# Michael's Wiki

A lot of my coworkers are feeling pressure from “blockchain” hype. Before throwing a blockchain at a problem, let's review some cryptography basics. There's a good chance a simpler cryptography technique will be more appropriate for whatever application someone wants to hit with the blockchain-hammer.

From building-blocks to blockchain:

1. Cryptographic Hashing
2. Symmetric Key
3. Public/Private Key
4. Blockchain

### Architecting With Crypto

“Encryption is something you go around, not through” -I forgot who said this but it's true (common avenues: implementation backdoors, broken algorithms)

First consider when NOT to use cryptography. It's like Black Panther's suit:

It will stop bullets, but it doesn't make you invincible on its own.

Always keep in mind:

• what is encrypted?
• where are the keys?
• (what are scope limits)
• is usability practical?
• if someone is going to put a vital password on a post-it in the break room, reconsider

This is where catastrophic problems usually come from. People get tunnel-vision on the encryption methods and forget to consider the context and environment it's playing around in.

### Crypto Techniques

So before jumping into blockchain, consider:

#### Cryptographic Hashing

The basic building block of encryption. A cryptographic hash is considered “cryptographically secure”, which means it is mathematically-really-hard to invert the function. You effectively can't brute-force or guess what input created the output.

Cryptographic hashing is also quite versatile. This makes it such a powerful tool.

#### Symmetric-Key Methods

Closest to what we typically think of as “passwords”. Symmetric-key methods use a shared secret (a.k.a. “cipher”) to encrypt and decrypt data back and forth symmetrically. They're relatively cheap on computing resources.

Examples:

• user account password used to encrypt the partition or files in your PC/Mac
• keychain “master” passwords, used to store other passwords in an encrypted format

#### Public-Key Methods

A pair of hashing functions R and U are created together. R is “pRivate” and U is “pUblic”. They behave in a way that U can verify if some output came from R.

$$R(x) \rightarrow y$$ $$U(\{Y\}) \rightarrow \text{something sane}$$ $$U(\neg \{Y\}) \rightarrow \text{error}$$

Common technology used is RSA. Used in e.g. SSH and Secure Signing.

##### Secure signing - Adobe PDF example
• R is the “signature” file you create in Acrobat and save to your local computer for future use.
• y is the “signature” left on a PDF you send to someone else.
• U is built or saved in Adobe Acrobat that others use to verify the signature.

#### Blockchains

A blockchain combines a cryptographic hash chain with distributed data storage. Most blockchain issues reduce to distributed storage problems parity and replication efficiency.

Recall that cryptographic hash functions can take variable input and produce a fixed-length hash. Each “block” contains a previous block's hash and data, which are all used to compute that block's hash. This is shared across a distributed data storage network.

Replication methods are required to manage data parity across the network (see bittorrent or database clusters for other replication examples).

##### Benefits
• auditable
• cryptographically secured by conjugate hashing
• interference requires compromising enough of the network to sway consensus of the replication method

• Blockchain
• Paired-Key Encryption