Blockchain QuickStart Guide: Explore Cryptography, Cryptocurrency, Distributed Ledger, Hyperledger Fabric, Ethereum, Smart Contracts and dApps

By Dr. Kalpesh Parikh and Amit Johri

This book is about developing a comprehensive understanding of blockchain, how it works and can benefit the functioning of the organization. This book exposes you to blockchain technology and illustrates how to leverage it to create value.

First, you should have a working grasp of cryptography, cypher modes, digital signatures, and digital certificates, all of which are thoroughly covered in the first chapter of this book. By gradually introducing you to Distributed Ledger Technology, you can start understanding blockchain. After that, you'll become acquainted with fundamental blockchain concepts like consensus models, algorithms, and procedures. You'll learn about blockchain platforms such as Ethereum and Hyperledger Fabric that enable the development of DApps, DeFi applications, and systems driven by blockchains. Additionally, concepts such as smart contracts, the Ethereum virtual machine, accounts, wallets, GAS, and mining are explained briefly and simplified. The book analyses current blockchain developments, various blockchain as a Service (BaaS) platforms and helps you to gain a better grasp of the technology.

Throughout the book, you will understand multiple blockchain principles, procedures, tools, and platforms required to begin developing blockchain-based business networks.

• Language: English
• Publisher: BPB Online LLP
• Release date: Mar 21, 2022
• ISBN: 9789391392505

Book preview

CHAPTER 1

Cryptography – The Basics

Introduction

When communicating, the confidentiality of messages needs to be ensured so that no one other than the intended recipient of the message can receive the message content. Cryptography introduces this security and secrecy in message communication as also in the information by concealing their contents.

Cryptography disguises the message/information and hides its contents. The annotation given to an encrypted message by encryption is ciphertext, and the process by which this ciphertext is converted back into plain text is decryption.

It is important to be an indispensable tool for protecting information in computer systems, used for encryption and decryption of data it is vital to communication today.

A specific set of skills are required to create layered algorithms and mathematical problems, including analytical skills, technical abilities, and effective communication.

Cryptography professionals need to have a strong understanding of mathematical principles, such as linear algebra, number theory, and combinatorics. Professionals apply these principles when they are designing and deciphering strong encryption systems. Basic knowledge of computer science and a secondary level of mathematics knowledge are the pre-requisites.

Structure

In this chapter, the following topics will be covered:

Introducing cryptography

Strength of cryptography

Requirement of cryptography

Cryptography techniques

Cipher modes

Symmetric

Asymmetric

BlockStream

Your identity—the digital signatureo

Working of digital signature

Creating a digital signature

Digital signature classes

Digital signature uses

Hash functions

Use of hash functions in blockchain

Hash function security for blockchain

Types of hash functions

Digital certificates

Obtaining a digital certificate—the process

Conclusion

Keywords

Questions

Objectives

The chapter’s objectives include introducing you to cryptography, explaining its strength, knowing its requirement, and providing an understanding of cryptography techniques. The various cipher modes—symmetric, asymmetric, block, and stream are described. The authentication of an electronic document is important, and the way to ensure it is through digital signature, explain the working of digital signature, learn to create a digital signature, and describe the three classes of digital signatures. An understanding of several use cases of digital signatures is provided. There are extremely useful functions that appear in many information security applications called the hash functions. We discuss the use of hash functions in blockchain, hash function security for blockchain, and types of hash functions. We explain that a credential of establishing whether a public key belongs to the intended owner is done by the digital certificate and know how to obtain a digital certificate.

After reading this chapter, you will be able to understand the basics of algorithms and how they are used in cryptography, identify the differences between asymmetric and symmetric algorithms, understand concepts of cryptography, and how they relate to network security.

Introducing cryptography

The method of securing messages/information and communication through wires by using codes so that only those for whom the message/information is intended can read and process it. The words "hidden or vault stand for crypt and the word writing stands for graphy".

The mathematical concepts, protocols, rule-based calculations called algorithms are used to transform messages that are hard to decipher and secure messages/information and communication by cryptography in computer science. For digital signing, protecting data privacy, Internet Web browsing, verification of cryptographic key generation, and confidential communications such as credit/debit card transactions and e-mail, these algorithms are used, which are deterministic in nature.

A cipher is a cryptographic algorithm, a mathematical function used by the encryption and decryption process.

