What is Public Key Cryptography in Blockchain

The concept of blockchain’s security encompasses different kinds of security methods and techniques. In our tutorial on “Blockchain Security,” we focused on the concept and technique of hashing. In another tutorial, we discussed “Blockchain cryptography” which gave us a broad idea of application and use of cryptography in the blockchain. Moving on, in this tutorial, we set our focus on the “Public-key cryptography” technique which blockchain-primarily uses to carry out secure transactions. We had a little insight on this topic through some articles earlier, but here, we will have a closer look at it. 

What is Public Key Cryptography?

Public key cryptography is a security protocol that ensures the safety of data that we exchange through a transaction in a blockchain network. The aspect of security is crucial in a point-to-point network like blockchain. Because, in such a network, nodes do not personally know and trust each other. There is a need for a robust security system in place. One which secures the information they are sending or receiving without worrying about security breaches. Also, this eliminates the need for all the nodes to know and trust each other personally. 

Public key cryptography is an asymmetric type of cryptography where we use a pair of keys (public key and private key). It uses them to encrypt/decrypt the information and verify the users. The process of public-key cryptography ensures two things i.e,

1. Encryption of the information at the sender’s end using the public key (of the receiver). This ensures that no third party can access or understand the encrypted information in or out of the network. Only the intended receiver can decrypt and read the message using its own private key. 

2. Signing the message or information for verification using the sender’s private key. This authenticates the identity of the sender and states that he is a legitimate node in the blockchain network. The receiver verifies this by using the public key of the sender. This verification process of users in a network is done through digital signatures. 

Thus, public-key cryptography is a way of providing a digital identity to the user. Through this one can carry out secure transactions within a blockchain network. Now let us understand exactly how this happens.

There are three key elements in public-key cryptography i.e. (i) Pair of keys; Private and public key, (ii) Cryptography wallet and wallet address, and (iii) Digital signature. Each of these three elements contributes significantly to creating an authentic digital identity just like our bank account, account number, and password. The only difference here is that it is to exchange information or cryptocurrency within a blockchain network. 

Public key cryptography uses special algorithms to create these keys. These algorithms work in a unidirectional manner, i.e. the algorithm will first create a private key from it, a public key, and from it, a public address. We cannot reverse the order of generation i.e. we cannot compute the private key from a public key or wallet address from the public key. 

This ensures the security of the public key cryptography system even more. It is because the public key and public address are made public to carry out transaction and verification processes. 

Therefore, public-key cryptography ensures the integrity of the information, the authenticity of the user, and the legitimacy of the transaction. A private key is like an account password for a user. One can decrypt a coded message sent to them and make a digital signature from it for verification. 

A public key is open for the network which others use to verify a transaction and encrypt a message. Thus, whenever a transaction takes place between two nodes, the private and public keys of both the nodes take part in making the transaction secure. It does so by encrypting the information and verifying the user by their digital signature. This double layer of protection makes public-key cryptography the best security system for blockchain. 

Concept of keys: Public key and Private key

The cryptographic keys are the most essential element in public-key cryptography. Without the function and significance of keys, there is not much left to understand in public-key cryptography. So, let us learn the concept of keys! 

As we know, we use a pair of keys i.e. Public key and Private key in public-key cryptography. Both of these keys are generated using the Elliptic Curve cryptography method. Firstly, it creates the private key and then it creates a public key from the private key using the Elliptic Curve Algorithm (aka ECDSA). Therefore, both the private and public keys are cryptographically and mathematically linked to each other. 

There is an important thing to note here, i.e. the process of generating a public key from the private key is irreversible. That is, we can obtain the corresponding public key from its private key but we cannot obtain the private key from its public key. The algorithm is designed in such a way that it requires a lot of computational power and time to brute force the private key which is next to impossible. 

This algorithm helps in keeping the private key private and untraceable from the public key. Because a node in the blockchain network can only carry out transactions within the network.  It is possible if its private key is kept secret and its public key which others know in the network. 

The private and public keys are of a certain length depending on the algorithm used to create them. Usually, the key length is 256 bits or can fall in the range of 1024 to 2048 bits. Now, the length of the public key seems a little too long for us to easily distribute it in the network. So, we need to create a shorter public address from the public key using a hashing function. Here, the public key is like an email address and public address is like the username. It is obvious that sharing your username with others is easier than sharing the entire email address. 

