Securing identities using blockchain

In a blockchain, the person who sends the digital value and the person who receives it must be accurately determined.

Cryptography allows us to achieve just that, thanks to asymmetric encryption. Both asymmetric and symmetric methods basically achieve security through cryptography when sending a message or funds to someone, as well as being used to manage identities in a decentralized manner. Before explaining what asymmetric encryption is, which is used in most blockchains, we should explain what symmetric encryption is.

With the symmetric method, everyone has only one key to encrypt or decrypt a specific message. If I want to send you the message Hello, I will follow this process:

  • I encrypt the message Hello that becomes, say, Jrmmp.
  • I send you my encrypted key.
  • You decrypt the message using my key.

The key is generated through an algorithm that allows someone who possesses the key to encrypt and decrypt the message.

But there is one important risk that exists using this encryption method. Since you need to send the recipient your key to allow him/her to read your messages (the process is called the handshake), a malicious person could intercept the key and use it afterward to decrypt your messages.

The asymmetric encryption, on the other hand, overcomes this problem. With this method, instead of one key, there are two keys, a public and a private key. The public key is communicated to anybody who wants to send you messages or digital value. The private key, on the contrary, is known by you and only you. It should never be disclosed to anyone else.

If I want to send you the message Hello, we would follow this process:

  1. I retrieve your public key.
  2. I encrypt the message Hello using your public key and send it to you.
  3. You decrypt the message using your private key.

If a hacker intercepts the encrypted message I sent you, he/she won't be able to decrypt it because he/she doesn't possess the private key, which is the only key allowing the decryption of the message. In short, the public key is used to encrypt a message, and the private key to decrypt it.

There are two principles to remember with the asymmetric encryption's key pair—private key/public key; and they are the same as we've seen with the hash function:

  • One private key when hashed always gives the same public key.
  • Knowing the public key, it is impossible to find the private key (except with brute-force: by trying a lot of private keys).
Brute-forcing a one-character password is relatively simple—64 combinations (a,b…A, B…1, 2…). But when it comes to the Bitcoin blockchain, whose private keys are 51 characters long, the probability reaches 64^51 possibilities. It would take years to brute-force a private key on the Bitcoin blockchain.

This asymmetric encryption allows you to digitally sign any kind of information, message or transaction. Otherwise, how would you prove in the digital world that you are the author of a specific message or the owner of a specific account?

Encryption with the private key is used to prove authenticity. If you encrypt your message with your own private key, then anyone can decrypt it with your public key, which proves that you originated the message since it could only have been encrypted with your private key.

In this scenario, your public key is your digital identity since it identifies statements and information made by you in the digital world. The private key is a kind of password to prove that you own your public key, that is, your digital identity.

This is how we achieve decentralized identity management. Usually, the public key refers to the address of the account. Also, you don't have to link your real identity with your digital identity. Just by generating a new key pair, you would end up with a new digital identity. Keep in mind that this does not provide you with full anonymity because some information or statements sent with your digital identity may tie you with your real identity. That is why the Bitcoin blockchain is not entirely anonymous but rather pseudonymous.