# Blockchain and Money 3: Blockchain Basics (Part 1) — Cryptography

*Each week, I will be posting my notes from MIT’s **Blockchain and Money** course to keep myself accountable for my learning.*

# Design features of Bitcoin

This lecture will cover the following 5 features of Bitcoin. There are more to come on another lecture.

- Cryptographic hash functions (a cryptographic primitive is an algorithm that protects or verifies communication or computation)
- Timestamped append-only logs (blocks)
- Block headers & Merkle Trees
- Asymmetric cryptography & digital signatures
- Addresses

**Hash functions** can be thought of as the fingerprints of data. It takes an input value of any size and deterministically (meaning same input will always give same output) gives an output value of a fixed size.

The output of a hash function is called “hash”, and the output must be produced in a reasonable time given the input. In the case of Bitcoin, this takes nanoseconds.

Important properties are:

- One-way (preimage resistant): Given a hash, it is infeasible (not technically impossible, but probalistically impractical) to solve for the input.
- Collision-resistant: It is infeasible for two distinct inputs to produce the same hash.
- Avalanche effect: A small change in the input will change the hash significantly.
- Puzzle friendliness: Given a hash and parts of its input, it is still probalistically impractical to find the rest of its input.

Currently in Bitcoin, the headers and Merkle trees use SHA-256 and the addresses use SHA-256 and RIPEMD-160 as their hash functions.

A **block header** contains:

- Previous block hash
- Merkle root hash
- Timestamp
- Difficulty target (The more miners there are, the more difficult it becomes to mine. This ensures blocks are added at a steady rate.)
- Nonce (A random number that is used once. This is the number that the miners are solving for.)

A **Merkle tree** can take 2^N transactions and put it into a N layered (root exclusive) tree like above. It is used in Bitcoin to condense and encode a history of transactions.

In the diagram, if you imagine there are 4 pieces of data to be stored, the tree applies a hash function to each data. Then the parent node takes the two hash values of its children and passes them into another hash function. This continues until we have the root node, giving a single hash value that can be used to verify all of the transactions below.

After enough transactions, data can be discarded without affecting the Merkle root to save disk space.

**Asymmetric cryptography** involves a public key and private key. Both private and public key are generated at the same time, from a random number generator.

There is a **digital signature**, which is generated from a message and a private key. If a person A wants to send a message to person B, person A will use their private key to sign the message, which becomes a digital signature. Then, person B can use person A’s public key to verify the signature and know that the message is from person A.

In Bitcoin, digital signatures can be used to verify the authenticity of transactions.

Like hash functions, you cannot determine a private key of a corresponding public key only given the public key. Private keys are used to verify ownership of Bitcoins.

Bitcoin **address** is what you get from hashing a private key twice and applying a few structural transformations, presumably to shorten the private key and add extra layers of security.

Next lecture will cover Bitcoin’s consensus mechanism and its alternatives.