`

A Gentle Reminder About Encryption

Recently, I was surprised to hear a blockchain expert confuse “encryption” and “signatures.”
 
You don’t have to be a cryptographer to appreciate cryptography. For most of history, cryptography was a poorly understood field practiced by only a select few people – largely those involved in statecraft*. Since the 1970s and 80s, the prominence of computer programs has made cryptography an integral part of our economy as it secures the networks and transactions we use each day. Though you don’t have to be an expert to reap its benefits, it does help to understand what different methods do to information.
 
Encryption refers to the operation of disguising plaintext, information to be concealed. The set of rules to encrypt the text is called the encryption algorithm. The operation of an algorithm depends on the encryption key, or an input to the algorithm with the message. For a user to obtain a message from the output of an algorithm, there must be a decryption algorithm which, when used with a decryption key, reproduces the plaintext.  For most of history, encryption algorithms were largely symmetric – using the same secret key to decrypt and encrypt the same plaintext. This meant that trust needed to exist between the two parties exchanging information at some level. There was a large vulnerability in communication while exchanging that key with the correct recipient.
 
In the 1970s, asymmetric cryptography was proposed. One of the innovations this rendered was public key cryptography, which uses pairs of keys (one public to the network, one private to the owner) to help circumvent the vulnerability of having to share a single key between actors. Though any person can encrypt a message using a public key of a receiver, only intended recipients can see this message through the use of their associated private key. Bitcoin relies on public key cryptography to validate transactions. This is an extremely clever way to transmit data and record ownership. It’s important to understand that this is not the same as the network, and blockchains more generally, encrypting transactions.
 
Digital signatures are typically employed if there is a requirement for settling disputes between the content of a message or its origin. The digital signature of a message depends on the message and the sender. After applying a mathematical transformation to a particular message together with the private signing key of an actor, a signature scheme will produce a short sequence of number as an output. In digital signature schemes based on public key systems, such as RSA, anyone who knows a person’s public key can check that their corresponding private key has been used without determining the private key.
 
Why is it important to understand what these methods do? Well, when dealing in a capital markets context, all the information disseminated to the marketplace has value. Since we’re proposing that a cryptographically assured ledger be the dominate means of recording the data actors use, it’s worth understanding that not all cryptography is actually a means of encryption. There are precise, technical definitions for most of what we discuss and understanding those definitions is what moves conversations forward.

 * - And even then, I’m told from a friend lecturing on spies in Renaissance Florence, people would ditch their schemes halfway through correspondences and complain about losing keys. That’s for another Ledger Beat.