Cryptographic essence of Bitcoin: Part 2 — How do public/private keys work?, by@samarakoon.gayan

December 28th 2018 1,026 reads

Let’s find out how to create a Bitcoin Address

Elliptic curve cryptography (ECC) is an approach to public-key cryptography (watch video) based on the algebraic structure of elliptic curves over finite fields.

**The elliptic curve below is an example of an elliptic curve, similar to that used by bitcoin.**

The elliptic curve technique is used to create the public key derived from the private key.

Starting with a **private key in the form of a randomly generated number k**, we multiply it by a predetermined point on the curve called the generator point G to produce another point somewhere else on the curve, which is the corresponding **public key K**. The generator point is specified as part of the secp256k1 standard and is always the same for all keys in bitcoin:

K = k * G

k is the private key

G is the generator point

K is the resulting public key, a point on the curve

Because the generator point is always the same for all bitcoin users, a private key k multiplied with G will always result in the same public key K. The relationship between k and K is fixed, but **can only be calculated in one direction, from k to K**. That’s why a bitcoin address (derived from K) can be shared with anyone and does not reveal the user’s private key (k).

To visualize multiplication of a point with an integer, we will use the simpler elliptic curve over the real numbers — remember, the math is the same. Our goal is to find the multiple kG of the generator point G.

That is the same as adding G to itself, k times in a row. In elliptic curves, adding a point to itself is the equivalent of drawing a tangent line on the point and finding where it intersects the curve again, then reflecting that point on the x-axis.

The diagram below shows the process for deriving G, 2G, 4G, as a geometric operation on the curve.

*Process for deriving G, 2G, 4G, as a geometric operation on the curve.*

- The first step is to have a reliable source of randomness and get a random number (256-bit)

2. Next, you need to apply a SHA256 to that number and you will get the private key (k). [Unequivocal Process]

3. By applying elliptic curves (a cryptographic technique) we obtain the public key (K), as explained above.

4. Then, SHA 256 and RIPEMD160 (a different hash function) is applied and we finally get the Bitcoin Address. [Unequivocal Process]

5. You can show the address in many different formats. The most common is with a QR Code.

**How the blocks are linked?**

Every block is a group of many transactions and each block contains very specific information about that particular block. The main field for a block is a Header (or title) for that block. The header contains these fields:

Version, Previous Block Hash, Merkle Root, Timestamp, Difficulty Target, Nonce

As you can see, one of the fields of the header is the “Previous Block Hash”. *This is the Hash of the Header of the previous block. This is the way the blocks are connected.*

You can see it visually below:

As previously mentioned, a **proof-of-work **(**POW**) **system **(or **protocol**, or **function**) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer. But, how does it work?

As above, each block has a header with several components:

*Version, Previous Block Hash, Merkle Root, Timestamp, Difficulty Target, Nonce*

A key element for executing the PoW is the Nonce (a simple counter). Why is this?

If you are a miner, the first thing you need to do to “mine” is to take the Header of a block and apply a SHA256.

To do this, you need to assign a number to the Nonce because all of the other fields of the header are fixed. For example, let´s say that we start with the Nonce = 0. With this, you will get an alphanumeric string (2poiuwfsvhxnv382249j). You can have a follows:

Then, what you need to do is to compare that result with the **Target. **The target is a variable that is used to define an alphanumeric string with a certain amount of zero at the beginning. (e.g.0000000wirug43xj).

The question to answer is: **The hash of a Header for certain nonce has the same or more zeros at the beginning than the Target?**

In the example:

2poiuwfsvhxnv382249j has the same or more zeros than 0000000wirug43xj? The answer, in this case, is NO.

So which variable you can change on the header in order to apply SHA256 and get a different result? Here is when the Collision Resistance property of the SHA256 plays in our favour.

Why? Because by simply changing the Nonce to the Header, and applying the SHA 256, the result is completely different (and aleatory) vs the previous one.

In our example, let´s change to Nonce = 1 and the result its “0057aasñhlqywirfdr334”

Then, 0057aasñhlqywirfdr334 has the same or more zeros than 0000000wirug43xj? The answer, in this case, is NO.

And the process continues (nowadays millions of try-and-error processes are run every second by the miners), until finding the Nonce, that obtains the Target.

So, all the miners in the bitcoin network compete in order to be the first one to find the Nonce that let them get the Target. (This is why PoW is not so good in terms of energy consumption) Once a miner obtain the Nonce, then they let the rest of the network know that they found the Nonce to the Target and all the other nodes can quickly verify that it´s true by simple input that nonce and apply SHA256.

This is when a block is Validated by the network

As a reward, the miner who found the nonce to that block receives bitcoins from 2 streams:

1) The **fees **paid on the transactions included in that block.

2) The **new bitcoins **created by the system. (As per May 2017, its 12.5 btc/block)

*Take a look of all of this in real time on any bitcoin blockchain explorer*

**How long does it take to the miners to find that Nonce?**

Bitcoin system is set to take an average of 10 minutes for all the miners to find the Nonce of the target. This time was set by Satoshi Nakamoto.

*Then, what happens if more computational power is added to the network in order to find the nonce faster?*

If this is the case, the only parameter that can be changed in the system is the Target (also called the Difficulty). Every 2 weeks, the difficulty of the previous weeks is analyzed and the system decides if the difficulty should be increased or decreased. Increasing the difficulty means that zeros will be added at the beginning of Target. Decreasing the difficulty means that zeros will be reduced at the beginning of Target.

*You can see the difficulty evolution over the years** **here.*

Follow me to stay updated and learn new developments in financial markets and emerging technologies.

Follow me on Twitter!