Asymmetric-key Algorithms belong to the field of cryptography. They are algorithms that can encrypt and decrypt information. Their operations require a public key and a private key. The public key may be known to others. The private key needs to not be known by anyone except the owner. The two keys can encrypt and decrypt each other. Because encryption and decryption use two different keys, the algorithms are called Asymmetric-key Algorithms.
The corresponding algorithms are the Symmetric-key Algorithms, which use cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. For example, using AES (Advanced Encryption Standard) Symmetric-key Algorithms to encrypt the word "gate" can get the alphabetic string U2FsdGVkX18fop1iGBPzNdnADZ57AJxOn+wEBSIUAG4. Conversely, the ciphertext can also be decrypted by AES Symmetric-key Algorithms to obtain the original alphabetic string gate. In the early days, the Symmetric-key Algorithms were used to send encrypted telegrams. This decryption process is simple and fast, but after the encryption method is leaked, it is easy to decode the intercepted information, and the security is not high.
The security of the Asymmetric-key Algorithms is higher than that of the Symmetric-key Algorithms, but their efficiencies are lower than that of the Symmetric-key Algorithms due to their complex operations. Let's simply understand them through an example: suppose Jim wants to send a message to Bob using Asymmetric-key Algorithms, Jim needs to go through the following process:
1. Both Jim and Bob need to generate a pair of public and private keys;
2. Jim's public key is sent to Bob, and the private key is saved by Jim; Bob's public key is sent to Jim, and the private key is saved by Bob;
3. When Jim sends a message to Bob, he encrypts the message with Bob's public key;
4. After Bob receives the message, he can decrypt it by using his private key.
Asymmetric-key Algorithms are the main cryptographic algorithms used in blockchain. Its application scenarios mainly include information encryption, digital signature, login authentication and digital certificate. Its value in blockchain is public key and private key to identify the identity of sender and receiver.
Information encryption: ensure the security of information. The sender has a public key, and it doesn’t matter that others know too, because the information sent by others has no impact on the recipient. The key held by the recipient is the private one and the recipient is the only one who can unlock the encrypted information. The encryption technology of Bitcoin transactions belongs to this scenario.
Digital signature: ensure the attribution of information. In order to show that the information has not been forged and is indeed sent by the information owner, the digital signature is attached to the back of the original information. Like a handwritten signature, it is unique and concise.
Login authentication: the client encrypts the login information with the private key and sends it to the server, which decrypts and authenticates the login information with the public key of the client after receiving it.
Digital certificate: ensure the legitimacy of the public key. In order for the sender to verify that the public key obtained from the Internet is true, a third-party organization CA (Certificate Authority) is generated to ensure the legitimacy of the public key. When publishing information, the owner of the original text of the information needs to bring his own digital signature and digital certificate, which can ensure that the information is not tampered with.
The Asymmetric-key Algorithms used in the Bitcoin blockchain are Elliptic curve cryptographic algorithms. They are also Asymmetric-key Algorithms commonly used in blockchain at present, referred to as ECDSA, in which EC is the abbreviation of "elliptic curve" and DSA is the abbreviation of "digital signature algorithm".
In determining the parameters of the elliptic curve, the Bitcoin system uses a curve parameter called SECP256k1. In this way, the system randomly obtains a 32 byte private key in operation, and then obtains the public key through the elliptic curve digital signature algorithm (using SECP256k1 curve), and then operates multiple hash algorithms to obtain the public key hash, and forms the final account address in combination with the version number.
For example, two prime numbers (152, 891) are randomly generated to form a six-digit "private key" 152891, and the rule for generating a "public key" is that these two prime numbers are multiplied (152x891=135432). At this time, people on the network can get this "public key". When you want this data to be modified by you alone, you can add a note to the data " ‘public key’ 135432 ": only the left three digits of the private key multiplied by the right three digits equals the public key and can it be modified.
If a hacker on the network wants to tamper with data without consent, even if he knows that the "private key" generates the "public key" by multiplying two prime numbers, he does not know which the two prime numbers are. Therefore, in order to find the private key of "public key" 135423, he can only try one by one in the most direct way: 001 x 02, …, 998 x 999, etc. This process is difficult when the prime number is large.
Such an example is relatively simple. A computer can calculate the "private key" of the above example directly from the "public key". However, the elliptic curve algorithm used by the Bitcoin system to generate "public key" from "private key" is difficult to crack with existing technology. Because its prime number is very large. Moreover, the private key decryption process in the Bitcoin system is realized by a stack execution language of reverse Polish notation.
The private key can deduce the public key and public key hash, but the public key and public key hash cannot deduce the private key. Therefore, the private key needs to be well kept by the user. Once the private key is lost, the assets in the account cannot be retrieved.
Asymmetric algorithms are the basis of blockchain operation. In addition to the elliptic curve cryptographic algorithm used in blockchains such as Bitcoin and Ethereum, the following different cryptographic algorithms are also common in blockchains.
RSA (Rivest Shamir Adleman) algorithm: because it is difficult to crack, it is widely used in the field of digital encryption and digital signature. In the RSA algorithm, both public and private keys can be used to encrypt information. If the public key is used to encrypt (to prevent information from being stolen) , the private key will be used to decrypt. If the private key is used to encrypt (to prevent information from being tampered), the public key will be used to decrypt (digital signature). Theoretically, the longer the number of key bits in the RSA algorithm, the more difficult it is to crack (quantum computing is not excluded). Therefore, the key commonly used in the industry is no less than 2048 bits.
DSA digital signature algorithm: this algorithm cannot encrypt or decrypt information, and is mainly used to sign and authenticate encrypted information. The security is as high as the RSA algorithm, but the processing speed is faster.
ECC elliptic-curve cryptographic algorithm: the encryption process is derived from the elliptic curve in mathematics. Compared with the RSA algorithm, ECC algorithm has faster encryption and decryption speed and higher unit security intensity. With the same key length, ECC algorithm has the highest security.
Cryptography is one of the basic technologies supporting the operation of blockchain systems. It has become an indispensable part of modern computer security and a key component of the growing cryptocurrency ecosystem. With the continuous development of cryptography, Symmetric-key Algorithms and Asymmetric-key Algorithms will play a greater role in resisting various threats in the future computer security and cryptocurrency security validation.