A Deep Dive into the Interplay of Cryptographic Schemes and Algorithms powering the state of the art security models in Blockchain as manifested by the legendary Cryptocurrency Scheme Bitcoin. Presented in the IT Audit and Cybersecurity Conclave Organised by ISACA and Red Team Hacker Academy in Kochi, Kerala.
Axa Assurance Maroc - Insurer Innovation Award 2024
Blockchain and Cryptography - A Primer
1. B L O C K C H A I N S E C U R I T Y
A J O U R N E Y T H R O U G H C RY P T O G R A P H I C P R O T O C O L S
2. T H E B L O C K C H A I N S P E C T R U M
C RY P T O G R A P H Y, D I S T R I B U T E D C O M P U T I N G , E C O N O M I C S , P O L I T I C S …
3. The blockchain is an incorruptible digital ledger of economic transactions that can be
programmed to record not just financial transactions but virtually everything of value
D O N TA P S C O T T
17. B L O C K C H A I N A N D P U B L I C K E Y
C RY P T O G R A P H Y A R E C O N N E C T E D !
18. N E E D F O R S E C U R I T Y I N
D I S T R I B U T E D L E D G E R
• A system for generating addresses
where bitcoins can be received and
stored.
• A method for ensuring that only
the rightful owner of bitcoins stored in an
address can move them to a new address.
• A database of all past transactions
which is used to prevent double spending
of the bitcoins stored in an address. This
database is called the blockchain.
19. C RY P T O G R A P H Y I N
B I T C O I N P R O T O C O L -
S U M M A RY O F T E C H N I Q U E S
• Bitcoin makes use of two hashing
functions, SHA-256 and
RIPEMD-160, but it also uses
Elliptic Curve DSA on the curve
secp256k1 to perform signatures.
• The C++ implementation uses a
local copy of the Crypto++
library for mining, and OpenSSL
for normal usage.
20. C RY P T O G R A P H Y I N
B L O C K C H A I N - K E Y PA I R S
• Security of the Identity of participants
• Ensuring that the past records cannot be
tampered with
• Most cryptocurrencies use key pairs (and
thus asymmetric cryptography) to manage
‘addresses’ on the blockchain.
• The public key is the address, which ‘holds’
the tokens and it can be viewed by anyone.
• The private key is used to access the address
and authorize actions for the ‘address’.
21. C RY P T O G R A P H Y I N
B L O C K C H A I N S -
D I G I TA L S I G N AT U R E S
• Digital Signature can be used to sign
transactions offline and also be used in multi
signature wallets and smart contracts.
• In the Bitcoin system, the transfer of bitcoins1
between entities requires the sender to
provide a digital signa- ture proving
ownership of the bitcoins being transferred.
• These multi signature contracts and wallets
require digital signatures from multiple
(different) private keys before any action can
be executed.
22. D I G I TA L S I G N AT U R E
P U B L I C K E Y C RY P T O G R A P H Y L I F E C Y C L E
23. P U B L I C K E Y
C RY P T O G R A P H Y A N D
D I G I TA L S I G N AT U R E
• Digital signatures are incorruptible and easily verifiable
thanks to their usage of asymmetric cryptography.
• Combining user’s private key with the data that they
wish to sign through a mathematical algorithm
• Since they use asymmetric cryptography digital
signatures also have the quality of non-repudiation,
meaning they can be as legally binding as a normal
signature.
• Digital signatures are what gives the data recorded on
the Blockchain its immutability
• In reality there will be a unique signature generation
and signature verification algorithm
24. E L L I P T I C C U R V E D I G I TA L
S I G N AT U R E A L G O R I T H M
ECDSA is a cryptographic algorithm used by Bitcoin to ensure that funds
can only be spent by their rightful owners.
Private Key:
In Bitcoin, someone with the private key that corresponds to funds on the
block chain can spend the funds.
Public Key
In Bitcoin, public keys are either compressed or uncompressed.
Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or
0x03, and a 256-bit integer called x. The older uncompressed keys are 65
bytes, consisting of constant prefix (0x04), followed by two 256-bit
integers called x and y (2 * 32 bytes). The prefix of a compressed key
allows for the y value to be derived from the x value.
