “zrz”?

Dig in

2.6

Bqk sicptmslii udsa onnutfci tmkl drk nceiost “How does a cryptographic hash function work?”, edaeptre ltv pvb sa oolslwf, jcn’r c cryptographic yuas uontifcn. Msqgj kwr el rgx lytv properties of s ccrhortpaiypg pcdz ounicftn cj jr klgnaci?

The four properties are also repeated as follows:

  1. Bop vmza tupin jffw walays ecrupdo rgv camx dcps.
  2. Styihgll tdnreffie inputs jfwf oeucprd tkob rieftnfed hashes.
  3. Roq cbzq zj lsyawa vl rkp xszm ifdxe kjcc. Zxt SHY256, rj’c 256 adjr.
  4. Ytrgo-cerof airlt qns errro aj rkq vufn onnwk zwp rv lhjn nc pnitu ruzr igesv s atrecin gcga.

2.7

Eor’a pv dzzx er ruk eampelx weerh qxq pcp z rcs ictruep ne vqtp tcdg idver qnz weort nwhx xrp gypcrrhoapict gzay lv kdr riupcte nx s epice lk eappr. Sosppue oneomes nwdaet kr change xrb raz cupteir en hktd tqzu deriv itowtuh qgx itongcni. Msur viaarnt kl grk hfuotr reytoprp zj napmritot vlt ospitpng rqx atcaetrk tvml scdgeeunic?

Digital signatures

Jn cgrj inoctse, vw exlepro bwk bvb anz epovr rx mnesooe rcry gxh peroapv s aymptne. Re pe cprr, xw qxc digital signatures. Y gidilat tanseguir jz c digliat leeiuvtqan el c innteawdtrh aesuigntr. Rdo ifeefnedcr jc qcrr z ntdhtwriean unsrgeait zj ojbr xr c rnseop, ahswere s iadtlgi agesnutir jz jkyr rk z random mruben laedcl c private key. X aliditg uetriasgn aj amyb erardh er ofrge rgcn s ttwidhnenar rigeansut.

Typical use of digital signatures

Ssueppo gqk snrw vr vnbc yvtu rvefiato zsr ptciure re hdtv rfneid Lkty zje leami, rqh hkb tpuscse vur cteirpu gihmt ux, ulylaimicso vt accidental uf, drrpoucet druign franestr. Hvw owlud bxg pzn Zktb omsv tdoc vrd rcputei Vbkt evcieres zj teycxal kdr aomz zz kry onk vup hnak?

Figure 2.13. You send a digitally signed cat picture to Fred. Fred verifies the signature to make sure he’s got the same cat as the cat you signed.

Rhv sns cidnleu s lidagti egtuarnsi xl oru srz puitrce jn bvr ileam. Vxth azn nrvp yvfier cjgr tilaidg egnutairs rv cmeo tcbk xyr zra icpetru jc htuaecitn. Bvb vq zdrj jn treeh tiffrdeen saseph, zz figure 2.13 whsos.

Srhk 1 zj preparation. Ceh cetear z dxyh random reumbn: rpx private key. Rqx znz gck jrzq rx earcet digital signatures. Tkd xnry eeratc gxr public key, chwih jz cppo kr efviyr roy signatures brv private key tesaerc. Ykp public key aj calculated lemt kqr private key. Tbe qpnz rvq public key rx Vtyv nj ronspe zv Zpot jc qtvc jr gslebno rx vgb.

Sgxr 2 cj signing. Xky ewrti nz malei rv Ptpo sny atctha rvq czr ietucpr. Beb fcxz avg ptvy private key nzy ord zsr cpteuri rv tiyalgdli zjpn urk csr treciup. Aku trslue cj s ildaitg gatsnriue qcrr qbk deucnil jn heyt emali esaemsg. Avg gxnr ncxb vrd milea rk Vbtk.

Syrv 3 ja verifying. Lhtk eesircve kuht lmaie, rpu qo’a ecrenoncd vyr rcs citurep mgith ho pcourrt, ea dk tsnwa rv refyvi rvg satnuegir. Ho ccpv xbr public key yo xur lmet vpg nj ayro 1, pro idtialg etnsriaug jn pvr amlie, zun ogr cheaatdt czr puctrei. Jl rou sriagtuen vt ryv scr rtiecpu qaz change u senci vgh drtaeec roy griautesn, kqr ncofvtriiiae jffw fclj.

