Anzeige

6. Mar 2018•0 gefällt mir## 1 gefällt mir

•1,343 Aufrufe## Aufrufe

Sei der Erste, dem dies gefällt

Mehr anzeigen

Aufrufe insgesamt

0

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

0

Melden

Ingenieurwesen

Crypto & Crpyocurrencies Intro

Tal ShmueliFolgen

Anzeige

- Crypto & Digital Currencies in a nutshell Tal Shmueli All rights reserved ©
- Why Crypto? ● Information Security Paranoia
- Why Crypto? ● IP theft protection (not just legally)
- Why Crypto? Ransomware!
- Why Crypto? ● Encryption can be done (almost) without any resources, unlike breaking it (pre quantum computing era). ● Future Commerce (digital coins)
- Plan ● Bitcoin (DigCurr) ○ History & Background ○ Characters (miners, coders, investors, etc.) ○ General mechanism & Blockchain ● Symmetric Crypto algorithms ● Asymmetric Crypto algorithms (Public Key Enc.) ○ RSA (/Diffie Helman), Digit. Sign., Keys exchange ● “Breaking crypto” difficulty ● Litecoin vs. Bitcoin (vs. Ether maybe ..) ● Practice - ○ Open&Secure wallets, Transfer money (Fees explained) ○ Wallet types - hosted to hardware ○ Leading exchanges ○ Tips to manage account & payments
- Plan #2 (Bonus) ● Segwit & Lightning (MIT?) ● Zero Knowledge Proofs (ZKP) & Zerocoin ● Homomorphic encryption
- Intro
- Intro
- (G)Mail is secure, isn’t it? NO!
- (G)Mail is secure, isn’t it? NO! ● https://www.google.com/transparencyreport/saferemail/faq/
- Some Crypto Fun
- What is Bitcoin? ● A protocol that supports a decentralized, pseudo-anonymous, peer-to-peer digital currency. ● A publicly disclosed linked ledger of transactions stored in a blockchain ● A reward driven system for achieving consensus (mining) based on “Proofs of Work” for helping to secure the network ● It’s the first example of a growing category of money known as cryptocurrency.
- What is Bitcoin?
- Bitcoin - About ● A person called Satoshi Nakamoto proposed bitcoin, which was an electronic payment system based on mathematical proofs. The idea was to produce a currency independent of any central authority, transferable electronically, more or less instantly, with very low transaction fees.
- Bitcoin - History ● 18/08/08 - Domain name “bitcoin.org” registered. ● 31/10/08 - an individual or group writing under the name of Satoshi Nakamoto published a paper entitled “Bitcoin: A Peer-To-Peer Electronic Cash System”. ● 09/11/08 - Bitcoin project registered at SourceForge.net ● 12/01/09 - First Bitcoin transaction in block 170 (Satoshi -> Hal Finney). ● 05/10/09 - xchng rates published by NLiberty Std. 1$ = 1309.03BTC ● 11/2013 - BTC price hits 1000$ (1USD=1mBTC) first in Mt. Gox
- Bitcoin - History
- Bitcoin - Characters ● Core developers ○ https://github.com/bitcoin/bitcoin ● Mining pools ○ https://en.bitcoin.it/wiki/Comparison_of_mining_pools ● Exchanges ○ https://bitcoin.org/en/exchanges ● Wallet hosts ○ https://bitcoin.org/en/choose-your-wallet
- Bitcoin - Characters ● Bussineses ○ עסקיםתומכיביטקויןבישראל ● Investors ● Criminals ○ Silk Road (drugs and more) ○ Ransomware ○ Automotive Cars?
- Bitcoin - Features ● Supporting eight decimal places 0.00000001 (known as a Satoshi or Noncent*) ● Nominal transaction fee’s paid to the network ○ Same cost to send $.01 as $1,000,000 ● Consensus driven – no central authority ● Fake resilient ○ Cannot add coins arbitrarily ○ Cannot be double-spent •Non-repudiation – aka “gone baby gone” – no recourse and no one to appeal to return sent tokens
- Bitcoin - Decentralized ● The “digital wallet” operates in a peer to peer mode ● When it starts it bootstraps to find other wallets ● The wallet will synchronize with the network by downloading ALL of the transactions starting from the GENESIS block if necessary ○ 472375 blocks at time of slide prep ○ >22 GB ● Wallet clients share all transaction information with their peers.
- Bitcoin - Pseudo Anonymous ● Using public key cryptography, specifically Elliptic Curve Cryptography due to its key strength and shorter keys (Quantum res.) ● Transactions are sent to public key “addresses” (not names!) ● Why pseudo then? (Mixers) ● Criminals appraoch
- Bitcoin - General Mechanism
- Hashing & Public key intro ● Hashing ○ A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes ● Example
- Hashing & Public key intro ● Public key Encryption (PKE) ○ Public key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. ● Private and Public keys generated together. ● Used for Authentication and Encryption ● How does it works?! (DH, RSA, Later ..) ● Example
- Digital Sign. intro ● Simple! ● Uses both Hashing and Public key Encryption (PKE) ● BTC uses the improved Elliptic Curve Digital Signature Algorithm or ECDSA ● Why hashing?
