Glosario criptográfico

Talking about cryptography can be quite complex, mathematically, but it is essential to understand cryptography to be a good blockchain developer. You will see that you don't need a great deal of mathematical knowledge. Fundamentally knowing how the algorithms work will be enough for you to progress and succeed.

Difference between Hash and Signature

Two of the most commonly used words in the crypto world are "hash" and "signature". Often, and incorrectly, used as synonyms. A good starting point for an introduction to cryptography is to understand the difference between these two terms.

Encryption is divided into two main families of algorithms: symmetric and asymmetric.

Symmetric encryption algorithms

Symmetric encryption algorithms use a "key", usually created from a mapping between letters, numbers, other algorithms, or a seed to generate random keys. This key will be used for both encryption and decryption of a given text. That is, anyone in possession of the key will be able to encrypt and decrypt anything.

Asymmetric encryption algorithms

On the other hand, asymmetric encryption algorithms work on the basis of public and private keys. The operation is simple: the public key allows encryption, but not decryption. The private key is the only one that can decrypt information previously encrypted with the public key.

The public key is derived from the private key using complex algorithms. The public key can be obtained from the private key, but it is not possible to obtain the private key from the public key. Hence the importance of meticulously guarding the private key, and for this reason the private key is "private".

In this way, public and private key algorithms revolutionized cryptography and managed to build great security mechanisms on the basis of cryptography. Such as blockchain.

Hashing of information

The hashing process is similar to data encryption, but with important differences to understand. Both processes, hashing and encryption, derive in an unreadable and alphanumeric text that protects information on the back. The main difference is that in encryption it is possible to reverse the process, with the private key. In hashing, it is not possible to reverse the result.

Hashing is deterministic; this means that, given an input, we will always receive the same output. This allows us, for example, to verify the integrity of the information. If we hash a PDF, we will get a hash that represents it. If a single byte of the PDF is modified, we will get a completely different hash.

Another great feature of hashing algorithms is the reduction of the size of the information. Regardless of the size of what is to be hashed, we will get a 32-byte hash. This makes hashing irreversible, since, as we lose information, it is not possible to recover the original content.

Digital signature

Digital signature is a slightly more complex cryptographic process that combines encryption and hashing concepts. It is often used for authentication purposes, where a user signs a hash with his private key.

Let's analyze what happens in a digital signature: we know that the hash of a text has a certain length and is irreversible. This hash is signed, but this time the private key of a set of keys is used. Unlike asymmetric encryption, where we used the public key.

(original text -> hash) + private key = signature

Through the resulting signature, it is possible to prove that a person signed a certain information and that he/she agrees with it. The text that is hashed before signing with the private key, can be a simple "hello world" or a whole blockchain transaction.

This information that we sign using the key pair is recoverable, but actually hiding the information is not what we are interested in at this point. Rather, using this signature for authority purposes, being able to verify that a certain user signed a previously hashed content.

Verification of digital signatures

The importance of digital signatures is their verification. Knowing the original message, it is hashed again with the same algorithm that was used to be signed. Combining this data with the signature itself, through mathematical processes, we can obtain the public key of the user who signed the message with his private key. Without the need to reveal it.

(original text -> hash) + signature = public key

In this way, we manage to verify that a user agrees with what may be a text message, or authorized an entire blockchain transaction to move funds between wallets.

Conclusion

The basis of how cryptography works in blockchian is through public and private keys, hashes and digital signatures.

You may have noticed throughout this class that we did not need to understand complex mathematical formulas. Just conceptually analyzing what happens to information when it is hashed or encrypted is enough for you as a future blockchain developer.

Contributed by: Kevin Fiorentino (Platzi Contributor).