Cryptography is the science of secure communication in the presence of opponents, who can listen and even control the communication channel. Classical (symmetric) cryptography concerns encryption. That is, convert a message into an encrypted text.

An encrypted text is an apparent nonsense to the opponent listening on the communication channel, but the recipient knows how to translate it to the original message.

Cryptographers recommend that the encryption algorithm be made public and that only the encryption key is kept secret. This is known as the Kerckhoffs principle. The main reason for this system is to create an easy way to create an encryption algorithm that cannot be broken by its creator. But it is very difficult to make an encryption algorithm that cannot be broken by one person in the world, because there is a strong probability that there is someone more intelligent or imaginative in the world. I don’t want it to be scary.

Making an encryption algorithm public and submitting it to the cryptographic community for review is therefore a good idea. A motto of the Kerckhoffs principle is to make the cryptographic algorithm public, but keep the encryption keys private. Most of the early cryptographic work was done on symmetric ciphers. A very old example is Caesar’s encryption. The purpose of symmetric encryption is to encrypt an encrypted text message using the secret key so that the original message can be read only if the secret key is known. Good symmetric encryption should not allow any information about the message or secret key to escape. The Caesar number can be used as a symmetric encryption, where the secret key corresponds to the number of places to shift in the alphabet.

Apart from the fact that the secret key is very small (there are only 26 possible keys, the number of letters in the alphabet), this is not a very good symmetric encryption because it leaves a lot of information about the message. It allows the opponent to know the length of the message and the frequency of certain letters in the message. This information is sufficient in most cases to break the encrypted message. Ideal symmetric encryption is one that produces encrypted text that is indistinguishable from random generation.

The public key cryptographic system, more commonly known as asymmetric encryption, was developed in the 1970s by Diffe, Hellman and Merkle. Bitcoin does not use public key encryption algorithms, but a system that approximates them called digital signatures.

Public key cryptography was developed in response to a major weakness in symmetric encryption: key distribution. When two people use symmetric encryption, they must first ensure that they both share the same symmetric key: they must exchange keys via a secure channel before using the symmetric encryption system.


However, there are many situations in which it is not possible to exchange the symmetric key via a secure channel, such as e-commerce. The Internet is an insecure channel: traffic can be intercepted and even modified in transit. Therefore, it is impossible to establish a secure connection over the Internet using only symmetric encryption. Public key encryption was developed to solve this problem. An analogy for symmetric key encryption is that of a safe with a key. In symmetric encryption, the key can be used to both lock the vault (encrypt) and unlock the vault (decrypt).

For asymmetric encryption, the public key can only be used to lock the vault (encrypt), while the other key, the private key, can only be used to unlock the vault (decrypt).


How does public key encryption solve the key distribution problem?

The important point to note is that only the private key (the key that unlocks the safe) must be kept secret. However, it is perfectly safe to publish the public key (the key that locks the vault), because the more that key is published, the easier it is for another party to access that key and use it to communicate. The person can encrypt their message with your public key and only you and no one else can decrypt the message.


Public key encryption use in Bitcoin

The basic considerations and concepts in Bitcoin are based on asymmetric cryptography. The important part of cryptography seen, for example in the alternative name (“crypto-money”), but also in the fact that Satoshi Nakamoto initially published his concept of digital money to a mailing list for people interested in cryptography.

Asymmetric cryptography is characterized in contrast to symmetric processes by the fact that each participant identifies a key pair consisting of a public key and a private key. Although the private key must be kept secret in all circumstances, the public key should be widely distributed. In the case of asymmetric cryptography for email, for example, there are separate key servers on which the public key can be stored so that everyone can publicly verify another’s key. Communication users can use these key servers as a phone book and search for public keys for a particular person.

The interaction of these two keys is now suitable for different applications such as authentication servers, content encryption or digitally sign content and thus prove that a message from a particular person comes.


Suppose Alice wants to send Bob a message.

The message has important content and should therefore be transmitted in encrypted form. For this Alice must first be in possession of Bob’s public key.

With Bob’s public key, Alice can now encrypt her message so that Bob, using her private key, can decrypt the message. The simplified encryption sequence using asymmetric cryptography is illustrated in the Diagram below.

Although this encryption method does not apply to Bitcoin, it nevertheless relies on characteristics of this method. Significant parts of the Bitcoin architecture are based on digital signatures. A digital signature can be used to ensure that content actually comes from a specific person. The diagram below shows how Alice can prove to Bob that she is the sender of the message. Alice creates a message that she would like to submit to Bob. Using her private key, she can sign this message (or, in other words, digitally sign it) and identify herself as the sender.

When Bob receives the message, he can use Alice’s public key to verify the signature. If successful, Bob can assume that this message on the Alice-to-Bob route cannot be changed by anyone else.

It is important to understand that digital signatures and encryption are not the same thing, the first allows you to check the sender to be sure of the source while the second allows you to “hide” the content of the message. They often come in combination for use.