0:00

Welcome back. Last time we started our discussion of Bitcoin,

Â and I explained in detail what's behind the first sentence in the abstract.

Â In this lesson, we'll cover the second sentence.

Â Here it is, "Digital signatures provide part of the solution,

Â but the main benefits are lost if

Â a trusted third party is still required to prevent double-spending."

Â To get a grasp on the sentence,

Â we need to understand a bit about public key cryptography

Â which is one of the three cryptographic methods that underpin Bitcoin.

Â The other two are symmetric cryptography and secure hashing.

Â Public key cryptography or asymmetric cryptography,

Â was proposed by the now famous pair of Whitfield Diffie and Martin Hellman in 1976.

Â The pair won the Association for

Â Computing Machinery Turing Award for their work on public key cryptography in 2015.

Â At that time, the mid-1970s,

Â a significant cryptographic problem was key distribution.

Â The most secure method known at the time was a one-time pad where long random strings of

Â numbers constituting keys were distributed

Â to both parties of a cryptographic communications link.

Â As long as the keys weren't compromised,

Â and as long as they were used properly,

Â that is to say once, communications were secure.

Â But getting a one-time pad distributed to

Â two users at opposite ends of a communications link was challenging.

Â Interception was the problem.

Â In public key or as symmetric cryptography there are two keys,

Â one for encryption and the other for decryption.

Â The key which encrypts a message cannot decrypt it,

Â and the key which decrypts the message cannot meaningfully encrypt a message.

Â This solves the key distribution problem in the following way.

Â Alice wants to receive a secure message from Bob.

Â She creates a key pair on her computer and sends Bob the encryption key.

Â The encryption key can be intercepted by anyone,

Â but it can only be used to encrypt a message not decrypt it.

Â Bob encrypts the message using a key he receive from Alice,

Â and Alice uses her private decryption key to read the message.

Â Because Alice never distributed that decryption key,

Â it was generated on her machine and never left the machine,

Â she has assurances that no one else can read the message Bob sent.

Â Of course, if Bob wants to receive a secure communication from Alice,

Â he would generate a pair of keys and send Alice the encryption key.

Â It is important to notice that in the situation where Alice sent Bob the encryption key,

Â many other people could also have that key.

Â This means that, although Alice can decrypt a message from

Â Bob and be confident that she is the only one who can see the message,

Â she has no confidence that it came from Bob.

Â Now, suppose the key distribution happened the other way around.

Â Alice generated a pair of keys and sent Bob not the encryption key,

Â but the decryption key.

Â If Alice uses her private encryption key,

Â then although everyone can decrypt the message,

Â the decryption key being public,

Â Bob could be guaranteed that the message,

Â which everybody else can see,

Â came from Alice because only she has the encryption key.

Â This is the basis of what we think of as a digital signature.

Â Only one person has the key to encrypt or sign the message.

Â But everybody can see the signature and

Â verify that it came from the person who encrypted it.

Â The next important cryptographic method we need to

Â talk about is the secure hash or the message digest.

Â Hashes are very common in computer science.

Â Simple hashes are the basis of very fast key value tables which have constant insert,

Â search and delete times.

Â Hashes and Bitcoin are similar,

Â but somewhat more sophisticated.

Â A 256 bit secure hash algorithm SHA-256 is used in bitcoin.

Â Technically is used twice each time it's used.

Â If we have a bitcoin transaction which takes a certain number of bytes to describe,

Â SHA-256 will process these bytes and return a 32-byte hash based on the input bytes.

Â Thus, regardless of the size of the input,

Â the output hash or the digest is 32-bytes long.

Â A second property of the hash is that if a single bit in the input stream is modified,

Â then the resulting hash bears no resemblance.

Â It's completely different from the hash of the original input.

Â This for any set of inputs to the hash algorithm,

Â the distribution on the range of output hashes is roughly uniform across the hash space.

Â A third important property of a secure hash is that it cannot be unhashed.

Â You can't take a hash and reconstruct the original input.

Â The way this works in bitcoin then is that I can announce to everyone,

Â no encryption, that I want to send you two bitcoins.

Â A hash of this most public statement will be 32-bytes long,

Â regardless of how verbose my original transaction was.

Â I can then encrypt the hash with my private encryption key.

Â If my encryption key is private,

Â then a decryption key is public and everyone may have it.

Â So, everyone can use my public decryption key to decrypt the hash.

Â If the decrypted hash matches the hash of the transaction,

Â then you are guaranteed that I authored the transaction.

Â Here's a graphic from Nakamoto's original bitcoin paper.

Â Let's look at the middle transaction.

Â I am owner one and you are owner two.

Â I want to send you two bitcoins.

Â The transaction I generate,

Â my public announcement, contains my public decryption key.

Â I identify you by your bitcoin wallet address,

Â that's who'll be able to spend the bitcoins when the transaction is published

Â in a block and your public decryption key.

Â A hash of the previous transactions which say that I have enough bitcoins to do this,

Â plus your public key represents the substance of the transaction.

Â I use my private encryption key to sign the transaction.

Â Anyone can use my public decryption key to verify that I authored the transaction.

Â Now, bitcoin transactions are a little more complicated than this.

Â It is possible for me to assemble the bitcoin resources I need for

Â the transaction from a number of previous transactions which sent me bitcoins.

Â I can also include in the output of my transaction,

Â not only the two bitcoins I'm sending you,

Â but a statement that, for example,

Â one hundredth of a bitcoin goes to the miner who publishes this in the block.

Â And the rest, the change, goes back to me.

Â This ends the discussion of the second sentence in the abstract.

Â Digital signatures provide a part of the solution,

Â but the main benefits are lost if a trusted third party is

Â still required to prevent double-spending.

Â Next time, we'll pick up with sentence three. Thank you.

Â