Last time: Block chain Chain because each block contains a hash of the last one RSA will be used for signature Transactions are recorded in each block A bit about RSA security: Notes from Wikipedia Quantum computing article from this month Keep an eye on it, but don't panic Bitcoin does not actually use RSA It's easy to demonstrate RSA, but there are a few other methods Elliptic-curve cryptography is used instead But that might not be quantum-resistant either A proposed solution from a non-expert, if elliptic curve cryptography looks unreliable: 1. Update the public key algorithm 2. Everybody transfer their money into a new wallet SHA256: xor, and how xor works again Remember: It's easy to undo A hash function results in a fixed size number Regardless of input size What we want from a good hash function: A chance in the input must produce an unrelated output Not just different. Unrelated! Not just big chances. Any change! This includes adding on to the end Also includes changes that might seem to cancel Evaluation of hash functions: Collision Resistance: Can't find two values that hash to the same thing Chosen Prefix Collision Attack: Can't find related values given a prefix Preimage resistance: Can't find a message with a specific hash value Length Extension: Can't calculate a hash value for an extended version of the message Sha256 is good on all of these Let's look at how it works! Start by reviewing Wikipedia entry Diagram of an iteration Alright, so if we change one little thing, it'll change the hash a lot? Let's try it! So now, to sign something: Calculate the SHA256 hash Encrypt the hash with your private key That's the "signature"