- Toshendra Kumar Sharma
- December 24, 2018
As the price of cryptocurrencies has soared, so has the number of reported hacks by the users of cryptocurrencies. Hacks can range from private keys getting stolen to illegitimate or counterfeit hardware wallets stealing cryptocurrencies. For investors planning to invest large amounts of money into cryptocurrencies, it is important to make sure that they have a means of securely storing the digital tokens. It is important to understand how public key cryptography in order to answer whether or not blockchain based private key can be hacked. Here’s an in-depth look at the basics of public key cryptography as it relates to blockchain technology.
Public Key Cryptography in Blockchain Technology
Public Key Cryptography relies on a pair of private and public keys to securely send information over an unencrypted channel. As the name suggests, the public key is broadcasted out to all of the network participants while the private key is kept secure in order to ensure it is not misused. Private keys are used to create digital signatures, a piece of code which helps ensure that the author of a transaction is, in fact, the individual who holds the private key. The digital signature along with the corresponding public key helps to ascertain the identity of the user who sent the transaction. More formally, digital signatures depend on two functions:
-
Sign (Message, Private Key) -> Signature
Given the message we want to sign, the message and a private key, this function produce a unique digital signature for the message.
-
Verify (Message, Public Key, Signature) -> True/False
Given the message we want to verify, the signature and the public key, this function gives a binary output depending on whether the signature is authentic
Private Key Generation In Bitcoin
Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to create a new set of private key and corresponding public key. The public key is then used with a hash function to create the public address of that user. The private key is kept secret and is used to sign a digital transaction to make sure the origin of the transaction is legitimate. The ECDSA algorithm that is used to generate the private is key the most advanced way of generating the keys right now. The process of key creation is very secure because, given a public key, it is practically impossible to come up with the corresponding private key. In other words, there is no way other than guessing and checking different private keys. With the current computing resources we have, it would take an extraordinarily long time to find the correct private key. Assuming that a classical computer tested a trillion keys a second, it would take up to 1.09 x 1019 years to guess the correct answer. That number is very large, and for practical purposes means that it is not possible to crack with the presently available computers.
Sources of Attacks
The only possibility of private keys being hacked comes from the threat of quantum computers. The quantum computing threat comes from the fact that quantum computing takes advantage of quantum bits or “qubits” that can exist in any number of values between 0 and 1. That means that quantum computers can process much more information than just binary computation, which is the limit of classical computing systems. As a result, quantum computers can process many orders of magnitude more than classical computers. This is a grave threat not just to private key generation but also to almost all aspects of cybersecurity. But realistically, such a threat is many years in the future and we are already seeing a lot of development in quantum resistant blockchainsThe quantum computing threat comes from the fact that quantum computing takes advantage of quantum bits or “qubits” that can exist in any superposition of values between 0 and 1 and can, therefore, process much more information than just 0 or 1, which is the limit of classical computing systems. As a result, quantum computers can process many orders of magnitude more than classical computers like the Quantum Resistant Ledger (QRL.)