Lecture 2: Public-key Cryptography

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi and welcome back to our lectures on blockchain fundamentals today we're going to talk about some of the most fundamental aspects of a blockchain public key cryptography and one-way functions so we are dealing with cryptocurrency usually on the blockchain and so it really behooves us to understand what is cryptography since that is the crypto in cryptocurrency so cryptography has a lot of different uses it is just concealing what you you are saying somehow the oldest use for cryptography is encryption that is if alice wants to talk to bob how can she communicate with him in a way that any eavesdroppers in this diagram represented by eve would not be able to listen in and understand what she is saying to bob just so you know uh alice and bob are sort of the canonical two people who wish to talk when we discuss cryptography eve is an eavesdropper uh uh mallory is going to be someone who is malicious uh charlie or carol are going to be third parties that are uh neutral uh that this is a regular cast of characters that we'll see when we discuss cryptography so how can alice send a message m to bob but we without allowing eve to understand the message even if she sees it well we can encrypt it the oldest form of encryption is called symmetric key encryption and this is a case where both alice and bob have access to the same or related keys so alice can encrypt a message using this key so using our encrypt function you can see alice she creates the ciphertext that is the encrypted text c by passing the message m and the encryption key k sub e into the encryption function e this will give us some encrypted text she can then send it to bob who can decrypt it using the same k sub e encryption key but taking the cipher ciphertext will run those two arguments uh through the decryption function to get what's called the plain text message the original message that alice had sent before she encrypted it now eve viewing the network is only going to see the ciphertext c and never the actual message m so she'll be able to see encrypted text going by which to her should look like uh gibberish uh and unless she knows the the k sub e the encryption key even if she does know the algorithm being used she should not be able to uh decrypt this text so let's start with a very very simple encryption algorithm known as the caesar cipher so the caesar cipher has been around for thousands of years all that you do is convert the letters of the alphabet to their equivalent numbers so for example a is 1 b is 2 c is 3 etc then we have some key k sub e and let's say it's you know five and then in order to get the ciphertext we're just going to add that uh key value to each individual number and then get the the letter that is equivalent to that so assume that our uh if we assume that our key is five if we have a letter a we're going to encrypt it by adding five a is one we add 5 to it that is 6 the sixth letter of the alphabet is f to decrypt it as long as you know k sub e as long as you know that the key is 5 and you subtract it when you see the ciphertext you can take that uh that letter convert it to a number and subtract five you just do the inverse so you can see why this is really symmetric you're doing a symmetric operation to get the original text back so let's just walk through a simple example of a caesar cipher so our message m is attack at dawn and our key k sub e is five we're going to go through each character and apply our encryption function e so the first letter the first character of our message is a so that is equal to one applying our encryption function e we add 5 to 1 and get 6 so that it's f for the second character t that's equal to 20 we apply our encryption function e we get 25 that's y continue doing this for every character in the character sequence and we come across our ciphertext c f y y f h p f y i f b s i've included some ruby code there if you would like to follow along with this uh very uh simple simple cipher somebody looking at fyy f dot dot dot uh will not be able to understand that it is attack at dawn and that is why it's ciphertext it is not the plain text it is now uh hidden from anyone who is interested in viewing this however if you have the key k sub e5 and i know the encryption function d which is just subtract 5 i can apply the decryption function to each character so we see i subtract 5 from 6 i get 1 which is a i subtract 5 from 20 i get 20 which is t i do this for every character and i now see the plain text attack at dawn and so i now know that i am supposed to attack at dawn but eve who is looking over the network and seeing what we were able to communicate who was eavesdropping she only sees fyy whatever and she doesn't know when we're going to attack even if she sees that there was a message sent to us so something that i mentioned here is that eve knows the algorithm this is known as kirchhoff's principle you need to assume not only uh that someone may be viewing the the data that you're sending over but they may even know the specific encryption algorithm that you're using so the secrecy of the system should depend upon you knowing the key not knowing what algorithm is being used so there's a term for this security through obscurity uh and that is generally not a good defense if you assume that nobody else knows what algorithm you're using or what your functions are it is very easy for that information to be propagated outward for even somebody to discover what kind of algorithm you're using so when you're developing a crypto system you should never be thinking that people are not going to know the