Figure 1 Hashing Strings of Various Lengths Using the SHA-256 Algorithm
Input String
SHA-256 Hash Value
m
62C66A7A5DD70C3146618063C344E531E6D4B59E379808443CE962B3ABD63C5A
M
08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1
M1
2D214CA69B86C255BE416D42CCA977A59B34A7492873105522C35015FAB806F0
M2
0892A10ECE1F933EE98F5D554601B28F8437801D1AA1B77799E4035DDCB6950C
March
9D95A2CF0D7180B5089691163B188A7203B0CDE179346B8CFAA8AB6C2C3E6414
March 1, 2018
767328E7367048FA9DB37354CFA43DBB1691E8330DB54D54F52C1A444CA2E680
March 2, 2018
CCF33BF1C08B74EDE6A7C15C56EEC16269D83967670032ACDA6EE395361B7595
Figure 2 Double-Hashing the Values in Figure 1
Public Key Cryptography Recall that one of the primary functions of a blockchain is to track ownership of a digital asset. The digital asset in question may be worth nothing or many millions of dollars, so the ownership test must ensure that the owner can’t be spoofed. To conduct such a test in the digital realm, blockchains leverage PKC, which enables the owner to digitally sign their asset in order to prove ownership and authorize it to be trans- ferred. Unlike symmetric key encryption, wherein a single private (secret) key is used to both encrypt and then decrypt a message, PKC uses asymmetric key encryption.
Because an accurate validation algorithm of digital asset ownership is critical for block- chains, they employ a high-strength public/ private key-pair generation strategy that relies on the Elliptic Curve Digital Signature Algo- rithm, or ECDSA. The beauty of ECDSA is that it creates keys that are shorter in length but cryptographically stronger than same- length keys generated by the usual algorithm:
Digital Signature Authorization (DSA). Whenever they’re needed, users access a software application that uses ECDSA to generate the cryptographic key pair. The user must retain a backup of the private key because that key is required to transfer or harness the value held in a digital asset that’s stored on a blockchain. If you have access only to the private key in a private/public key pair, you can regenerate the public key because there’s a mathematical relation- ship between the two keys. But the private key can’t be generated from the public key (which means if you back up only one key, be sure it’s the private key!).
These keys typically are used in one of two ways. The first use case (see Figure 3) is when you want someone to send you an encrypted message that only you can open. To do that, give the other person your public key and ask them to use it to encrypt the document using software that applies an encryption algorithm and produces a ciphertext—the encrypted version of their message. They then send you only the ciphertext. Because they used your public key to encrypt the document, you must use the correctly paired private key to decrypt it.
Input String
Double SHA-256 Hash Value
m
A5FCE7E78734EC317F83F9019C80FFAF2508689B06EFA02191495A7D21FECE9A
M
6F6DCF58526B0D29EE664A708A939B7CDAC124A6A8569FCACE46FEAD38868E2E
M1
6C5D08BE9FFBBABD24B5F19AFFE6590FD402D347A50B519A59D40E15DCC0A6CB
M2
B2307311CC5877D5A581EDC821F3BFD5F99EB4E3B1D1B4009D9545BCF07E2E1A
March
B5410E155022AE6EB22CA21FADEDE65F0F7296DE14CA1D7A720A4937BD23AA5D
March 1, 2018
345DD725FEE80F8C5953A66C1495605E4ED01C4CE5AEF6C0A6D238999266A1A6
March 2, 2018
3E85B3D910BA77F88ECD5E24D1396457C532C73B89C032DED9AD0CBB4D4D9794
is that they’re unique enough to serve as a sort of digital finger- print while also acting as a checksum. Furthermore, one-way hash functions can’t (as a matter of practice) be decoded. Consider the SHA-256 value for my name: 8F12D83BA54AC0EA7687AD4AF- DE5E258BBFF970AA8D60C6588381784C502CA8E. Given that hash value, there’s no practical way to algorithmically reverse it back to my name. (One hacking technique leverages rainbow tables that list already-calculated hash values for common strings, such as “password”—but that’s not algorithmically reversing the hash. To thwart such exploits, it’s customary to embellish the string to be hashed by tacking on a random string, known as a “salt” value.)
If you don’t have a SHA-256 generator handy, consider the table in Figure 1, which shows how strings of various lengths always produce a 64-digit hexadecimal hash value, and that a small change to any particular string produces a completely different result.
Sometimes a hash value is double-hashed, which means that the first hash is hashed again by applying a second round of the SHA-256 algorithm. If I double-hash the values in Figure 1, I end up with the results in Figure 2.
Someone else
wants to send you a document
Public Key
They use your public key to create a ciphertext version of their document
Ciphertext
Private Key
You receive the ciphertext document and use your private key to decrypt it
Now you can read the original document
You want to send someone a document
Private Key
You use your private key to create a ciphertext version of your document
Ciphertext
Public Key
The recipient receives the ciphertext document and use your public key to decrypt it
Now the recipient can read your original document
ENCRYPTION
DECRYPTION
ENCRYPTION
Figure 3 Using PKC When You Want Someone to Send You an Encrypted Document/Message That Only You Can Open
Figure 4 Using PKC When You Want to Send Someone an Encrypted Document/Message to Assure Them That It Indeed Came from You
22 msdn magazine
Blockchain
DECRYPTION