As we mentioned in part one An introduction to blockchain, transactions executed on the blockchain are secured through advanced encryption algorithms. This is the key reason why blockchain networks are considered to be more secure than traditional internet protocols. So how does this encryption work? Unfortunately, it’s a little bit complicated but I’m going to do my best to simplify it here. Encryption on the blockchain works through three core features: hashing, public / private key authentication, and digital signatures. Before we dive in, keep in mind that these encryption methods were not invented as a part of blockchain technology. Rather, blockchain incorporated existing encryption methods into its protocol.
Let’s start with the first core feature: hashing. Broadly speaking, hashing is a mathematical function that takes an input of any length (this could be a letter, a sentence, or an entire book), and uses a formula to create a seemingly random output of a fixed number of letters and numbers. For example, if you use the SHA 256 hashing function (which is used in Bitcoin’s protocol) to create a hash of the line “This is a hash function!”, you get the following output:
What’s interesting about hash functions is that a small change in the input will create a completely different hash. For instance, if you remove the exclamation point and take the hash of “This is a hash function”, the output would change to:
While there are a number of different hash functions (including SHA 1, SHA 256, MD 5, Keccak-256, etc.), they all adhere to a few important rules.
- The same input must always create the same output.
- Two different inputs cannot produce the same output.
- It must be impossible to determine the input given the output.
- A slight change to the input must completely change the output.
So why does this matter? Why are hash functions useful? Hash functions have two characteristics that make them particularly useful for authentication. First, they can take an almost infinite amount of content and reduce it to a short string of characters. Second, as the rules above allude to, hash functions are unique one way functions. Therefore, by taking the hash of a file, you can generate a fixed string of characters that is unique to that file, which essentially functions as a digital fingerprint of the file.
As a result, it’s much easier to verify that two files are exactly the same. Rather than check whether every single character of a document is exactly the same as the original, you can create a hash of that document and compare that to the hash of the original. If even a tiny alteration has been made to the document, the hash will be drastically different. Using an example, imagine that you pay for a digital book and want to confirm that the book has exactly the same content as the original. Rather than check every chapter to make sure nothing is missing, you can just create a hash of the book, compare that hash to the hash of the original and easily confirm that the 256 characters match up.
So how is hashing used in blockchain protocols? It is used to create digital signatures and it is used to integrate blocks of transactions to form an immutable ledger. We’ll discuss each of those use cases below.
Public / Private Key Encryption:
Now that we understand hashing, let’s move on to the second key component of encryption on the blockchain: public / private key encryption, also known as asymmetric encryption. I know that sounds fancy and complicated so let’s break it down. There are two core methods of encrypting data: symmetric encryption and asymmetric encryption. Symmetric encryption utilizes a single private key to both encrypt and decrypt a message. Symmetric encryption has been the most popular way to encrypt data for a long time and has several benefits; most notably, it’s faster than asymmetric encryption. The only issue with symmetric encryption is that all parties need to have the private key to decrypt the message. In order for each party to have the private key, it needs to be distributed. Unfortunately, the only truly reliable way to distribute a private key is through in-person communication as all other communication methods could potentially be hacked. This could be an issue if you are trying to send encrypted data to someone in a different geographic region or to someone that you don’t know personally.
That brings us to asymmetric encryption. With asymmetric encryption, there are two keys: a public key and a private key. As the names imply, users broadly disseminate the public key but never share the private key. The two keys are mathematically linked, meaning that the content that is encrypted using the public key can only be decrypted using the private key. As an example, if John wants to send a message to Bob using asymmetric encryption, he can use Bob’s public key to encrypt the message. After encrypting the message using Bob’s public key, the only way to decrypt that message would be to use Bob’s private key. This enables users to exchange messages without ever having to exchange keys. While this negatively impacts the speed of transactions, it significantly increases security and allows users to share content without needing to share a private key, making it particularly useful for blockchain protocols. As a result, all blockchain protocols incorporate asymmetric (or public / private key) encryption methods.
The final piece of the encryption puzzle is called a digital signature. Digital signatures are made possible by both hashing and public / private key encryption. Digital signatures enable users to authenticate the identify of the sender and confirm that a document has not been altered in transit. So how do they work? I think the best way to understand digital signatures is by walking through the process of using them to authenticate a document.
Digital Signature Process:
- First, the sender takes their message and creates a hash of it.
- Second, the sender encrypts the hashed file using his / her private key and sends the document to the receiver.
- Third, the receiver decrypts the message using the sender’s public key. This allows the receiver to get the hash of the file.
- Fourth, the receiver takes the fully decrypted document and hashes it.
- Fifth, the receiver compares the two hashes and confirms that they match.
This allows the recipient to authenticate the identify of the sender and confirm that the information was not tampered with in transit because the two hashes will not match up if (i) the message’s content had been altered in any way or (ii) if any key other than the sender’s private key was used to encrypt the data. If you want to see this visually, you can find a helpful graphic here.
This is a pretty condensed description of hashing, public / private keys and digital signatures. For more info, please look at the links at the bottom of the page. The takeaway from this section is that blockchain protocols combine these three encryption methods in a way that makes them an incredibly secure way to send information across a network. It allows users to authenticate who sent the information, who received the information, and that the information was not tampered with along the way. With that, let’s move on to consensus algorithms.