How does cryptography protect block chains ?, Cryptography is a protected area

Source: Internet
Author: User

How does cryptography protect block chains ?, Cryptography is a protected area

Cryptography is a science that Applies mathematical functions to ensure data security.

Many popular movies and TV works imply that any system can be cracked if there are enough hackers. This "Hollywood hacker attack" is not a real-world scenario-hackers must discover system vulnerabilities, for example, an unlocked server room, a password that is easy to guess, an unprotected network port, or an internal "backdoor" is installed to achieve unauthorized access.

Although we can never ensure that a system does not have any vulnerabilities-after all, the system is done by imperfect humans, but the idea that "any system can be broken" is wrong. Since the beginning of 1990s, password technology has been used to completely protect against hacker attacks. However, this technology sometimes leaves space for hackers to use in applications.

Cryptography itself will not be cracked by hackers to generate forged digital signatures (definitions will be provided immediately ), just as mathematics cannot be attacked by hackers, SO 2 + 2 = 5-Although cryptography and mathematics may be mistakenly used. If a system using cryptography is cracked, it is only possible that the designer mistakenly applies cryptography. This is not because cryptography does not work, it's not because someone "cracked" Cryptography-it's not a mathematical error when your bank mistakenly handled your account, and your mom was infected with computer viruses by downloading unfamiliar attachments. is not the same as an email error. This is an important feature Because Bitcoin is a very direct Cryptographic Application.

Cryptography is not an untested new technology. All cryptography technologies used by Bitcoin have been used since the birth of the Internet and are an important part of many common Internet protocols used every day. Computer scientists believe that cryptography is reliable and necessary, just as NASA (NASA) believes that aerospace science is reliable and necessary.

Public-private key pair: the cornerstone of cryptography

Public-private key pairs are the cornerstone of cryptography used by blockchain. A public/private key pair consists of a private key and a public key. These two keys are actually only large integers with specific mathematical relationships, used instead of passwords and usernames.

You will have a public key, just like your name or user name: In most cases, you can share your public key with any requestor, people who own it can use it to reference or contact you. It is bound to your reputation (or your transaction history in Bitcoin), so you may have multiple public keys (so there are multiple public/private key pairs) for different purposes. The public key can be used to reference or view an account, but it cannot perform any operations on the account itself.

The private key should be like a password: it should not be shared with anyone. It is used to verify certain operations, such as sending BTC (bitcoin ).

However, there is an important difference between the private key and the password. To use a password, you must send it to a person or server to verify the password. You need to believe that the password will be processed responsibly after being sent. In contrast, a private key can be used to prove your identity without sending it to anyone. The only place it has been stored or directly used is on your local device.

This is important, because if you can authenticate yourself without sending your secret information to anyone, this ensures full control over its security-you are not vulnerable to security vulnerabilities in other systems. This is an important part of Bitcoin. Bitcoin itself does not store passwords or private keys that may be leaked to attackers, but users can still verify transactions.

However, if you have never sent a private key to anyone, how can you use the private key to verify the transaction? The answer is related to the mathematical relationship between the private key and the Public Key: digital signature.

Digital Signature

There are many different technologies for generating and verifying digital signatures, and their mathematical principles are far beyond the scope of this article. For those who are not familiar with cryptography, the process described here may initially sound incredible. I clearly remember that I had this feeling when I first started studying bitcoin four years ago.

I will again briefly mention that these technologies are used in many common Internet protocols and are an integral part of information science.

Imagine Alice and Bob had already exchanged public keys in private. Alice wants to send a message to Bob, but Bob is a very suspicious person. He doesn't believe that the message actually comes from Alice unless he can prove it in a mathematical way. To facilitate proof, they agreed to use digital signatures.

To generate a signature, Alice uses the signature generation algorithm in her computer. This algorithm uses her private key and complete message as the input to generate a digital signature. Then she sends the message/Signature combination to Bob -- but importantly, she does not send her private key.

When Bob receives a message and a signature, he can call a signature verification algorithm that complements the signature. The algorithm uses the message and signature as the input to determine whether Alice is used to generate the public key in the public/private key pair used for the signature. When Bob saw his algorithm output Alice's public key, he had proved in mathematics that the signature was indeed generated using Alice's public/private key pair, even if he does not know, he cannot calculate the private key in Alice's public/private key pair.

