Did Satoshi Nakamoto Plan Bitcoin’s Death? – Chapter II: “Horological mathematics and RSA”

30 February 2023, 12:00 CET — The news spread like wildfire. Threads multiply on Twitter to present the evidence in the chain the events of the night. Crypto-experts are unanimous and present no doubt. Satoshi’s wallet Nakamoto is empty.

Even more alarmingly, he is not only with. Other movements have just been discovered in wallets from the Satoshi era. In particular a certain portfolio belonging to it cypherpunk fire Hal Finneyknown to have received the first bitcoin transaction in history. Panic grips the market, Bitcoin volatility explodes and exchanges show $14,000. Internet users have begun to imagine the worst. If the wallet of our deceased Hal Finney is also empty, there can only be two explanations. Or Nakamoto had access to his private key. Or we are witnessing an event of unprecedented proportions, not only announcing the death of Bitcoin.

In mine previous post, I introduced you to the principle of electronic signature and the basic conditions it must meet to allow your confirmation on the blockchain as well Diffie-Hellman key exchange laying the foundations of asymmetric cryptography. Today we’ll dive into the first cryptographic protocol that allows for strong electronic signatures, RSA encryption.

But before that, remember, I gave you an easy deadline modular mathematics. “You won’t get away with it this time” – I released it with a Machiavellian voice behind the keyboard. But don’t worry, it’s easy enough to figure out, you do it every day without even knowing it!

Modular horology and mathematics

Forget everything you know, from now on, 12 = 0

Therefore, last week I told you about the modular math used in Diffie-Hellman key exchange, to simplify calculations to be made by our two interlocutors Alice and Bob. However, his inclusion in RSA encryption is much more important, because it directly interferes with encryption and decryption messages between our two speakers, so I’ll try to explain.

What would happen if we found this out? 12 ≡ 0 ?

(I use the triple equal sign here for mathematical rigor. Yes, it’s not the i symbolEthereum even though it is very close, understand it here simply 12 = 0. The triple equal sign will be used as soon as we talk about an equality in a modular system).

Spoiler, this would upset the way we calculate, but you already experience this every day!

Addition assuming 12 ≡ 0.

For the mathematicians among you, this should remind you of the trigonometric circle. In this circle 2π is equal to 0, likewise for 4π, 6π, etc. It’s the same for our watches, 17:00 is also equal to 5 in the morning. Modular mathematics boils down to wrapping the line of all numbers around a circle according to a predetermined cycle. 12 in our clock example. They say we are in a math module 12.

What are the advantages of cryptography?

Ok Lightnings, that’s great, but what application in cryptography? I still don’t see the link » you want to tell me

Wait, I’m coming! In Diffie-Hellman key exchange, we were performing calculations with of giant number powersthis is what happens when we apply a math module 12.

Modular math is very useful for simplifying powers, especially with very large numbers.
Simplify powers using modular math.

Do you see what this will bring? Maths Module 12 allows us to simplify 5^2 to 1. From this calculation, we can simplify any power of 5:

  • For any even power: 5^ (even number) will equal 1,
  • For any odd power: 5^(odd number) will equal 5.

It is this little mathematical trick that makes it possible to use power functions with cryptographically large numbers. A little test to check if you understood the logic:

In a math module 12, what is the result of 5^974896232?
We will write the result like this: 5^974896232 ≡ 1 (mod 12) — with mod per modulus.

Easy or not? (yes, I’m totally trying to convince myself that my explanations have been clear.) Now that modular math is no longer a barbaric word for you, we can move on to RSA encryption. Hang in there because this is going to be the hardest part of my crypto series!

>> Prefer to keep your cryptos safe? Select a Ledger wallet (commercial link) <

RSA encryption

Building public and private keys

RSA encryption, named after the initials of its three inventors, Ronald Rivest, Adi Shamir AND Leonard Adelman, uses asymmetric cryptography based on the work of Diffie-Hellman. Where Diffie-Hellman key exchange only allows creation of an encryption key no prior agreement unencryptedthe RSA protocol goes further by directly allowing exchange of information through public key encryption. The RSA protocol was introduced door functions.

They have the same properties as one-way functions is explained in my previous postexcept for the fact that they have what is called a “back door », a number that allows reversibility of the encryption function.

