Cryptography is one of those things that’s incredibly beautiful and mind blowing, but most people miss it because it’s difficult to explain and understand. That's too bad, because you don't have to be a tech nerd to see how cool it is! The problem is, most of us nerds don’t take the time to put these concepts into basic terms.
Relatedly, I've found that a lot of people come to bitcoin without much technical understanding, especially when it comes to the coolest part of bitcoin, which imo, is cryptography.
So if that's you, this post is for you! There's no math or code here - I'd love to help you understand a key function (sry not sry for the pun) in the bitcoin protocol by explaining it in basic conceptual terms.
This is a long post, but I think it will be worth your time and hope you find it helpful and interesting!
(PS - Even if you are a nerd, I've always found it helpful when people have explained things like this this for me, so I hope this helps you in some way as well.)
Symmetric / Asymmetric Encryption Basics
I’m going to assume you’re somewhat familiar with symmetric encryption (if you ever played with codes and ciphers as a kid, you know this). In a nutshell, symmetric encryption means you and your friend share the same key, and that key is used for both encryption and decryption.
(If you're not familiar, check out the Shift Cipher as a very basic example.)
Public Key Encryption is a kind of Asymmetric encryption. One key can decrypt what the other encrypts. The operation is reversible, which is how this becomes relevant to bitcoin, but we’ll get there later. The main difference between the public and private keys is that one is derived from the other. The public key is derived from the private key. If you have the private key, you inherently have the public key. Keep the private key private, or it defeats the purpose.
In short - with symmetric encryption, both parties have the same key. With asymmetric encryption, you are the only one with your private key, and the other party has access to your public key. The next section explains why this was originally necessary.
Here’s the traditional problem of symmetric encryption that is solved by PKE:
You need to send a secret message to a friend. You cannot send an encryption/decryption key to your friend because an eavesdropper can see and hear all communication channels.
(i.e., we needed a way to privately communicate via the internet, but don't worry about putting it in that context)
Here’s how PKE solves this:
- Your friend generates a private key (kept secret from the eavesdropper AND from you).
- Your friend derives the public key and broadcasts publicly.
- You encrypt your message in secret with the public key and broadcast the encrypted message.
- The message can only be encrypted with the private key, which is known only to your friend.
- Now you have a way to send secret messages to your friend!
- If you want to receive encrypted messages from your friend, you can simply generate your own, separate private/public key pair, and have your friend encrypt their message with your public key.
If you’re confused, it might help to read those steps again, keeping in mind that the eavesdropper can only see/hear what is broadcasted between you and your friend, but they cannot see/hear what you do alone and in secret (in this case, encrypt/decrypt).
So far this isn’t relevant to bitcoin yet.
(Side note #1: this is computationally difficult compared to symmetric encryption. So when two parties need to send private messages in the presence of an eavesdropper (i.e., over the internet), PKE is used to encrypt and send only a symmetric encryption/decryption key. That way, both parties have the symmetric key and the eavesdropper does not, so symmetric encryption can be used safely from there.)
Reversing the operations of PKE, and how that is useful
So far we’ve discussed encrypting data with the public key, which can only be decrypted by the owner of the private key. I mentioned earlier that you can reverse the operations, so now we’ll discuss encrypting data with a private key, which can then ONLY be decrypted by its derived public key.
In this scenario, everyone can decrypt your data - so what’s the point of doing this? (Spoiler alert: identity verification).
The scenario is something like this: You want to post messages to a public forum, or send private messages via a previously secured channel, and you need to verify your identity w/ each message.
Prerequisite: in most cases, you must be able to previously establish and prove your identity as you simultaneously broadcast your public key.
Once your identity is established and associated with your public key, you can encrypt your message with your private key, and, as stated, anyone can decrypt it with your public key.
Crucially, the public key will only be able to successfully decrypt the message if and only if it was encrypted with its associated private key.
The point is not to send secret data.
Instead, PKE allows you to “encrypt” a signature with your private key, and the associated public key is able to reveal the signature via decryption, mathematically proving to everyone that you are the true owner of the public key, validating your identity.
(Side note #2: going back to that prerequisite - there are third parties, called Certificate Authorities, that handle this for the most part. You know you’re sending stuff to Facebook because Facebook is able to verify their identity via PKE, and that is facilitated by a CA. The CA gives Facebook their private/public key pair, and the rest of us essentially trust the integrity of CA.)
Finally, here’s how this applies to bitcoin, and this part is relatively simple.
The bitcoin blockchain is a ledger of transactions between public keys.
There is no "identity" inherently associated with a public key.
The only thing associated with a public key is the amount of bitcoin that has been sent to it according to the ledger.
The only thing you prove to the bitcoin network via PKE is ownership of a public key, which leads us to the final piece of this puzzle: signing transactions.
Transactions are initiated and validated by broadcasting a message to the network that essentially says “here’s my public key, here’s the amount I want to send and which public key I want to send it to, and here’s a signature that has been encrypted by my private key and can only be decrypted by my public key which proves that I am the owner of the private/public key pair.”
(Side note #3: To add a new public key to the bitcoin network/blockchain, you simply generate a new private/public key pair - AKA, your wallet - with the PKE algorithm used by the bitcoin protocol, and it is added to the blockchain once bitcoin is sent to it from another wallet.)
That’s it! When you send bitcoin, the bitcoin network doesn’t know who you are, they just have mathematical proof that the owner of your public key has authorized the transaction. Don't lose your private key!
If you made it this far, feel free to ask questions (or make corrections if I have misstated any of this)!
If you found this interesting and want to dig deeper into the math itself, this video below is a great place to start.