This is a read note of Mastering Ethereum Ch04: Cryptography. Cryptography means “secret writing” (encrption) in Greek. In Ethereum, Cryptography provides authenticity (both digital signature and digital fingerprint).

1 Keys and Addresses

Ownership of ether by EOAs is established through digital private keys, Ethereum addresses, and digital signatures. A private key uniquely determines a single Ethereum address, also known as an account. Private keys should remain private and never be transmitted in network or stored on-chain. Account addresses and digital signatures are ever transmitted and stored on the Ethereum system.

Not all Ethereum addresses represent public–private key pairs; they can also represent contracts, which are not backed by private keys.

The Ethereum private key is just a number. The public key and account address can then be generated from the private key.

2 Private Keys

One way to pick your private keys randomly is to simply use a coin, pencil, and paper: toss a coin 256 times and you have the binary digits of a random private key. It is a number from a huge range of 78-digit number, roughly 1.158 * 10 ** 77. The exact number shares the first 38 digits with 2256 and is defined as the order of the elliptic curve used in Ethereum. To create a private key, we randomly pick a 256-bit number and check that it is within the valid range. In programming terms, this is usually achieved by feeding an even larger string of random bits (collected from a cryptographically secure source of randomness) into a 256-bit hash algorithm such as Keccak-256 or SHA-256, both of which will conveniently produce a 256-bit number. If the result is within the valid range, we have a suitable private key. Otherwise, we simply try again with another random number.

3 Public Keys

An Ethereum public key is a point on an elliptic curve, meaning it is a pair of x and y coordinates that satisfy the elliptic curve equation. In simpler terms, an Ethereum public key is two numbers, joined together.

The public key is calculated from the private key using elliptic curve multiplication, which is practically irreversible: K = k * G, where k is the private key, G is a constant point called the generator point,K is the resulting public key, and * is the special elliptic curve “multiplication” operator.

The reverse operation of elliptic curve “multiplication”, which would be division for normal numbers, known as finding the discrete logarithm, i.e., calculating k if you know K, is as difficult as trying all possible values of k.

In simpler terms: arithmetic on the elliptic curve is different from “regular” integer arithmetic. A point G can be multiplied by an integer k to produce another point K. But there is no such thing as division, so it is not possible to simply “divide” the public key K by the point G to calculate the private key k.

Ethereum uses the exact same elliptic curve, called secp256k1, as Bitcoin. That makes it possible to reuse many of the elliptic curve libraries and tools from Bitcoin. The secp256k1 curve is defined by the following function: y ** 2 mod p = (x ** 3 + 7) mod p where p is is a very large prime number (called prime order) 2 ** 256 - 2 ** 32 - 2 ** 9 - 2 ** 8 - 2 ** 7 - 2 ** 6 - 2 ** 4 - 1.

Ethereum only uses uncompressed public keys; The only prefix that is relevant is (hex) 04. The serialization concatenates the x and y coordinates of the public key: 04 + x-coordinate (32 bytes/64 hex) + y-coordinate (32 bytes/64 hex).

4 Cryptographic Hash Functions

A hash function is “any function that can be used to map data of arbitrary size to data of fixed size.” The input to a hash function is called a pre-image, the message, or simply the input data. The output is called the hash. A cryptographic hash function is a one-way hash function that maps data of arbitrary size to a fixed-size string of bits. The “one-way” nature means that it is computationally infeasible to recreate the input data if one only knows the output hash. Even if you find some input data that creates a matching hash, it may not be the original input data: hash functions are “many-to-one” functions. Finding two sets of input data that hash to the same output is called finding a hash collision. Resistance to hash collisions is particularly important for avoiding digital signature forgery in Ethereum.

Cryptographic hash functions are useful in many areas:

  • Data fingerprinting
  • Message integrity (error detection)
  • Proof of work
  • Authentication (password hashing and key stretching)
  • Pseudorandom number generators
  • Message commitment (commit–reveal mechanisms)
  • Unique identifiers

Because the FIPS-202 SHA-3 may have some backdoors, Ethereum uses Keccak-256, even though it is often called SHA-3 in the code.

5 Ethereum Addresses

Ethereum addresses are unique identifiers that are derived from the last 20 bytes of the Keccak-256 hash of the public key. Unlike Bitcoin addresses, which are encoded in the user interface of all clients to include a built-in checksum to protect against mistyped addresses, Ethereum addresses are presented as raw hexadecimal without any checksum. The rationale behind that decision was that Ethereum addresses would eventually be hidden behind abstractions (such as name services) at higher layers of the system and that checksums should be added at higher layers if necessary. However, these higher layers and name services were developed too slowly and the raw data causes somem issues.

The Inter exchange Client Address Protocol (ICAP) is an Ethereum address encoding that is partly compatible with the International Bank Account Number (IBAN) encoding, offering a versatile, checksummed, and interoperable encoding for Ethereum addresses.

Due to the slow deployment of ICAP and name services, a standard was proposed by Ethereum Improvement Proposal 55 (EIP-55). EIP-55 offers a backward-compatible checksum for Ethereum addresses by modifying the capitalization of the hexadecimal address.