Signature
A signature is mathematically generated from a hash of something to be
signed, plus a private key. The signature itself is two numbers known as r
and s. With the public key, a mathematical algorithm can be used on the
signature to determine that it was originally produced from the hash and
the private key, without needing to know the private key. Signatures are
either 73, 72, or 71 bytes long, with probabilities approximately 25%, 50%
and 25% respectively, although sizes even smaller than that are possible
with exponentially decreasing probability.
25. E L L I P T I C A L C U R V E
C RY P T O G R A P H Y A N D
B I T C O I N P R O T O C O L
• The cryptographic algorithm used in Bitcoin is
called elliptic curve cryptography. It is a type of
asymmetric cryptography that is considered
more efficient compared to classic RSA
cryptography.
• While elliptic curve cryptography provides the
same level of security like RSA, it needs less
computation and smaller key size, thus reducing
storage and transmission requirements.
• Bitcoin does not sign the entire transaction
message rather, it signs a cryptographic hash of
the message
26. B E N E F I T S O F E L L I P T I C
C U R V E C RY P T O G R A P H Y
• Smaller Key Size
• Storage Efficiencies
• Bandwidth Savings
• Computational Efficiencies
• 256 bit ECC public key should
provide comparable security to a
3072 bit RSA public key
27. S E C P 2 5 6 K I I N
B I T C O I N
• Refers to the parameters of
elliptic curve used in Bitcoin’s
Public Key Cryptography
• Currently Bitcoin uses secp256k1
with the ECDSA algorithm,
though the same curve with the
same public/private keys can be
used in some other algorithms
such as Schnorr.
28. S E C P 2 5 6 K I I N
B I T C O I N
• Refers to the parameters of elliptic curve used in
Bitcoin’s Public Key Cryptography
• Currently Bitcoin uses secp256k1 with the ECDSA
algorithm, though the same curve with the same
public/private keys can be used in some other
algorithms such as Schnorr.
• secp256k1 was almost never used before Bitcoin
became popular, but it is now gaining in popularity
due to its several nice properties.
• Most commonly-used curves have a random
structure, but secp256k1 was constructed in a
special non-random way which allows for especially
efficient computation.
29. E L L I P T I C A L C U R V E C O N S T R U C T I O N
30. E L L I P T I C A L C U R V E C O N S T R U C T I O N
31. E L L I P T I C C U R V E C O N S T R U C T I O N
32. C RY P T O G R A P H I C
H A S H I N G I N
B L O C K C H A I N
• Cryptographic hashing is another fundamental piece of
blockchain technology and is directly responsible for
producing immutability – one of blockchain’s most
important features.
• Cryptographic hash functions* are hash functions that
have these crucial properties:
• Deterministic : No matter how many times you give
the function a specific input, it will always have the
same output.
• Irreversible : It is impossible to determine an input
from the output of the function.
• Collision Resistance : No two inputs can ever have
the same output.
33. C RY P T O G R A P H I C
H A S H I N G I N
B L O C K C H A I N
Every new block of data contains a
hash output of all the data in the
previous block.
Imagine a blockchain that just added
its 1000th block. The data from block
999 exists in block 1000 as a hash
function output. However, included in
block 999’s data is a hash of block
998’s data, which contains a hash of
block 997’s data.
34. C RY P T O G R A P H I C
H A S H F U N C T I O N S
A cryptographic hash function
is a mathematical algorithm that
maps data of arbitrary size to a
bit string of a fixed size (the
"hash value", "hash", or
"message digest") and is a one-
way function, that is, a function
which is practically infeasible to
invert.
35. P R O P E R T I E S O F
C RY P T O G R A P H I C
H A S H F U N C T I O N S
• it is deterministic, meaning that the same
message always results in the same hash
• it is quick to compute the hash value for any
given message
• it is practically infeasible to generate a message
that yields a given hash value
• a small change to a message should change the
hash value so extensively that the new hash value
appears uncorrelated with the old hash value
• it is infeasible to find two different messages with
the same hash value
36. A P P L I C AT I O N S O F
C RY P T O G R A P H I C
H A S H F U N C T I O N S
• Digital Signatures
• Message Authentication Codes
• Different forms of authentication
• Index in hash tables
• Detect duplicate files
• Checksums to detect data corruption
37. R I P M E D - 1 6 0
RIPEMD-160 is a cryptographic hash
function based upon the Merkle–
Damgård construction.
It is used in the Bitcoin standard.
