Unit 3

3.1 Introduction to Cryptography

Cryptography is the study and practice of sending secure, encrypted messages
between two or more parties. Cryptography allows digital currency transactions to
be pseudonymous, secure, and “trustless” – with no bank or other intermediary
required.

Bitcoin (as well as Ethereum and many other cryptocurrencies) uses a technology
called public-private key encryption. This allows them to be “trustless” – and
makes secure transactions between strangers possible without a “trusted
intermediary” like a bank or Paypal in the middle.

3.2 Hashing
Hashing is the backbone of the blockchain, ensuring data integrity and preventing
fraudulent transactions.
Hashing in blockchain implies the transformation of input data into a fixed size
output through a specific algorithm. It establishes data integrity and averts
fraudulent transactions. At the core of this process are hash functions, which
create unique digital fingerprints for data.
The output, known as a hash value, is unique to the input data, even if the input
data is altered slightly, the hash value will be drastically different. This property of
hash functions makes them an indispensable component of various data
structures, including blockchain technology, where each block contains the hash
of the previous block.

Different Hashing Algorithms

Different blockchains employ different hashing algorithms

Bitcoin utilizing the Secure Hashing Algorithm 256 (SHA-256) as its hashing
algorithm. SHA-256 is a mathematical algorithm that generates a 256-bit hash

Unit 3 1
 value. It is widely used in various data structures, including blockchain
technology, to ensure the security and integrity of data.

The array of hashing algorithms includes Scrypt, a password-based key

derivation function used across various cryptocurrencies like Litecoin. Scrypt
generates a unique output hash for each input, ensuring the security and
integrity of the data.

Ethash, on the other hand, is a memory-hard hashing algorithm specifically

designed for implementation in the Ethereum blockchain, developed to
counteract the potential for ASIC miners to be utilized.

Cryptographic Hash Functions Properties

Cryptographic hash functions safeguard data in the blockchain through the
following properties:

Deterministic outputs: The same input will always produce the same hash,
making it easy to verify data consistency.

Preimage resistance: It is difficult to determine the original input from a hash.

Collision resistance: Unique hashes are ensured for different inputs.

3.3 Digital signature schemes

Authentication. It’s a process to verify the sender. That means checking if the
electronic document received is from the expected sender. How to achieve
Authentication in blockchain?
Just as written signatures tie a person to a particular document, digital signatures
cryptographically link an identity to a message.
Digital Signing in Blockchain is a process to verify the user’s impressions of the
transaction. It uses the private key to sign the digital transaction, and its
corresponding public key will help to authorize the sender.

Here, the private key of the sender encrypts the message. And the
corresponding public key of the sender, earlier shared with the receiver, can
decrypt the message.

Unit 3 2
 For example, Rachel wants Ross to send a digitally signed copy of the documents
for Rachel to confirm if the document sent by Ross hasn’t been changed on the
way by other network participants. Digital Signing works by the following process.

Ross creates the hash of the documents. Hash is a cryptographically

generated an fixed length hexadecimal cipher-text that is irreversible.

Ross encrypts the hash of the document using his private key. Now, when he
sent the document to Rachel, he added the encrypted hash.

Rachel can only decrypt the hash using Ross’s public key.

Now on the receiver’s end, Rachel decrypted the hash. Afterward, she
calculates the hash of the document by herself as well. To ensure if it’s not
altered on the way.

She compares her hash of the document with the decrypted hash sent by
Ross. If the two hashes match, Rachel knows that both document and hash
came from Ross. And haven’t been changed on the way.

Confidential and Authorized Digital Signing

We’ve understood that digital signing is a process of authorizing the sender.

However, to make it secure and confidential, we need public-key cryptography or
Asymmetric cryptography. It uses the receiver’s public key for encryption and the

Unit 3 3
 private key for decryption. Here, The pair of keys ie, the encrypt and decrypt keys
should be of the same user (receiver).

Now, Rachel and Ross don’t want anyone in the network to know about the signing
of documents

So now, after Ross encrypting the hash using his private key and adding the
document with it. He again encrypts the document and hash using Rachel’s
shared public key.

On the receiver’s end, Rachel first decrypts documents and then encrypted
hash with her private key. Then uses Ross’s public key to decrypt the hash

Afterward, she calculates her own hash of the document and matches it with
the decrypted hash sent by Ross.

3.4 ELLIPTIC CURVE CRYPTOGRAPHY (ECC)

Definition

Elliptic Curve Cryptography (ECC) is a key-based technique for encrypting data.

