# DLT final ## Q1 ### Part A. What is the elliptic curve? An elliptic curve is a set of points which satisfy the equation $y^2 = x^3 + ax + b$ and an ideal $\mathcal{O}$ of the curve. ### Part B. Explain the arithmetic of points over an Elliptic Curve, with all necessary formulas. #### Point at infinity: $\mathcal{O} + \mathcal{O} = \mathcal{O}$ #### Point negation: $\mathcal{P} + (-\mathcal{P}) = \mathcal{O}$ #### Point addition: Given 2 points P and Q, addition is defined as the negation of the point resulting from the intersection of the curve and the straight line defined by those 2 points. $P + Q = R$ #### Point doubling: When 2 points P and Q are at the same coordinates, there is no straight line between them, so the operation is closed using limitiing case, the tangent to the curve E at P. #### Point multiplication: The easiest way of computing elliptic curve point multiplication is through repeated addition, but it is also most inconvienient as it leads to the exponential time complexity. The common algorithms for computing multiplication are *Double-and-add* and *Windowed method*. ### Part C. What are the ground fields used in Elliptic Curve cryptography in DLT? Any finite field can be utilized to make EC work. ### Part D. How Elliptic Curve digital signatures are implemented? Say, Mark wants to send a signed message to Maria. First, they must agree on the curve parameters: curve field and equation, base point $\mathcal{G}$, $n, n \times \mathcal{G} = \mathcal{O}$. The order $n$ of the base point $\mathcal{G}$ must be prime. By Bézout's identity $n$ itself is prime. Mark creates a key pair consisting of a private key $d_A$, which is randomly selected in the interval $[1, n-1]$, and a public key curve point $Q_A = d_A \times \mathcal{G}$. Multiplication here means EC point by a scalar. For Mark to sign the message $m$, he does the following: 1. Calculates $e = hash(m)$. (hash - whatever, SHA-2 or something). 2. Put $z$ as the $L_n$ leftmost bits of $e$, where $L_n$ is the bit length of the group order $n$. 3. Select a cryptographically secure random integer $k$ from $[1, n-1]$. 4. Calculate the curve point $(x_1, y_1) = k \times \mathcal{G}$. 5. Calculate $r = x_1 mod \ n$. If $r = 0$, go back to step 3. 6. $s = k^(-1)(z+rd_A) mod \ n. If s = 0, go back to step 3$. 7. The signature is the pair $(r, s)$. For Maria to verify Mark's signature, she must have a copy of his public key curve point $Q_A$. Maria can verify $Q_A$ is a valid curve point following bellow instruction: 1. Check that ${\displaystyle Q_{A}}Q_{A}$ is not equal to the identity element {\displaystyle O}O, and its coordinates are otherwise valid 2. Check that $Q_{A}$ lies on the curve 3. Check that $n \times Q_{A}=O$ After that: 1. Verify that $r$ and $s$ are integers in $[1, n-1]$. If not, signature is invalid. 2. Calculate $e = hash(m)$, (hash - whatever, SHA-2 or something). 3. Let $z$ be the $L_n$ leftmost bits of $e$. 4. Calculate $u_1 = zs^(-1) mod \ n$ and $u_2 = rs^(-1) mod \ n$. 5. Calculate the curve point $(x_1, y_1) = u_1 \times \mathcal{G} + u_2 \times Q_A$. If $(x_1, y_1)$ = O then the signature is invalid. 6. The signature is valid if $r \equiv x_1 (mod \ n)$. Invalid otherwise. ### Part E. What are the advantages of Elliptic Curve digital signatures over RSA ones? Elliptic curves has much-much shorter keys than RSA, thus: 1. Utilizes less storage. 2. Allows faster computations. ## Q2. Explain how the classical Bizantine Fault Tolerance protocol works. For $n$ nodes with $m$ traitors the BFT algorithm is the following: 1. Each node sends its payload to other nodes. 2. Each node defines vector of payloads of others: $[v_1,v_2,v_3, ... v_n]$. $v_i$ is value of node $i$ 3. Then each node delivers constructed vector of payloads to other nodes. 4. Then each node processes all received vectors and makes a descision about all others. To do so algorithm requires to take $n-m$ payloads of certain node (from all nodes, except itself). If some payload repeats $n-m-1$ times, then algorithm takes this payload as true payload of that node. 5. Between all nodes results there are $m$ payloads which are different. Because of the algorithm all "good" nodes can agree, that those who sent a payload included in $m$, are traitors. Thus, consensus is reached.  ## Q3. Find 10 differences between Bitcoin and Ethereum technologies (from all points of view). 1. Bitcoin was created for cryptocurrency management, while Ethereum to support smart contracts. 2. In terms of mining Etherimum works faster than Bitcoin. 3. Ethereum aims to transfer to PoS technology in version 2. 4. Bitcoin amount is limited by 21 million at all, while Ethereum is fixed by 18 million per year. 5. Inventor of Bitcoin seems to be Satoshi Nakamoto, while Eth was create by Vitalik Buterin and his team.\ 6. Virtual machines for these two currencies are different. 7. BTC and ETH differ in price: about $18k for BTC and $610 for ETH. 8. Bitcoin is a currency, while ETH is a token. 9. Ethereum is younger than Bitcoin (2015 vs 2009). 10. Ethereum is popular for building apps on top of it, but BTC is more useful to buy stuff. ## Q4. Find 10 differences between Ethereum and HyperLedger Fabric technologies (from all points of view). 1. Hyperledger allows to make a closed for outsiders network. Ethereum cannot do such things. 2. Hyperledger allows to reach consesnsus via PBFT or even to have no consensus at all. Ethereum currently uses PoW, but promises to drop PoS in v2. 3. Hyperledger supports Golang, JS, Java programming languages. Ethereum only provides Solidity interface. 4. There is no mining in Hyperledger, thus no cryptocurrency. It is completely different in Ethereum, which has both mining and currency. 5. Hyperledger can provide confidentiality, while Ethereum is created with ideas of anonymity. 6. Ethereum has acoounts, and each transation has fields "from" and "to". Hyperledger has no such things.