Campbell R. Harvey Duke University and NBER Innovation and Cryptoventures Keys Campbell R. Harvey Duke University and NBER February 3, 2018
Secret Keys Symmetric key Symmetric encryption: there is a single key to both encrypt and decrypt a message. Nazi Enigma Machine https://www.youtube.com/watch?v=G2_Q9FoD-oQ Campbell R. Harvey 2018
Secret Keys Symmetric key DES (Data Encryption Standard) was a popular symmetric key method, initially used in SET (first on-line credit card protocol) DES has been replaced by AES (Advanced Encryption Standard) Campbell R. Harvey 2018
Public Keys Asymmetric keys Everyone has two keys: public and private Public is available to anyone Private only available to the individual The public key is mathematically linked to the private key Campbell R. Harvey 2018
Public Keys Asymmetric keys: Two main uses Bob encrypts a document with Alice’s public key – only Alice can decrypt the document with her private key. Here the public key is the “encryption key” and the private key is the “decryption key” Bob could sign a message with his private key. People with access to Bob’s public key can verify that the message is from him (or at least someone with access to Bob’s private key). Here the private key is referred to as the “signing key” and the public key is the “verification key”. Campbell R. Harvey 2018
Verification My public key for secure email You can encrypt an email to me with my public key and only I can decrypt with my private key. Campbell R. Harvey 2018
Key Pair Basics Data encrypted with public key can only be decrypted with private key The user generates both keys and the key pair is mathematically linked Examples are RSA and EC encryption Panayotis Vryonis (2013) Campbell R. Harvey 2018
Key Pair Digital Signatures I want to send a message Hash the message Encrypt the hash with my private key (Digital Signature) Receiver recovers the original hash using my public key Receiver does their own hash of the original message to make sure it matches the recovered hash Any small change in the original message will result in a different hash Campbell R. Harvey 2018
Key Pair https://kjur.github.io/jsrsasign/sample-ecdsa.html Campbell R. Harvey 2018 https://kjur.github.io/jsrsasign/sample-ecdsa.html
Key Pair Certificate Authorities Before I accept a message from Alice, I want to make sure that the public key really belongs to Alice (not an imposter) Trusted third party certifies that the public key belongs to Alice. This third party is called the “Certificate Authority” This is how the Internet works with HTTPS, SSL, TLS. Campbell R. Harvey 2018
What is a bitcoin private key? Transactions are signed with a specific variant of an Elliptic Curve Digital Signature Algorithm The ECDSA has a private key and a public key Private keys are 256 bit random numbers. The public key is mathematically linked to the private key. The public key can be derived from the private key – but not vice versa. Again, in DSAs, the private key as known as the “signing key” and the public key is known as the “verification key”. Campbell R. Harvey 2018
What is a bitcoin private key? Transactions are signed with a specific variant of an Elliptic Curve Digital Signature Algorithm Think of each of us as having a lockbox and the lockbox has a private and public key We use the public key to generate a bitcoin address (Address deck). The public address is mathematically linked to the public key (-- and to the private key because the private key is mathematically linked to the public key). Campbell R. Harvey 2018
What is a bitcoin private key More on transactions In my lockbox are the bitcoins that have been sent to my public address Think of the lockbox containing unspent transaction output (e.g. someone has sent me a bitcoin and I have not spent it yet) Campbell R. Harvey 2018
What is a bitcoin private key More on transactions Now suppose I want to send 1 bitcoin to Soo. I open my lockbox with my private key and take out the bitcoin, construct a new lockbox with Soo’s public key that can only be opened by her private key, put the bitcoin into it, and give it to her. This is a “transaction”. I have signed the transaction with my ECDSA private key and the network can verify it is me because the network knows my public key. Campbell R. Harvey 2018
What is a bitcoin private key Signing a transaction A signature is mathematically generated from a hash of the transaction plus the private key. Signature is represented by two numbers, r and s. With a public key, a mathematical algorithm can be applied to the signature to determine that it was produced from the hash and the private key -- without needing to know the private key. Campbell R. Harvey 2018
What is a bitcoin private key Bitcoin’s ECDSA Uses a relatively obscure variant called secp256k1 chosen by Satoshi Of all the components of the bitcoin architecture, the ECDSA is the most vulnerable Campbell R. Harvey 2018
Multiple private keys? More than one address? Yes, you can have multiple addresses which means you have multiple private/public key pairs from the ECDSA. Think of these as multiple lockboxes. A good wallet program will manage all of these keys so you don’t need to worry about where the bitcoins are coming from Note with Coinbase, you delegate your private keys to them. Campbell R. Harvey 2018
More on PGP email Steps Message compressed Random session key (based on mouse movements and keystrokes) is generated. Message encrypted with session key Session key is encrypted with receiver’s public key Encrypted message + encrypted session key sent via email Recipient uses their private key to decrypt the session key Session key is used to decrypt the message Message decompressed Campbell R. Harvey 2018 http://www.pgpi.org/doc/pgpintro/