Crypto Fundamentals Part 4: The Nature of Bitcoin Security: Public / Private Key Encryption

in bitcoin •  6 years ago  (edited)

Disclaimer: This newsletter is informational in nature; nothing written here should be construed as financial advice.

The Nature of Bitcoin Security: Public / Private Key Encryption

Today we get to get into one of the core technologies that Bitcoin relies on for its security: public/private key encryption, asymmetric encryption, or RSA key pair.

Key pairs are, wait for it... a pair of keys... that are generated together and together enable asymmetric encryption. To explain that, we're going to go back in time, to when you were a kid, or when your parents were kids...

Secret Decoder Ring

Remember secret decoder rings? (If you don't, you can't buy one on eBay apparently for nearly $20!! Didn't these used to come free with Ovaltine or in a Cracker Jacks box?!) Two concentric discs with letters on them. You would turn the outer one until a particular letter lined up with another particular letter on the inner ring. You could then translate one message--letter-by-letter--from english into this "encrypted" message that didn't look at all like English. Then the other person could use the secret decoder ring in reverse to decode your message. The "key" was simply to agree on which letter in the inner circle you would line up with which letter on the outer circle. This is referred to as symmetric encryption because the same key (in this case the same decoder ring with the inner and outer discs arranged the same way) can be used to decrypt the message encrypted with that decoder ring set that way.

What's so powerful and different about RSA key pairs is that they are asymmetric, or uni-directional, meaning that using one of the keys to encode does not allow the person with the encoding key to decode the message. So unlike secret decoder rings, you can't use the same ring to do the encoding and decoding. Person A with Key A can encode a message, but they can't use Key A to decode that same message. Only Key B can decode that message. And vice versa. Encoding the message with Key B creates a message only decode-able by Key A. Uni-directional. asymmetric encryption.

Although we usually refer to "the public key" and "the private key", the RSA key generation process doesn't really care which is which. The important part is that they encode asymmetrically, encrypting with one requires decrypting with the other.

So why is this interesting? It allows the following: someone who wants to pay you can encrypt a little packet of data that effectively transfers ownership of an amount of Bitcoin they own to you. Since the encryption is asymmetric, they can encode but not decode. So they encode the transfer of ownership and request that transaction get added to the blockchain. Then, once that transaction has been immutably committed to the blockchain, the only one in the world who can spend that Bitcoin is you, because you are the only one who can decrypt that packet of information, proving that you are, in fact, the person that money was locked up for. No one else in the world, without your private key, can get to that Bitcoin, even though the packet of information that "contains" the Bitcoin is stored out in the public Bitcoin ledger, for all to see.

So let's inspect this in reality. A typical Bitcoin public key or address looks like the following.

1QFnF8KymtfYe4EKow6x2H3Nmo2LbLepye

Technically, this isn't the key itself; it's actually an encoding of the public key that results in an alpha-numeric string, but that's no important to understanding the basic concept. To have people send you Bitcoin, you would provide an "address" that looks like this, while retaining the private key, which looks kinda similar... a long string of letters and numbers. Generally, you never see the private key, but it's there, and it's critical, since it's the only way anyone can get to your money. You need it so you can get your money, and you must protect it so no one else can get your money.

So if this private key is so important, shouldn't I know where it is and how to protect it? I'm so glad you asked that question! Yes, you should absolutely know where that key is and how to protect it. We'll talk all about that exact topic in the next update on wallets.

To wrap up this discussion on key pairs, I'll note a few additional items...

  • Many crypto currencies have their own encoding for public and private keys. So not all of them will look exactly like Bitcoin's. Ethereum addresses, for instance, start with "0x" and EOS addresses start with "EOS". This is useful so you can easily know which crypto currency the address represents.
  • How RSA key pairs are generated and how they work is absolutely fascinating, and if you feel like blowing hours and hours of your life trying to understand them, I list some YouTube videos below that will start you down the rabbit hole of understanding them.
  • Point of interest: RSA key pairs are at the heart of security on the Internet. They secure your connection with websites, and they secure your connection with many wifi networks, including the one you use at home.
  • Knowing where your private key is and being absolutely vigilant about securing your private keys really is a critical subject, so look for the next update where I'll extend what we've learned here and apply this knowledge to real life.

