This article is an excerpt from the book The Layman’s Guide to Bitcoin by Logan Brutsche and is republished here with permission of the author.
Cryptography is the science of applying mathematical functions to pieces of data to guarantee their security.
A lot of popular fiction implies that any system can be hacked, as long as you have a good enough hacker. This “Hollywood hacking” is not how the real world works—a hacker must find a vulnerability in a system to exploit, such as an unlocked server room, an easy-to-guess password, an unprotected network port, or a “backdoor” installed as an inside job to gain unauthorized access later.
While it’s true we can never guarantee that a given system has no vulnerabilities—after all, systems are made by imperfect humans—the sentiment that “anything can be hacked” is false. Since the early 90s, we’ve had access to cryptographic techniques that are quite simply immune to hacking. It’s the application of such techniques that can sometimes leave room for exploitation.
Cryptography itself cannot be hacked to generate a forged cryptographic signature (defined shortly), just as math can’t be hacked to make 2+2=5—although both cryptography and math can be used incorrectly. If a system using cryptography fails, it’s because a designer incorrectly applied cryptography. It’s not because cryptography didn’t work, or because someone “hacked” the cryptography—just as it’s not the fault of math if your bank mishandles your account, or the fault of email when your mom downloads an unfamiliar attachment and gets a computer virus. This is an important distinction, because Bitcoin is very directly an application of established cryptography.
Cryptography is not a new, untested technology. All of the cryptographic techniques used by Bitcoin have been in use since the inception of the Internet, and are essential to many common Internet protocols used every day. The science of cryptography is considered reliable and essential by computer scientists in the same way that rocket science is considered reliable and essential by NASA.
Keypairs: The Cornerstone of Cryptography
Keypairs are the cornerstone of the cryptography used in blockchains. A keypair has two parts: a private key and a public key. These keys are really nothing more than very large numbers with a specific mathematical relationship, used in place of passwords and usernames.
You would handle a public key like your first name or a username: in most cases you share it with anyone who asks, and those who have it can use it to reference or contact you. It’s tied to your reputation (or in Bitcoin’s case, your transaction history), so you might have several public keys (and therefore several keypairs) that you use for different purposes. A public key can be used to reference or view an account, but can’t by itself authorize any action on that account.
The private key should be treated like a password: it shouldn’t be shared with anyone, and is used to authenticate certain actions, such as sending BTC.
But there is an important difference between a private key and a password. To use a password, you have to send it out to a person or server so it can be checked against their records. You have to trust that the password will be handled responsibly after sending it. In contrast, a private key can be used to authenticate yourself without sending it anywhere. The only place it’s ever stored or directly used is on your local device.
This is important, because if you can authenticate yourself without sending your secret anywhere, you can remain in complete control of its security—you aren’t vulnerable to the security lapses of other systems. This is an essential part of what makes Bitcoin unhackable. There are no passwords or private keys stored on Bitcoin itself for an attacker to compromise, and yet users can still authenticate transactions.
But how could you use a private key to authenticate a transaction, if you never send the private key anywhere? The answer has to do with the mathematical relationship between the private and public keys: cryptographic signatures.
Cryptographic Signatures
There are several different techniques for generating and validating cryptographic signatures, and the mathematical theorems that allow them to work are far beyond the scope of this article. To those unfamiliar with cryptography, the process described here might initially sound outright impossible. I distinctly remember having this impression when I began my research into Bitcoin four years ago.
For now I will simply note again that these technologies are used in many common Internet protocols, and are an established part of information science.
Imagine two people, Alice and Bob, who have already traded public keys in person. Alice wants to send Bob a message, but Bob is a very suspicious person, and won’t trust that the message actually came from Alice unless he can prove it mathematically, beyond all doubt. To facilitate this proof, they agree to use a cryptographic signature.
To generate the signature, Alice uses her computer’s signature generation algorithm, which takes as input her private key and her complete message, and generates a cryptographic signature. She then sends Bob this message/signature combo—but, crucially, does not send her private key.
When Bob receives the message and signature, he has a complementary signature validation algorithm to employ. This algorithm takes as input the message and the signature, and determines the public key of the keypair that Alice used to generate the signature. When Bob sees his algorithm output Alice’s public key, he has mathematically proven that the signature must have been generated with Alice’s keypair, even though he doesn’t know and cannot calculate the private half of Alice’s keypair.