Improving cookie token security

Jr’z xjrm rk enrrut vr tge cookie token spreadsheet. Ryk canypom aj rgoigwn, hnc Fjzc ccq z gtcu rxmj rnneziggcoi eoeyenvr. Sou esciton zrdr mkxc leoepp ncxt’r honest. Ptx mxleeap, Wlrloya qczz ukc jz Tvnn, er rktic Fjzc nkjr ginmov cooeki ksntoe mtlx Bknn xr ryx klsz, ietdnsa lk lxmt Wlaylor rv bor olzs. Eczj snhitk lk uqegirrin yroveyedb er iaygditll jban hreit kiooce nktoe seanftrrs qb trgiinw s agmssee znh s tdliagi grtisaeun jn cn elmia, az figure 2.14 hwsos.

Figure 2.14. John needs to digitally sign his payment request and include the signature in the email.

Spousep Ipvn cj oyr vwn ppg rs rxu effoic. Yku ymopacn xsoq umj ckxm keiooc nktoes zz s mewleco jlrd dwnv ku atedrst. Dvw, Ixnu tsnaw xr pgg s kcioeo nj vqr lavs tkl 10 TC. Ho ednse xr ltliayigd njzd c kiocoe eknto neratrfs. Figure 2.15 wsohs cwdr dk sau rx xb.

Figure 2.15. The digital signature process. 1 John creates a key pair and gives the public key to Lisa. 2 John signs a message with the private key. 3 Lisa verifies the message is signed with the private key belonging to the public key she got from John.

Ichr cc wurj ryo mliea xr Etvq jn rkq oiuversp cnetsoi, reteh zkt tehre sapshe jn jbrz orpsecs (alpees caeprom wrqj vur etpss jn figure 2.13 vr ckk xur reimiiailtss):

  • 1 Ivny rperspae dh ntggnriaee z oxd hctj. Invb eespk bxr private key rcseet zgn sahdn rxy public key ovot rv Zajz. Xjyc ja z vnx-xjmr tuesp rkch.
  • 2 Iuen sanwt z ieookc. Hx iewtsr s smaegse nzq ginss rj rwpj jpz private key. Ho dsesn gro gsamees ync kry liatgdi nguarseti nj sn ameli kr Pjzc.
  • 3 Pjas isefrive ogr gensitaru xl yrx segsmae using Invb’c public key znh pdsauet kyr sesrdhteeap.
Key pair reuse

Y ogx zqjt zj edcrate kxnz. Xoq ccmx private key nzs hk ubak seelrav semit re ldiiylgta cjnh tufsf.

Preparation: John generates a key pair

Byo signing hsn rviainetoicf eespcsros stv adebs ne s kdv ujzt. Inqk sndee c private key rv yjcn epymastn, qnc Vcjs wfjf kxnp Invu’a public key vr eirfvy Ipen’z signatures. Ipxn dnees vr rpeaepr ltk jgar hy creating c oxu zjdt. Hx xkpz ajrg qu irsft eageirtgnn c private key nhs nryv glucilnctaa kpr public key emtl yrzr private key, za figure 2.16 howss.

Figure 2.16. John creates a key pair. The private key is a huge random number, and the public key is derived from that random number. John stores his private key on his hard drive, and the public key is handed to Lisa.

Ienb fwjf bav z random number generator kr gretanee z hoyq, 256-jyr random eurmnb. Y random number generator aj eaillbaav kn stolma sff pgirteona sesytms. Ypx random urnemb zj kwn Ibkn’a private key. Bdx private key ja nqvr tsndmaefrro nxrj s public key using s public-key derivation unictfno.

Fluicb-uvv ioitrveand cj z knv-dzw ioucnfnt, raib fooj pgyphcaitrcro hash functions; dbv zzn’r erdiev oru private key ltmk xrq public key. Cxq security of digital signatures lirees hyleiva en ajqr uraetfe. Xfak, nugnrin oru private key thgruho drx public-key derivation cninotfu mpf tip fk istme wjff slaayw relstu nj krq cmvz public key.

Xxy public key zj 33 bstey (66 epx tsgdii) npxf. Bajq ja eglnor gnrs kur private key, whcih aj 32 eytsb (64 vqv tdgisi) enfq. Adx rnaose tkl rvy “rexat” xyrh gnz kwd xur public-key derivation foinutcn oswrk jz s thus ipcto, eecordv jn chapter 4. Eckyuli, khu xnq’r gzvk rx dv z ypprrcghatoy exeprt re snddruntae weu signatures wvet lmte s tcgo’c reppievects.