To put it more simply, this digital signature process allows Bob to verify that the message is not created or modified by a third party, but must be generated using Alice's private key, instead of having to (or cannot) know her private key. He only needs a message/Signature combination and her public key.

Intuitively, this seems incredible, and you may feel that something is wrong. If Alice's private key is closely related to the public key, and Alice uses her private key to generate the signature Bob received, Why can she only derive her public key without her private key? Understanding the answer to this question requires a deeper understanding of mathematics than most people, which is far beyond the scope of this book.

Even so, this technology is used on a daily basis and is considered rock-solid in the cryptographic community. When you access a website whose address starts with https, "s" indicates that the website uses a digital signature to authenticate itself. Your computer uses the signature verification algorithm, just like Bob in the above example, to verify that the website does come from the correct public/private key pair. Digital signatures ensure that any further interaction between you and your website is encrypted and authenticated. If the verification fails, the browser will warn you and mark the website as dangerous.

An integer that is big enough.

Previously, I briefly mentioned the functions of private keys and public keys, just like usernames and passwords, but they are actually just big integers with special mathematical relationships. In view of this, I am often asked the following questions:

"Can I use a computer to guess or calculate a bunch of numbers and try to use them as private keys? Will they eventually encounter the private key of a target public/private key pair to gain control of this identity ?" In fact, for bitcoin, this will allow attackers to steal the bitcoin held by some public/private key pairs.

This is a good problem, but it does not happen. As mentioned above, there are several bitcoin addresses with BTC worth millions of dollars, but they haven't been transferred for years-although what they need to steal is the correct private key-that is, the correct big integer! If you can guess the private key of these addresses, you can send the money to anyone. Different from the password, you can locally verify the private key on your machine. Without a server, your attempts or frequency are limited.

Why haven't anyone stolen the money? The answer is that the number used as the private key is almost ridiculous. They are large enough.

We started with a simple thinking experiment. Imagine that your private key is big enough for all the computers in the world to work together. It takes 24 hours for them to guess. If you add only one digit to your private key, the computation takes 10 times, that is, ten days instead of one day. The increase in the number of six digits will bring the time To 27000 years.

Under any circumstances, the computing capability of creating random numbers required to generate a private key is negligible. Using the private key to generate a signature and using the public key to verify the signature is also easy to calculate. However, it is estimated that the workload required by the Private Key increases exponentially with each additional number added. To make the private key "immune" from brute-force cracking, we only need to add enough numbers-we only need to make them large enough.

What is big enough? The private key used in Bitcoin is an integer of 256 bits, which is equivalent to a 76-bit number. The size of this number is incredible. Most of the subsequent interpretations come from Bruce Schneier's book Applied Cryptography (Applied Cryptography), which intuitively describes enough integers.

First, we need to know a specific conclusion of the Second Law of thermodynamic is to change the minimum energy required for a single binary information (Change 1 to 0 or vice versa ). This means that, regardless of the hardware used, any computing process requires minimal energy for execution.

Now, if you can use all the solar energy output to drive a specially designed computer, the job of this computer is to calculate or guess the private key, to find the private key of a public/private key pair (BTC can be controlled ).

Using a little bit of mathematics and thermodynamic, you will find that an efficient computer with solar energy output computing power can calculate 2178 values. If we divide this value by the number of possible private keys, that is, 2256, we find that this hypothetical computer with solar energy output computing power can only guess or calculate 0.0000000000000000000003% of the total number of possible private keys.

In addition, this only counts, and does not include a more complex task of verifying that each private key corresponds to the correct public key. Therefore, this computer may miss the correct private key with a 0.0000000000000000000003% probability within a year, and it will not even realize it.

These numbers have nothing to do with the technology of the device; they are the maximum possible value derived from the laws of thermodynamic established since 1930s. These numbers mean that brute force attacks on 256-bit keys (keys used by Bitcoin) will not work unless the computer is built and occupied by something other than material.

This is an integer. No matter how powerful a hacker is, unless he can use 3X1023 solar power to compute a year, or a sun's power to compute 3X1023, otherwise, his computer won't even be able to count all the private keys-not to mention testing or using them in other ways.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.