Silk Road forums
Discussion => Security => Topic started by: vlad1m1r on April 26, 2012, 06:00 pm
-
Dear all,
For those who are new to the Forums or unfamiliar with the intricacies of Cryptography, I thought I would explain in very simple terms how Public Key cryptography works, why it's important and what implications it has for the programs we use like PGP, and of course Bitcoins. For those of you who are IT experts, please accept my apologies for this simplistic explanation. For others amongst you please read on:
In its simplest terms, before Public Key Cryptography came along it was very difficult to exchange a secret without first exchanging a secret. Granted it was possible to encrypt a file with a password or send a message using a code book but how did you then give that password or code book to the intended recipient of your message? And even if you found a way to send it to them securely, why not simply use that same way to send them the message in the first place? :)
This issue known as one of "key distribution" and is one which baffled Cryptographers for decades.
The solution is best illustrated with an Olde worlde example:
Imagine that two fictional people, Alice and Bob live in a country where the postal system is completely immoral and postal employees will read any unprotected correspondence. One day, Alice wants to send a very intimate message to Bob.
She puts the message inside an iron box, closes it and secures it with a padlock and key. She puts the padlocked box in the post and keeps the key, sending the locked box to Bob.
When the box arrives, Bob adds his own padlock and sends the box to Alice. When Alice receives the box, it is now secured by two padlocks.
She can then use her key to remove her own padlock leaving only Bob's padlock. Finally she sends the box back to Bob who can now open it with his own key.
The implications of this small example are huge, as it showed it was possible to exchange a secret message between two people without exchanging a key (bear in mind that examining the padlock on the box wouldn't reveal anything useful about they key itself).
However this little story doesn't bear out in technical terms. Although it doesn't matter what order you lock and unlock padlocks, it does matter in terms of computer encryption. As such if a box is locked with Alice's padlock, it must first be unlocked using Alice's key before Bob can put his own padlock on it. So we're back to square one.. or are we?
Inspired by the above concept, two brilliant Cryptographers named Whit Diffie and Martin Hellman began to search for a mathematical solution to the problem of key distribution in the Seventies. Although every idea they had turned out not to measure up, they tried again and again before coming up with a solution.
Diffie and Hellman were interested in one way mathematical functions i.e calculations that cannot simply be reversed. A good everyday example of a one way function is mixing yellow and blue paint to get green. It's very easy to mix the paints together but impossible to separate them back into yellow and blue! For this reason they are often called Humpty Dumpty functions (All the King's horses and all the King's men...) - the idea was to create a way to scramble (ha!) a message in a way that couldn't be reversed easily to find out its contents.
In the end they hit upon a solution using what is called Modular Arithmetic - this involved using huge prime numbers to encrypt messages - a process which without the appropriate key would take computers millions of years to reverse.
In terms of the "padlock box" analogy above when Alice wants to send Bob an intimate message, she places it in an iron box and takes it to the Post Office. She then asks for a copy of Bob's padlock i.e his "public key" (let's imagine this Post Office has a copy of everyone's padlock) which she then uses to lock the box and send it to him. Since only Bob has the key to his own padlock only he can open the message. Having a copy of Bob's padlock i.e his public key doesn't do anyone else any good as it can only be used to lock a box i.e encrypt a message and not to tell anything about the key itself.
Programs like PGP operate along this principle which is why the first time you use the program you generate a "key pair", one of which is "Public" and is shared with everyone to encrypt your messages, and another of which is "Private" which you keep safe and use to read any encrypted messages to you.
Bitcoin transactions also operate along this principle, as every time you receive coins to your BTC address they are being encrypted by the Public Key assigned to that address - once again it helps to think of the coins as being placed in a locked box to which only you have the key.
In technical terms the Bitcoin wallet software you use contains your private key which can analyse the Bitcoin block chain for any coins encrypted by your public keys i.e your BTC addresses and then unlock them using the key built into your wallet program.
If it helps, think of a vast conveyer belt of locked boxes going in front of you, and you trying your key in each one, until it opens. Obviously you'd have to keep on repeating this process as you sent and received coins which is why your wallet software has to download the entire block chain and analyse it in order to process all your transactions.
This is why you have to be able to trust online wallet providers such as MtGox as they have assigned you a BTC address and therefore have a copy of your private key, which they could use to remove your coins at any time. Having your own wallet software installed on your machine gets around this problem.
This is also why it is easy to trace transactions of coins throughout the network as if you receive coins at a certain address, you must decrypt them using your Private Key before sending them to another BTC address. As such BTC must be sent from the same address where they're received in the first instance making their passage through the block chain easy to trace.
Apologies for the long post, hope this helps!
V.