Just like how we cannot compute a private key from its public key, we cannot compute a public key from the public address. Public address (also called a Bitcoin address in a Bitcoin network) is the first thing that we need if two nodes want to carry out a transaction on the blockchain network. 

Therefore, in Public-key cryptography the most important elements are a private key, a public key, and the public address. All of this information is kept secure in a software known as Wallet. A digital wallet is independent of the blockchain network. It stores the important information of a blockchain node such as its address, private key, the public key, and transaction balance. 

Let us learn about the private and public key in a little more detail. 

1. Private Key

A private key is a long series of alphanumeric characters that is unique for every individual user or node in the blockchain network. A private key is like a password which if shared can give away our confidential information. So, we must keep our private key confidential from the network.

The digital wallets (software or hardware) essentially store the private key as its security is very important. The usual format for storing the key is a wallet import format which has a 51 character long key. This length may vary depending upon the storage formats. 

The two main functions of a private key in providing security in a blockchain network are: 

a. The private key is used to decrypt a message that the sender encrypts using the public key (of the receiver). This ensures that the intended receiver gets the encrypted message and is safe from other users on the way. Once the message reaches the receiver intact, he decrypts it into a readable format using his private key. 

b. Another important function of the private key is securing the message or information by digital signature. A digital signature is used to verify a blockchain transaction. In the digital signature, the message is signed using the sender’s private key. In this way, the receiver can verify that the message (using the sender’s public key) is actually sent by the sender and not someone else. 

2. Public Key

A public key is the counterpart of a  private key as it is cryptographically derived from it. A public key is available for all the nodes in the network. This helps in the verification of a transaction by all the nodes in a blockchain network. Let’s suppose that you are a node in the network and you want to send a message or information to another node.

To carry out a secure transaction you will sign the message from your private key and send it for verification from the entire network. Each node can access your public key and so they will verify the transaction as authentic and pass it. When all the nodes verify your transaction using your public key the transaction can take place. Generally, a public address is used for transactions rather than the public key because of its length. The public key is long and not easily shareable. So, a shorter version of it is created by hashing which is the public address. 

The two main functions of a public key in providing security in a blockchain network are: 

a. To encrypt a message or information using the public key of the receiver. This ensures that only the receiver who has its corresponding private key can decrypt and read the message. 

b. To verify if the sender is authentic by confirming the digital signature. A digital signature is done by the sender’s private key. A public key verifies the sender’s identity by matching (complementing) with his private key. 

Digital signatures in blockchain

After the private key and public key, another important aspect of public-key cryptography is the digital signature. No transaction in a blockchain network is secure if it is not digitally signed by the sender’s private key. The cryptography i.e. the encryption done using the public and private keys ensures that the information we are sending to other nodes is safe and no one in the middle can read or change it. 

Whereas, the purpose of doing a digital signature before sending the information is to state authority over the information and tokens (cryptocurrency). It is like signing a cheque where you state that it is your money that you are giving from your authorized bank account. 

Similarly, when you digitally sign the information you send in a blockchain network,  you say that you are an authorized node. And you rightfully own the tokens or currency you wish to give to someone in the network. Therefore, the digital signature proves the ownership of the funds and the account and protects them from forgery. 

Now, let us learn how digital signatures are done. 

Before we start understanding the entire process of digital signatures, we must know which algorithm is used to create digital signatures. Similar to the private and public key, digital signature is created by the Elliptic Curve Digital Signature Algorithm (ECDSA). An important thing to note here is that ECDSA is not based on encryption. This means that the keys are not encrypted, only the message or information that we are sending is encrypted. 

This algorithm applies itself in two parts;

1. In the first part, it takes the private key and Merkel root (hash) of the transaction and creates the signature by mathematical computations. Then this signed transaction is sent out to other users on the blockchain network. They will all verify the signature of the sending node using the second part of the algorithm.

2. In the second part, other nodes compute a binary result using the digital signature of the sender, the transaction information, and the public key of the sender. If the mathematical algorithm gives the result as True, then it is verified that the sender has sent the message from an authentic node. 

