12-22-2024
Breaking News
BSV
$53.79
Vol 30.15m
0.64%
BTC
$95949
Vol 39868.69m
-1.49%
BCH
$451.51
Vol 327.16m
-0.82%
LTC
$101.36
Vol 784.81m
0.63%
DOGE
$0.31
Vol 4528.3m
-0.37%
  1. Homepage
  2. >
  3. News
  4. >
  5. Tech
  6. >
  7. Pay to decrypt
Getting your Trinity Audio player ready...

This post was first published on Medium.

Using ElGamal Encryption

Alice has an encrypted message, i.e., a ciphertext. Bob has the original message, the plaintext. Alice wants to pay Bob bitcoin in exchange for the plaintext. If Alice pays Bob first, Bob may not give her the plaintext. Conversely, if Bob tells Alice the plaintext first, Alice may refuse to pay.

We design a smart contract, called pay to decrypt, that makes the exchange atomic and trustless, ensuring only a correct plaintext can redeem the locked fund¹.

Diffie–Hellman Key Exchange

Diffie–Hellman key exchange (DHKE) is a key agreement protocol that allows two parties to establish a shared secret over an insecure channel.

This diagram below shows DHKE over an elliptic curve. At the beginning, Alice and Bob each has a public–private key pair. After the exchange, they generate a shared key.

Elliptic Curve Diffie Hellman

Elliptic Curve Diffie Hellman

ElGamal Encryption

ElGamal encryption is an asymmetric key encryption algorithm based on the Diffie–Hellman key exchange, named after Taher Elgamal². Alice encrypts a message to Bob with his public key, which can only be decrypted by Bob’s private key.

The following diagram shows how it works over an elliptic curve, such as secp256k1 in Bitcoin. As in a standard DHKE, the following shared secret is established.

              S = k * A = a * K = k * a * P

a is Alice’s secret key and k can be regarded as Bob’s.

To encrypt a message M, Bob simply adds it to S:

              C = S + M

Bob sends the ciphertext, the pair (KC), to Alice.

To decrypt, Alice can simply subtract to recover M:

              M = C – S

Note Alice knows S from K:

              S = a * K

ElGamal Encryption
ElGamal Encryption

Pay to decrypt

Alice locks fund in the following contract, with given K and C. Bob can only redeem it if he provides the correct plaintext and decryption key. We use the previous elliptic curve library for point arithmetic.

Contract Pay2Decrypt

Acknowledgements

This is an implementation of nChain whitepaper 1611.

***

NOTES:

[1] This applies to plaintext that can be made public, since it will be exposed on the blockchain.

[2] Taher Elgamal is dubbed the “father of SSL” and a doctoral student of Martin Hellman, as in Diffie–Hellman.

Tagged:

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
By Wahid Pessarlay
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
By Jon Southurst
December 13, 2024
Advertisement
Advertisement
Advertisement