#Cryptography Overview

#Introduction

This section provides definition of common cryptography terms used through the ARK Ecosystem product landscape. You will learn the importance of your passphrase and how it translates to private key, public key and wallet address generation. We also explain some common encryption algorithms and encoding protocols.

#Passphrase

A passphrase is a “key to the castle.” It is used to directly calculate the PrivateKey of an ARK account and should never be shared, stored irresponsibly, or transmitted over the internet. The only person that should ever have access to a passphrase is the owner of its account.

We can technically use any word, phrase, or string as a passphrase which will result in a valid ARK Address or Wallet; however, it is heavily discouraged as the security of an address relies on the randomness of its Passphrase. Humans are bad at creating randomness, and entering sequences of random letters and numbers isn’t easy to do accurately.

To promote usability while also maintaining security, ARK passphrases are implemented using the BIP39 Protocol . Simply, it’s a mnemonic sentence constructed via randomly chosen words from a large wordlist . From here, that sentence or “Passphrase” is piped through a series of hashing, curve, and encoding algorithms to derive a PrivateKey / WIF, a PublicKey, and subsequently Addresses / Wallets and Signatures.

Cryptography overview

The following examples will be using test-fixtures from the ARK Core repo on GitHub .

Identities Test Fixtures:

1{
2    "data": {
3        "privateKey": "d8839c2432bfd0a67ef10a804ba991eabba19f154a3d707917681d45822a5712",
4        "publicKey": "034151a3ec46b5670a682b0a63394f863587d1bc97483b1b6c70eb58e7f0aed192",
5        "address": "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib",
6        "wif": "SGq4xLgZKCGxs7bjmwnBrWcT4C1ADFEermj846KC97FSv1WFD1dA"
7    },
8    "passphrase": "this is a top secret passphrase"
9}

Message Test Fixtures:

 1const fixture = {
 2    data: {
 3        publicKey:
 4        "034151a3ec46b5670a682b0a63394f863587d1bc97483b1b6c70eb58e7f0aed192",
 5        signature:
 6        "304402200fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e02205ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8",
 7        message: "Hello World"
 8    },
 9    passphrase: "this is a top secret passphrase"
10};

To learn more about randomness, visit the Wiki’s on Randomness and Random Number Generation

#PrivateKey

A PrivateKey is a 256-bit integer represented by a 32-byte Hex-encoded string of 64 characters obtained via SHA256 hashing of a Passphrase.

PrivateKey Generation Steps

To understand the significance of this large number, consider the following:

Passphrase:

1"this is a top secret passphrase"

PrivateKey HEX (base 16) / SHA256 of Passphrase:

1d8839c2432bfd0a67ef10a804ba991eabba19f154a3d707917681d45822a5712

PrivateKey DEC(base 10 encoded):

197932109907804210295451942024598204992707895659209392543371974078748689061650

The DEC representation is the “base 10” interpretation of our PrivateKey and gives us a little insight into the size of the numbers we’re dealing with “under the hood”. This large integer is also referred to as a “BigNumber” or UINT256.

#WIF (PrivateKey)

WIF stands for “Wallet Import Format”, and is a BASE58-encoded PrivateKey prepended by a network prefix-byte (0xaa for ARK Mainnet & Devnet Network). The compression byte indicates that ARK uses compressed PublicKeys.

WIF Encoding

It’s essentially a more usable/human-readable PrivateKey and should be treated with the same diligence with regards to storage and security.

#PublicKey

A PublicKey is like an ID or Passport. It is a mathematical proof of identity and is derived from a PrivateKey via ECDSA and SECP256K1 computation.

PublicKey Generation Steps

ARK also uses “Point Compression” to obtain compressed PublicKeys that are 33-bytes in length.

#Address / Wallet

An ARK address is shareable much like an e-mail address. It is the destination to which ARK tokens can be sent, and is obtained from a PublicKey via a combination of RIPEMD160 hashing and Base58Check encoding prefixed by a single network byte.

Since an address is derived from a PublicKey, that means it is also mathematically tied to a PrivateKey and Passphrase.

ARK Address Generation Steps

#Network Prefixes

#Address Prefix Table

The following is a full prefix-byte table for custom Address construction and is provided for informational purposes. While this would not be used for ARK Mainnet or Devnet, it CAN be used for custom networks.

Adapted from: https://en.bitcoin.it/wiki/List_of_address_prefixes

#Signature

A Signature is essentially proof that a message or transaction was “signed” by a particular PrivateKey / Passphrase.

Remember that this same PrivateKey also has a matching PublicKey. That means a Signature is computationally linked to its corresponding PublicKey using ECDSA and SECP256K1 standards.

Signing Process Example

ARK Signatures use DER Encoding.

#Algorithms

#ECDSA

ECDSA is a “Digital Signature Algorithm” variant based on and “Modular Arithmetic” .

It is a standard to sign and verify transactions/messages and Signatures using Elliptical Curve Cryptography .

#SECP256K1

SECP256K1 defines the set of ECDSA parameters used to produce output “deterministically”, meaning the same input will always result in the same output. Additionally, no two inputs will ever produce the same output; It is also hard to reverse. This is known as the Discrete Logarithm Problem and is the basis for Curve Cryptography.

Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know.

~ William S Jevons, The Principles of Science, 1874

#Encoding

#DER

An ARK Signature is DER Encoded using BIP66 standards.

Upon obtaining a Signature from the ECDSA/SECP256K1 algorithm, it will first be in its raw form known as an “r” and “s” value.

Signature: DER (X.690 : ASN.1) Encoding

Signature (r, s):

1(0fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e, 5ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8)

In our example, the “r” and “s” values are each 32-bytes in length. Each of the “r” and “s” sequence identifiers are also 1-byte in length. Additionally, the slots for the size of “r” and “s” each occupy 1-byte.

This means that the length of the “r” and “s” values is 64-bytes. The (r,s) section identifiers and their sizes occupy a total of 4-bytes.

The total length of our signature is 68-bytes (0x44 in hex).

The very first byte of an encoded signature is the sequence identifier 30.

To encode the (r, s) values, we place 30 as the leading byte, followed by the total signature length (0x44 in this example).

We then place the sequence identifier for “r” (02), proceeded by the size of “r” in hex (0x20), proceeded by the r-value itself (0fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e).

Finally, we place the sequence identifier for “s” (02), proceeded by the size of “s” in hex (0x20), proceeded by the s-value itself (5ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8).

DER Encoded Signature:

1304402200fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e02205ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8

#BASE58check

Base58Check encoding is used to produce human readable/typeable text from a hash.

It is used to encode a PrivateKey and is also the final step to encoding an ARK address.

#Hashing

#RIPEMD160

RIPEMD160 is a subset of the RIPEMD family of cryptographic hash functions .

As its name suggests, RIPEMD160 hashes are 160-bits in length.

#SHA256

SHA256 is a subset of the SHA-2 family of cryptographic hash functions .

As its name suggests, SHA256 hashes are 256-bits in length.