- Blockchain ● Bitcoin uses cryptographic proof instead of the trust in the third party (PayPal, Banks ..) ● Each transaction is protected through a digital signature. ● Each transaction is sent to the “public key” of the receiver signed using the sender “private key”. ● The ownership is verified using the sender “public key”. ● Each transaction is broadcast to every node in the Bitcoin network and is recorded to a public ledger after verification.
- Blockchain ● Before a transaction is recorded to the public ledger, veryfing node ensures - ○ Spender owns the cryptocurrency—digital signature verification on the transaction. ○ Spender has sufficient cryptocurrency in his/her account: checking every transaction against spender’s account (“public key”) in the ledger to make sure that he/she has sufficient balance in his/her account.
- Blockchain ● The Bitcoin system orders transactions by placing them in groups called blocks and then linking these blocks through what is called Blockchain (SHA256 Hashes) ● How does the network decide which block should be next in the blockchain? Who sets the order? ○ There can be multiple blocks created by different nodes at the same time.
- Blockchain - block order ● How to maintain the order of the transactions that are broadcast to every node in the bitcoin p2p network ? ○ The system has to make sure that double-spending of the cryptocurrency does not occur.
- Blockchain - block order
- Blockchain - block order ● Mathematical Puzzel (“Proof of work”) ○ Node generating a block needs to prove that it has put enough computing resources to solve a mathematical puzzle
- Blockchain - block order ● Mathematical Puzzel (“Proof of work”) ○ Small probability that more than one block will be generated in the system at a given time. ○ Occasionally, however, more than one block will be solved at the same time, leading to several possible branches. ○ The “Miner nodes” are financially awarded for their efforts.
- Blockchain -target ● Although the accepted chain can be considered a list, the block chain is best represented with a tree. ● The longest path represents the accepted chain. ● A participant choosing to extend an existing path in the block chain indicates a vote towards consensus on that path. The longer the path, the more computation was expended building it.
- Blockchain - block order ●
- Blockchain -target ● Also nickamed as “Leading Zeros” target ● The target is a 256-bit number (extremely large) that all Bitcoin clients share. ● The SHA-256 hash of a block's header must be lower than or equal to the current target for the block to be accepted by the network. ● The lower the target, the more difficult it is to generate a block (https://bitcoinwisdom.com/bitcoin/difficulty) ● Every 2016 blocks (~two weeks), every Bitcoin client compares the actual time it took to generate these blocks with the two week goal and modifies the target by the percentage difference.
- Bitcoin Mining ● Example
- Bitcoin - Overview
- Bitcoin - Overview EXAMPLE?
- Bitcoin - Alone?
- LiteCoin ● Created by Charlie Lee, a former Google employee ● While inspired by, and in most regards technically nearly identical to Bitcoin (BTC) ● Litecoin has some technical improvements over Bitcoin
- LiteCoin
- LiteCoin - Segwit ● SegWit increases Litecoin block size limit and allows the implementation of the second-layer solutions for further improvement. ● blocks have a hard-coded limit of one megabyte. ● Not enough to account for the hundreds of transactions that the users are trying to send every minute. ● In May 2017, Litecoin became the first of the top-5 (by market cap) cryptocurrencies to adopt Segregated Witness
- LiteCoin - Segwit- transaction malleability ● While transactions are signed, the signature does not currently cover all the data in a transaction that is hashed to create the transaction hash. Thus, while uncommon, it is possible for a node on the network to change a transaction you send in such a way that the hash is invalidated. ● It’s not safe to accept a chain of unconfirmed transactions under any circumstance.
- BITCOIN QUESTIONS?
- Background ● (Claude Elwood) Shannon cipher ○ K - set of all keys (Key space) ○ M - set of all messages (Message space) ○ C - set of all ciphertexts (Ciphertext space) ○ A Shannon cipher is a pair x = (E,D) of functions. ■ E : K x M ⇥ C, D : K x C ⇥ M ■ E(k,m) = c ■ D(k, E(k, m)) = m
- Background ● One time pad (Fixed Length) ○ x = (E,D), where the keys, messages, and ciphers are bit strings of the same length. ○ x is defined over (K, M, C) where : ■ K := M := C := {0, 1}^L ○ For fixed L, key k in K, message m in M, the encryption function is defined as and for k in K, and cipher c in C, the decryption function is defined as follows
- Background ● One time pad (Variable Length) ● . ● . ● . ● One time pad satisfies the definition of perfect security ● Not practical (|key| >= |message|)
