Cryptography Part 2 Flashcards
Introduction (Notes)
Let’s look at a specific example of cryptography used as part of a larger system.
We’ll look at cryptocurrencies, and specifically at Bitcoin, the oldest cryptocurrency still standing
- What are the problems they need to solve?
- How do they go about it?
- What are the attack vectors?
What are the motivations behind Crypto-currency?
- Trends in finance
- E-commerce naturally increases e-payments
- Charges for financial services, especially in developing countries
- Worries about currency stability, surveillance, interruption of payments, nostalgia for gold standard - Is there a way to do cash over the internet?
- A “born digital” currency without legacy costs
- Immune to manipulation by banks or governments- The extent to which this is an actual risk in practice is open to debate
The challenges of digital cash
No double spending
- Clearly undesirable if the same “coins” can be spent without being transferred
No duplication
- Atoms (Physical) versus bits (Digital)
No repudiation
- Transfers must be final
Paying for the infrastructure
- Why would anyone contribute computing power? How do they pay their costs (if there are any)?
What problems does crypto-currency address?
Cryptography can be used to address these problems:
- Holding the cash: Unique tokens held in an encrypted wallet, requiring authentication to access
- Non-repudiation: Transfers are logged into a public ledger, with cryptography used to prevent alteration
- Double spending: The ledger records each transaction, so we can check for previous spending of a token
Other challenges still remain:
- Cryptography requires computation
- How do we trust the ledger?
Notes on Trust and Consensus?
Important Note: We need to agree that transactions took place, and trust that they can’t be changed.
The act of signing a transaction
- Signer(s) affirm that the transaction happened
- We can check this automatically
- We need some way of trusting the signers
- Get consensus from a majority of participants
- Incentivise the participants not to lie about transactions
Describe an example of a consensus problem?
A set of P participants each decide some value V of something: how do we agree a shared value of V?
- Take an average? Vote on the correct value?
What if some of the participants are lying?
- This is the Byzantine Generals Problem
- Under what circumstances can the generals agree on their decision, given that some may be lying and they don’t know who, or how many?
What is meant by a blockchain?
Meaning: a distributed database that maintains a continuously growing list of ordered records, called blocks.
Note: Make the ledger of transactions public.
- Every spend of every coin
- Spend generates “change”, which is then essentially a new fractional coin
Note: Each block is simply a record of several transactions
- Chain the blocks together to form a list (or chain)
Features:
- Timestamp
- Block Number
- Transactions
- Link to previous block in the chain
How can we agree on the transactions?
- Cryptographic Hashing
- Meaning: a process that uses a cryptographic hash function (CHF) to create a unique and irreversible representation of data.
- A hash function converts a large space of values into elements of a smaller space.
- Hash functions are easy to compute but difficult to reverse. (A one-way function)
- Makes it hard to alter a message so that it has the same hash as the original. (Any tampering will change the hash code, so have to hack the published hash as well as the file itself), The SHA256 is currently considered to be secure. - Nonces (Not the Diddy definition):
a process that involves adding a value to a given block of data, such that it hashes to a specific value.
What does this do?
- A block can check if it has been changed (because it will no longer hash to a specific value [nonce]), and can check that the last block in the chain is the one it should be linked to (because it can check that its hash is the same as the one it holds).
What is meant by Mining?
Meaning: Cryptocurrency mining is the process of generating new coins and verifying transactions for cryptocurrencies.
Note: The hashes are generated by mining.
- A new block is distributed to all miners.
- A race to construct the appropriate nonce, which is then checked by all the miners. (This process is known as proof of work).
- If > 50% agree, the block is accepted onto the chain and the winning miner gets a “bounty” of new coins.
* This is the consensus step: being a majority vote.
* This is generally what encourages miners to solve the hashing problem.
Notes on Blockchain
Note: The entire structure of the blockchain protects its integrity.
Note: This is an entire system of linked blocks of data with embedded crypto, which may reduce, or increase, vulnerabilities.
How can we potential attack a cryptocurrency system?
- Change a block to change or repudiate a transaction
- Insert or delete a block.
- Verify a transaction that didn’t occur (or reject one that did).
Key-note: In other words, nobody attacks the crypto; they focus on attacking the other parts of the system, that are more likely to be vulnerable (for example, social-side of the system).
Note: Despite this, attack do happen, as they are constantly reported in the news. They typically make use of the weak points of the broader system.
Where does the Security come from in relation to crypto-currency?
- From the incentives
- Miners are paid if they construct blocks properly, in a way that is agreed by a majority of their peers.
- From the protocol
- How blocks are added and traversed checks the integrity of the chain - From the hashing
- Constructing a nonce that correctly completes a block
- Changing the chain faster than blocks can be mined and added to it (where changes will be detected)
- Key-Note: Computing the hash is easy: the difficulty is in constructing a nonce that leads to the hashing generating a specific value.
How do you spend money in cryptocurrency?
- Hold (fractions of) coins in a wallet.
- Local or online - Wallet has a keypair
- Identified by the public key (Wallet Address) (which is unique).
- Anonymous to the extent of not being tied to any other identifier: having the keys is proof of identity. - Each transaction is a cryptographically-signed assignment of coins to another wallet
- Private key access is needed to make a transfer
Where does anonymity come from?
- Identity.
- Identity = Public Key: no other binding to an individual. - Authentication.
- Authentication = Private Key: no other identification needed.
Note: This is not a perfect system
- Wallet addresses allow tracking of transactions.
- If the owner of an address is discovered, their actions can then be unwound from the blockchain.
- Moving cryptocurrencies to “real” once often ties the owner to a bank account.
Summary of Cryptography Part 2
A system that seems to rely on cryptography also has lots of other components making it secure.
- A hashing algorithm
- A protocol for adding blocks
- A way of checking the integrity of the blockchain
- A way of confirming the intent to spend
How essential is cryptography?
- A key ingredient to secure individual elements, but only a component of a larger socio-technical system.
