Hands-On Blockchain for Python Developers
上QQ阅读APP看书,第一时间看更新

Symmetric and asymmetric cryptography

Symmetric cryptography uses the same key between sender and receiver. This key is used to encrypt and decrypt a message. For example, you want to create an encryption function to encrypt text. Symmetric cryptography could be as simple as adding 5 to the text to be encrypted. If A (or 65 in ASCII) is the text to be encrypted, then this encryption function will add 5 to 65. The encrypted text would be F (or 71 in ASCII). To decrypt it, you just subtract 5 from the encrypted text, F.

Asymmetric cryptography is a different beast. There are two keys: a public key and a private key. They are linked with a special mathematical relationship. If you encrypt a message with a public key, you can only decrypt it with a private key. If you encrypt a message with a private key, you can only decrypt it with a public key. There is no straight relationship as with symmetric keys (adding and subtracting the same number) between a public key and a private key. There are a couple of asymmetric cryptography algorithms. I'll explain the easiest one, the RSA algorithm.

Generate two prime numbers, called p and q. They should be really big numbers (with at least hundreds of digits), but for this example, we choose low numbers: 11 and 17. These are your private key. Don't let someone know these numbers:

 

n = p x q

n is a composite number. In our case, n is 187.

Then, we find e number, which should be relatively prime, with (p-1)x(q-1):

(p-1) x (q-1) = 160

Relatively prime means e and (p-1) x (q-1) cannot be factorized with any number except 1. There is no number other than 1 that we can divide them by without a remainder. So, e is 7. But, e can be 11 as well. For this example, we choose 7 for e.

e and n are your public key. You can tell these numbers to strangers you meet on the bus, your grandma, your friendly neighbor, or your date.

Let's say the message we want to encrypt is A. In the real world, encrypting a short message like this is not safe. We have to pad the short message. So, A would be something like xxxxxxxxxxxxxxxxxxxA. If you check the previous script to encrypt a message earlier in this chapter, you would see there is a padding function. But for this example, we would not pad the message.

The encryption function is this:

encrypted_message = messagee (mod n)

So, the encrypted_message would be 65 ** 7 % 187 = 142.

Before we are able to decrypt the message, we need to find the d number:

e x d = 1 (mod (p-1) x (q-1))

d is 23.

The decryption function is this:

decrypted_message = encrypted_messaged mod n

So, the decrypted_message would be 142 ** 23 % 187 = 65. 65 in ASCII is A.

Apparently, xy mod n is easy to calculate, but finding the y root of integer module n is really hard. We call this trapdoor permutation. Factorization of n to find p and q is really hard (generating a private key from a public key). But, finding n from p and q is easy (generating a public key from a private key). These properties enable asymmetric cryptography.

Compared to symmetric cryptography, asymmetric cryptography enables people to communicate securely without needing to exchange keys first. You have two keys (private key and public key). You throw the public key out to anyone. All you need to do is to protect the secrecy of the private key. The private key is like a password to your Bitcoin/Ethereum account. Creating an account in any cryptocurrency is just generating a private key. Your address (or your username in cryptocurrency) is derived from the public key. The public key itself can be derived from the private key. An example of Bitcoin's private key in Wallet Import Format (WIF) is this: 5K1vbDP1nxvVYPqdKB5wCVpM3y99MzNqMJXWTiffp7sRWyC7SrG.

It has 51 hexadecimal characters. Each character can have 16 combinations. So, the amount of private keys is as follows: 16 ^ 51 = 25711008708143844408671393477458601640355247900524685364822016 (it's not exactly this amount, because the first number of a private key in Bitcoin is always 5 in mainnet, but you get the idea). That is a huge number. So, the probability of someone finding another account that is filled with Bitcoin already when generating a private key with a strong random process is very, very low. But the kind of account generated by a private key and public key does not have a reset password feature.

If someone sends Bitcoin to your address, and you forgot your private key, then it's gone for good. So, while your public key is recorded on the blockchain that is kept in every Bitcoin node, people are not going to get the private key.