Ownership and privacy of bitcoin – asymmetric encryption application


This paper was first published inSimple explanation of blockchain community
Link to the original text:Ownership and privacy of bitcoin – asymmetric encryption applicationThe original text has been updated. Please read it

How does the bitcoin system determine to whom the bitcoin of an account belongs? Who can pay bitcoin for this account?
If you don’t quite understand the problem, let’s have a look.

banking system

Let’s first review the real banking system:

  1. First of all, we need to give our personal information (such as ID card) to the bank. The bank will open a corresponding account for us. The bank establishes the ownership of the account when opening an account.
  2. When making payment, the bank transfers money to both parties (the bank already knows our corresponding account when opening an account).

At the same time, the bank will keep the account information confidential (which can’t be guaranteed).

Anonymous ledger

So how does bitcoin ensure privacy and account ownership without the participation of third-party banks?

In fact, the account of bitcoin is represented by address. Personal information is not displayed on the account book. Transfer is to transfer bitcoin from one address to another.
The transfer records are as follows:

    Payment address: "2a39cba2390fde"
    "Receiving address": aac9cba239afcc
    "Amount": 0.2btc

The question then becomes who has the right to pay at an address.

Payment and ownership are actually the same problem. If only I can use this bitcoin to pay, then I have ownership

Address and private key

The solution of bitcoin is that whoever has the private key of an address (if he has no encryption concept at all, he can simply use the private key as a password), and who can pay with this address. (therefore, the private key must be kept well. If the private key is leaked, bitcoin may be lost.)

The bitcoin address and the private key have an asymmetric relationship. After a series of operations (including two hash operations), the address of the private key can be obtained, but the private key cannot be obtained from the address.

Address: 2a39cba2390fde
Private key: sdghsdninihdsgakihkkgnakdaihnkhiskdgal

Hash(Hash(fun(sdgHsdniNIhdsgaKIhkgnakgaihNKHIskdgal)))  -> 2A39CBa2390FDe

The bank account number and password of the banking system are completely independent and cannot be derived from each other. The account number and password need to be verified at the same time when transferring out

Or an example of the above transaction:

    "Payment address": 2a39cba2390fde ",
    "Collection address": aac9cba239afcc,
    "Amount": 0.2btc

Only the private key with address 2a39cba2390fde can be paid.

Asymmetric encryption technology

At this point, the problem becomes how to prove that you have the private key of a certain address (without disclosing the private key).

Sign the transaction information

In fact, before signing, the transaction information will be hashed to the summary information, and then the summary information will be signed. The process is like this:
1. Hash the transaction to get a summary information (hash value)

    {payment address: "2a39cba2390fde",
    "Collection address": aac9cba239afcc,
    "Amount": 0.2btc
    }') -> 8aDB23CDEA6

2. The private key is used to sign the transaction abstract (the payer should do it in a secure environment to avoid the secret key being leaked), and the code representation is like this.

#Parameter 1 is transaction summary
#Parameter 2 is the private key
#Return signature information
sign("8aDB23CDEA6", "J78sknJhidhLIqdngalket") -> "3cdferdadgadg"

radio broadcast

After the signature operation, the payment node starts broadcasting in the whole network: I paid 0.2btc to aac9cba239afcc, and the signature information is 3cdferdadgadg. Please confirm it.

Broadcast process is actually a diffusion process that sends information to other connected nodes, and other nodes pass the verification and then forward to the connected nodes.

The broadcast information contains original transaction information and signature information


After receiving the broadcast information, other nodes will verify whether the signature information is generated by the payer using the private key to sign the original transaction information. If the verification is passed and the transaction is actually sent by the payer, it indicates that the transaction is valid and will be recorded in the account book.
(we will also verify whether there is sufficient balance in the payment account, which we ignore for the time being.)
The verification process is actually the inverse operation of the signature process. The general process is represented by code as follows:

#Parameter 1 is the signature information
#Parameter 2 is the address of payer
#Return to transaction summary
verify("3cdferdadgadg", "2A39CBa2390FDe") -> "8aDB23CDEA6"

If the output information of verification is consistent with the hash of the original transaction information, the verification is passed, and the account book is recorded, which is represented by code. It is roughly as follows:

if(verify("3cdferdadgadg", "2A39CBa2390FDe")
    ==Hash ('{"payment address": "2a39cba2390fde",
              "Collection address": aac9cba239afcc,
              "Amount": "0.2btc"} ')):
    #Write in the account book 
   # donothing

It can be understood that the payment address is the public key, the signature process is the encryption process of the transaction digest with the private key, and the verification process is the process of decrypting with the public key (strictly speaking, it is inaccurate for the convenience of understanding).

Supplementary notes

For better understanding, I have simplified some information above.

The elliptic curve signature algorithm is used in the bitcoin system. The private key of the algorithm is composed of 32 byte random numbers. The public key can be calculated by the private key. The bitcoin address can be obtained by a sequence of hash algorithm and encoding algorithm. The address can also be understood as the abstract of the public key.

Block chain-Learning blockchain systematically to create the best blockchain technology blog