A key which may be a word, a number, or a phrase, is used to encrypt the plaintext, and it works in combination with a cryptographic algorithm.

The same plaintext encrypts to different ciphertext with different keys.

The following figure shows cryptography at work:

Figure 1.1: Cryptography at work

The plaintext which is sent by the sender through the wire is encrypted into ciphertext, which then is decrypted into plaintext for the recipient to receive. To encrypt and decrypt the message, the same shared secret key is used.

Cryptography’s primary functions are as follows:

Privacy and confidentiality ensure that no one other than the intended receiver can read the message.

The process of authentication ensures proving one’s identity.

The message has not been altered in any way from the original is assured to the receiver receiving the message by integrity.

The sender really sent this message is proven by the mechanism of non-repudiation.

The method used by crypto keys that are shared between the sender and the receiver is key exchange.

Starting with the unencrypted data, referred to as plaintext in cryptography, the plain text is encrypted into ciphertext, which in turn will be decrypted back into plaintext. The encryption and decryption done are based on the type of cryptography scheme used and the form of the key.

The process is,

C = Ek(P)

P = Dk(C)

Where P = plaintext, C = ciphertext, E = the encryption method used, D = the decryption method used, and k = the key.

Strength of cryptography

The strength of cryptography is determined as follows:

Either strong or weak.

It is measured in terms of the time and resources required to recover the plaintext from the ciphertext.

Strong cryptography results in the ciphertext being difficult to decipher without the possession of appropriate decoding tools and high-end resources.

The cryptographic strength should not depend on the secrecy of the cryptosystem but on the secrecy of the decryption key, as the attacker knows the cryptosystem.

Requirement of cryptography

The requirements of cryptography are as follows:

Unauthorized individual(s) should not be able to gain access to sensitive information, i.e., confidentiality. Cryptography prevents criminals from stealing information online. The website with HTTPS protocol enabled or when you log onto a WIFI hotspot or encrypt a file, cryptography is at work.

Without the alteration being detected during storage or transit, i.e., integrity, the information between the sender and the recipient should not be altered.

At a later stage, the sender of information cannot deny his or her intentions in the transmission of the information ensured by non-repudiation.

The sender and the receiver can confirm each other’s identity together with the origin/destination of information enabled by authentication.

The criteria of confidentiality, integrity, non-repudiation, and authentication are met by the procedures and protocols of cryptosystems.

Further, cryptosystems include mathematical procedures, algorithms, computer programs, choosing hard-to-guess passwords, thereby regulating human behavior, together with logging off systems when not in use and not discussing the sensitive organizational procedures with people outside the organization or with anyone.

Cryptography techniques

The two disciplines of cryptography are cryptology and cryptanalysis. The techniques used in cryptography are microdots, merging words with images, as also some more ways for hiding information in transit or storage. Cryptography scrambles plaintext into ciphertext and then back to plaintext. Practitioners in this field are cryptographers.

The area of constructing cryptographic systems is cryptology. And the area of breaking cryptographic systems is cryptanalysis.

The technique focused on secure communication between one or more parties is cryptography.

It is based on encryption, decryption, signing, generation of pseudo-random numbers, and other methods.

The following figure describes the cryptography technique:

Figure 1.2: Cryptography technique

Anand using encryption sends a message to Bikram, who receives the message after its decryption. Eve/Mallory, an adversary, attacks/eavesdrops; however, the secure channel is used for the communication; hence, the plaintext sent by Anand is received as plaintext p by Bikram.

A cryptographic attack circumvents the security of a cryptographic system by the process of cryptanalysis, which can find a weakness in the code, the cipher cryptographic protocol, or key management scheme.

Decryption

The reason for implementing an encryption-decryption system for information is privacy. Decryption is the process of converting encrypted data into its original form. An authorized user can only decrypt the data, enabled by decryption decoding the encrypted information. A secret key or a password is required for the process of decryption. It is necessary to scrutinize the access from unauthorized organizations or individuals, as the information travels over the Internet. A prompt or window is received by the recipient of the decrypted data, who can access the encrypted data with a password. As a result of encryption, the decryption system extracts and converts the data, transforming it into words and images, which the reader and a system can understand. Decryption can be done either manually or automatically. It may also be performed with a set of keys or passwords.

Turning ciphertext back into plaintext is decryption. Algorithms, keys, and key management facilities are comprised in a cryptographic system for decryption.

Cipher modes

Let us define cipher modes.

