Blockchain Cryptography Study Notes

1. Hash algorithm

The hash function is to map the binary plaintext of any length into a shorter and fixed-length
binary value through algorithm processing, and the mapped value is also called a hash value. The data of the hash value is unique and compact. Changing even one letter in the plaintext will change the resulting hash. Due to the characteristics of the hash algorithm itself, it is impossible for anyone to find two plaintexts with the same hash value. Therefore, the hash value can be used as a key basis for judging data integrity.

A hash function is a function H that maps a message M of any length into a fixed-length hash value h (set the length to m).

h=H（M）

For a hash function to be unidirectional, it must satisfy the following characteristics:

• Given M, it is easy to compute h.
• Given h, it is difficult to deduce M from H(M)=h.
• Given M, it is difficult to find another message M' such that H(M)=H(M).

Hash function is a mathematical function with the following three characteristics:

• ① The input of the Hash function can be a string of any length;
• ② The Hash function produces a fixed-size output (such as a 256-bit output);
• ③ The Hash function can perform effective calculations, and the calculation time is reasonable. For n-bit strings, the complexity of Hash calculations is O(n);
• In addition, to make the Hash function cryptographically secure, the Hash function needs to have the following additional features: high collision resistance, strong secrecy, friendly problem solving, and avalanche performance.

2. Blockchain address generation

Blockchain address generation needs to go through five steps:

1. Obtain a private key via a random number generator. Generally speaking, a private key is a string of data that can be used to operate the corresponding blockchain account. Since the private key can directly open the account, it needs to be kept strictly to prevent loss.
2. The private key is algorithmically processed to generate a public key. Technically, the "public key" can be calculated from the private key, but the "public key" cannot be obtained backwards to obtain the private key.
3. Use the "public key" to perform hash calculation to obtain the public key hash.
4. Connect a one-byte address version to the header of the "public key hash" and perform two hash operations on it. The first 4 bytes of the result can be used as the public key hash verification value and connected to the tail.
5. Encode the calculation result of the previous step to get a blockchain account address.
   

3. Asymmetric encryption

1. RSA
The encryption idea of ​​the RSA algorithm is that it is easy to multiply two large prime numbers, but it is more difficult to factorize the multiplication result, and the result can be used as a key.
Technically, it is impossible to obtain the private key from the public key. In addition, in order to enhance key security, the RSA key length should be at least 500 bits. As the level of information encryption requirements increases, the key length will increase accordingly.
RSA is able to resist most of the cryptographic attacks, realize the digital signature of the message to resist the denial and denial of the data; use the digital signature to easily find the illegal tampering of the message by the attacker, so as to protect the integrity of the data information.
Features: The mathematical principle is simple, and it is relatively easy to realize in engineering applications, but its unit safety strength is relatively low.

4. Symmetric encryption [page 121]

2. Elliptic curve algorithm (ECC)
Elliptic encryption algorithm (ECC) uses rational points on the elliptic curve to form the computational difficulty of elliptic discrete logarithms on the Abel addition group. The elliptic curve cryptosystem is the one with the highest encryption strength per bit among the currently known public key systems.
Elliptic curve algorithms have four advantages over RSA:

1. The safety performance is better, and a number of international standards can ensure high safety strength;
2. The processing speed of the private key is better than that of RSA;
3. The required storage space is small and does not occupy too much network resources;
4. Low hardware requirements are conducive to promotion among nodes. From the perspective of development trends, the elliptic curve algorithm may replace RSA in the future and become a new global public key data encryption standard.

Features: The mathematical theory is profound and the process is complex, but the unit security strength is relatively high, the processing speed is fast, the storage space is small, and the bandwidth requirement is low.

1. DES
With the exponential development of computer hardware, the processing capability continues to increase, and the DES encryption algorithm is no longer safe. As early as 1999, some organizations claimed to successfully crack the algorithm within 23 hours using 64-bit data blocks. This is mainly because the secret key of the DES algorithm is too short, only 56 bits, and it is easy to crack by brute force. At present, the DES algorithm has been replaced by the AES algorithm.
2. AES
Advanced Encryption Standard, that is, the advanced encryption standard. The advanced encryption standard was proposed by the National Institute of Standards and Technology (NIST) in 2001. The AES algorithm is relatively new and the most popular symmetric encryption algorithm at present, with faster speed. Faster, better security, is considered a replacement for DES.

5. Digital signature

The sender uses the receiver's public key to encrypt the message, uses its own private key to sign the digest generated by the message, and sends the ciphertext and signature to the receiver.
The recipient uses its own private key to decrypt the message, hashes the message to obtain a summary, uses the sender's public key to verify the signature and compares whether it matches the content of the summary, so as to determine whether the message has been tampered with.

6. Public Key Infrastructure [page 122]

1、PKI

In the design process of the public key, in addition to the encryption mechanism, it also includes three links of certificate generation, distribution, and revocation. Here, it is necessary to follow
the requirements of the PKI (Public Key Infrastructure) system, and carry out the certification and management of the certificate in its entire life cycle.

A complete PKI system includes seven parts: digital certificate, certificate authentication, identity authentication, certificate management system, certificate revocation, key management, and interface management .

1. Digital certificate: A data certificate representing identity information in the network, which contains digital signatures and public keys for encrypting information.
2. Certificate authentication: According to the result of identity authentication, it is responsible for issuing digital certificates.
3. Identity authentication: verify user identity and data legality, and enter relevant information into the certificate management system.
4. Certificate management system: record various information such as users, digital certificates, public keys, and data.
5. Certificate revocation: revoke digital certificates that have expired.
6. Key management: The trusted organization is responsible for recording the user's public key, providing a mechanism for public key recovery, and not managing the private key.
7. Interface management: promote interaction between nodes, improve security strength, and reduce management costs.