To understand how Mr. E of Blcokchainians verifies ownership of Bitland described in Part-1, we need to understand, without really going into the mathematical details, the digital signature and verification mechanism. The algorithm used is ECDSA – Elliptic Curve Digital Signature Algorithm. For those of you who are a bit more mathematically inclined, read this article by Nick Sullivan.
This is how it goes.
There are two numbers (yes, numbers). First number is just a long random number. We call it a Private-Key. Following is one such private key, let’s call it PvK1, –
PvK1 -> 48337848383205824966400565832828921139175988690727547844913751942295209505438
We use PvK1 as input to a mathematical function (consider it to be a magic box) called ECDSA to generate one more long number. We call it as Public-Key. The Public-Key, PbK1, for the above private key looks like as following –
PbK1 -> 04ce875702b93398d29b2bf5af7878dd86130cca4f1a53143b82af53c02089e2d56609a16e08a1cd7a68e355a5d893f22f90d30d4ecb25f6d1afeebc0917d3d01e
Please note, PbK1 is a Hexadecimal number. Private Key and Public Key are twins joined at the hip. You cannot separate them. You produce PbK1 only with PvK1. Any small change in PvK1 will result in new Public-Key. You share your Public-Key with your friend with whom you do business.
Another interesting aspect is, if you know the Public-Key, and also understand the math behind ECDSA, you still cannot figure out what the Private Key is that produced it.
Now, let’s say you want to send a message to your friend. Say the message is –
Message – “I owe you INR 10,000 only“
Now comes the second magic of Math. You take this message, take another random number and use your private key PvK1, put them through one more mathematical function. That function using these three input produces yet another number, called Signature. The signature for the above message would look like the following –
Signature – 3046022100dcea7e2935a2351d555d7745e99d0e4b511596f49e9602e944f2fb45c19ecd1e02210087af7156f8f1d163258bd9bff76030566d94f855ddc4e10119cc455075da272a
To your friend you send following –
Message – “I owe you INR 10,000 only“
Signature – 3046022100dcea7e2935a2351d555d7745e99d0e4b511596f49e9602e944f2fb45c19ecd1e02210087af7156f8f1d163258bd9bff76030566d94f855ddc4e10119cc455075da272a
Now comes the third mathematical magic. Your friend puts the message, the Signature and the Public-Key, that he already has, through a mathematical function and mathematical functions indicates that signature is correct.
Let’s say the message is tampered to say “I owe you INR 10,00 only“. With the tampered message, when we verify the signature, verification fails. On the other hand, message and signature are as is, but Public-Key is different, even then, verification of signature fails.
Thus verification of Signature using Public-Key provided by you indicates –
- The message has not been tampered
- The message has been sent by a person who has the Private-Key corresponding to the shared Public-Key.
Thus, signature in question for a given message can be produced by only that person who has Private-Key. He shares Public-Key for the verification purpose. Needless to say, Private-Key is kept private and protected. Public-Key is shared with the public.
You can verify the combination of Message, Signature and Public-Key combination here by copying and pasting Message, Signature and Public-key in ‘Verify’ tab. Please note, you’re not pasting Private-Key on the site. Attempt to modify any of Message or Signature or Public-Key slightly and verify. See for yourself what happens.
Takeaway –
- Private-Key is a large random number
- Public-Key is generated using Private-Key with a mathematical function. Private-Key and Public-Key pairs are unique.
- We can generate Public-Key from Private-Key, but we cannot guess or compute Private-Key from Public-Key.
- We produce a Signature using the Message and Private-Key. And the Signature can be verified only using Public-Key corresponding to the Private-Key used for generating the Signature.
We will use this understanding of digital signature to understand how Blockchainian community verifies the property ownership in next part.
so{M}usings 