Since the invention of the written word, there has been a need for confidential correspondence. Throughout history people have puzzled over the question: how to send a message to the addressee so that it could not be read by anyone else (in other words, how can one ensure data confidentiality)? Cryptography was born in an attempt to answer this question. Its roots go back to the very beginning of civilization - for example, special hieroglyphs for communication between monarchs were used in Ancient Egypt more than 4,000 years ago. Later, encryption techniques were improved and made more complex until at the end of the 20th century, when a revolution occurred; the invention of asymmetric encryption. But where does blockchain technology fit in in this new, rapidly changing reality? Let’s find out together.
Throughout history, with the exception of the past 40 years, people have used symmetric encryption with a single key to protect information. Countless algorithms of this sort have been created (including the famous Caesar cipher), and the history of their development is very exciting. However, all of them have one big drawback - the secret key distribution problem. It seems unsolvable and ubiquitous - indeed, how can you convey a message without handing over a key?
Source: wikipedia.org/wiki/Caesar_cipher
The answer was found only in 1976 in a paper by W. Diffie and M. Hellman. Their work, as well as the RSA algorithm created a year later, marked the dawn of asymmetric cryptography. In this case, anyone can encrypt the message using the public key, but only the addressee can decrypt it, because he does not show the private key to anyone.
Before we move on to digital signatures, we need another concept - a hash function. As rightly noted by the creators of the RSA algorithm, “An electronic signature must be message-dependent as well as signer-dependent. Otherwise the recipient could modify the message before showing the message-signature pair to a judge.”
In order to solve the problem of data integrity one needs a hash function. It converts the source text into a single fixed-length string so that it is almost impossible to get the source text from that string. The slightest change in the signed document will result in a dramatic change of its hash. Thus, the addressee will see that their version of the document and the sender’s version does not match (saving them from, for example, signing a fraudulent contract).
No one likes paperwork in the 21st century, not when we have smart computers, instant communication, and powerful encryption methods at our disposal. Because of this, the digital signature market is predicted to grow rapidly to $5.5 billion in 2023. To date, the leader of this sector is DocuSign, which controls about 70% of the market. Its main competitor is Adobe Sign. How do these companies' solutions relate to the cryptographic security scheme described above, and are they really that good?
Source: marketsandmarkets.com
Despite DocuSign claiming that its mechanism of electronic signature “saves an average of $36 per agreement,” there are inevitable problems because a third-party plays a key role in the signing of documents - the DocuSign company itself.
All these problems sound familiar, don't they? Clients of banks, cloud platforms, and any companies storing and processing data face similar risks. We know that there is a solution to these problems, and this solution is a decentralized system based on blockchain. What new things can young startups building on the idea of data decentralization offer in the field of e-signing?
A transparent system is BlockSign - the user signs the document with his or her unique label, which includes their name and email. The signed document is then hashed and written to the blockchain. Verification is completed via searching for the needed hash in the ledger, which allows one to discover the list of signatories. Anyway, the BlockSign solution does not include asymmetric encryption, therefore, all the necessary information for decryption is stored on its servers, which leads us to the same security problems as in the case of DocuSign.
An improvement in digital signatures can be seen in the OpenSig solution. This project relies on asymmetric cryptography and takes full advantage of blockchain technology. Hashing the source document provides data integrity and the use of a private key guarantees data security. When signing or verifying a file all private data (including the file and all private keys) is contained on the local device and does not pass beyond the OpenSig-compatible client software. However, its system doesn’t come without drawbacks. The first one being its strong dependence on the selected blockchain - in the case of Bitcoin, the network would be down quite often. The second problem is anyone’s ability to sign any file as all of them are publicly available. This can create a wave of ”false signatures“ and become a method for a ”paralyzing attack" on the network.
One platform who provides a decentralized system allowing users to send data between one another confidentially is Authpaper Delivery. With all the integrity and security advantages of the previously mentioned solutions, they have an ambitious goal: to make it possible to send files of almost unlimited size.
Here's how it works for Alice, who wants to send an encrypted signed file to Bob:
In case the smart contract expires, the system provides a refund. This mechanism economically encourages users to join the platform and seed the data they cannot access, hence a further increase of data delivery speed.
The data exchange system created by Authpaper Delivery looks thoughtful and reliable. However, it has yet to pass the test of the real load on the network. In particular, the network can have serious difficulties when transferring really large files, such as a 4K video. When processing large files, peers are recommended to increase the size of the data pieces to keep the number of pieces from being smaller than 131,072 (1024*128) in order to reduce the processing time. For sufficiently large files, this condition may not be achievable. To achieve this ambitious goal, the project team will have to deal with these difficult issues.
Because of cryptography, we now have the opportunity to replace paper documents with fast and secure electronic file sharing complete with digital signatures. Today's centralized solutions do a good job but carry the inevitable risks of data compromise.
Source: dilbert.com
Modern projects that use the power of blockchain are breathing down their necks. We need a system designed specifically for sharing large volumes of encrypted and digitally signed data, and it looks like blockchain is here to fill that gap.
The author is not associated with any of the projects mentioned.