 And now we have our next speaker, Mila Paul. So she's an educator pursuing her PhD and teaches offensive and defensive techniques. I just got a demo here. So welcome, Mila. So guys, here's Mila. Alison, Bob. And let's see what are the big secrets here. I thought I was going to have a clicker here, but I guess I'm going to be attached to this computer. So my name's Mila Paul. And I'm going to be talking about the cryptography behind blockchain. OK, so let me tell you a little bit about myself. I started like 20 years ago. I started when I started getting my computer science degree. I started working at my school in hardware and systems. And I did that for a while. Then I started defense contracting in the Middle East. And I ended up there for about 12 years. But I did learn a lot. I did systems, networks, some infrastructure design and investigations. Then a couple of years ago, I started my cyber ops degree program at DSU, which is actually a pretty amazing program. And then I got into blockchain. And now I'm back from the Middle East. And I live in Florida. And I just work in blockchain. So I'm adjunct faculty at Dakota State. I teach classes online in cyber sciences. Also at Wayne State, which is where I got my bachelor's. And I'm teaching blockchain certification course for them. I teach for open classrooms. I don't know if you'd heard of that. But it's a French company. And it's kind of like Udemy. And I have some courses on there in Java, Spring Security, OWASP, GitHub. So, oh, well, right now I'm also working with a company called Block Spaces. It's an accelerator program for blockchain companies. So I'm software architecting. And they asked me what I wanted my title to be. I said bad cop. But that didn't work too well for them just because I guess they have some enterprise companies working with them. Ha-ha. OK. So what am I here to talk about? The basic theme for DEF CON was cypherpunks. So I'm going to go over a little bit of the cypherpunk ideology. Why did the cypherpunks care about electronic cash? I'm not going to go into the history. And then I'm going to talk about the possible threats to Bitcoin Core. And post-quantum algorithms that are being considered. So what was the best accomplishment made by the cypherpunks? To me, it's the electronic cash systems. I wholeheartedly believe that that is where blockchain came from because there were so many attempts before that since the 80s. So basically, the ideology is privacy. And they were trying to come up with different ways to ensure privacy on networks that just were not safe. So a quote that I like is, privacy is the power to selectively reveal oneself to the world. So no one should be able to just go in and go near a computer or your phone, like find things out because you didn't tell them. All right, so how do they do that? How do they want privacy to happen? So the biggest challenge really with privacy and anonymity is just the networks aren't safe. So TCP, IP, and BGP are like super archaic and just not secure at all. Wireless security is a sham. There's just no such thing. Google's everywhere. So I mean, these are some basic challenges we face today in privacy. Another quote that really hit me from the CypherPunk manifesto from 1993 is, we the CypherPunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money. So as you might know, the Bitcoin Core is made up of the electronic hash system front end and then the back end, which is that blockchain. So Bitcoin Core is just basically, the blockchain is basically like a hodgepodge of all these algorithms that have already existed. So the ones that I'm going to talk about today are SHA-256, the RIPE MD-160, the Elliptical Curve cryptography, Merkle Tree hashing, and HashCash. Coming together, I just think that it's just a genius like blockchain. So I'm going to talk about the symmetric side. So we've got the SHA-256, RIPE MD-160, HashCash, and Merkle Tree with an extra E. So the SHA-256, if you know how hashing works, basically you have this message or this line of code or whatever that you're going to input, and then run that SHA-256 algorithm on it, and then you have this fixed output. So if you run 256, your output's going to be 256 bit. So what's it used for on Bitcoin Core? You'll use it for transaction hashes. So then if you have a transaction like I gave you five Bitcoin, it's going to be, did you say thanks? You're welcome. Yeah, so then you run 256 on it twice, then reverse it, and that's what they put in the actual block. And then it's used in mining when they're trying to get a specific hash with a certain number of zeros in front of it, and they just keep running that SHA-256 over and over again with a random number to get the specific number. And it's also used as a part of key generation. So RIPE MD-160, it's a compression function, so it's pretty complicated there. It runs 80 steps with five variations with each step, and then that runs 16 times, and then it runs through some modular arithmetic twice. So when you're creating a public key, the reason why the Bitcoin public key is much