Professional Documents
Culture Documents
&
Public Key Cryptography
CSE436
BLOCKCHAIN Unit 2
Public Key
Cryptography
Public Key Cryptography
Public and private keys Commitment schemes
RSA Zero-knowledge proofs
Elliptic curve cryptography Different types of digital signatures
Digital Signatures Encoding schemes
Homomorphic encryption Applications of cryptographic hash functions
Signcryption
Secret sharing
Commitment schemes
Zeroknowledge proofs
Public Key Cryptography
Asymmetric key cryptography uses two separate keys:
private
public.
Encryption/Decryption
C = f (Kpublic , P) P = g(Kprivate , C)
RSA CRYPTOSYSTEM
The most common public-key algorithm is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and
Adleman).
Encryption, decryption, and key generation in RSA
RSA Example
Bob chooses 7 and 11 as p and q and calculates n = 77. The value of φ(n) = (7 − 1)
(11 − 1) or 60. Now he chooses two exponents, e and d, from Z60∗. If he chooses e
to be 13, then d is 37. Note that e × d mod 60 = 1 (they are inverses of each Now
imagine that Alice wants to send the plaintext 5 to Bob. She uses the public
exponent 13 to encrypt 5.
Bob receives the ciphertext 26 and uses the private key 37 to decipher the
ciphertext:
RSA with Open SSL
Elliptic curve cryptography
Although RSA and ElGamal are secure asymmetric-key cryptosystems, their security comes with a price, their
large keys. Researchers have looked for alternatives that give the same level of security with smaller key sizes.
One of these promising alternatives is the elliptic curve cryptosystem (ECC).
Elliptic curves over real numbers use a special class of elliptic curves of the form
Figure 10.12 shows two elliptic curves with equations y2 = x3 − 4x and y2 = x3 − 1. Both are nonsingular.
However, the first has three real roots (x = −2, x = 0, and x = 2), but the second has only one real root (x = 1) and
two imaginary ones.
Adding Two Points
If P = (x1, y1), Q = (x2, y2), Q ≠ −P, and Q ≠ P, then
R = (x3, y3)
= P + Q can be found as
Point Doubling
If Q = P, then R = P + P (or R = 2P) can be found as
The digital signature process
The sender uses a signing algorithm to sign the message.
The message and the signature are sent to the receiver.
The receiver receives the message and the signature and applies the verifying algorithm to the combination.
If the result is true, the message is accepted; otherwise, it is rejected.
Digital signatures have some important properties, such
as :
• authenticity
• unforgeability
• non-reusability
RSA digital signature scheme
Signing and Verifying
RSA Signature on the Message Digest
Digital Signature Standard (DSS)
Elliptic Curve Digital Signature Scheme
Cryptographic constructs and blockchain
technology
Homomorphic encryption
Signcryption
Secret sharing
Commitment schemes
Zero knowledge proofs
Different types of digital signatures
Encoding schemes
Applications of cryptographic hash functions
Homomorphic encryption
Homomorphic encryption enables complex mathematical operations to be performed on encrypted data without
compromising the encryption
Plain Text 5 + 10 = 15
Encrypted text AS + DF = GH
Decrypted Text 5 + 10 = 15
Signcryption
Signcryption is a public key cryptography primitive invented by Yuliang Zheng that provides all of the
functions of a digital signature and encryption.
It provides unforgeability, authentication, and non-repudiation at a cost that is less than that of the sign then
encrypt scheme.
The cost of applying a digital signature and encrypting a message in the same logical step is lower in
Signcryption.
Secret sharing
Secret sharing is the mechanism of distributing a secret among a set of entities.
All entities within a set get a unique part of the secret after it is split into multiple parts.
The secret can be reconstructed by combining all or some parts (a certain number or threshold) of the secret.
The individual secret shares/parts, on their own, do not reveal anything about the secret.
Commitment schemes
Commitment schemes are usually described as a
digital cryptographic equivalent of a sealed
envelope.
A commitment itself does not reveal any
information about the actual value inside it
Completeness ensures that if a certain assertion is true, then the verifier will be convinced of this claim by the
prover.
The soundness property makes sure that if an assertion is false, then no dishonest prover can convince the
verifier otherwise.
The zero-knowledge property, as the name implies, is the key property of ZKPs, whereby it is ensured that
absolutely nothing is revealed about the assertion except whether it is true or false
1. First, Victor waits outside the main cave entrance and Peggy goes in the cave.
2. Peggy randomly chooses either the A or B entrance to the cave.
3. Now, Victor enters the cave and shouts either A or B randomly, asking Peggy to
come
out of the exit he named.
4. Victor records which exit Peggy comes out from.
Now, suppose Victor asked Peggy to come out from exit A and she came out
from exit B. Victor then knows that Peggy does not know the secret. If Peggy
comes out of exit A, then there is a 50% chance that she does know the secret,
but this also means that she may have got lucky and chose A to enter in the first
place, and now has just returned without needing to go through the magic door
at all. Now, if this routine is performed several times, and given that Victor is
choosing A or B at random, with each run (round) of this routine (protocol), the
chances of Peggy getting lucky diminish. If Peggy repeatedly manages to
emerge from the entrance that Victor has named, then it is highly probable that
Peggy does know the secret to open the magic door.
Different types of digital signatures
Blind signature
Multisignatures
Threshold signatures
Aggregate signatures
Digital signatures
A digital signature needs a public-key system.
The signer signs with her private key; the verifier verifies with the signer’s public key.
Blind signature
They are based on public key digital signature schemes, such as RSA.
idea behind blind signatures is to get the message signed by the signer,
without actually revealing the message.
achieved by disguising or blinding the message before signing it, hence
the name blind signatures.
verified against the original message, just like a normal digital signature.
Blind signatures were introduced as a mechanism to allow the
development of digital cash schemes.
Multisignatures
For example, the size of digital certificate chains in Public Key Infrastructure (PKI) can
be reduced significantly by compressing all signatures in the chain into a single
signature.
Boneh–Lynn–Shacham (BLS) aggregate signatures is a popular example of the
aggregate signature.
• BLS has also been used in various blockchains, and especially in Ethereum 2.0.
Ring signatures
Merkle trees
Patricia Tree
Distributed Hash Table
Patricia trees