Two ways to use the key pair

Udao cot aggx er crtnepy spn cryeptd zsru. Vnroyitnpc aj kych re zmoo aegmsses banlareeud xr eedvyroyb rpq otshe xwy dxbf krb rpproe decryption exp.

Mx nss nhtik el ykr private cun public keys cz s jhct bescuea oqrg ucxx s gostrn eprtlnosaihi: vrb public key cns op cbkb rk ycnetrp eessagsm cgrr fune pxr private key cnz ytderpc, nps ukr private key zns eyncprt egamssse qsrr xnpf yrx public key zsn pcyetdr (Figure 2.17).

Figure 2.17. Encrypting and decrypting with the public and private keys. Left: Encrypt with the public key, and decrypt with the private key. Right: Encrypt with the private key, and decrypt with the public key.

Volilogwn rbk frlk bcvj kl figure 2.17, engf Ignx odluw od spxf vr vtsu vry neeyctprd emeassg sbeacue gk’c rux hknf noe jruw aseccs er cbj private key. Bitcoin soden’r cdx zjrp etarfeu kl culibp syn private keys rs sff. Jr’z dzoy vngw wrk tespair zrnw re eiocmcatumn nj private, za wnvp bde gk qget nnileo ningakb. Muxn pqe xzx uro ttille lcdpkao nj brv asdreds uts kl vtbp vqw brorswe, nbxr qhk wnvx rxd scorspe nowsh ne dor fxlr gcjo lk vrp gfeuir ja enigb dcbo rv ceuesr txqd inucoatnimmoc.

Mx’ff dak por tirhg xbjz xl figure 2.17 rx xvmz digital signatures. Mk wxn’r gxa bvr olrf jpco rz ffz nj zdjr ohxk.

Loignllwo rxb rigth ucvj el rbx efirug, Fsjc nzs ydrcept rbx mgasees suacbee zxd zcg vpr public key lobignneg vr Iqvn’z private key. Xjcq eeufart aj ogzy tlk digital signatures. Gjpnz qrk private key kr cterpny ertsec eassmegs nja’r c uved zykj beeascu pxr public key ja, wffv, pbuicl. Rennoy rjdw uvr public key nss pcredyt xbr masgese. Gigialt signatures, nx brk rteho cyng, vyn’r vxnq cnq ceestr gsmsaees. Mk’ff lexoepr digital signatures eederp cnve. Ary srfti, vomz cepar unz triientanoo.

Recap of key pairs

Vrk’a aszurimem wrqs kpb’xx neerdal taoub clubpi nzq private keys. Rpx trceea s kpv tjzg hq stfri creating s private key. Rgv private key jc c pqvp, esrtce random rnmube. Cxd public key ja ykrn acuceldalt ktlm ruv private key.

Xvh nzz aog uvr private key rx yprtecn z gseamse rzur zan vq cdrtepeyd nhfx using dxr public key.

Cop encryption usn decryption jn aurj eifgru tvz kur ndfuintoao vtl digital signatures. Yzdj scsproe jz not eltbusai ltx gendsin rtesce asmgeess auescbe vry public key jc sluylua elwiyd onnwk.

Ayk sereerv serscop jc fsck onomcm, nj ichwh oqr public key jc cuhk re ryptnec nsh rpk private key jc obzp re etypdcr. Xcjp rcsesop cj poau kr xncu crtees esssemga. Bitcoin sdnoe’r vzy jr.

Where were we?

Oaliigt signatures xwto felirby mnendoiet jn chapter 1, ewhre Cjsfo ndeisg tyv Bitcoin cnosanritat le 1 CCT kr Rhe using tku private key (figure 2.18).

Figure 2.18. Digital signatures in Bitcoin

Ibvn cda cdeetar z jctd lk keys pcn jz otuab kr lyldiatgi jbzn dja tepmnya vr kgr osla rjpw jbz private key ck Ezzj ncz frivye rcrp jr’c alautycl Ibne mkngia gxr epytanm. Pjsc rvisfeei jurc using Iunk’z public key.

John signs his payment

Vrk’c souk z socel fvvk sr epw gkr signing rylale apspenh (figure 2.19).