algorithm that that you use you should assume that the secrecy lies only in the key if not in the algorithm so looking at our caesar cipher uh there you hopefully uh you can see that there are some weaknesses in this so even if you didn't know the key which again is supposed to be the single thing that keeps our our system secure what are some other ways to break the caesar cipher you know uh this is you know a very very almost like childlike uh cipher is extremely simple uh to break and it's one of the reasons why we don't use caesar ciphers in uh any uh modern cryptographic system so first off you can do a frequency analysis on it that is if we assume it's in the english language we know for example that e is the most common letter so if we look through all of the ciphertext and look for what is the most common letter uh and make an assumption that it's e or perhaps one of the other uh you know very commonly used letters in the english alphabet then and then the second most common uh letter in our ciphertext corresponds to the second most common letter we often can make very educated guesses as to what the original plaintext was frequency analysis is was definitely used quite often in breaking a lot of early modern uh cryptographic systems known plaintext attack so this is another attack on the caesar cipher if i know that uh attack at dawn translates to fyy dot dot dot then it's going to be trivial for me assuming i know the algorithm to determine that the key is 5 because i'm able to get from one from the plain text to the ciphertext by adding 5 and from the ciphertext to the plain text by subtracting 5. finally again if i know the algorithm it's very simple for me to do a brute force attack that is just try all of the different possibilities of uh of numbers to add and since in our example we're using only capital english letters there are really only 26 possibilities right anything that's more than that would just be because we're doing modular arithmetic we would just loop around more than once so 27 for instance would be the equivalent of 1 or 28 would be the equivalent of 2. and so there are only really 26 possibilities for a key but we can then subtract even one more possibility because having 0 or some multiple other multiple of 26 we're going to get the exact same plain text as we passed in um you know it's not going to be very much of an encryption if i add 0 to the letter and subtract 0 to decrypt it i'm just back to sending out plain text so we can see that there are a variety of attacks uh that are possible on this very simple uh encryption system and the kinds of attacks that are possible are more complicated cryptographic systems while they won't be quite as simple to implement or explain here they follow many of the similar ideas this should give you an idea of how cryptographic systems can be broken so besides uh just sending encrypted uh messages over the network something else that is going to be very useful and very important in terms of uh uh cryptocurrencies and blockchain technology is authenticating via encryption so let's assume that eve has upped her power level and now not only can she eavesdrop on the network but she can actually modify messages in flight so she could send her own message uh to bob alice sends a message but eve intercepts it and sends her own message so how can bob verify that alice was actually the one who sent a message and not bob that is we got message m and not m prime well assume that bob and alice share a separate secret key k sub a our authentication key and they know an authentication function k sub a m which is going to give some value a which shows that it has in fact been authenticated so this could be a function for example that we add a certain number of characters to get a particular result or a particular hash function but what we can show is that when bob receives a message he can tell that it was signed by alice or not that is she has included this key think of it almost as like a mathematical secret code that if i tell you that you'll know it's me if i i say the word seagull uh whenever we meet or when we meet at the train station uh so you can think of this as a mathematical version of that we can then combine these two uh aspects you know encryption and authentication by including our authentication message inside the ciphertext so we both encrypt it and add authentication and that way when bob receives the message he'll be able to know one that the message came from the person he thought it was coming from and two others besides bob will not be able to read that message so we now have a very powerful mathematical way of communicating and proving who we are however there are some weaknesses with this approach so in symmetric key encryption bob and alice need to know the same key how do they get that information to each other they need to share those keys k sub e and k sub a in some separate secure channel for example offline or on a secure network etc but if they have some separate and secure channel to communicate why would they then use an insecure one so it turns out there are in fact several reasons that you would want to do that if i want to communicate with somebody online i may talk to them offline at some point earlier in time to exchange keys and then later i will be able to use these keys that we exchanged to talk online or you know at a place where we don't have that secure channel available we now can communicate over an insecure channel so there are some reasons to do that but it still raises the question when do i have a chance to uh interact with this person in a secure way this is certainly something that we don't want on a large-scale