- Background ● Perfect Security (Definition) : ○ Let x = (E,D) be a shannon cipher defined over (K, M, C). Consider a probabilistic experiment in which the random variable k is uniformly distributed over K. If for all m0, m1 in M and all c in C we have : Then we say that x is perfectly secure Shannon cipher
- Background ● Perfect Security - Bad news! ● Shannons Theorem ○ Let x = (E, D) be a shannon cipher defined over (K, M, C). ○ If x is perfectly secure, then |K| >= |M| ● Proof (easy..)
- Symetric Encryption
- Symetric Encryption - Stream Cipher ● We would like to use a key that is much shorter ● The ‘key’ is stretched using efficient, deterministic algorithm G that maps l-bit strings to L-bit strings. ● Key space - {0,1}^l ● Message and Cipher spaces are - {0,1}^L ● Enc & Dec defined as follows -
- Symetric Encryption - Stream Cipher ● PRG - pseudo-random generator ○ An efficient, deterministic algorithm G that, given as an input a seed s (in Seed Space), computes an output r (Output Space) ○ def. of security for PRG - no efficient adversary can effectively tell the difference between G(s) and r, for ransom chosen s and r from S, R respectively.
- “Two Time Pad” - Insecure ● A stream cipher is well equipped to encrypt single message from Alice to Bob. ● Alice, however may wish to send several messages to Bob. ● An adversary (intercepts c1, c2) can compute ● English text is redundant the adversary can recover both.
- Symetric Encryption - Block Cipher ● Digital Encryption Standard (DES) − The popular block cipher of the 1990s. It is now considered as a ‘broken’ block cipher, due primarily to its small key size. ● Triple DES − It is a variant scheme based on repeated DES applications. It is still a respected block ciphers but inefficient compared to the new faster block ciphers available. ● Advanced Encryption Standard (AES) − It is a relatively new block cipher based on the encryption algorithm Rijndael that won the AES design competition.
- Asymetric Encryption ● Public Key Cryptography involves - ○ a public key, which may be known by anybody, and can be used to encrypt messages, and verify signatures. ○ a private key, known only to the recipient, used to decrypt messages, and sign (create) signatures.
- Asymetric Encryption
- Asymetric Encryption ● Public Key Applications - ○ encryption/decryption (secrecy) ○ digital signature (authentication) ○ key exchange (session keys) ● Some algorithms are suitable for all uses, others are specific to one. ● Given public key, it should be “impossible” to compute priavte key.
- RSA (Rivest, Shamir, Adelson) Algorithm
- RSA (Rivest, Shamir, Adelson) Algorithm 1. Choose two large prime numbers p, q (e.g., 1024 bits each) 2. Compute n = p * q, z = (p-1)(q-1) (Euler function). 3. Choose e (e<n) that has no common factors with z (gcd(e, z) = =1) 4. Choose d such that e*d-1 is exactly divisable by z (e*d mod z = 1) 5. Public Key - (n,e). Private Key - (n, d).
- RSA (Rivest, Shamir, Adelson) Algorithm 1. Encryption & Decryption a. Given (n,e) and (n,d) as computed above b. To encrypt bit pattern m i. Compute c = m^e mod n c. To decrypt received pattern c i. Compute m = c^d mon n m = (m^e mod n)^d mod n
- RSA (Rivest, Shamir, Adelson) Algorithm
- Digital Signature ● Cryptographic technique ananlogues to hand-written signatures. ○ Sender (Bob) digitally signs document, establishing he is document owner. ○ Verifiable, Nonforgeable: Reciepent (Alice) can prove someone that Bob, and no one else, must have signed the document.
- Digital Signature
- Key Distribution ● Symetric Key problem - How do two entities establish a shared secret key over network? ○ Key Distribution Center (KDC) ● Public Key problem - When Alice obtains Bob’s public key, how does she know that it’s authentic? ○ Certificate Authority (CA)
- Key Ditribution - KDC
- Key Ditribution - CA ● Certificate Authority binds public key to particular entity. ● Entity registers its public key with CA.

- During WWII the Soviet Union could not produce enough one-time pads . . . to keep up with the enormous demand . . . . So, they used a number of one-time pads twice, thinking it would not compromise their system. American counter-intelligence during WWII collected all incoming and outgoing international cables. Beginning in 1946, it began an intensive e↵ort to break into the Soviet messages with the cooperation of the British and by ... the Soviet error of using some one-time pads as two-time pads, was able, over the next 25 years, to break some 2900 messages, containing 5000 pages of the hundreds of thousands of messages that been sent between 1941 and 1946 (when the Soviets switched to a di↵erent system).

Anzeige