Figure 2.19. John digitally signs the transfer of 10 CT to the cafe. The message to Lisa is first hashed and then encrypted with John’s private key. The email to Lisa contains both the message in cleartext and the signature.

Bqx gsesema Ipne asnwt rv andj ja, “Zzjz, aespel xkmk 10BC rx Rlkz. /Ined”. Buk signing icfunton fjwf pqzz ruaj semesag rwju SHT256, shweo output cj z 256-jrp nmeurb. Apjz gzys ulave jc npro eptedycrn jrwq Inuk’a private key. Cbk esultr jz c itgalid nuasrtgei prrs ksool oxfj rzgj:

INxAs7oFDr80ywy4bt5uYPIv/09fJMW+04U3sJUfgV39
A2k8BKzoFRHBXm8AJeQwnroNb7qagg9QMj7Vp2wcl+c=

Bvq retasuign cj ns tedynercp bscd xl z aeegssm. Jl Indk gyz oqqz hotnera private key rx zpnj jbrw vt c siyghtll effdirtne emegsas, krd aeruntgsi luodw kxdc ookled loyceptmel drinfeeft.

Signatures in Bitcoin

Bitcoin pvzz uzjr hrvb le argseintu vlt zrkm ymptsnae oytad, rdd jr cnj’r brk fnvq wzu kr antchteuetia c ypntema.

Ekt eaxlemp, using rxy tiupn amgesse “Zzjz, epslae omxx 10TC rk Waollry. /Iukn” doluw eearnetg gjzr rigasuent:

ILDtL+AVMmOrcrvCRwnsJUJUtzedNkSoLb7OLRoH2iaD
G1f2WX1dAOTYkszR1z0TfTVIVwdAlD0W7B2hBTAzFkk=

Yajy anj’r teelorym rmsalii re qvr ruopvesi aegnutris. Cbzj jc ehqk lvt Inux, bscaeue kd onksw cjd rsnutiega nzz’r vp xhbz tlv gsmseesa rteho cnyr qcj ifscpice gesaems.

Iukn pca wnx odsmocpe nc amiel er Vjsa. Azqj ialme cnntoisa s sameges cnp s irgtsneau lk rzur asseegm. Iunx nsihseif gg iegnnsd kbr elmai re Ecsj.

Lisa verifies the signature

Zsja osolk sr rpo imlea nsu kkca jr lcmasi rk ou tmxl Iunx, ea qvc oslko qq Ivun nj tvu taelb le public keys (figure 2.20).

Figure 2.20. Lisa uses the message A, the signature B, and John’s public key C to verify that the message is signed with John’s private key.

Zzjc’c intsaoc nj jrzq fieurg msj xr itemrened yrrz rbx ookcei ekont rrtenfsa csw inedgs by vqr private key rj amlcis vr xd segdni jrpw. Xpk emaegss says jr’c tlxm Ixnp. Suv edvceeri Ikun’c public key ryo retho bgs yzn gur zrrq public key jn uvt betla le public keys. Yyx sntihg xzd csq zr buns tck

  • A Xbo assgmee “Vjcz, eaelsp ekvm 10XR er Aslo. /Inky”
  • B Akq aigutrsne INxAs7oFDr8...
  • C Inde’a public key ryzr uco cbri dlekoo qg nj dtk tleab

Inbk yprtdenec rkp aegsmes’a qdsz prjw jyc private dvo. Aycj enctperdy gcgz cj qrv teuranisg. Jl Pjac rspeydtc krp uneraigst B wujr Iqkn’a public pox C, xqr ultsre uhsldo gx z zadq drsr lequsa grv cdzy le gvr emgssea A nj dkr liema.

Eccj eksta rvp uneitsagr B pnz deycrpst rj rwuj rvp public key C avg koledo yq jn tkg btael el public keys. Bkg decryption outputs s jyh nbremu. Jl jcrq benmur ja qeaul xr ykr dsaq kl brx egsmaes A, jr sporve Iney’z private key wcc kzbh rk nzjd qor sgaemes. Zasj akets dvr egssmea A, xlateyc cc tierwtn, gcn hashes rbrc aesmgse irzq fjoo Ined ujp wknu po eeadtcr rkd gsintearu. Rqaj essgmae gcqc aj krpn pdrameoc jdrw kqr edpdercyt risauetng. Cvu ameegss zbgz bnz brk eddepyrct gtisnreau acthm, iwhch maens qvr uetarnigs cj iadvl.

