# 4. Cryptography – Mastering Ethereum [Book]

Public-key cryptography (also called “asymmetric cryptography”) is a fundamental part of today’s information security. The Key Exchange Protocol, first published in the 1970s by Martin Hellman, Whitfield Diffie, and Ralph Merkle, was a monumental breakthrough that sparked the first great wave of public interest in the field of cryptography. prior to the 1970s, governments kept strong cryptographic knowledge secret.

Public key cryptography uses unique keys to protect information. these keys are based on mathematical functions that have a special property: it is easy to calculate them, but difficult to calculate their inverse. Based on these functions, cryptography allows the creation of unforgeable digital secrets and digital signatures, which are protected by the laws of mathematics.

Reading: What algorithm does ethereum use

See also: Truth About Crypto Price Correlation: How Closely Does ETH Follow BTC?

for example, multiplying two large prime numbers is trivial. but given the product of two large primes, it is very difficult to find the prime factors (a problem called prime factorization). Let’s say we present the number 8,018,009 and tell you that it is the product of two prime numbers. Finding those two primes is much harder for you than it is for me to multiply them to produce 8,018,009.

Some of these mathematical functions can be easily reversed if you know some secret information. In the example above, if I tell you that one of the prime factors is 2,003, you can trivially find the other with a simple division: 8,018,009 ÷ 2,003 = 4,003. these functions are often called trapdoor functions because they are very difficult to reverse unless given some secret information that can be used as a shortcut to reverse the function.

A more advanced category of mathematical functions that is useful in cryptography is based on arithmetic operations on an elliptic curve. in the arithmetic of elliptic curves, modulo-prime multiplication is simple but division (the inverse) is practically impossible. this is called the discrete logarithm problem and there are currently no known pitfalls. elliptic curve cryptography is widely used in modern computing systems and is the basis for the use of private keys and digital signatures by ethereum (and other cryptocurrencies).

In ethereum, we use public-key cryptography (also known as asymmetric cryptography) to create the public-private key pair that we’ve been talking about in this chapter. they are considered a “pair” because the public key is derived from the private key. together, they represent an ethereum account by providing, respectively, a publicly accessible account identifier (the address) and private control over access to any ether in the account and over any authentication the account needs when using smart contracts. the private key controls access by being the only piece of information needed to create digital signatures, which are necessary to sign transactions to spend the funds in the account. digital signatures are also used to authenticate the owners or users of contracts, as we will see in Chapter 7.

A digital signature can be created to sign any message. for ethereum transactions, the details of the transaction itself are used as the message. the mathematics of cryptography, in this case elliptic curve cryptography, provides a way to combine the message (i.e. the details of the transaction) with the private key to create code that can only be produced with the knowledge of the private key. that code is called the digital signature. Please note that an ethereum transaction is basically a request to access a particular account with a particular ethereum address. When a transaction is sent to the Ethereum network to move funds or interact with smart contracts, it must be sent with a digital signature created with the private key corresponding to the Ethereum address in question. Elliptic curve math means that anyone can verify that a transaction is valid by verifying that the digital signature matches the details of the transaction and the ethereum address to which access is requested. the verification does not involve the private key at all; which is still private. however, the verification process determines without a doubt that the transaction could only come from someone with the private key that corresponds to the public key behind the ethereum address. this is the “magic” of public key cryptography.

See also: Wormhole cryptocurrency platform hacked for 325 million after error on GitHub – The Verge