one time pad using blockchain

0

I am thinking if secure encryption like one time pad (OTP) is achievable using bitcoin blockchain? The reason is bitcoin blockchain size is over 70 GB, which could potentially encrypt/decrypt 70 GB worth of data. All that is needed by the sender and receiver is blockchain and an application that encrypts and decrypts the data on the sender and receiver end respectively. Please share your thoughts if it is a bad or wild idea and why? How about using other public blockchains like Ethereum or private ones like Eris or Hyperledger. What would make it work?

user2065276

Posted 2016-04-12T15:00:26.050

Reputation: 165

Answers

5

The requirement for a one time pad to be secure is that it consists of uniformly random data, only known to the participants that should be able to encrypt/decrypt.

The blockchain is not random (it's created by miners and users creating transactions), certainly not uniformly random (blocks and transactions have a very strict syntactic structure), and worst of all it is designed to be known to the entire world (or in the case of private blockchains, to all those who should be able to audit).

Short answer: bad idea.

Pieter Wuille

Posted 2016-04-12T15:00:26.050

Reputation: 54 032

Thanks a lot for your answer. Can one also not use blockchain as a source of generating random one time key? This means not using blockchain directly but as a source or intermediate step,user2065276 2016-04-12T15:53:04.963

I did n't get the idea of audit. Should n't the private blockchain be accessible to only the sender and receiving parties? Who are auditors that you mentioned? Thanksuser2065276 2016-04-12T15:54:13.650

1If a private blockchain is only accessible to the sender and the receiver, why do you need a blockchain? Just a digital signature suffices. The blockchain is there to interoperate with others that can verify the validity of the transactions. And no, it is not random data, sorry. Every byte in it is chosen by some party; if you can influence that party, you can influence the outcome.Pieter Wuille 2016-04-12T16:09:30.300

In my humble understanding, Digital signature is for non-repudiation. It is not substitute for encryption/decryption. The validity of the transaction is done by the recipient (who could be one or more). Sorry to drag this but its good to clear some points of confusion. Thanks very much againuser2065276 2016-04-12T16:14:41.283

1A blockchain is not a substitute for encryption either.Pieter Wuille 2016-04-12T16:15:13.597

Digital signature schemes are really just encryption/decryption, but with an asymmetric cipher. Because asymmetric cryptography takes longer, it is generally only used with small bits of data, such as hashes of larger pieces of data. With these asymmetric ciphers, you can also use Diffie-Hellman key agreement to come to agreement on a symmetric key, and then use a symmetric cipher on larger pieces of data. I think the part you are confused with is that you believe you need a 70GB key to encrypt 70GB worth of data. You don't.Jestin 2016-04-12T16:27:29.453

@Jestin That's probably the most common misunderstanding about digital signatures I see: they are not the same as encryption. It is true that one specific algorithm (RSA) can be used for both encryption and signatures, but that is not true in general. Specifically, the signature algorithm Bitcoin uses (ECDSA) cannot in any way be used for encryption.Pieter Wuille 2016-04-12T17:18:24.997

@Jestin The question is also about a One Time Pad, the only provably secure encryption algorithm. And it does need a key as large as the data being encrypted. You can also use it only once, and has hardly any use in practice.Pieter Wuille 2016-04-12T17:20:11.757

Asked: 2016-04-12T15:00:26.050

Viewed: 447 times

Active: 2016-04-12T15:12:52.677