Blockchain 101 - Part 2 - Public / Private Keys and Signing

Welcome back. Last time we looked at a blockchain and how it works, particularly in the financial context. We have these transactions that we were creating that move money from one person to another. But there's a big problem with this, and that is what's to stop somebody from just adding a transaction that spends all of someone else's money to them? There seems to be no protection here for that.

So what we're gonna do is we're gonna look at ways to add transactions to a blockchain that keep it so not just anyone can create these transactions. In order to do this, we need to look at another cryptographic primitive, and that is public/private key pairs. Then we'll use that for signatures, so let's take a look at that right now.

So here's a public/private key pair. The private key here, it's just, you know, it's a really, really long number and any number is a private key, right? You could make this be one; one is a private key. It's not a very good one; lots of people have thought of the number one before. But you could, you know, you could pick some really, really long number, and it's sort of a random number, and we can use that as a private key.

Now, you can see every time I'm adding digits here, it's recomputing the public key that relates to that private key, and that's why the stuff down here starts changing. So as the name would imply, this private key is to be kept private. Only you have this private key, and you never tell it to anyone else.

Okay, and just as the name implies, the public key here, you just tell everyone. This is something that you want everybody to know. This is something that there’s no harm in letting everyone know. There is not a way to derive from this public key what the private key is, okay? So it's just a kind of a public version of this private key that does not reveal what the private key is.

Okay, so I'm gonna hit my little ray number generator so I get a nice really long private key. And it's not something, you know, where the numbers are close together where I typed on the keyboard. It's something a little bit more random looking, and then the system has derived a public key from this. So this is going to be my private key, and I'm gonna use this to do signatures.

So let's do that right now. Here's a message signature. So here is a message. I'm gonna type, you know, "Hello, Anders." That's me, and I have my private key here, six five six, whatever it is, is my private key; only I have that, and here's the message that only I have. And I can hit sign and come up with a message signature here.

Now, this message signature I can pass to someone else. I'm gonna hit my little verify button. I'm gonna pass this message signature to someone else, to anybody else. Okay, now, of course, they don't have my private key because I keep that private; nobody else can see that. But I publicize my public key, and they know that everybody knows that this is my public key.

So, given this message and everybody knows my public key and given the signature that I just made, you should be able to verify this. Now, of course, if I hit verify, sure enough, the screen goes green. This is a valid message, and I have verified that whoever signed this message and came up with a signature had access to the private key behind this public key.

Okay, and if I have kept that private key secret, that must be me. Okay, so that's a message signature and how you can sign something and verify it. Now, instead of just using this freeform text box, let's put some structure around this. I'm gonna make a transaction here instead.

All right. This is similar to what we saw before. The message I'm gonna say is: I'm gonna send twenty dollars from this, happens to be my public key, to somebody else's public key, whoever this is that I'm sending money to. Okay? I, of course, because I'm Simon Smashes, I have my private key. I never tell anybody the private key, but I can use this private key to sign this message, which consists of these three things up here.

And if I hit sign, I get a message signature. Great! All right, now I send this whole thing out. I send out my message and my signature to somebody else. They know that I'm trying to send twenty dollars from my public key to this somebody else's public key.

You'll notice this little blue box around the from public key that suggests that you can check this signature against this public key to see whether or not the private key behind this public key actually signed this message. So let's hit verify. Sure enough, it verifies, so I know that the person in possession with the private key behind this public key must only be Anders, is sending twenty dollars to some other public key.

Okay, now let's use this in the blockchain. Let's go back to the blockchain case where we were looking at before. Now you'll notice a couple of different things here. All right, first of all, there's not names here anymore, right? There are just public keys in the from and the to, and you'll also notice that I added a signature section here.

Okay, so in this case, this is this public key sending two dollars to this public key, and here's a message signature that says that it is, well, what happens if I change this to, you know, twenty-five dollars? Okay, of course it broke the block, but it also broke the signature. The signature is not verified, and that's why the signature is turning red.

So, wow, we couldn't press the little mine button. You know, a miner could take this altered block and remind this block. They're gonna end up with something where the block is signed, which should eventually happen, and there we go. The signature though is still invalid because the miner has no, they don't have my private key; they only have my public key, so they can't come up with the right signature.

Okay, so that's the way we can make sure that the message, this transaction here, was posed by the person that had the money and only that person, not just anyone else on the Internet. So that's how public/private key pair message signing is used to protect transactions and make sure that they are from the people that they proposed that they're from.

Now, if you think about it, it actually works really well because in order to create a new address, a new public key, the only thing you have to do is go back and come up with a new private key, a new random number. You didn't have to go to a centralized authority to come up with a public/private key pair; you just make up a private key, and you use it, you derive the public key from it, and you put that out there, and that's how people can pay you.

So that's a blockchain, and again, it's a financial context. All successful production blockchains that are distributed use a token of some sort. So they're all, they'll have a financial context. So that's, you know, how a blockchain will work. I mean, I have glossed over a couple of the details, but for the most part, the overall idea here that you're looking at is very similar to the way that Bitcoin works and many other cryptocurrencies as well.

So that's a blockchain. I hope it's helpful to you. Please leave me some notes down below and let me know what you think of this, and I hope to see you next time in the next video.