Further Study

If you want to blow a few hours getting deep into how RSA encryption works and how the keys are generated, YouTube is a fertile ground for very accessible explanations and tutorials.

Here are some of my favorite videos:
On RSA Encryption


  • And going even deeper into the math and algorithms

  • And if you've made it this far down the list, you'll likely keep watching, like me, so... next is Diffie-Helman. OK, so we're going to use key pairs to encrypt web traffic over the Internet; fine. When we start the process, we have an unsecured Internet. How do we communicate our keys safely over an unsecured line to upgrade to a secure line? That amazing question is discussed in these 2 videos.
  • My Latest Viewpoint on the Crypto World

    Bitcoin

    The market overall, but led by Bitcoin, is looking to confirm a bottom or form a new bottom. Everyone's watching closely, waiting to see a final confirmation of the bottom.

    Also, I'm continuing to read about Lightning Network and have a lot to say about it. I look forward getting through the basics so we can discuss the deep stuff. But basics first.

    EOS

    So much fun to watch... it's only a matter of time...

    EOS Mainnet Launch!!!

    The launching of a mainnet (which is how we refer to the actual, public network) is a pretty amazing technical endeavor. EOS's mainnet launch will be historic. For those fans out there, it launches June 2nd. While there is tons of pre-work going on as we speak, the actual boot process is planned for 6pm Eastern.

    To get a sense of what's required and what's being coordinated, here's a great video from a group that created "BIOS" software to launch the EOS mainnet. It's a pretty amazing thing to witness...

    EOS Token Registration

    What we currently know as EOS tokens now are Ethereum ERC20-standard tokens. These are placeholders for the future EOS "native" tokens, given that the mainnet doesn't yet exists. Since the EOS network doesn't exist yet, you obviously can't own tokens on it. So we have the ERC20 tokens now as placeholders.

    When the mainnet launches, it will have its own “native” tokens. The registration process is just logging your Ethereum address as containing the ERC20 tokens that will need to be converted to mainnet tokens once the mainnet exists. Once the mainnet is live, all registered wallets will be assigned mainnet EOS tokens in equal quantity to the ERC20 tokens held in any registered wallets.

    So at this point, what you need to do is register your tokens. There are youtube videos about it (see links immediately below). The EOS website will disallow you from registering if your IP address is within the US. I think EOS is being over cautious legally with all this. Obviously, if Binance will auto-convert your EOS tokens when the time comes, regardless of whether or not your a US resident, it seems registration itself is not a legal issue, but I'm not a legal adviser. So don't take my word for anything.

    Once you’ve registered your tokens, you’ll have private and public keys for your eventual mainnet tokens. Keep those super safe. Once the mainnet is launched and a wallet is available, you’ll have to enter those into the wallet to claim your mainnet tokens.

    EOS Registration Tutorial

    Find more from me...

    My dTube channel where I host my (growing) free educational videos about cryptocurrency and blockchain. dTube is a blockchain-based version of YouTube. It and it's underlying tech Steem is well-worth checking out and reading about. If you have any trouble with the d.Tube channel, you won't be alone... try the same set of videos on my YouTube channel.

    My website, where I have archived these updates as well as where make other announcements from time to time.

    If you value what I do and want to support the hours and do and will put into the production of this newsletter and educational videos, you can donate via my Patreon page.

    Hoping to Provide Some Clarity Amid the Ambiguity...

    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  

    Coins mentioned in post:

    CoinPrice (USD)📉 24h📉 7d
    BTCBitcoin7376.720$0.71%-13.36%
    EOSEOS12.819$4.25%-8.36%
    ETHEthereum573.596$-1.97%-19.92%
    STEEMSteem2.515$-2.47%-17.99%
    ZRX0x1.195$-0.74%-16.56%

    Congratulations @mikefreemen! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

    Award for the number of posts published
    Award for the number of upvotes
    Award for the number of upvotes received

    Click on any badge to view your Board of Honor.
    For more information about SteemitBoard, click here

    If you no longer want to receive notifications, reply to this comment with the word STOP

    Do not miss the last announcement from @steemitboard!

    Do you like SteemitBoard's project? Vote for its witness and get one more award!