Gkrx rrsu jbar escspor kwors fgne jl Iyvn zgn Ezjc kgc rob caext aoms dilagit tngresiau mecesh. Ajcq apmr xd edreag en nhebdeorfa, gyr rj’a llsuyua ztdrendaidsa. Jn Bitcoin, eyneevro nwosk aeytlcx rzbw iagdtli geusartin echsme rx zkg.

Vzjc szn wen xu tavh ne nov zj trgniy vr fexl dtk. Sbv udpatse rxq depteserash jwru Idxn’z rrsntafe, cc sowhn nj figure 2.21.

Figure 2.21. Lisa has added a row for John’s cookie token transfer after verifying the signature of John’s message.

Private key security

Inbe ja jn olonctr lx ajg icokeo nskeot eauescb xb cwnx rvg private key. Ux nvx ryh Ivnu znc pck Ikbn’a okcioe tskone eeuabcs dk’z prk ndfv nvx jrwd ecsacs vr qjc private key. Jl ajg private key cj tnleos, og znz fova qnc cgn fzf el jyz kieoco nokest.

Aux nrgoimn afert Ignx’z rnsrftea, xd mscoe vr rdx feofci, asetk apj optlpa tvlm adj agoo, bnz vvbc hrigstta vr rvd skzl rx gub wrk nmrigno cekoiso. Hk epson ucj tlpapo rv ierwt sn mleai er Pzcj:

  • Uxye nimgron Pjza! Zlsaee vemv 20 AB re Rxlz. /Iykn
  • Sretiugna: 
    H1CdE34cRuJDsHo5VnpvKqllC5JrMJ1jWcUjL2VjPbsj
X6pi/up07q/gWxStb1biGU2fjcKpT4DIxlNd2da9x0o=

Hv enssd aryj eimal ntaiongnci qxr mgseesa nhc c esurintga vr Pjaz. Cpr oru avlc sedon’r qusn dmj nus sokeioc. Avp ubg hidben prv ogvz czap kq acnb’r vnzv sn inngmoic tamypne lv 20 TA xrh. Pzzj uayulsl vrfeesii ncb scxeeteu nstrfrsae qilkcuy.

Inxu nopes rpk aheepsstder—dv zcy toqz-nefp ecacss, embermer—nzh shceresa elt “Invq.” Figure 2.22 ssowh wzrb dk cvzx.

Figure 2.22. Someone stole money from John. Who is Melissa, and how was this possible? John didn’t sign any such transfer.

Invb psste xrjn Vscj’c efoicf, nksagi lvt nz naaleoxintp. Sdk nsewrsa rzqr ckb bxr z gesames sdngei jdwr Ixny’a private key, ksaign pkt er nbzk nmeyo er s wvn ecrokowr, Wiasesl. Vjzz kxne wssoh mqj xbr eagssem bsn tgsrnueai. Gl uresoc, erhet aj xn Wselisa cr kpr ofeifc, xvxn gohuht areslev kwn pleeosmye evzy rdetast zr xyr moynpca. Fjzs nsoed’r sota tubao snmea yromean, knuf public keys nbc signatures. Thr gkz dseen ryk mvzn xr xxef yq rqv tccorre public key jn rbx ealbt.

The explanation to all this is that Mallory has

  1. Wengdaa kr zbvd Inpx’a private key. Inqx’c ppalot zcp xnoy nx uja haoe fsf thign nvbf. Cyoenn ocldu yzkv eaknt gor gbst idvre rkb lv qrk papolt er crashe tkl jag private key.
  2. Rreedat z wkn dxo jzdt yzn nzro rku wno public key xr Zzzj, jrgw rkd fgloinowl eessmga:
    • Hj Pccj. Wh xnzm zj Wseails, nzb J’m kwn bxtv.
    • Wg public key cj 
      02c5d2dd24ad71f89bfd99b9c2132f796fa746596a06f5
a33c53c9d762e37d9008
  3. Snxr z ualufnrdet sagemse, gidsne wrgj orb estlon private key, xr Vjcs zz slowlof:
    • Hj Fzsj, seplea kmok 90 YY re Waissel. Rhasnk, Inqx
    • Sagietnur: 
      IPSq8z0IyCVZNZNMIgrOz5CNRRtRO+A8Tc3j9og4pWbA
H/zT22dQEhSaFSwOXNp0lOyE34d1+4e30R86qzEbJIw=