Put more succinctly, this cryptographic signature process allows Bob to verify that the message wasn’t created or modified by some third party and must have been generated with Alice’s private key, without having to (or being able to) know her private key. All he needs is the message/signature combination and her public key.
Intuitively, this seems impossible, and you might feel as if you’ve misunderstood something. If Alice’s private and public keys are so closely related, and Alice used her private key to generate the signature that Bob receives, how is it that he can derive her public key but cannot find her private key? The answer to this requires a far deeper understanding of mathematics than most people have, and is far outside the scope of this book.
Still, this technique is relied on and used every day, and is considered rock-solid within the cryptography community. When you visit a website and its address starts with https, the “s” indicates that the site has validated itself with a cryptographic signature. Your computer used a signature validation algorithm, just like Bob did in the above example, to verify the website really came from the right keypair. This cryptographic signature is relied on to ensure any further interaction between you and the website is encrypted and authentic. If this test fails, modern browsers will warn you and flag the website as dangerous.
Sufficiently Huge Numbers
Earlier, I briefly mentioned that private and public keys function like usernames and passwords, but in reality are nothing more than extremely large numbers with a special mathematical relationship. Given that, I’m often asked the following questions:
“Can’t someone just have a computer guess, or count through, a bunch of numbers and try them as private keys? Wouldn’t they eventually run across a private key of some targeted keypair, and thereby gain control over that identity?” Indeed, in the case of Bitcoin, this would allow an attacker to steal the money held by some keypair.
It’s a good question, and yet it doesn’t happen. As stated before, there are several Bitcoin addresses with millions of dollars worth of BTC that hasn’t moved in years—even though all that would be needed to steal it is the right private key—the right huge number! If you could guess the private key to those addresses, the money is yours to send anywhere. Unlike a password, you can check private keys locally on your own machine, and there is no server limiting how many times or how fast you try them.
So why hasn’t anyone stolen these funds yet? The answer lies in the almost absurd size of the numbers used as private keys. They are sufficiently huge.
Let’s start with a simple thought experiment. Imagine your private key was just large enough that if all of the world’s computers worked together, it would take them a full 24 hours to bruteforce guess it. If you add just one more digit to your private key, there would be ten times more permutations for the computers to go through, so it would take 10 days instead of one. Six more digits would bring it to 27,000 years.
In each case, generating the private key—which only requires the ability to create random numbers—remains trivial. Using the private key to generate signatures, as well as checking these signatures against the public key, also remains computationally simple. But the work required to guess the private key grows exponentially with each extra digit. To make private keys “immune” to brute-force guessing, we need only add enough digits—we need only make them sufficiently huge.
So how huge is sufficiently huge? The private keys used in Bitcoin are 256-bit integers, which amounts to a number that is seventy-six digits long. The power of the size of this number is incredible. The following illustration is derived heavily from Bruce Schneier’s book Applied Cryptography, and is a compelling demonstration of sufficiently huge numbers.
First, recognize that a specific consequence of the second law of thermodynamics is that there is a minimum energy required to change a single binary bit of information (changing a 1 to a 0 or vise-versa). This means any computation process requires some minimum energy to perform, regardless of the hardware used.
Now suppose you were able to harness the entire energy output of the sun only to power a specially designed computer, whose job is to count through or guess private keys, in the hopes of finding the private key of a keypair (which might control BTC).
Using a bit of math and thermodynamics, you’ll find that a perfectly efficient computer can count through 2178 values given the sun’s entire annual energy output. If we divide this value into the number of possible private keys, 2256, we find that this hypothetical computer would only be able to guess or count through 0.0000000000000000000003% of the total number of possible private keys—given the entire annual energy output of the sun.
Furthermore, this is just counting, and doesn’t include the much more complex task of actually checking each private key to see if it corresponds to the right public key. So in the 0.0000000000000000000003% chance this computer did happen across the right private key by the end of one year, it wouldn’t even realize it.
These numbers have nothing to do with the technology of the devices; they are the maximums that are possible according to the laws of thermodynamics that have been established since the 1930s. And they strongly imply that brute-force attacks against 256-bit keys (which Bitcoin uses) will be infeasible until computers are built from something other than matter and occupy something other than space.
This is the power of sufficiently huge numbers. It does not matter how good a hacker is. Unless he can harness the power of three hundred sextillion suns for one year, or one sun for three hundred sextillion years, his computer can’t even count through all the private keys—let alone test or otherwise use them.
For a more in-depth look at Bitcoin and cryptography, pick up Logan Brutsche’s book, The Layman’s Guide to Bitcoin.