6. Crypto Primitives: Digital Signature
m E[H(m)]H(m)
m
E[H(m)]
Hash Encrypt with sk Sign
(sk,pk) = generate(keysize)
sk = Signing key
pk = Publick key
m
E[H(m)]
m
E[H(m)]
H(m)
H(m)
Hash
Decrypt with pk
• Unforgeable
• Public Verification
9. T1
In Out
Prev T0 Value 2 BTC
Index Out[0] ToAddr PKBob
InScript
SigAlice
PKAlice
OutScript
OP_DUP
OP_HASH160
PKBob
OP_EQUALVERIFY
OP_CHECKSIG
Signed by Alice T2
In Out
Prev T1 Value 2 BTC
Index Out[0] ToAddr PKchuck
InScript
SigBob
PKBob
OutScript
OP_DUP
OP_HASH160
PKchuck
OP_EQUALVERIFY
OP_CHECKSIG
Signed by Bob
2 BTCAlice Bob 2 BTCBob Chuck
SigBob PKBob OP_DUP OP_HASH160 PKBob OP_EQUALVERIFY OP_CHECKSIG
Script Challenge
== True
Irreversible => Brute force => 2^130 => Astronomical time
Collision resistant => Huge Input, Small output space
Commitment
Sha 256
Tamper resistant log
Linked List => Blockchain
Hash Pointer Head => Entire log can be retrieved
O(n)
Binary Tree
Merkle Root
Membership can be found => O(log n)
Transactions are stored Merkle Tree in block
Unforegeable
Public verification
Sign a Hash Pointer means signing the entire chain
ECDSA => Elliptic Curve Digital Signature Algorithm
Sk => private key, pk = bitcoin wallet address,
Decentralized Identity management
Block => Hash Pointer
Blockchain => Hash Pointer List
Transaction List => Merkle Tree
Genesis block => https://blockchain.info/block-index/14849
Wallet exchange
Verification post block formation
Alice had 2 BTC ?
How only Bob Consumes ? Belongingness ?
Transaction ref
Multiple Input, Multiple Output
To-Bitcoin address
Script Challenge ( Only Bob can solve )
Bitcoin Scripting => op_codes & data
Pay to Script
Bitcoin scripting => Not turing complete language, Limit on Time & Memory
It was meant for Bob ( Belong
Only bob has a solution ( Anyone can verify Bob’s ownership if bob gives a solution )
Transaction ref & Reuse
Cryptographically No diff
Confirmations : 6 required
Probability of a block being invalid decrease exponentially
Malicious Node :
Add Invalid transaction
Deny a transaction
Double spent
Penalize the malicous node
Incentivize
Add a Coin base transaction out of thin air
All Active nodes
Proof of work => 2^n ( n = leading zeros )
Recalibrates as hashing power can change
Mean time = 10
51 % Malicious Nodes
Steal Coins => No ( Can not solve script challenge )
Denial to a specific transaction => Yes
Change reward amount => No ( breaking protocol )
Destroy Confidence => Yes ( disturbing the network )
RCE in Full Nodes
SHA2 => Possible will be broken by 2040
ECDSA => Forge a signature => steal coins
Wallet software => Find a vulnerability there