shorter than the private key is that they run that extra RIPE MD on it to compress it. So you start out with this key that's created, this key that's created by the elliptical curve cryptography. And I'm going to go over that later, but that public key is created. And then they run 256 on it, and then it's compressed. So then you have this shorter address. And there's a reason why I'm telling you all of this now. OK, so the hash cache, that was created in 1997. A lot of people were sending huge spam emails from wherever. And so this guy, actually he created for Department of State. It was for spam re-mailers. He started this proof of work algorithm. So basically it measures your resource usage. And the only way that you can prove it is by having this certain piece of code after you run those resources. It's SHA-256 squared or something. So with each email, they would have to run SHA-256. And if they were trying to send a million emails, that would use a lot of resources. So that was used in this for the mining. So basically how that works on the Bitcoin cores, you take this metadata and you add it to a random number, which is a nonce. And then you run that however many times you need to to get a certain number of zeros in the front of that hash. And the more zeros you need to have in front of that hash, the more difficult it is. So that's the result of the proof of work. And the Merkle Tree hashing. So part of what makes that blockchain so secure is that it's trustless and immutable. And you reach that with consensus and validation. And Merkle Tree hashing is the algorithm that's responsible for that on the blockchain. And of course, that helps with the integrity of those transaction hashes. Does everyone know what immutable means? Yeah, not being able to change, yeah. And then trustless, obviously, if all of you guys were the ones validating everything, you wouldn't have to trust each other. That's just how that algorithm works. So I'm going to go over Merkle Tree hashing. That's a Merkle Tree. That top hash is, let's say, if that's the Bitcoin blockchain, the top hash would be the Genesis block, the first block ever made. And then on the bottom, let's say L1, 2, 3, and 4 are the new blocks that are about to come in. So the way that works is, let's say you have a new block that was just validated and about to join, it's got that hash as the header. And then it joins the next level. And you'd take L3 and L4 at the end. I'm used to being able to walk around. Those two, you'd hash those two together. And then that would be the hash above. And then these two hashes would be hashed together. And that would be the hash above. So they're all connected. Like every single transaction that's added is added to that top hash. Because basically, it's like a ripple effect when you add a new block. It will change the metadata, the hashes, of the ones that are above them. So every time you add a new block, that Genesis block hashes changes that metadata. So that's how you're always able to validate and keep that immutability. Because if one thing changes, the whole thing would change. Also, the Merkle Tree is really efficient because if you have to validate something, you don't have to go in and look through every single block. You can go through the blocks that that specific block was on that tree, like that branch. So that makes it more efficient. GitHub uses Merkle Tree as well, except you can actually save files on GitHub. OK, so we talked about symmetric cryptography. So there was the shaw and the ripe, the hash, cache, and Merkle Tree. Now we're talking about the asymmetric cryptography. So this is the fifth algorithm I'm going to talk about. So elliptical curve cryptography is part of public key infrastructure. It's asymmetric. And the specific kind that was chosen for the blockchain is ECDSA sec P256K1 elliptical curve. So I'm just going to quickly brush over what public key infrastructure is, just because I'm forgetful and I think that some other people might be. Anyway, so I'm going to go over that Alice and Bob scenario that we've all heard. So we've got Alice and we've got Bob. Alice wants to send Bob a super secret email. So they decide to use public key infrastructure. So the keys at the top that you see, the top left, those are the public key. They both share the same public key. Now Alice wants to send Bob an email. So she has a private key. She gets that private key and it's derived from the public key. And she signs that email with a digital signature. Now she sends that email over to Bob. And Bob verifies it with his public key. So now he knows it came from her. He wants to send her an email back. So he has his own private key. And he signs it with his digital signature and sends it to her and so on. So that's our little review on PKI. So what does that have to do with Bitcoin and blockchain? All right. So a Bitcoin user will have a public key and a private key using PKI. And the transactions are made through a digital signature with the private key and are validated. So this is what an elliptical curve looks like with