Welcome back. Last time we started our discussion of Bitcoin,

and I explained in detail what's behind the first sentence in the abstract.

In this lesson, we'll cover the second sentence.

Here it is, "Digital signatures provide part of the solution,

but the main benefits are lost if

a trusted third party is still required to prevent double-spending."

To get a grasp on the sentence,

we need to understand a bit about public key cryptography

which is one of the three cryptographic methods that underpin Bitcoin.

The other two are symmetric cryptography and secure hashing.

Public key cryptography or asymmetric cryptography,

was proposed by the now famous pair of Whitfield Diffie and Martin Hellman in 1976.

The pair won the Association for

Computing Machinery Turing Award for their work on public key cryptography in 2015.

At that time, the mid-1970s,

a significant cryptographic problem was key distribution.

The most secure method known at the time was a one-time pad where long random strings of

numbers constituting keys were distributed

to both parties of a cryptographic communications link.

As long as the keys weren't compromised,

and as long as they were used properly,

that is to say once, communications were secure.

But getting a one-time pad distributed to

two users at opposite ends of a communications link was challenging.

Interception was the problem.

In public key or as symmetric cryptography there are two keys,

one for encryption and the other for decryption.

The key which encrypts a message cannot decrypt it,

and the key which decrypts the message cannot meaningfully encrypt a message.

This solves the key distribution problem in the following way.

Alice wants to receive a secure message from Bob.

She creates a key pair on her computer and sends Bob the encryption key.

The encryption key can be intercepted by anyone,

but it can only be used to encrypt a message not decrypt it.

Bob encrypts the message using a key he receive from Alice,

and Alice uses her private decryption key to read the message.

Because Alice never distributed that decryption key,

it was generated on her machine and never left the machine,

she has assurances that no one else can read the message Bob sent.

Of course, if Bob wants to receive a secure communication from Alice,

he would generate a pair of keys and send Alice the encryption key.

It is important to notice that in the situation where Alice sent Bob the encryption key,

many other people could also have that key.

This means that, although Alice can decrypt a message from

Bob and be confident that she is the only one who can see the message,

she has no confidence that it came from Bob.

Now, suppose the key distribution happened the other way around.

Alice generated a pair of keys and sent Bob not the encryption key,

but the decryption key.

If Alice uses her private encryption key,

then although everyone can decrypt the message,

the decryption key being public,

Bob could be guaranteed that the message,

which everybody else can see,

came from Alice because only she has the encryption key.

This is the basis of what we think of as a digital signature.

Only one person has the key to encrypt or sign the message.

But everybody can see the signature and

verify that it came from the person who encrypted it.

The next important cryptographic method we need to

talk about is the secure hash or the message digest.

Hashes are very common in computer science.

Simple hashes are the basis of very fast key value tables which have constant insert,

search and delete times.

Hashes and Bitcoin are similar,

but somewhat more sophisticated.

A 256 bit secure hash algorithm SHA-256 is used in bitcoin.

Technically is used twice each time it's used.

If we have a bitcoin transaction which takes a certain number of bytes to describe,

SHA-256 will process these bytes and return a 32-byte hash based on the input bytes.

Thus, regardless of the size of the input,

the output hash or the digest is 32-bytes long.

A second property of the hash is that if a single bit in the input stream is modified,

then the resulting hash bears no resemblance.

It's completely different from the hash of the original input.

This for any set of inputs to the hash algorithm,

the distribution on the range of output hashes is roughly uniform across the hash space.

A third important property of a secure hash is that it cannot be unhashed.

You can't take a hash and reconstruct the original input.

The way this works in bitcoin then is that I can announce to everyone,

no encryption, that I want to send you two bitcoins.

A hash of this most public statement will be 32-bytes long,

regardless of how verbose my original transaction was.

I can then encrypt the hash with my private encryption key.

If my encryption key is private,

then a decryption key is public and everyone may have it.

So, everyone can use my public decryption key to decrypt the hash.

If the decrypted hash matches the hash of the transaction,

then you are guaranteed that I authored the transaction.

Here's a graphic from Nakamoto's original bitcoin paper.

Let's look at the middle transaction.

I am owner one and you are owner two.

I want to send you two bitcoins.

The transaction I generate,

my public announcement, contains my public decryption key.

I identify you by your bitcoin wallet address,

that's who'll be able to spend the bitcoins when the transaction is published

in a block and your public decryption key.

A hash of the previous transactions which say that I have enough bitcoins to do this,

plus your public key represents the substance of the transaction.

I use my private encryption key to sign the transaction.

Anyone can use my public decryption key to verify that I authored the transaction.

Now, bitcoin transactions are a little more complicated than this.

It is possible for me to assemble the bitcoin resources I need for

the transaction from a number of previous transactions which sent me bitcoins.

I can also include in the output of my transaction,

not only the two bitcoins I'm sending you,

but a statement that, for example,

one hundredth of a bitcoin goes to the miner who publishes this in the block.

And the rest, the change, goes back to me.

This ends the discussion of the second sentence in the abstract.

Digital signatures provide a part of the solution,

but the main benefits are lost if a trusted third party is

still required to prevent double-spending.

Next time, we'll pick up with sentence three. Thank you.