Cryptography


Without a central authority within a network, trust on the blockchain is established through consensus and cryptography. Cryptography is used to shift the burden of trust from intermediaries to cryptographic algorithms.

Components of cryptography include:

  • Message or Payload (also called plaintext): The actual data or payload within the message that the sender and/or receiver wish to keep secret
  • Secret Key: Data used for encrypting and decrypting the message. In DLT, reference is often made to public and private keys
  • Cipher (also called ciphertext): The output of the encryption function, which is the encrypted version of the message that is sent between the sender and receiver.
  • Encryption/Decryption Algorithm: Algorithm pair used to convert between the plaintext message and ciphertext message

In general, cryptography is often used to encode or encrypt data so that intermediaries or outside actors cannot decipher a message. It enables a confidential two-way exchange, where each party can encrypt or decrypt the cipher to access the message payload. With blockchain, cryptography is also used to validate data integrity.

The cryptographic algorithm uses the message and the key to create the encrypted version of the message called the cipher. The cipher can be exchanged by the sender and receiver. A key is then used to decrypt the cipher back into the original message.

Types of Cryptography in Blockchain

Blockchain uses a number of different types of cryptography to validate data integrity:


Public key cryptography is often used in blockchain technology for data validation and user authentication through digital signatures. User authentication is achieved by using a combination of a user’s public and private key through a Public Key Infrastructure (PKI) framework. A public key represents the public identity of a user that can be shared with others. The user also holds a private key stored in a wallet that stores the user’s private credentials.

Mathematical algorithms generate the pairing of the private and public keys, and these make it possible to encrypt and decrypt a message. In PKI, it is mathematically improbable to calculate or derive a private key from a public key. The pairing of the public and private key combination enables the authentication of a particular user or blockchain node. Public and private keys can also be used in a way that preserves the anonymity of users.


Blockchain, or DLT, uses a specific type of cryptography called cryptographic hashing. A hash code is created by a mathematical function that takes a digital object and generates a fixed 32-character size string of letters and numbers to represent it (e.g. a transaction represented as d7w0993waty9n33234qw949g02b9o34238878501032ff2si04d3d99sq93jzwa9).

Cryptographic hashing uses cryptography for a one-way conversion, where the encoded data, called a hash is created. The hash result is intended to be shared with other parties, but not decoded. The encoded hash is mathematically impossible to decrypt or reverse engineer. This makes it impractical to derive the input message used to create a hash code, from the hash code itself.

Cryptographic hashing is used by DLT so that the data can be proved without actually sharing the contents of the data. Each party can prove the data by matching and validating that the calculated hash matches each other.

Hashes are used to maintain the immutable characteristic of blockchains. Since any change to the original object will generate a new hash, changes are easily detectable. For each block on the blockchain, a hash code is computed as a combination of the data in the block plus the hash code of the previous block. In this way, hash codes are chained. Hash codes are easy to compute and can be verified by all participants of the blockchain that the data have not been altered. Any attempt to delete or alter the data on a block renders the chain of hash codes on the blockchain invalid and easily detected by the blockchain participants.


Merkle trees are used to reduce the volume of data and enable efficient validation of data on the blockchain. A Merkle root hash is stored in each block and is created by hashing transactional data that are included as part of the block.

In the diagram below, there are four transactions, Transaction 1 (Tx 1), Transaction 2 (Tx 2), Transaction 3 (Tx 3) and Transaction 4 (Tx 4). Each of these transactions are represented by a hash: Hash 1, Hash 2, Hash 3, and Hash 4. Each pair of hashes are further hashed (Hash 12 and Hash 34), which are finally represented in the parent block as the Merkle Root hash.

The Merkle Tree hash is used so that validation of transactions is more efficient. Rather than having to validate all of the data in a block, data for a single transaction can be sent along with the relevant hash values. The validating node can calculate the hash values for the given data and confirm that the transaction is valid without needing all of the data in the block.


Zero Knowledge Proof enables a system to prove a condition of the message without revealing the actual contents of the message. For example, if currency is being sent from one user to another, the blockchain can verify that the sender has enough money without needing to know who the user is or the total amount that the user has.

Posted on