the ECDSA SECT-256K1. That fiber is just kind of like that, I don't know, just that little weird round shape. So there's three steps to using the elliptical curve cryptography. There's key generation, key generation. Are you guys able to hear me? Key generation, creating the digital signature and verification. So first you start with key generation. So we'll create the private key and the public key. So the random number that we're talking about with the private key that it starts with is a point that's around that curve. So when you see on the right, you'll see all the points basically to guess a private key, you'd have to know which point it started on, the random number. And the signature. The signature is created with some modular arithmetic and you're working with the random number that R is the random number. So the R is the starting coordinate for that elliptical curve. So it's kind of like a billiards game, like you start and then you hit one point against the table and then you continue playing the game and then when the game's over, you can't go backwards with everything and then end up with that same per random point that you had. And that's what makes elliptical curve cryptography so difficult to break. That was the best metaphor I could come up with. You can like, side your mouth so the air doesn't close your ears. Thank you. Is that okay? Can you guys hear me? Okay. All right. And then the last thing you do is verification. So the verification is where you take, where you verify the random number. So if you had the right private key, you'd be able to go through those five equations and then verify the proper random number and then you get the Boolean answer. So if you're right, then obviously the transaction goes through. If you're not, then it doesn't. So that's what makes elliptical curve so difficult to break. So what I think makes blockchain so secure is the public key infrastructure and the Merkle Tree hashing aspect. So with public key infrastructure, you get your transaction verification. So that was the verification where you get that Boolean answer with the elliptical curve. And then with the Merkle Tree, you can validate it because the hashes are constantly changing as blocks are changing. So what have we talked about so far? I talked about electronic hash and how it was made for privacy. I talked about five different algorithms. The SHA-256, RIPEMD-160 hash, hash, Merkle Tree, and the elliptical curve. Now I'm gonna talk about some post-quantum cryptography, things that we could probably end up using in the future or stuff that's being researched right now. So what can break it all is cryptanalysis. Part of that is quantum machines and quantum algorithms for the quantum cryptanalysis. So just to review, if they were to break symmetric cryptography, they'd have to break something like one of those four or with the asymmetric, the elliptical curve cryptography. So with the symmetric, there's this theory that Grover's algorithm could possibly speed things up and break symmetric. That's being researched. I don't know if it's actually been implemented as software on an actual quantum computer. I don't have that kind of knowledge. But this, as far as I'm concerned, is still theory. But the way Grover's algorithm works is that it runs an unstructured search through several threads or parallel universes as they'd say in quantum. So quantum's kind of like yes and no at the same time, whatever. It's just a lot of different things going on at the same time. And with Grover's algorithm, if they could possibly actually implement that into software, you could take the number of steps that it would normally take to break something asymmetric and square root it. So instead of a million steps, it would be like 1,000 steps. So theoretically, that's how it's supposed to work. With asymmetric, we've got Schor's algorithm. So the way asymmetric works is that you've got this really huge number and then you wanna factor it down to prime numbers. So if you can factor a whole bunch of these numbers down to prime numbers, then multiply them, then you'll have that large number. So did that make sense? Okay, so how does this work? Well, you know with crypt analysis, a lot of times it's just a lot of random guesses and then you just narrow it down. So this is kind of the same thing, but it moves a lot faster because it works with a lot of different algorithms that just make it run faster. At the low level, it's some pretty intense stuff. If you wanna look that up, it's pretty interesting actually. So asymmetric algorithms are the ones that are at the highest risk of being broken, according to theorists these days. So the one that would be at the highest risk of being broken would be our elliptical curve cryptography that creates our public key, private key, digital signatures on our transaction hashes and verification. So, Bitcoin cores, it's on GitHub. It can always be upgraded. People can always send suggestions. So if you have any, you can send it to them. But some ideas maybe are to replace PKI if you're not gonna