Cryptographic Keys in Blockchain - Usage and Overview
What are Cryptographic Keys?
A cryptographic key is a piece of information used to sign, encrypt, or decrypt data in a secure and verifiable manner. Blockchain transactions rely on signatures to ensure data authenticity and integrity.
Cryptographic Keys in Blockchain
Cryptographic keys in blockchain technology secure transactions using digital signatures. Each key pair comprises a private and a public key, generated using mathematical algorithms. The private key is kept secret and used to sign transactions, while the public key is shared to verify the signature.
Addresses are generated from public keys. When a user sends a transaction, they include instructions on transforming a public key into an address and the signature generated by the associated private key.
Cryptographic Keys - Key Concepts
- Private Key: A secret code used to sign transactions. It must be kept secure.
- Public Key: A different code derived from the private key. Used to generate addresses and verify signatures.
- Digital Signature: A mathematical scheme used to prove the authenticity of a message or document.
- Hash Function: A one-way function used to generate addresses from public keys and ensure data integrity.
- Stored on Wallets: Cryptographic keys are generated and stored in wallets.
- EC Scalar Multiplication: The mathematical operation used to multiply a point on an elliptic curve by a scalar value.
The private key is a number, while the public key is a point on an elliptic curve. The base point is multiplied by the private key using scalar multiplication to generate the public key.
Elliptic Curve Scalar Multiplication
EC multiplication refers to multiplying a point on an elliptic curve (the base point) by a scalar (the private key) to produce another point on the curve, the public key. Unlike simple multiplication, it involves iterative point additions and doublings.
Because of the mathematical properties of elliptic curves, reversing this process to derive the private key from the public key is computationally unfeasible.
Creating Cryptographic Keys
Cryptographic keys are created using secure random number generators and mathematical algorithms. The entire process includes generating a private key, deriving a public key from this private key, and creating an address from the public key.
Steps for Creating Cryptographic Keys
- Generate a Private Key: Generate a random number to serve as the private key.
- Load the Curve Constants: Load the constants for the elliptic curve being used.
- Multiply the Base Point by the Private Key: Take the base point G and multiply it by the private key to get the public key.
- Generate the Address: Create a verification script or hash the public key to generate the address.
The specific constants used in ECC vary depending on the curve. For instance, Bitcoin utilizes the secp256k1 curve, whereas Neo employs the secp256r1 curve.
Addresses aren’t considered cryptographic keys but are mentioned here as they are derived from the public key.
Using Crypto Libraries
Cryptographic libraries like OpenSSL, Bouncy Castle, and Web3.js provide functions to generate keys, sign transactions, and hash data. These libraries implement the necessary algorithms and standards for secure key generation.
Do not attempt to create your own cryptographic functions unless you are an expert in the field.
Elliptic Curve Cryptography
Elliptic curves are the foundation of public-key cryptography. The security of elliptic curve cryptography (ECC) is based on the difficulty of solving the elliptic curve discrete logarithm problem. It’s possible to multiply a point on the curve by a scalar to generate another point, but reversing this operation is computationally infeasible.
The general form of an elliptic curve equation is:
y² = x³ + ax + b
Where a
and b
are constants that help define the characteristics of the curve. The values are limited to a specific range. If the numbers exceed this range, they are reduced using modulo arithmetic. Commonly used curves in cryptography include secp256k1 and secp256r1.
Key Generation Standards
The BIP32 standard, commonly used in Bitcoin, outlines the use of the secp256k1 curve for generating cryptographic keys from a seed phrase.
After multiplying the base point by the private key, the resulting public key is hashed twice to create the address. The hash function used may vary depending on the blockchain network.
Public Key Compression
Public keys are often compressed using x
and an extra bit indicating which of the two possible solutions for y
is correct. This reduces the size of the public key at the expense of computational overhead. Using less storage can benefit blockchain networks where space is limited.
Compressed public keys are 33 bytes long, with 32 bytes for the x
and one byte to indicate the y
value. Most applications and SDKs use compressed public keys.
Private Key Randomness
The private key’s randomness is achieved using specialized software or hardware. If it is not random, it can be vulnerable to brute-force attacks. Secure random number generators ensure the private key is unpredictable and secure.
Seed Phrases and Mnemonics
A seed phrase or mnemonic is a list of words that can be used to generate a private key. The process involves converting the seed phrase into a private key using a specific algorithm.
The list of words used in seed phrases is standardized across different wallets. The BIP39 standard defines the list of words, while BIP32 and BIP44 standards define the process of generating keys from the seed phrase.
Do not attempt to select your own seed phrase words or use non-standard lists, as this can lead to the loss of funds or security vulnerabilities.
Derivation Paths
A derivation path is a set of rules that define how keys are generated from a seed phrase. It includes the algorithm used, the keys’ purpose, and the key’s index. The hierarchical deterministic (HD) wallet standard uses derivation paths to create a tree-like structure of keys.
The path is defined by a series of numbers and letters that indicate the derivation process. For example, m/44'/60'/0'/0/0
specifies the path to derive the first key for an Ethereum wallet. The value m
denotes the master key, while 60
is the Ethereum coin type. The final 0/0/0
indicates the key index. The value 44
is a reference to the BIP44 standard. The Neo platform uses the 888
coin type.
The derivation process may use a passphrase to enhance security. Using a passphrase in addition to the seed phrase will generate a different set of keys, providing an extra layer of protection. Using a different passphrase or derivation path will result in different keys.