All the validating nodes or computers in the network will verify the digital signature by using the sender’s public key. 

How does Public-key cryptography work? 

Now that we are through with all the important concepts related to public-key cryptography. Let us move on to understand the entire process of public-key cryptography. And how does it work to secure and verify a transaction on the blockchain. 

Suppose you are a legitimate node on a blockchain network. Now, you need to have three things in order to carry out secure transactions within the network; a private key, a public key, and a wallet address, or a public address. For this, you need to install a blockchain wallet software that will automatically create a pair of private key and public key and a wallet address. This software is an independent platform from the blockchain. It gives you a digital identity and a safe place to keep your keys. 

Furthermore, your public address (aka wallet address) is like a mailbox and your private key is like the key of that mailbox. Your mailbox or its address is known to everyone and anyone can send you things using the mailbox. But, only you can open your mailbox and access the contents inside it using the key to the mailbox. Similarly, anyone within the blockchain network can send you tokens or messages to your public address. But only you can decrypt and read that message using your private key. 

Let us summarize the working of public-key cryptography with the help of a situation. Here Raj wants to send a message to Aditi on a blockchain network. We call this exchange of information between two nodes on the blockchain a “transaction”. 

Step 1: Raj will take the message that he wants to share and encrypt it using Aditi’s public key or public address. This will convert the message into an unreadable format.

Step 2: Raj will now take the hashed message and sign this message using his private key. This is known as digitally signing the transaction (digital signature).

Step 3: Now, Raj is ready to send this message to Aditi via the blockchain network. But before this, Raj needs to get this transaction verified by the entire blockchain network. Using Raj’s public key, every node on the network will verify the digital signature of Raj and pass the transaction. 

Step 4: After successful verification, Aditi will receive the message but in an encrypted form known as ciphertext. First off, Aditi will also verify the digital signature of Raj using his public key or public address. 

Step 5: Then, Aditi will decrypt the ciphertext using her private key. This will convert the message into a readable format. 

Step 6: The transaction is successfully carried out. Also, it is recorded on a new block in the blockchain permanently. No one can deny that this transaction between Raj and Aditi did not take place. 

Benefits of Public Key Cryptography

Public key cryptography promises a lot of security benefits in an open network like blockchain. Three most important aspects, as well as benefits of using public-key cryptography as the security method, are; Confidentiality, Integrity, and Authenticity. 

1. Confidentiality: Blockchain assures confidentiality of the data that we are sharing by using a pair of keys. The public and private keys that are linked to each other make sure that the data or information that we are sending is kept secret from others. It maintains confidentiality by encrypting the data using a public key and decrypting it on the other end using its corresponding private key. 

2. Integrity: Public-key cryptography also maintains the integrity of the data by encrypting the data. Due to end encryption, no one except for the sender and the receiver has access to the information. So, one can be sure that the data is intact and no one has changed it in the middle. 

3. Authenticity: Another important aspect and a major benefit of public-key encryption is the authenticity of the user. Because it uses digital signatures in every transaction, it is impossible for some to fake their identity. That is why every node on the blockchain network can be sure that the sender is an authentic part of the network. This is how blockchain builds trust amongst its users. 

Limitations of Public Key Cryptography

Just like everything has a downside to it, there are a few limitations of public-key cryptography. 

1. The ability of mathematical algorithms to encrypt and decrypt data or messages is limited to only a certain size of data. If there are large amounts of data that need to be encrypted the algorithm runs slow. This slows down the process of encryption and demands greater computational power. 

2. If someone has access to the secret private key or accidentally exposes it to the network. All the data encrypted using that private key will be in the wrong hands. One cannot restore or re-encrypt the data once the private key is out.

3. If a node loses its private key, its data will forever be stuck and they cannot make transactions from the same public address again. Such a node will not be able to access the data encrypted by its private key. 

Summary

This completes our discussion on Public-key cryptography. Here, we have covered a lot of aspects related to PKC. Such as, what is PKC, the concept of private and public keys, what is a digital signature, how do PKC works, and lastly the benefits and limitations of PKC. We hope you were able to develop a good understanding of public-key cryptography with the help of the information provided by us.