Encryption algorithms can have different modes of operation. For confidentiality or authentication, a companion algorithm tailors the symmetric-key algorithm for different applications known as modes.

During encryption, you must specify which cipher and mode to use. The cipher and mode used are randomly selected from the ciphers, that is, common between the two servers taking part in communication. All servers and client computers that participate in encrypted communication should ensure that the ciphers and modes used are common. If you include more ciphers and modes between which the database server can switch, encryption becomes more secure.

A "cipher is the algorithm that encrypts and decrypts data, whereas the cipher mode" defines how the cipher encrypts and decrypts it.

The cryptographic algorithms that you use to encrypt/decrypt data are the ciphers, whereas cipher modes define the "mode of operation" for applying the cipher. Both are complementary and can be chosen separately.

The Data Encryption Standard (DES) is a cryptographic algorithm designed to encrypt and decrypt data by using 8-byte blocks and a 64-bit key.

The triple-DES (DES3) is a variation of DES in which three 64-bit keys are used for a 192-bit key. DES3 works by first encrypting the plain text by using the first 64-bits of the key. Then the ciphertext is decrypted by using the next part of the key. In the final step, the resulting ciphertext is re-encrypted by using the last part of the key.

The Advanced Encryption Standard (AES) is a replacement algorithm that is used by the United States Government.

The cipher modes are symmetric, asymmetric, block, and stream.

Symmetric ciphers

For encryption of plaintext and decryption of ciphertext, the symmetric ciphers use the same cryptographic keys. These ciphers are fast and allow encrypting of large sets of data. Secret keys to both parties should be securely distributed, which requires sophisticated mechanisms.

This encryption involves only one secret key to cipher and deciphers information.

A number, a word, or a string of random letters are used as a secret key in symmetrical encryption. To change the content in a particular way, blending with the plaintext of a message is done. The secret key used to encrypt and decrypt all the messages should be known by the sender and the recipient. Examples of symmetric encryption are Blowfish, AES, RC4, DES, RC5, and RC6.

All parties involved have to exchange the key used to encrypt the data before they can decrypt it, which is a disadvantage of this encryption scheme.

Asymmetric ciphers

Also known as public-key cryptography, it uses two keys to encrypt a plaintext. Internet or a network is used to exchange secret keys, which ensures that malicious persons do not misuse the keys. Note that anyone with a secret key can decrypt the message, which is the reason why asymmetrical encryption uses two related keys to boost security. For anyone who might want to send you a message, a public key is made freely available. The second private key is kept a secret so that only you can know of it.

A message encrypted using a public key can only be decrypted using a private key, and a message encrypted using a private key can be decrypted using a public key communication is ensured by the asymmetric key.

Over the Internet, asymmetric encryption is used in day-to-day communication channels. ElGamal, RSA, DSA, Elliptic Curve Techniques, and PKCS are popular asymmetric key encryption algorithms.

Block ciphers

A block at one time encrypts a fixed size of n-bits of data by an encryption algorithm called a block cipher. The size of these blocks maybe 64, 128, or 256 bits. For example, a 64-bits of plaintext is taken by a 64-bits block cipher and encrypts into 64-bits of ciphertext. Padding schemes come into play when bits of plaintext is shorter than the block size.

The encryption algorithms used here are DES, Triple DES, AES, IDEA, and Blowfish.

Stream ciphers

This is an encryption algorithm that encrypts 1 bit or 1 byte of plaintext at a time. An infinite stream of pseudo-random bits is used as the key. Its pseudo-random generator should be unpredictable, and the key should never be reused for the stream cipher implementation to remain secure. To approximate an idealized cipher called One-Time Pad, the stream ciphers are designed.

"Perfect Secrecy" can be achieved by the one-time pad, which uses a purely random key. It is immune to brute force attacks. The key used should be as long or even larger than the plaintext, which is a problem with the one-time pad. So, if you have a 600 MB video file that you would like to encrypt, you need a key that is at least 4–5 GB long.

The use of a one-time pad would be impractical for day-to-day public use while very useful for top secret information or matters of national security. You can achieve a strong level of security.

Figure 1.3 displays the types of encryption.

Figure 1.3: Types of encryption

Figure 1.4 shows the process of encryption–decryption.

Figure 1.4: Encryption-–decryption process

Digital signature

To verify the contents of a document, as also the sender’s identity, a digital code is generated and authenticated by public key encryption attached to an electronically transmitted document is a digital signature, a major benefit of public-key cryptography.

