“I don’t have a background in cryptography, and get a little confused when looking through what actually happens in a bitcoin transaction. How do I know that no one else can spend my bitcoins? Is there any way someone just use my address to figure out my wallet?”
– Eric from Norway
Trusting an emerging financial technology can be difficult without having at least a high level understanding of what security measures are involved. Most people trust their banking system because there’s a brand standing behind transfers and insurance such as FDIC backs up deposits. Because of bitcoin’s decentralized nature, there is no company backing many transactions, so people using bitcoin to transfer money must rely on the algorithms behind it.
This article will be a high-level review of digital signatures followed by it’s application in the bitcoin protocol. The following examples are highly simplified and should be used for illustrative purposes only. A thorough explanation of the math involved in Bitcoin’s cryptography is available on the Elliptic Curve DSA wikipedia page.
Cryptography is a popular method of sending secure messages over the internet. The foundation of bitcoin’s cryptography is the use of key pairs – a matching signature key and verification key – to digitally sign transactions. To use a digital signature, the private signature key signs a message, and the public verification key confirms that the correct key was used in the signature.
Digital signatures rely on the use of one-way functions to ensure authenticity, so we will briefly describe what they are before discussing how digital signatures apply to bitcoin.
Most people are familiar with invertible functions (i.e. multiplication). Invertible functions are easy to compute in both directions. Given the output of the function, you can determine the input. If I were to define a function as 6*x, and claim the output was 42, it would be trivial to invert the function to determine that x was 7 (since 6*7 = x = 42).
There are also functions called a one-way functions. A one-way function is easy to compute in one direction, but practically impossible in the other. Given a one-way function and the output, it is impossible to determine what the input is. Commonly, one-way functions utilize the modulus function. Modulus is similar to division, however, the output is the remainder of an integer division:
23 / 5 = 4 remainder 3
23 mod 5 = 3
Given the function x mod 5, and the output 3, it is impossible to tell conclusively that the original input was 23. Note: this is technically not a true one-way function, however many encryption one-way functions are built on this principle.
A popular use of one-way functions is digitally signing a message. When receiving a message over the internet it is difficult to determine that the sender is who he claims to be, and that the message was not altered before receiving it. It is possible to digitally sign a message using a privately-held signature key, which can later be verified using a publicly-known verification key.
Decrypting the digital signature using the verification key will identify if the correct signature key was used and the recipient of the message will be able to tell whether the current message matches the one that was originally signed.
The basic outline for a cryptographic transaction is as follows:
Step 1: Creating the digital signature
Step 2: Verifying message authenticity
By using one way functions for each step in the process, verification is possible without revealing the secure inputs.
The specific type of one-way functions used for digital signatures is known as a trapdoor one-way function. Using a verification key, it is easy to verify the signature (direction 1), but impossible to derive the signature from the output (direction 2). The signature key is the trap-door to the one-way function, allowing it be performed easily in either the verifying (1) or signing (2) direction. This is important for bitcoin, since digitally signing a transaction allows a high degree of certainty that the person holding the signature key has the proper authority to create the transaction.
A bitcoin wallet stores your set of signature and verification keys. These keys are generated in pairs, and unique for each bitcoin address. Each bitcoin address is derived from a verification key, and the corresponding signature key is used to send transactions from that address.
A bitcoin transaction has three primary components:
The Message – containing a reference to the previous transaction which the funds will be removed from, and the new address where the funds will go
A digital signature
A verification key – contained in the sender’s address
Bitcoin transactions work differently than cash transactions. Cash transactions just reference what is currently held, not the ongoing chain of events before it. A bitcoin transaction on the other hand is a redirection of funds from a previous transaction. Addresses are used as verification keys to identify who has permission to redirect those funds. Previous transaction(s) are referenced in order to identify exactly which funds should be moved, and that the owner has the necessary amount of bitcoins. The “message” in the digital signature described above is a combination of a reference to a previous transaction, plus the new address where funds will be sent.
All bitcoin addresses contain a reference to a verification key. In order to transfer funds from a bitcoin address, a signature key matching the bitcoin address must be used to sign the transaction. The entire message – which funds to move, as well as the destination address – is digitally signed.
The whole transaction is then verified before a transfer can take place. The original address is used as a verification key for the digital signature, to determine whether the sender has access to transfer those specific bitcoins. If this check passes, the destination address will then receive bitcoin.
If you also have questions about bitcoin, let us know and we’ll do our best to address common inquiries.