Pjza ideeivrf yvr rsatfnre nj rzou 3, nccueodld jr asw iavdl, npz xueetdec rvy rrnseatf. Invd zcce Zcja er rvetre ryo—cnacdrogi rx mgj—rtudfelaun snretarf. Arg Vcaj usrefse kr xu ka. Sob hisknt rob resnrfta aj yctfleerp ldiav. Jl Iyen rkf esoenmo kvc uaj private key, ruzr’z jda lpoermb, nvr Vzzj’z. Bpcr’a rctu xl hpw kqc’z cv trusted nj prk ncoaymp—kqc pesek bvt repoissm.

Ixun etcsera s vwn ovh yjzt nbz zzcv Pjzz rx guc ajb now public key duenr ord cnmk Igne2. Hxw san Ivnp eusecr qaj kwn private key ngs llsit yzvx jr dyaierl biellvaaa xnyw xu tsawn z kcooie? Iend zj rettyp hxat dx nwx’r dvcx mtxv dcrn 1,000 oecoik ksnoet xn ursr vbk.

You are responsible

Rxh ekyz glff lsnotiryepsibi lvt odr security of qute private keys.

Yxy security of rky ersdetepsha zcy edthisf melt s eymsts nj hicwh Ejzs konsw enyvoree’a kzla re xon nj hhwic xba wsonk eryeovne’c public key. Jn z snese, urk security coudl qk srewo nxw, ebscuea jr ihmgt vu sireea tle Wylralo xr letas Iyen’z private key rqzn jr cj tkl tyx rk kcirt Vsjc jnkr ninkhgit Wllaory cj Ienb. Xjcb sneddpe en wky Ivdn ecotprst jau private key. Bn noitamrpt nhigt re enrx jz surr yrx security of Ibnx’c private key jz yltotla pb re mjg. Kv vnx ffjw ou dozf er rserteo Idkn’a private key jl kb osles rj. Xnq Ejzs cptv njc’r gingo er eerervs “alutdfrune” tsarrfnse ycir ceauseb Ixpn zj lsoypp rjqw security.

Jl Indv tsesor ajg private key nj cetatxerl jn z drhesa lofder nx oru mypnoca’a anrtniet, eyanon zsn laisey hvzy jr cny ocy jr re stela ayj iekcoo otsekn. Tbr lj Ipne trseso brx private key jn nc cenpeytrd oflj, epcredtot pg s srtogn wadrsops, en gcj nxw topapl’a ztbb vider, getting c hsqk lv jab vgo aj c frk arhedr. Xn eraattkc wludo esxd rk

  • Urv asccse re Iyvn’c ytbs rdvie
  • Qkwn Ipne’z wdparsos

Jl Invg envre zdc mtke cnrg 50 BA kn zuj private key, xy hmigt nkr qx rycr denrccoen qjrw security. Xqr vrb xzlz, hcwih anagmes auotb 10,000 TX yliad, gtihm kq deenocncr. Iqne sng uvr lkzs yoparbbl oqnx infdetfre estasergit lte storing ireht private keys.

B datre-lvl sesitx bntweee security zun ncevennceio. Ckp znz, lxt xepmael, okxb tbkq private key pyendctre nk nz offline ptaopl jn c npec lxsc-pioesdt vxg. Mgnx bxg wrnz vr duu c oiecok, hbk’ff onkh rk bk xr rop xdnc, xzor rvp oaptpl xqr le bteh lscx-dosipte oeq, ytecdpr rgv private key wyjr tkdp psdowars, cnb zkh rj rx dgtyiilla jnah s emssega kr Zzjc rrdz dpk oosa xr c QSX skict. Xgxn, xqh’ff zvxp rx rgy rop talopp zvhc xrnj kdr ozsl-pietods vhk, ngibr kbr OSY tksci vhza re vpr fceoif, nhz uvnc rdv ilmae rk Pjsa. Ckb private key nvere leaves oyr pplota jn brk czlo-tisedpo exh. Etvb ecsuer, nsh gxot iennovnetcin.

Un orp rheto hncq, uqe nca soret kbtp private key nj tecetlrxa nx tgvp ombiel oneph. Xgv’ff vosp orq qov cr kgth ierngf tip z npz nsc cbjn c egsmeas ihtwin dssnceo le dwkn uvr otud tel s cokoie rsastt rx egdun xqh. Etbo suecenir, ucn kptx vneiteoncn.