RIPEMD was used because it produces
the shortest hashes whose uniqueness
is still sufficiently assured.
This allows Bitcoin addresses to be
shorter.
38. S E C U R E H A S H I N G
A L G O R I T H M - 2 5 6
SHA256 is used as well because Bitcoin's use
of a hash of a public key might create unique
weaknesses due to unexpected interactions
between RIPEMD and ECDSA (the public key
signature algorithm).
Interposing an additional and very different
hash operation between RIPEMD and
ECDSA makes it almost inconceivable that
there might be a way to find address
collisions that is significantly easier than
brute force trying a large number of secret
keys.
39. W H Y S H A 2 5 6 I S U S E D
T W I C E I N B I T C O I N ?
SHA-2, like all Merkle-Damgard hashes suffers
from a property called "length-extension".
This allows an attacker who knows H(x) to
calculate H(x||y) without knowing x.
This is usually not a problem, but there are
some uses where it totally breaks the security.
To avoid this property, Ferguson and Schneier
suggested using SHA256d =
SHA256(SHA256(x)) which avoids length-
extension attacks.
40. B I T C O I N M I N I N G A N D
H A S H O P E R AT I O N S
Transaction chains are certified by the solution of a
computationally hard problem (mining), and once a
transaction is confirmed by its inclusion in a block,
clients prefer the transaction chain that has the
highest computational cost associated with it,
invalidating any other spending on other branches
In more detail, the computationally hard problem is
essentially a watered-down version of the first pre-
image attack on a hash function.
Miners are given a set of solution hashes (the hash of
all zeros to a target hash), and are required to find a
message with particular structure (a chain of blocks
plus a nonce) that hashes to one of these hashes.
41. B I T C O I N M I N I N G A N D
H A S H O P E R AT I O N S
In this case, it is easy to see that a first
pre-image attack on a hash function (or
perhaps a slightly weaker) attack means
that this hashing problem can be solved
much more quickly.
This is a security break if an adversary
knows this method but no one in the
network does; he can easily then capture
more than 50% of the network’s
computing capacity and split the block
chain
42. A D D R E S S E S I N
B I T C O I N
Similar to systems like PGP, Bitcoin users
generate public and private keypairs for
making signatures,
Bitcoin publishes a convenient
“fingerprint”, actually a RIPEMD-160
hash for people to utilize as an identifier
Unlike systems like PGP, Bitcoin has no
public key distribution mechanism: the
RIPEMD-160 hash is canonical for a
public key.
43. A N A LY S I S O F P U B L I C K E Y
C RY P T O G R A P H Y S Y S T E M S
A combination of a users public key and private key
encrypt the information, whereas the recipients
private key and sender's public key decrypt it.
It is impossible to work out what the private key is
based on the public key.
Therefore, a user can send their public key to anyone
without worrying that someone will gain access to
their private key.
The main distinction from symmetric cryptography is
the usage of keypairs.
Asymmetric cryptography uses key pairs, instead of a
shared key, in order to encrypt and decrypt data
44. D I S A D VA N TA G E S O F
P U B L I C K E Y
C RY P T O G R A P H Y
• Very slow compared to symmetric cryptography
• 100 to 1000 times slower
• Size of encrypted data limited by performance considerations
• Not suitable for encrypting large amounts of data
• Asymmetric Algorithms
• Diffie Hellman
• RSA
• Elliptic Curve Cryptography
• El Gamal
• DSA
45. A N A LY S I S O F S Y M M E T R I C
K E Y C RY P T O G R A P H Y
Symmetric cryptography is a ‘simple’ form
of cryptography which uses a single key to
encrypt and decrypt data.
This key can be almost anything, ranging
from a number to a word to a random string
of characters
This key is then used to encrypt the data
after which the data can get sent across a
network safely. To decrypt the data the
receiver needs the key (the same one that
the sender used to encrypt the data).
