Your daily briefing of some of the most important stories from the crypto, finance, and tech space.
What Is Public Key Cryptography And How Is It Used In Crypto?
Public key cryptography underpins the security of every cryptocurrency and blockchain network.
Public-key cryptography (PKC), also known as asymmetric cryptography, is a branch of cryptography that uses a pair of mathematically related keys: A public key and a private key. While the private key can be used to generate the public key, the public key cannot be used to reveal the private key.
This means the public key can be openly shared with others, while the private key is kept secret by the owner. The public key is used to encrypt data or verify digital signatures, while the private key is used to decrypt data or create digital signatures.
Advantages Of Public Key Cryptography
Public-key cryptography offers several advantages over symmetric-key cryptography, where the same key is used for both encryption and decryption. It eliminates the need for secure key exchange and enables secure communication even in the presence of eavesdroppers.
Because public-key cryptography tends to be slower and computationally more expensive than symmetric-key cryptography, it is often used in combination with symmetric-key techniques for efficiency.
Thanks to these properties, public key cryptography underpins cryptocurrencies and blockchain technology.
Uses Of Public Key Cryptography
Public-key cryptography has several critical applications:
- Encryption: The public key can be used to encrypt data that only the corresponding private key can decrypt. If someone wants to send a confidential message to a recipient, they use the recipient's public key to encrypt the message, ensuring that only the recipient with the corresponding private key can decipher it.
- Decryption: Only the private key associated with a public key can decrypt data that has been encrypted with that public key. The private key holder can use their private key to decrypt messages or data sent to them.
- Digital Signatures: Public-key cryptography allows for the creation and verification of digital signatures. A digital signature is generated using the private key and can be verified using the corresponding public key. It provides a way to prove the authenticity, integrity, and non-repudiation of a message or document.
- Key Exchange: Public-key cryptography also enables secure key exchange between two parties who have never communicated before. Diffie-Hellman key exchange is a popular algorithm that uses public-key cryptography to establish a shared secret key between two entities without directly transmitting the key over the network.
Public Key Cryptography And Blockchains
Blockchain and cryptocurrencies rely on public key cryptography to function securely.
Crypto addresses take the form of a public key, or a string of characters derived from a public key. Transactions are signed with the sender's private key, proving that only that user and address could have authorized the transfer.
In Bitcoin, for example, addresses are created as follows:
- A random 256-bit private key is generated using a secure random number generator. This private key should be kept secret and is never shared.
- The private key is used as an input to an algorithm to generate a corresponding public key, in this case the Elliptic Curve Digital Signature Algorithm (ECDSA). The public key is derived from the private key in a one-way function, meaning that it is computationally infeasible (to all intents and purposes, impossible) to determine the private key from the public key.
- The public key is then hashed using the SHA-256 (Secure Hash Algorithm 256-bit) and RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest 160-bit) algorithms. These are one-way cryptographic functions that provide a short, unique "digest" of their inputs. This hash is typically represented as a hexadecimal string.
- The hashed public key is then combined with a prefix that indicates the type of address being generated (0 for use on the main network). The version byte and hashed public key are concatenated, and a checksum is calculated by performing a double SHA-256 hash on the concatenated data.
- The checksum is appended to the concatenated data. The result is then encoded using Base58 encoding, which eliminates certain characters (such as 0, O, I, l) to avoid confusion. This encoding results in the final Bitcoin address, which is a string of alphanumeric characters.
The Bitcoin address derived from the private key can be shared with others to receive funds. Any funds sent to that address can only be spent by using the corresponding private key to create a digital signature during transaction validation. The signature proves ownership and allows for the transfer of funds associated with that Bitcoin address.
Find out more about how the Bitcoin network uses proof-of-work to ensure security.
Subscribe to our newsletter and follow us on Twitter.