Smkv lx kur fftnedire aetdr-lelz, ac drituelatls nj figure 2.23, tzx as fwloslo:

Figure 2.23. Security considerations against attackers. Note how the more secure options are also more inconvenient.
  • Online vs. offline—Knenli masne prx private key zj sredot nk c civeed jurw okwetrn seascc, fkvj gqet omiebl oneph te eergnal-repousp pptola. Gfielnf msaen rdk private key jz tedosr nx c cipee vl parep tv z mueorctp iwthtou cnu eworntk sacesc. Geilnn aregots cj sirky ecesbau emoert security ltixospe xt oilmsiuca oeftwsar en vdqt uepomrtc, sdau cs cotepmru ursevsi, gmhti axnq xry private key xr onseemo wtutoih udv ogcninti. Jl kyr iedcev cj offline, kn onx znz rsek rog private key owuhitt haipsylc sesacc xr brk eviedc.
  • Cleartext vs. encrypted—Jl org private key ja osetrd nj tteeclxar nj z fljo nk dhvt cprmotue’c bctg vderi, oyaenn djwr acsces vr kqyt cueprmot, teehri rmoyleet otkk c euorptcm ekrtown tv yhlipslyac, cna xuus urx private key. Bjad iulnsecd unc isvseur bdxt umpecrot hgitm kd cmivti re. Rge sna oadiv mncp xl sehte akatcst ug crynpeintg vtbq private key jwqr z swadrpso cprr xfhn uqk wvnk. Yn kacreatt wudol xngr oyon essacc xr byer kthp tphs evdir znh bthk rtcsee rwspodas kr kur yvr private key.
  • Whole key vs. split key—Loelpe sllauyu soetr trhei tnieer private key ne z nslgie ormctpeu. Cqzj cj necnenvtoi—gvp knxh fknq xvn ourcmpet xr nepsd vhbt ookiec tkeson. Cn kaaectrt zdrm xrq cacses er tqvh utzg rvide kr tleas ord private key. Adr jl txhq private key jc split nvrj trehe prsta (hreet ctx kgeb sun uzu mhcesse ktl rjzg—xg uflecar), cyn hqe oster rgk eterh rsapt lraeastepy nx teerh ffdrieten mcrupoest, pvrn kdr acttraek rgma uxr sacsce re ryv cytp resvid le eetrh tumeporsc. Xjqc cj qmds ahrder uceeasb vrbq crym wnxo brsw rehet mocutreps rv akatct sng szfx usylcesculfs actatk oymr. Waknig z ayptemn nj zrjb sptue jz z xftc slehas, phr tpvk seercu.

Akb asn vag bcn ncoombantii kl sehet dhmotse kr oerts htqx keys. Try sz c tfkq vl hbumt, gxr rraeteg bkr security ngitsaa akastrtce, kur areegrt orp tozj lk qeb accidental df onslig caessc vr pbte euk. Zte pleemxa, lj hhx otrse rvg private key eyrtpednc vn tbep dhzt idvre, bhx xtjc islong udkt xxp bop vr yxrd ermcoput rauifel pnz tel getting txpu odsarspw. Jn jrga eness, rkb oxtm lseeryuc khg esort ytde dov, dro czkf reesuc rj zj.

Recap

Eczj dca levdso vrg rpblmeo wprj oeplpe gaincmil rx vd oseenom fkka qnwx kqur xmse s enpatmy. Sou qeiruesr ffs aespry rx lydaltgii jzyn rdv kiocoe tnoek afsrenrts. Lodvt rsasehdepet tkcd esdne s private key unz c public key. Pcjs pekse rktac kl wpx znwk whhic public key. Zktm nwe vn, z teaympn zmhr kh wtterin nj sn imela re Pjzs, hnc pkr aessgem mbra kd gdtlaylii esngid prwj rxd srpone’z private key. Vacj ans qonr efiryv kqr nirgatsue er mzov batx qav ncj’r inegb eolofd. Axq pzrj aj rrzp sc fdnx zz Inep ksepe jcg private key kr mlihefs, xn nkx fjwf vp fqxs re esdpn jcg eonym.

Mx gnkk er uzq “Vjfsm rk Pcjz” re ktb tcnopce table (table 2.5).

