In the last issue, we talked about how Blockchain technology is applied in real-world scenarios, we touched Decentralized Finance (DeFi) and the advantages it holds against Traditional Finance (TradFi), and decentralized agreements (smart contracts) and how they are more secure than traditional agreements.
In this issue, we will go into what confers this security we have so much talked about in the Blockchain. What actually makes the Blockchain tick? What makes DeFi and smart contracts run securely on the Blockchain - cryptography. Let's get started, shall we?
Cryptography, you might have heard it somewhere or somehow. Not to be confused with cryptocurrency - cryptography is the technology that powers cryptocurrency.
Cryptography on a high level, basically involves encrypting or obscuring a message in such a way that a third party cannot make sense of it.
In cryptography, an input (a message/data) is encrypted to form an output (hash), this hash is then verified to ensure integrity if the initial message. With cryptography, messages can be transmitted from one source to another while maintaining the integrity as any change to the message would change the hash.
There are two major forms of encryption used for encrypting data: Symmetry and Asymmetric key cryptography. In symmetric key cryptography, the same key is used to encrypt and decrypt the data, while in asymmetric key cryptography, a pair of keys (public and private key) are used to encrypt and decrypt the data.
As you may have guessed, symmetric key cryptography is less secure but faster as a single key is used. It is especially used for encrypting large amounts of data but the issue comes when ones needs to securely share the secret key between the sending and receiving parties.
In asymmetric key cryptography, a pair of distinct keys are used to encrypt data, the public and private keys are not random, they are linked such that, the private key can only decrypt a message encrypted with a corresponding public key. This is especially useful for secrecy, if you want to send Bob a message, you use his public key (which is publicly available) to encrypt the message and when Bob receives the message, he uses his private key (which only him should have) to decrypt the message.
For authentication purposes, like on the Blockchain, the private key is used to encrypt (sign - the terminology used in web3) a transaction (that contains data like message, receiving address, amount, nonce, sending address and so on) to produce a digital signature, this authorizes the sender as the one with the private key that can generate that signature, the signature is then broadcast to the Blockchain and the nodes verify with the sender's public key or an address derived from it that the key/address was produced from a private key that generated that signature.
That is why you are always instructed to secure your private keys, because anyone with the private key can approve transactions and move funds on your behalf. You might also have heard of a secret recovery phrase (12/18/24 word phrase) in crypto wallets and that you must secure it, as a matter of fact, the private key is even derived from the secret phrase! The words are transformed into bits and matched to the official wordlist that contains 2048 words.
The flow is: Secret phrase -> master key (master seed) -> private key -> public key -> wallet address.
You can watch the video in my demo in the Peerlist post to see it in action: https://peerlist.io/scroll/post/ACTHLKLLMLOBGGRK61PJM67ALKENO9
From this, if an attacker has your private key, he only has access to one of your accounts, if they have your seed phrase, they have access to all your accounts. This is because the process is deterministic and the same seed phrase would always generate the same keys and addresses. One of the properties of a cryptographic hash is that it is deterministic, more on this in the next issue.
Whoosh! Of you made it this far, big ups to you, this is just one of the applications of cryptography on the Blockchain - authentication. In the nest issue, we will talk about another application.
See you in the next issue!
Top comments (0)