46. B I T C O I N A D D R E S S E S
A R E D E R I V E D F R O M
P U B L I C K E Y S
• Randomly generate a 256 bit number
• Generate Public Key using bitcoin’s ECDSA
curve
• Public Key to SHA 256 to RIPMD 160 to Base
58 Encoding ( plus prefix plus checksum )
• SHA 256 ( PoW Address ) , RIPEMD
( Address ) , ECDSA ( Variant of DSA )
• Bitcoin uses SHA 256 encryption for both its
Proof of Work system and transaction
verification
47. B L O C K C H A I N
S E C U R I T Y
• Infrastructure Security
• Integration Security
• Information Security
• Dapp Security
• Contract Security
48. B L O C K C H A I N S E C U R I T Y
E M E R G I N G F R O N T I E R S
• Trusted Execution Environments
• Multi Party Computation
• Hardware Enclaves
• Smart Contract Obfuscation
• Pseudonymous Identities
• Identity Mixers
• Revocable Contracts
• Transaction Analytics
• Pairing based Cryptography
• Post Quantum Cryptography
49. C RY P T O G R A P H I C
P R O T O C O L S F O R
B L O C K C H A I N S E C U R I T Y
• Zero Knowledge Proofs
• Lattice based Cryptography
• Hash based Cryptography
• Merkle Signature
• Lamport Signature
• Ring Signature
• Elliptical Curve Pairings
50. S E C U R E M U LT I PA R T Y
C O M P U TAT I O N
• It is a cryptographic method for parties
to jointly compute function over their
inputs while keeping those inputs private
• Unlike traditional cryptographic tasks,
where cryptography assures security and
integrity of communication or storage
and the adversary is outside the system
of participants (an eavesdropper on the
sender and receiver), the cryptography in
this model protects participants' privacy
from each other.
51. S E C U R E
M U LT I PA R T Y
C O M P U TAT I O N
S C H E M AT I C
F O R A G R O U P
O F PA R T I E S
52. M I L L I O N A I R E
P R O B L E M
S O LV E D
U S I N G
S E C U R E
M U LT I PA R T Y
C O M P U TAT I O N
53. Z E R O K N O W L E D G E
P R O O F S
zero-knowledge proof or zero-
knowledge protocol is a
method by which one party (the
prover) can prove to another
party (the verifier) that they know
a value x, without conveying any
information apart from the fact
that they know the value x.
54. Z E R O K N O W L E D G E
P R O O F S
If proving a statement requires that the prover
possess some secret information, then the
verifier will not be able to prove the statement
to anyone else without possessing the secret
information.
The statement being proved must include the
assertion that the prover has such knowledge,
but not the knowledge itself.
Interactive zero-knowledge proofs require
interaction between the individual (or computer
system) proving their knowledge and the
individual validating the proof.
56. Z E R O
K N O W L E D G E
P R O O F A S A
G A M E O R A
P U Z Z L E O R
A M A Z E
57. K E Y P R O P E R T I E S
O F Z E R O
K N O W L E D G E
P R O O F S A N D
I M P O R TA N T
U S E C A S E S
58. T R A N S F E R O F
A S S E T S A N D
O W N E R S H I P
U S I N G Z E R O
K N O W L E D G E
P R O O F S
B E T W E E N T W O
A U T H O R I T I E S
59. C RY P T O G R A P H I C
V U L N E R A B I L I T I E S
S E C U R I T Y A S S E S S M E N T O N H Y P E R L E D G E R I N D Y
60. H Y P E R L E D G E R I N D Y
R E F E R E N C E A R C H I T E C T U R E
61. H Y P E R L E D G E R I N D Y C O M P O N E N T M O D E L
62. C RY P T O G R A P H I C
V U L N E R A B I L I T I E S A N D
R E C O M M E N D AT I O N S
• Use of random choice to generate cryptographic
seed causes a medium vulnerability
• Rewrite random seed to use a secure random
number generator
• Sensitive data not constantly zeroed after use
• Zero memory containing sensitive data is no
longer needed
• Cryptographic operations do not execute in
constant time
• Use cryptographic operations which execute
in constant time
63. C RY P T O G R A P H I C
V U L N E R A B I L I T I E S A N D
R E C O M M E N D AT I O N S
Issue
Storage.directory_store.DirectorySto
re potentially vulnerable to path
traversal attack
Recommendations
Either escape unsafe characters, or
6.4 encode the entire key.
64. C RY P T O G R A P H I C
V U L N E R A B I L I T I E S A N D
R E C O M M E N D AT I O N S
Issue
Race condition in
stp_zmq.util._create_file_with_mode
Recommendation
Use os.open in preference to open if
a non-default file mode is required.
65. L E T U S I M A G I N E A D E C E N T R A L I S E D S O C I E T Y W I T H P R I VA C Y A N D I N T E G R I T Y