ECC focuses on pairs of public and private keys for decryption and encryption of
web traffic.

Unit 3 4
 An elliptic curve for current ECC
purposes is a plane curve over a
finite field which is made up of the
points satisfying the equation:

y2 = x3 + ax + b

In this elliptic curve cryptography

example, any point on the curve
can be mirrored over the x-axis and
the curve will stay the same. Any
non-vertical line will intersect the
curve in three places or fewer.

ECDSA

When it comes to blockchain, ECC is often used in the generation of digital

signatures. Bitcoin’s current signature scheme is known as the Elliptic Curve
Digital Signature Algorithm (ECDSA).

💡 This uses shorter keys and requires fewer computational requirements

than the RSA system, while maintaining strong security

ECDSA uses “elliptic curves” instead of finite fields. ECSDA relies on the discrete
log problem instead of the difficulty of factoring primes for security. The problem
is as follows:

Unit 3 5
 Let a, b, and c be integers such that a^b = c. If you are given c
and a, it is difficult to find b if b is a large enough number. Now
apply this equation to an elliptic curve group and compute Q =
nP, where n is some integer, P is a point on the curve, and Q is
the result of the operation (“multiplying” points).

In elliptic curves, it is easy to calculate Q given n and P, but it is

difficult to find n given P and Q. This is known as the “elliptic
curve discrete logarithm problem”.

The ECDSA algorithm relies on this to generate signatures that are difficult to
forge and easy to verify.

Advantages of elliptic curve cryptography

1. Higher security: ECC provides a higher level of security than traditional

encryption methods like RSA. This is because the math behind ECC is much
more complex and harder to break.

2. Shorter key lengths: ECC requires shorter key lengths than RSA to achieve
the same level of security.

3. Faster processing: ECC is faster to process than traditionalencryption

methods. This is because the mathematical operations involved in ECC are

Unit 3 6
 simpler and require less processing power.

4. Resistance to quantum computing: ECC is also more resistant to attacks from

quantum computers.

5. Perfect forward secrecy: ECC provides perfect forward secrecy, which

means that even if an attacker is able to obtain the private key at a later time,
they will not be able to decrypt messages that were sent using that key in the
past.

3.5 Verifiable Random Function (VRF)

A verifiable random function is a cryptographic function that takes a series of
inputs, computes them, and produces a pseudorandom output, along with a proof
of authenticity that can be verified by anyone.

Working of VRF
Here's a quick rundown of how VRFs work:

1. Input and Key Generation: Each participant has a secret key and a public key.
The secret key is used to generate a unique public key, and this public key is
what others use to verify the randomness.

2. Random Output: When a participant wants a random output, they use their
secret key and an input value. The VRF then produces a random output that is
unique to that specific combination of input and key.

3. Proof Generation: Along with the random output, the participant generates a
proof. This proof can be verified by anyone using the public key, ensuring that
the output is indeed the result of the correct combination of input and key.

4. Verification: Others in the network can use the public key and the proof to
verify that the random output is legitimate. If everything checks out, they can
trust that the randomness was generated fairly.

Core Features

1. Verifiable—Anyone can verify that the random number generated by a VRF is

valid. All they need to do is inspect the proof and verify the correctness of the
hash output.

Unit 3 7
 2. Random—The output of a VRF is entirely unpredictable (uniformly distributed)
to anyone who doesn’t know the seed or private key and follows no pattern. In
a VRF, every possible output is equally likely. The randomness is generated by
combining the seed and private key in a unique manner.

3. Function—VRFs rely on a mathematical algorithm to produce both the random

number and a proof that verifies its authenticity. For a function to be
considered a VRF, the RNG must keep the seed hidden (implicit) to preserve
its unpredictability, while the proof must be explicit and calculable by
everyone (explicit) to ensure its verifiability.

Use Cases in Blockchain

VRF is being used as a secure source of on-chain randomness across the Web3
ecosystem, including in leading GameFi, DeFi, and NFT projects.

Assigning randomized attributes to NFTs— VRF can help create unique NFTs
during the minting process.

Fairly distributing rare NFTs—VRF provides auditable evidence that NFTs

were distributed fairly.

Unpredictable gaming outcomes—Developers can build more fun blockchain

games by leveraging random outcomes.

Selecting PoS Validators - VRFs can be used for selecting validators in a

proof-of-stake consensus algorithm to ensuring fairness in decentralized
applications (dApps).

Unit 3 8