network or system where i may not know all the people that i'm interacting with if i'm sending um bitcoin to an address i've never heard of or to somebody that i only know online uh then how am i supposed to set up a secure channel with them so that they can prove who they are so there are some definite weaknesses in symmetric key encryption and that's why asymmetric key encryption came along so you may have also heard of asymmetric key encryption as public key encryption so in asymmetric key encryption there are two different keys one which is used to encrypt messages to you and a separate one that you use to decrypt so we usually refer to these keys as p and s p is your public key and anyone who knows this public key can encrypt a message to you but only you the person that owns the secret or private key can use it to decrypt the message so what you can do is publish p anywhere you can publish it on a blockchain you can publish on the internet put it in your email headers it doesn't matter you can publish it anywhere and then anybody who wants to communicate with you in a secure way can encrypt their messages to you using the public key but only you that own the private key are able to decrypt these messages so as its name implies it is really best for you to keep this key private so as an example here alice would like to communicate with bob she does not have a secure channel to talk with bob to exchange keys and symmetric keys however we can actually do this entire message sending entirely through public channels even if eve sees all the data going across the network so remember bob is going to tell the world uh what p sub bob is that is what his public key is but he will keep his secret key very secret he will not allow that anyone else to know about it alice would like to communicate with bob so she encrypts a message m with bob's public key this is going to generate some ciphertext that ciphertext is sent over the network again we can assume that eve would see it but bob is going to be the only one who can decrypt it uh he needs to have s sub bob in order to convert that cipher text back to the plain text message m now if bob would like to respond to alice he can look at alice's key and encrypt a message to her using her public key so he creates a ciphertext message using alice's public key you know again entirely unrelated from his key so this is not symmetric key encryption there are two different keys uh key sets that are used by each of the uh the players in this uh this communication he just like uh bob alice will be able to decrypt uh the the the cipher text and convert it into the plain text using her own secret key so eve through all of this is only going to see ciphertext over the network and bob and alice are now able to communicate even though they never had a secure channel to share that symmetric key so if you're interested in more detail about this i have a link here on the to the paper new directions in cryptography that was published in 76 that really pointed the way towards this new uh generation of uh cryptography and really marks the beginning of modern cryptography so you've probably heard or you may have heard of diffie and hellman they're the two authors of this paper you may have heard of diffie-hellman key exchange so we're not going to go too much into depth about how this works behind the scenes you can just sort of accept that uh for now that public key cryptography does work but they aren't just two random values they are related you need to generate them together there are a few different ways to do that uh bitcoin and many other systems use elliptic curve cryptography so to generate this key pair it uses something called ecdsa but there are other possibilities there are a lot of different ways to generate these these these key pairs but again for now i think it's uh sufficient to just understand the concept that you can publish your public keys and people can encrypt messages to you but keep your private keys private because that's how uh you are able to decrypt those messages if you've already used bitcoin or other cryptocurrencies you probably see a parallel here to cryptocurrencies even if we haven't brought it out directly everybody can know your public address it's fine to let people know your address so they can send uh things to you so they can send tokens to you however in order for you to control that address you have a private key which you must keep secret so we can see here there are a lot of reasons that cryptocurrency is in fact called cryptocurrency there is a lot of cryptography involved in it one problem with asymmetric key information exchange it turns out that it's actually rather inefficient it's relatively slow so what you'll see with most modern systems uh is that if there are two entities that wish to communicate they will first establish a secure communications channel using asymmetric encryption which is slow but does allow us to exchange information over a public network in a secure way once communication has been established then they can use that to share a symmetric encryption key so that is the private channel the private secure channel that they've generated before we discussed that as just being offline and interacting with somebody but now we can see how we can actually generate a secure channel over a public channel sort of overlaid on top of the public channel once we've done that we can share the symmetric encryption key and then for further communication we can use the much faster and more efficient symmetric encryption uh to communicate between uh the entities on the network so one question that arises from this is how do i know that p