Cryptography Notes #1

Posted on by

Encryption & Signatures

  • public key = (e, n)
  • private key = (d, n)
  • e, d, n are numbers.
  • m — message and it is <= n (messages <=> numbers).
  • RSA is a block cipher, so a message is split into blocks b_i where b_i <= n.
  • For simplicity we can assume that our message fits into a block.

Encryption

c = m^e (mod n)

Think of a circle with n points, m^e starts at a point m and wraps around the circle x amount of times and stops at point c. c is a cryptogram.

Decryption

m = c^d (mod n).

c^d starts at a point c, wraps around the circle x times and stops at point m.

To compare, Caesar cipher is:

c = (m+e) (mod 26)

m = (c-e) (mod 26)

Digital Signature

  • Decrypt a hash h and receive s (or signature)
  • Transmit (h, s)
  • The other party who has your public key can encrypt s and receive h’. If h == h’, then s could have only been generated by the owner of the private key whose public key you have.
  • If the decrypt/encrypt sounds strange — if the other party were to send enc(s) = h, you could decrypt it to obtain s.

Bitcoin multi-sig address

To spend funds stored in a m-of-n multi-sig address, you need to create a transaction that has >= m required signatures, then broadcast it.

L2 channel

1) A and B put money into a 2-sig address.

2) Construct a transaction that distributes the money from (1) to A and B:

OUTPUT 0 <5 BTC>: <X's Public Key> CHECKSIG
OUTPUT 1 <5 BTC>: 
IF
  # Revocation penalty output
  <Revocation Public Key>
ELSE
  <1000 blocks>
  CHECKSEQUENCEVERIFY
  DROP
  <Y's Public Key>
ENDIF
CHECKSIG

3) A and B have version of (2) signed that favors them (e.g. they are the party X that gets their funds immediately).

4) A and B have 1/2 of the secret key whose public key is the revocations public key.

5) Because of (4), (2) can be invalidated by the non-favored party sharing their part of the secret revoke key. If the non-favored party were to sign the transaction that favors the other party, money from the 2-sig address would be split into two UTXOs, both of which could then be unlocked by the favored party. This make (2) invalid.

6) It is important to agree on the new version of (2) before (5). Otherwise if the favored party goes offline, the non-favored party would not be able to get their money back, since invalid version of (2) is all they would have. They can risk it, but if in 1000 blocks the favored party were to come back online — gg.

    Leave a comment