Photo by Ewan Kennedy from Pexels

Last week, we introduced the concept of hashing. To recap, hashing is the process of having an input of any length, running it through a hashing algorithm and getting an output of fixed length. This means the hash output generated is independent of the length of the input.

We also noted that a blockchain uses hash functions in order to create a record of the data recorded to the blockchain. Why? so that any change to a single piece of data is easily identified. We all know that the blockchain architecture is decentralized, meaning there is no centralized institution or authority verifying the authenticity of any transaction or maintaining IT security. The nodes are the ones carrying out the verification. (We will get into addition of transactions to the blockchain later!!).

So, there should be some security or check to ensure no one is able to change any part of the transaction during verification or once verified. This is where cryptography plays a fundamental role in ensuring transaction authentication without a trusted third party.

Before we see how it is done in blockchain, let us take a simpler scenario of implementing digital signature.

What is digital signature ? - It is a technique to ensure secure transmission of documents to ensure authenticity of source and that no alteration to the document has been carried out during transit from sender to receiver. How do we ensure authenticity of a physical document? By signing on the document physically, it is proof that the person signing it has verified and agreed to the contents of the document.

How is the same authenticity and verification done for digital documents? It has to be proved that

1. The person sending the document (owner) is actually the source from where the document has originated

2. The contents of the document has not been tampered with in transit.

How can the recipient of the document ensure both the above conditions are satisfied?

Let us put these conditions in a diagram for better visualization

In a digital signature, the sender uses two keys. Let us name these two keys as Key A and Key B. The sender uses Key A to encrypt their document which can be decrypted only by using Key B so no one else other than the receiver who has the Key B can decrypt the document - which means these are paired keys. Paired means only key B can unlock (decrypt) whatever Key A has locked (encrypted).

Let us visualize this as below :

How exactly does encryption and decryption work? The document is run through a hashing algorithm which creates a hash output. We then use key A to encrypt the hash. Now, why are we encrypting only the hash instead of the whole document? Last week, we mentioned that if we change even a single character in the input document, the hash changes completely. Thus, encrypting a hash which has shorter number of characters is much faster than encrypting an entire document. Also, it is much more efficient as the hash output is fixed irrespective of the length of the document.

The receiver who has the paired Key B uses the key to decrypt the document and generate a second hash. The receiver is now able to compare the hash of the document that was initially created by the sender and the hash just generated. If these two match, then the receiver can ensure authenticity of the document. Otherwise, either

1. It has been tampered with or

2. It was NOT been sent by the sender using Key A

The below diagram makes it more clear.

Now that the overall concept is clear, in technical terms -

1. Key A which was used by the sender to encrypt the document is called the sender's PRIVATE KEY.

2. Key B which was provided to the receiver to decrypt the document is called the sender's PUBLIC KEY.

3. The concept of using a PAIRED PUBLIC & PRIVATE KEY system is called ASYMMETRIC CRYPTOGRAPHY.

4. Asymmetric cryptography enables users who do not know each other to exchange encrypted information.

5. A public key is made available to all. It is like a bank account number, which can be provided to anyone.

6. The private key, which remains secret, acts as the password to the same bank account.

Now, a question!! Is it possible for two documents to produce the exact same hash output? Well, it is probable but depending on the hash function, the probability of that happening is very rare. In case that happens, it is called a HASH COLLISION.

Another simple write up on hashing, hash functions & hash tables can be found here.