sub bob is actually bob's key and not eves or charlie's or daniels or evans uh this is very important you know if uh for using internet today for instance i want to make sure if i'm buying something that i'm at amazon.com and not sending money or accessing a website at amazon.com so there are a variety of different approaches to this this is called public key infrastructure you know how do we associate identities with particular public keys so what you may have been used to if you've seen a certificate on a website you may have seen like oh this certificate is bad or out of date uh there are a variety of centralized authorities on uh on the internet that will say that okay this particular public key is associated with amazon.com or food.com or whatever and many of these are actually built into modern web browsers many of these different certificate authorities so you can you know check to see all right is this is amazon.com associated with this particular public key according to this authority there's a web of trust so instead of this more centralized system of certificate authorities i can say well uh i've met you know alice and bob in person so me bill i trust alice and i trust bob and charlie comes along and he says all right bill who do you trust he said well i trust alice and bob and charlie says well i trust bill and thus and bill trusts alice and bob thus i can trust alice and bob so this is a we can see how this would grow as we trust people but we can also see how it would get unwieldy once we get past a few degrees of separation there are a few other approaches out there some even some blockchain approaches but those are probably the two main ones although you can see that there are some trade-offs here with a web of trust it can be very difficult because you're you're having to trust uh the different people around you and making sure that they didn't make any um mistakes and who they should trust but with certificate authorities you have a very centralized system another problem with web of trust is how do you trust people that you may have no connections with or only are very distantly connected with them most cryptocurrencies today do not have any public key infrastructure built into them so if you have the key the private key to an account then you own the keys associated with that account there's no centralized authority that says oh this address on bitcoin belongs to bill it's only i can say that bill uh has said that he owns uh this address address but do i trust that bill communicated that with me correctly and that was in fact bill so because there is no public key infrastructure this has led rise to a famous saying not your keys not your coins that if you don't own the private keys you don't really own the coins so if an exchange is holding them for you they really own the coins there is again no public key infrastructure there's nothing out there saying oh even though those coins are on this particular exchange they actually belong to me it's only up to the exchange to keep track of oh these actually belong to this person or that person so that's a public key cryptography in a nutshell i want to briefly go over the concept of one-way function because it will be very important in the next lecture when we talk about hashing so a one-way function or also called a trap door function is sub some function y equals f of x where if you have y it is computationally infeasible to calculate x but given x it is possible and often generally easy to calculate why that is it's much easier to calculate going in one direction than another so just as an exa as an example looking at this not as a computer but rather as a human assume that our quote-unquote one-way function is the square function so y equals f of 27 it's relatively simple for you to do even by hand 27 times 27 equals 729 but if i asked you to calculate the square root of 729 this would be much more difficult it may take you a while you may have to guess a little bit at it so here we can see you know not a true one-way function but one that it is much more difficult to go backwards from again very easy to calculate the square of something much more difficult to calculate the square root this you know take this up to even your more uh higher levels right so like calculating the fifth power of something once again very simple if i have some number i just multiply it by itself five times however if i ask you for the fifth root of something that's going to be very very difficult for you to calculate so obviously computers have much harder algorithms that they will try to reverse but it's the same basic idea it is much much much more difficult to go the opposite way the inverse to get the original value back than to initially calculate it so just as a side note no function has been proven to be entirely one way that there's it is definitely impossible to only go one way so in the applied cryptography world we say only uh that it is you know computationally infeasible to do it even if it hasn't been proven um we are relatively confident that it will be you know extremely difficult or basically impossible to do one way functions are going to be very important uh when we discuss mining and understanding that uh they're very useful for proving that a hard computation has taken place uh but without revealing uh any interior interior details or secret values of that calculation however we're going to talk much more about one-way functions in our next lecture on hashing you

Info

Channel: Web3 Foundation

Views: 5,369

Rating: 4.939394 out of 5

Keywords:

Id: OPPMp7lorTQ

Channel Id: undefined

Length: 29min 1sec (1741 seconds)

Published: Fri Nov 20 2020