Alice and Bob, always them, want to exchange and sign a document and have never interacted in the past. Alice will create a pair of keys, a private key which will be used by Alice to sign Bob’s document, and a public keywhich will be used to verify that the signature really comes from Alice.

(Ahead, don’t worry too much about the mathematical details in red if you have trouble understanding them. Just remember the logic).

RSA encryption, like Bitcoin, uses a public key and a private key and are derived from each other.
Build the private and public keys into an RSA cipher.

Therefore Alice has three numbers in her possession. Public number notits public key d and its private key e. All these are calculated using numbers p AND q that she should destroy absolutely not to compromise his private key!

This is where the modular math explained above will work its magic:

A math module 33 related to powers of 31 is not as simple as the previous example, a little cheat sheet to help you.
Small note from Foudres Sensei as support for the next illustration.
Thanks to RSA encryption, Bob can make Alice sign a document while being sure of its authenticity.
Bob wants Alice to sign a document using RSA encryption.
  • Bob wants to sign a document M IN Alice.
  • Alice perform the calculation: C = M^e mod N and send the result vs.representing his signature and number not IN Bob.
  • Bob perform the calculation: C^d (mod N) this is M^e^d (mod N). If thanks to this calculation Bob finds the document M while he sent it to him Alice. Is she’Alice signed it with his private key.

Thanks to our modular mathematics, we have in summary, encrypting with Alice’s private key and decrypting with her public key :

(Document) ^ (Alice’s Private Key) ^ (Alice’s Public Key) = Document

If you remember the property of “power functions” presented last time, the opposite is quite possible. But it is not equivalentbecause nothing will allow Alice to be sure it is Bob who sent him the encrypted document, since it is encrypted with his public key. whether Bob wants to keep the document secret, it must first encrypt it with its own private key.

During an electronic signature, private key encryption and public key decryption will always be preferred.

RSA encryption strength and ownership

The strength of this encryption comes from the impossibility of finding a third party Alice’s private key only through public numbers NO, vs. AND d in a reasonable time. This comes from the complexity and unreasonably long computation time required to achieve this prime factorization public number not in order to find p AND q. A number that would allow Alice’s private key to be easily brute-forced.

Today, we know how to find this decomposition by “brute force” with the numbers e 795 bits. But commonly used RSA keys are 2048 bits, which still leaves us some leeway. However, some doubts linger because of one quantum algorithm can break RSA relatively easily, Shor’s algorithm.

To return to electronic signature, here, Bob challenges Alice to sign the document M with its private key, if it cannot find the document M identically via verification using Alice’s public key. It’s not Alice who signed the document! Therefore, the signature meets all the criteria mentioned in the previous article, namely:

Authenticity : Alice is authenticated by her private key, which only she possesses.
Obvious bully : Alice’s private key is mathematically inefficient because it protects against the inability to perform a prime factorization.
Do not reuse : Signature vs. is unique because it is derived from the document and Alice’s private key.
Permanence : Signature vs. serves as evidence as it derives from the document itself. If the document is modified, Alice will only need to sign it again and indicate that her signature is different from the previous one.
irrevocability : The above rules being respected, Alice cannot repudiate her signature.

Enough complicated formulas for today, I can feel your eyes getting heavy after all those math pirouettes. Next time we’ll go digging Bitcoin and chief encryption protocol, the ECDSA protocolthen we will finish eat and its role in work certificate !


30 February 2023, 16:00 CET With sweaty palms, sweat on their foreheads, crypto experts are doing their best to clean up the situation. They examine all the mathematical concepts and protocols of cryptography in search of a flaw, a detail, which would have gone unnoticed for more than fifty years. While the answer must be hiding right there in front of their eyes, the lack of understanding prompts accusations to be made more and more against Google and China, stifled by the use their quantum computer to send Bitcoin beyond the grave. The noose is tightening, but this puzzle remains, for now, still unsolved. Unfortunately, its solution is not yet accessible to understand.

In crypto, do not save carefully! So to keep your crypto assets safe, the best solution is still a personal hardware wallet. In Ledger, there is something for all profiles and all cryptos. Don’t wait to put your capital in security (commercial link)!

Leave a Comment