Seed - Dev. Debates - Public Key Encryption
Cryptocurrencies rely on public key encryption. Public key encryption is a type of encryption where private keys and public keys exist for encrypting and decrypting data. Different algorithms offer different benefits, so picking the right one for cryptocurrencies is important.
Before we divulge into the options, we need to assess what it is we want. In cryptocurrencies, we want our public key encryption to:
- Validate the authentication and consent of the owner for a private key through transaction signing
- Each user to have their own private key, rather than share private keys for encryption/decryption
- Each user to have their own public keys, rather than share public keys for encryption/decryption
- To require the least amount of storage for maximal security
- To require the least amount of computations for maximal security
Following these constraints, let's go down the rabbit hole of cryptographic options, as we figure out which options are valid for cryptocurrencies, and of those which is preferred and why.
Symmetric Algorithms vs Asymmetric Algorithms
The first major decision is between symmetric algorithms vs asymmetric algorithms for our public key encryption.
Symmetric Algorithms
Symmetric algorithms use the same keys for both encrypting plain-text data and decrypting the encrypted data. The keys are effectively a “shared secret” between users. An example of cryptography which are symmetric are AES encryption. This is useful for a pair or group of users to share encrypted and decrypted messages/files. Symmetric algorithms do not allow for cryptographic signatures, instead they use MAC. The difference is, with MAC, anyone who can validate the authentication and already create the MAC, therefore you can only validate someone with the shared secret created it, not the specific user.
Asymmetric Algorithms
Asymmetric algorithms allow for private and public keys to be generate for each user. It allows for transaction signing for the authentication and validation of users. Examples of this are Elliptic Curve Cryptography (ECC) and Rivest–Shamir–Adleman (RSA).
Dev Choice: Asymmetric Algorithms
Although symmetric algorithms are useful, they are not what we want for our cryptocurrency. We want each user to have their own private and public keys. All existing cryptocurrencies, that I know of, rely on asymmetric algorithms.
Asymmetric Algorithms: Diffie-Hellman vs RSA vs ECC
There are a few different families of asymmetric algorithms. Of them, the three most common names are Diffie-Hellman, Rivest-Shamir-Adleman (RSA), and Elliptic Curve Cryptography (ECC).
Diffie-Hellman / ElGamal
The Diffie-Hellman algorithm is not an encryption/decryption algorithm, rather it is an algorithm for two parties to create private-public keys together securely, in a way that a third party reading the broadcasted messages would be unable to tell what the keys are during creation. This is useful in many cases, such as if our Seed platform was to have a Chat module created, Diffie-Hellman would be a valid algorithm for two users to transmit keys over the network to one-other, despite those communications being stored on the blockchain for all too see. This would allow two users to send encrypted messages over the blockchain, without ever needing to share keys in person.
As this is not actually a encryption/decryption algorithm, it also does not offer digital signatures. However, a variation built upon it known as ElGamal does offer the necessary improvements to turn Diffie-Hellman into a valid alternative for our cryptocurrency scenario.
Rivest–Shamir–Adleman (RSA)
The RSA cryptosystem relies on “the factoring problem”. This problem relies on the difficulty of how to factorization of the product of two large prime numbers, something that is very computationally intensive to do. This algorithm essentially relies on the assumption that multiplication is fast, yet factoring is slow.
RSA offers everything we want, from cryptographic signatures to encryption/decryption possible for each users private key, decryptable by their public key.
RSA keys are usually either 1024 bit or 2048 bit. In recent years it is believed 1024 bit keys are potentially crackable by future (non-quantum) computers in the coming years, so most security firms rely on 2048 bit keys.
One drawback of RSA is that the private and public keys must be generated together. You cannot take any private key you wish and generate the equivalent public key, both must be generated together, which is more computationally expensive.
Elliptic Curve Cryptography (ECC)
The ECC cryptosystem based on the elliptic curve theory. To solve the algorithm, one must compute an elliptic curve discrete logarithm, which is a much harder problem to solve than factoring primes in RSA.
Like RSA, ECC also gives us everything we want, from cryptographic signatures to encryption/decryption possible for each users private key, decryptable by their public key.
ECC takes less computing power to generate the keys, while also providing a higher level of security per bit compared to RSA encryption, while also being more secure than ElGamal as well. Some researchers have found that a 164bit ECC key is equally as secure as a 1024 RSA key.
A 256 bit ECC key would be more than sufficient for security, while also being far less storage per key compares to RSA, and requiring much less computational power to generate the keys.
ECC has the benefit of being able to take any private key and generate the appropriate public key. This is a cheaper process than in RSA, and is an overall convenience in cryptocurrencies only needing to care about your private key (as you can regenerate the public key at any point, getting the same key every time).
Dev-Choice: Elliptic Curve Cryptography (ECC)
Less bits of storage, cheap to perform, hard to reverse, offers all benefits we need, as well as private-keys can generate public keys. ECC is used by both Bitcoin and Ethereum for this very reason. Signatures with ECC can be created with the Elliptic Curve Digital Signature Algorithm (ECDSA), as used by Bitcoin & Ethereum
Final Decision
At the time of this writing, after doing an analysis of the options listed above, it appears Bitcoin and Ethereum both chose the logical choices.
Asymmetric ECC Public Key Encryption with ECDSA Cryptographic Signatures
This decision may change as I explore more options, which will result in a followup post once these future options are explored.
Notes
- ECC is technically not a true asymmetric algorithm. Variations of ECC can be symmetric or asymmetric. ECC is frequently used in conjunction with AES encryption now days. It still meets all the desired requirements from the asymmetric algorithms, however.
- Quantum-Resistance has not been taken into account here. I will do a follow-up analysis in the future on lattice-based cryptography and lattice-construction for encryption. Essentially, all the cryptographic algorithms listed above would be weak to a quantum computer attacking, however certain lattice-based cryptography constructions are believed to be resistant. This is more important for future-proofing a cryptocurrency, however is not concern at this point in time.
Thanks for your time! If you enjoyed this debate and analysis on public key encryption for cryptocurrencies, an upvote and follow would be greatly appreciated :) If you feel I missed an important alternative, please leave the suggestion in the comments and I’ll analyze it in the future when I do the follow up debate, bringing Lattice cryptography and quantum resistance into the equation.
For our next debate, we will analyze cryptographic hashing algorithms
Thanks for this explanation about crypto. I think this will be a big thing in the future!
Thank you :) I definitely think it will be too. It's an exciting tech that keeps taking on new exciting forms!