To ensure that an electronic document authenticates a digital signature is a way. By authentic, we mean you know who created the document and that it has not been altered because that person created it.

To ensure authentication, digital signatures depend on certain types of encryption. Taking the data that one computer sends to another and encoding it into a form that only the other computer can decode is the process called encryption. The information coming from a trusted source is verified by the process of authentication. These two processes work hand in hand for digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, as also verify that the information is intact.

Authentication, data integrity, and non-repudiation are provided by the public key digital signatures. The purpose served is the same as a handwritten signature.

Counterfeiting digital signatures is nearly impossible, although in the case of handwritten signatures, it may be possible. Attesting to the contents of the information and to the identity of the signer is made possible by the digital signature.

Figure 1.5 explains the process of digital signature.

Figure 1.5: Digital Signature

Working of digital signatures

Handwritten signatures are unique to each signer, and so are digital signatures. The protocol followed by digital signature solution provider DocuSign is PKI, which requires the provider to use an algorithm to generate two long numbers, called keys; one is public and the other is private.

The signature is created using the signer’s private key. The key is always kept securely by the signer when he/she electronically sign a document. A cipher creates data matching the signed document called a hash and encrypts that data using an algorithm. The digital signature is the result of encrypted data. The time that the document was signed is also marked with the signature. Any changes after signing the document make the digital signature invalidated.

The integrity of the signature needs to be protected and often requires the services of a certificate authority (CA). As per the requirement of PKI, the keys should be created, conducted, and saved in a secure manner.

The PKI requirement for safe digital signing is met by DocuSign, the digital signature provider.

Creating a digital signature

A signing software creates a one-way hash of the electronic data to be signed and is required to create a digital signature. The private key is used to encrypt the hash. The digital signature is the encrypted hash along with information such as the hashing algorithm.

An arbitrary input is converted into a fixed-length value, usually much shorter by a hash function, which is the reason why the hash is encrypted instead of the entire message or document. A lot of time is saved by hashing, which is much faster than signing.

The hash value is unique to the hashed data. A change in the data will result in a different value.

This characteristic allows the integrity of data which is enabled by others to validate the signer’s public key to decrypt the hash, which proves that the data has not changed because it was signed if the decrypted hash matches a second computed hash of the same data. A compromise to its integrity will happen if the two hashes do not match, meaning that the data in some way has been tampered. If the signature was created with a private key that does not correspond to the public key presented by the signer, an issue of authentication arises.

A digital signature used with any kind of message, whether it is encrypted or not, makes the receiver sure of the sender’s identity and that the message arrived intact.

For both the document and the signer, the digital signature is unique and binds both of them together. The property of non-repudiation makes it difficult for the signer to not accept that he has signed a message/document assuming that his/her private key has not been compromised.

The digital certificate, an electronic document that contains the digital signature of the issuing CA and binds it together with an identity and a public key, verifies that a public key belongs to a particular person or entity.

The digital signatures and digital certificates can be used to make it easy to sign all outgoing e-mails and validate digitally signed incoming messages. The communications and transactions conducted over the Internet are extensively provided by digital signatures in the form of proof of authenticity, data integrity, and non-repudiation.

Digital signature classes

Digital signature certificates can be divided into three different classes as follows:

Class 1 signatures are used in environments where there is a low risk of data compromise, which provides a basic level of security. It cannot be used for legal business documents as their validation is based only on an e-mail ID and username.

Class 2 signatures are used in environments where there are moderate risks and consequences of data compromise. A signee’s identity is authenticated against a pre-verified database and is used for the e-filing of tax documents, including IT and GST returns.

Class 3 signatures are used in environments where threats to data and the consequences of a security failure are high. Examples include e-auctions, e-tendering, e-ticketing, and court filings. It is termed as the highest level of digital signatures, which requires a person or an organization to be present before a certifying authority to prove their identity before signing.

Uses of digital signature

Digital signatures are used by the industry to streamline their processes and improve document integrity. Processing tax returns, verifying business to government transactions, ratifying laws, and managing contracts are the uses governments put digital signatures. Improving the efficiency of administrative processes and treatment and strengthening data security are the uses digital signature is put to in the healthcare industry. The uses the manufacturing sector puts digital signature to are speeding up the processes, including product design,