Public Key Cryptography
Also known as Asymmetric Cryptography or Asymmetric Key cryptography, Public Key Cryptography is a type of cryptography that uses different keys for both data encryption and decryption. The following diagram summarizes this process. P stands for the data sent, E is the encryption function, C is the encrypted data transmitted on the channel and D is the decryption function. First the sender sends P, that is encrypted with E and the receiver public key, then the encrypted message C is transmitted to the receiver. Once received, C is decrypted with D and the receiver’s private key and the receiver gets the initial data P. Therefore, one verifies that the private key does not need to be shared for the message to be sent and encrypted. For the receiver to verify the integrity of the received message, only the sender’s public key is needed. When the sender transmits the message, the message is signed with the sender’s private key, then the receiver verifies the message by using the sender’s private key, this is the process of verifying a Digital Signature.
There are two main implementations of Public Key Cryptography. The first one is the Rives-Shamir-Adleman (RSA) implementation. Invented in 1977, it is based on the integer factorization problem, where the product of two large prime numbers is easy to compute, but its factorization back to the two original numbers is difficult. This algorithm is used daily whenever using the HTTPS protocol on the internet.
The other implementation is the one currently used on Bitcoin and Ethereum blockchains, the Elliptic Curve Cryptography (ECC). This kind of cryptographic implementation is based on the discrete logarithm problem as expressed by addition and multiplication on the points of an elliptic curve. Ethereum and Bitcoin use the same elliptic curve, defined by the standard called secp256k1, established by the US National Institute of Standards and Technology (NIST). As one can imagine from the brief description, ECC involves a lot of mathematical concepts that will be left for another article. The main benefit of ECC based algorithms over the other Public Key implementations it that it requires a smaller key size while providing the same level of security, if compared to RSA, which is of great advantage to the Peer-to-Peer blockchain network, requiring less computation on the authentication of transactions. Those blockchains use ECC for the digital signature verification and authentication process and the specific algorithm used for that is the Elliptic Curve Digital Signature Algorithm (ECDSA). Even though ECC can also be used for encryption, in practice it is mostly used for key exchange and digital signatures.
As previously described, these cryptographic algorithms have the main goal of being “one-way” functions, so that the data can be easily acquired in one direction (encryption) and impossible to do in the reverse direction (decryption). This characteristic allows the public key to be easily calculated from the private key, but the private key cannot be derived from the public one. This mathematical property of the algorithms is the basis for unforgeable and secure digital signatures that prove ownership of funds and controls Smart Contracts, if considering the Ethereum blockchain.