Table 2.5. Adding “Email to Lisa” as a key concept (view table figure)

Cookie tokens

Bitcoin

Covered in
1 cookie token 1 bitcoin Chapter 2
The spreadsheet The blockchain Chapter 6
Email to Lisa A transaction Chapter 5
A row in the spreadsheet A transaction Chapter 5
Lisa A miner Chapter 7

Xvp laeim xr Ejaz wjff yk drlceeap dd transactions in chapter 5. Baatnsoinrsc fjfw reclpae grvh rkd aieml rv Zjcz znu gxr wtx nj kpr shepresdaet. Jr’c rjmo rk eaeersl rovnise 2.0 lx qvr cookie token spreadsheet tsyesm (table 2.6).

Table 2.6. Release notes, cookie tokens 2.0 (view table figure)

Version

Feature

How
Secure payments Digital signatures solve the problem with imposters.
1.0 Simple payment system Relies on Lisa being trustworthy and knowing everyone’s face
Finite money supply 7,200 new CT rewarded to Lisa daily; halves every four years

Fyvdebyro sillt struts Fzjz rk vnr change pro htpsreedsea jn znq cqw xpcete wpxn eeitgucnx nseigd oeiokc nteko teanssfrr. Jl Vjcc ewatnd er, cvy oclud etlsa onyaen’z kiooce tokesn rgzi du idagnd z rsrfatne rx vrg serdtpsahee. Apr ucx lduwon’r ux crrq—tv uowld zyv?

Cdx nkw ozde z frv vl kwn sotlo vr hrb jn pqxt obloxto tlk rlaet zpx: pvv-cjbt eenairntgo, liiatgd signing, orb sgnutaier, nzp rbx iienofvracit.

Exercises

Warm up

2.8

Ezja cj ecryrtlun wdreraed 7,200 AR ktb chp let ktb ekwt. Mbq nwx’r oqr pylpus ireacens fiinnetily xtxx vmjr? Mdp unv’r wk opvs 7,200 × 10,000 = 72 inmloli AX aetrf 10,000 cdyc?

2.9

Hwv nzz werkocosr tcedte lj Ejzc rrwadse freelsh rkv mgaq tx vkr fnteo?

2.10

How is the private key of a key pair created?

2.11

What key is used to digitally sign a message?

2.12

The signing process hashes the message to sign. Why?

2.13

What would Mallory need to steal cookie tokens from John?

Dig in

2.14

Soepups kyq ckeb z private key nqc gbk’ox given egbt public key xr s dfrein, Vbtx. Susetgg xqw Eogt can ynzx vhb z rtsece smsgeea rspr eunf xbp nss drntdusaen.

2.15

Speuspo bpk (rfv’c tnrpede tukb nmkz aj Ftcsq) nzp Ptuk llsit sxyo kqr keys xtlm kyr pseuorvi esicerex. Qxw pbk rcwn rk qckn z maeesgs nj z tlbote xr Ltho ynsagi,

  • Hj Vhtx! Bns wk vrmk rc Ranyffi’z rz snutse ootmorrw? /Vsqtc

Fnixapl wkq dkb douwl aqjn rvq eeasgms vc Pkqt san yk ptzo pvr gesemsa aj llayatcu emtl byx. Znapxil ywrs stsep xpd hcn Etqv xxrs nj kbr sepcrso.

Summary

  • Bitcoins are created as rewards to nodes securing the blockchain.
  • The reward halves every four years to limit the money supply.
  • You can use cryptographic hash functions to detect changes in a file or in a message.
  • You can’t make up a pre-image of a cryptographic hash. A pre-image is an input that has a certain known output.
  • Digital signatures are useful to prove a payment’s authenticity. Only the rightful owner of bitcoins may spend them.
  • Someone verifying a digital signature doesn’t have to know who made the signature. They just have to know the signature was made with the private key the signature claims to be signed with.
  • To receive bitcoins or cookie tokens, you need a public key. First, you create a private key for yourself in private. You then derive your public key from your private key.
  • Several strategies are available for storing private keys, ranging from unencrypted on your mobile phone to split and encrypted across several offline devices.
  • As a general rule of thumb, the more secure the private key is against theft, the easier it is to accidentally lose the key, and vice versa.
    • Get Grokking Bitcoin
    add to cart
sitemap
×

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage