May 20, 2021

Deep dive into the cryptography underlying Bitcoin

Welcome to Before DevBreak

Before DevBreak is a series of live, online, tech talks. Each session features a senior tech expert from an innovative company, who demonstrates how they solved major programming challenges in their business. This series is part of our 2-day festival experience DevBreak.

This edition of Before DevBreak takes a closer look at the hardest form of money that exists, Bitcoin. Learn how Bitcoin is secured with elliptic curve cryptography to expose the mathematics that underlies the digital signature required for every valid Bitcoin transaction.

Our presenter is Anirudah Bose, a Software Engineer at Ledger, a producer of secure hardware wallets. The start was gentle, to make sure we understood the basics.

What is Bitcoin?

Ani distinguishes "easy" cash, as in "hey let's print some more of this" from "hard" cash as in "um, can we dig this tunnel any deeper and still emerge alive with the gold?". With this effort-matters distinction, it is possible to define Bitcoin as the world's first monetary network engineered to be the hardest form of money ever known.

The "trustless" dispersed nature of the Bitcoin blockchain and its validation is introduced next. So, when you run a Bitcoin node, you download the entire blockchain. The entire block is scanned and the validation script run to verify that each stack validates. If the validity test in multiple copies of a node fails, the entire block is labelled as invalid. Hence, the "trust" that exists across the system.

How is Bitcoin exchanged?

The Bitcoin exchange process can be examined with a simple example. Alice has 10 BTC and wants to send 1 BTC to Bob. She sends 10 and is returned 9.

To be allowed to make this exchange Alice's "input" must be verified against a property, this is known as the unlocking script. Bob's (and Alice's) ability to accept the "output" must also be verified against a property, known as the locking script.

Both of these properties must resolve as valid for a transaction to proceed.

Elliptic Curve Cryptography

So, scripts from curves? Public-key cryptography based on elliptic curves over finite fields is a widely-used cryptographic system. In fact, it is what is used to secure HTTPs connections by modern browsers.

But surely, theoretically, any key can be broken, right? So, yes, in theory, if you could get enough computing power together and after that afford the energy required to run those (this is estimated to be equivalent to bringing all the water on Earth to the boil) then you are welcome to try!

Meet the Bitcoin curve; one of a family of Weierstrass curves, of which Bitcoin's is affectionately known as the turtle curve.

Alice's public key, part of the unlocking script discussed above, belongs on this curve, as does everybody else's public key.

Elliptic Curve Digital Signature Algorithm (EDCSA)

Consider this simple sum: 2 + 2 + 2 = ?, the computation is trivial. However, if I tell you that I have computed the number 6 and ask you to tell me what I added up to get there, the level of complexity just took a jump.

This is, with magnitudes of jumps in complexity, how the keys used to "sign" Bitcoin transactions are calculated.

Let G be a point on our turtle curve, then additions of G also result in valid positions along the curve.

G + G + G + G = eG

So, it is easy to compute eG but impossible to reverse eG to obtain the value e:

  • e is the private key held by Alice
  • eG is the public key passed by Alice

This is the basis of the mathematics that underlies the digital signature required for every valid Bitcoin transaction.

Hardware Wallets

Ani works for Ledger, leading producers of a cryptocurrency wallet that stores the user's private keys in a secure off-network hardware device. He explains that this wallet contains a (certified secured) chip that does the math along the turtle curve, i.e. it does the addition G + G + G = eG to give you e (your private key) and eG your public key.

It also uses a random number generator (a good one) to do a similar bit of math G + G + G = rG to create a single-use key for each transaction.

Not only does Ledger make such wallets, but they also take great care to attempt to break them. Donjon.ledger.com conducts ethical hacks on their own, and competitors, products to harden security across the entire ecosystem.

Interested to learn more? Watch the full talk.

Ledger are recruiting tech profiles on talent.io, be sure to sign up to receive the best offers.

About  talent.io and DevBreak

DevBreak is a 2-day tech festival organised by talent.io, Europe's leading selective recruitment platform which has raised over €10m and is over 170 employees strong. We help great companies build great tech teams, in the simplest way: selected companies apply directly to vetted candidates. We cover most tech roles (software engineers, data scientists, product managers, DevOps engineers, CTOs). Our platform is open to permanent positions as well as freelance assignments, both on-site and remote.

  • 7,000+ companies use talent.io, such as Deliveroo, Volkswagen, N26, PayFit and Aircall
  • 6,000+ candidates recruited, for permanent contracts and for freelance assignments
  • 5 Countries / 11 cities (Paris, Lyon, Lille, Bordeaux, Toulouse, Berlin, Hamburg, Munich, London, Amsterdam, Brussels)

Consulter nos autres resources

October 6, 2021
Un guide pour construire votre équipe tech en remote
Regarder le replay →
June 16, 2021
talent.io s'associe à Deel pour créer la façon la plus simple de gérer l'embauche et la paie de vos équipes à l'étranger
Regarder le replay →
February 17, 2021
talent.io dévoile le salaire des professionnel·les de la tech en France
Regarder le replay →

Other articles picked for you

October 6, 2021
A guide to build your remote tech team
Read more →
September 30, 2021
How MDD can help tech team boost their productivity
Read more →
July 15, 2021
The journey of transitioning to a Shape Up methodology
Read more →