use asymmetric. You wouldn't have any public or private keys. No authentication with digital signatures. So there's three of them that I'm gonna talk about that are like at the top of the list because there's a contest for people trying to come up with newer things and obviously being implemented in other blockchains. So you'd need a stronger asymmetric alternative than the ECDSA. So here are three. The super singular isogenic key exchange, lattice-based cryptography, and Mech Elise. So this is super kellofragilistic espelidocious. It's also a key exchange. It's based off of Diffie-Hellman. So it's kind of like ECDSA but on steroids. This works with super singular elliptical curves. So far we looked at singular elliptical curves. That is one geometric fiber. Super singular has many. So there's just a lot more functions involved, obviously because each one has their own functions or like multiple ones. So they call those endomorphism rings. And so the more you bring together, the more I guess it's called an algebraic group and it just has to be finite. And that's called isogenic. I might be botching that up. Okay, so the second one I wanted to talk about is lattice-based cryptography. And there's many different kinds of the lattice-based. It's based off of matrices. So you'll have this large graph with all these different points on it. Learning with error, that's a method of crypt analysis but that's also one of the methods that it can be broken. If you have a number that's really close to the random number. But again, all the low-level details, they're a lot easier to understand if you just read them on the internet. Okay, so to crack Alice and Bob's super secret with lattice, got the Cheshire cat over there trying to crack it. So here's a few different kinds of problems that a crypt analyst would have to solve to break it. And hence there's different kinds of lattice-based cryptography. So you could crack a random number with the vector that's close to it. As I mentioned before, with the learning for, is it called learning with error. Finding the smallest vector. And these are just looking for the points and then finding the shortest distance between the vectors. Okay, so this is the third one, Mecca-Lise. And this is probably the most difficult one to implement with what most of us have these days. So it's said to be immune to Shor's algorithm. And it also works on the public key system. So Cheshire cat fights Mecca-Lise for Alice and Bob's secret with brute force and most likely techniques. Cause that's pretty much all they've got for that. It needs optimal resources because the public key is 512 kilobits long. We talked about 256 bit. This is 512 kilobits long. And the data rate is 50% less than most of the other ones. So you'd need really good technology to implement that. Maybe something that won't need to run so fast. And that's all I've got for the three. So I have contact information for my LinkedIn. And if you have your own cryptographic algorithm that you want to provide, there's a website down there where they show all the different says round two submissions. So people are just submitting different things for this project on this.gov. I will try my best to answer questions. Does anybody have any? Was that that confusing? Yes? It would have. Yeah, yeah, obviously. Yeah, that would be a change in code. There would have to be. Yeah, because people that are currently using public and private keys, they wouldn't be able to access anything if they've had a lot of transactions. But if you have something stored and you haven't made a transaction at all with it, if it's just sitting at an address, you can still get to it even after that change is implemented. Yes? Honestly, yeah, so these are all theories. None of them have really been implemented. I think there's like, it's now like 14 billion in the pot. These people that have the quantum computers, they have a lot more money than that. I don't think they care. Unless they just want to break the system. It's, yeah, possibly in 10 or 20 years could be susceptible, yeah, depending on how fast the technology moves. Exactly, that's what I was saying. It's safe. Yeah, that's why it's safe if you just leave it there, if you don't. Yeah, yeah, that's the safest practice. Yeah, essentially, if you don't do another transaction, yeah. That's why I think it's just so genius. Just these five algorithms brought together. You think so? I mean, honestly, I think like 10 or 20 years. I don't see it anytime soon. I don't see anything like that breaking. But I'm not a huge expert on that. I don't have that computer. I've never used it. I just, I don't know. This is all theory. And pretty interesting to me. Any other questions? So the theory out there is that it's easier to crack than symmetric. Like, symmetric is a lot harder. Oh, sorry. So he's saying. I asked if asymmetric computing is harder to crack than symmetric. It's the opposite. Yeah. Yeah, that's why we were talking about the elliptical curve and what they were coming up with. I can barely hear you. Sorry. Anything else?