Expanded by the MDUKEY encryption method: about common asymmetric encryption algorithms in blockchain

1. Background:

The security of user privacy data has always been the top priority of MDUKEY. As the highest priority, MDUKEY storage service uses proxy re-encryption, multi-layer encryption (application layer, gateway layer, file system layer) and other technologies to protect user privacy data, and minimize user data data split, distributed storage, Reduce the risk of large-scale data leakage while ensuring high availability of services.

On the basis of data security, MDUKEY uses a combination of symmetric encryption and asymmetric encryption technology, as well as professional encryption and decryption hardware, to increase the encryption and decryption rate and ensure high throughput of services.

Among them, asymmetric encryption is the cornerstone of the blockchain field. Although many people have heard of it, it is not specifically understood.

Therefore, this article will extend from the encryption method, and introduce the “signature and encryption” in the asymmetric encryption algorithm.

2. What is asymmetric encryption?

Asymmetric cryptography, also known as Public-key cryptography, is an algorithm of cryptography. It requires two keys, one is a public key and the other is a private key. As the name implies, the public key can be released arbitrarily; and the private key must be kept strictly secret by the user, and will never be provided to anyone through any means, and will not be disclosed to the other party to communicate.

The basic process of asymmetric encryption algorithm to realize the exchange of confidential information is: Party A generates a pair of keys and makes the public key public, and other roles (Party B) who need to send information to Party A use the key (Party A’s public key) pair Confidential information is encrypted and then sent to Party A; Party A then uses its own private key to decrypt the encrypted information. When Party A wants to reply to Party B, the opposite is true, using Party B’s public key to encrypt the data. Similarly, Party B uses its own private key to decrypt.

Asymmetric encryption has two important properties:

2.1 Bidirectionality of encryption

Encryption is bidirectional, that is, either public key or private key can be used for encryption, and the other can be used for decryption.

The ciphertext obtained by using one of the keys to encrypt the plaintext can only be decrypted with the corresponding other key to obtain the original plaintext. Even the key originally used for encryption cannot be used for decryption. This is asymmetric encryption The most important nature or characteristic.

2.2 The public key cannot be derived from the private key

It must be ensured that the private key cannot be derived using the public key, at least it is computationally infeasible to use the public key to derive the private key, otherwise the security will no longer exist.

Although the two keys are mathematically related, if the public key is known, the private key cannot be calculated based on this; therefore, the public key can be made public and can be released to the outside arbitrarily; while the private key is not made public and will never be sent to the public through any means. Anyone provides.

3. Common asymmetric encryption algorithms:

At present, common asymmetric encryption includes RSA algorithm, Elgamal algorithm and elliptic curve digital signature algorithm (ECDSA), among which elliptic curve digital signature algorithm (ECDSA) is the most used method in blockchain.

3.1 RSA algorithm

RSA is the most widely researched public key algorithm. It has a history of forty years since it was proposed and has undergone various attacks. The security of RSA mainly relies on decomposition of large numbers. The advantage is that the length of the secret key can be increased to any length. The RSA operation method causes that if the signature content is shorter, it will be easily modified to what the attacker wants. Therefore, it is generally necessary to perform a hash operation on the signature content and fill it to the length of the private key. In addition, with the growth of computing power, the length of the secret key needs to be continuously increased in order to prevent it from being cracked. Currently, the length of the secret key considered to be safe is 2048 bits. At the same time, RSA private key generation requires a combination of two prime numbers, so the calculation speed for finding a longer private key is slower.

3.2 Elgamal algorithm

Elgamal was invented by Taher Elgamal in 1985. It is based on the DiffieˉHellman key exchange algorithm, which enables the communicating parties to derive the secret key value that only they know through public communication [DiffieˉHellman].

DiffieˉHellman was invented by Whitfield Diffie and Martin Hellman in 1976. It is regarded as the first asymmetric encryption algorithm. The difference between DiffieˉHellman and RSA is that DiffieˉHellman is not an encryption algorithm, it just generates a secret value that can be used as a symmetric key. .

In the DiffieˉHellman key exchange process, the sender and receiver respectively generate a secret random number, and derive the public value from the random number, and then the two parties exchange the public value. The basis of the DiffieˉHellman algorithm is the ability to generate a shared key. As long as the public value is exchanged, both parties can use their own private number and the other’s public value to generate a symmetric key, which is called a shared key. For both parties, the symmetric key is the same and can be used to encrypt data using a symmetric encryption algorithm.

3.3 Elliptic Curve Digital Signature Algorithm (ECDSA)

The elliptic curve algorithm uses the discrete logarithm problem of the elliptic curve in a finite field to encrypt or sign. The secret key of elliptic curve is different from RSA, and the effective range will be limited by the parameters of elliptic curve. Therefore, the security cannot be improved by increasing the length of the private key like RSA. For curves with insufficient security, the parameters of the elliptic curve must be modified. RSA is flexible.

Compared with the RSA algorithm, the advantage of the elliptic curve is that the private key can be selected from any number within the effective range, and the generation speed of the private key is much faster than that of the RSA algorithm. The most important thing is that the elliptic curve security performance of the same key length is much higher. Therefore, the length of the elliptic curve key required to achieve the same security level is much smaller than the length of the RSA key, so the storage space occupied is relatively small, and it is more difficult for storage. For limited blockchains, elliptic curves are more suitable.