MGC TOKEN technical explanation —— Open source code private key management system

Private Key Management System
Private key management system
In the early days of the Internet, the security of electronic data was not given enough attention. In the process of electronic data transmission, it is often threatened by data eavesdropping, data tampering, identity camouflage and so on. As electronic data transmission technology becomes more stable, regulators have begun to pay attention to and develop relevant safety standards.
The security of electronic data transmission involves the following aspects:
Confidentiality
Confidentiality refers to the encryption and decryption of data to be transmitted. Data encryption and decryption are usually used to ensure the security of data during transmission.
2. Integrity
Data integrity means that data is not allowed to be modified during transmission (third party malicious tampering or data loss), but it does not require confidentiality of the data, which means that other people can see the plaintext data.
3. Authentication
The authentication is a special data encryption and decryption method agreed by the data sender and the data receiver. After the data sender encrypts the data through an agreed encryption method, the data is sent to the receiver, and the receiver can follow the agreed encryption method. Decrypting the data correctly means that the authentication of the data sender is successful.
Electronic data transmission security management can encrypt and decrypt electronic data through blockchain keys. In modern cryptosystems, encryption and decryption use different keys (ie public keys), that is, asymmetric key cryptosystems. The keys are not independent. Each user needs two keys, namely public key and The private key, the public key is public, does not require confidentiality, and the private key is held by the individual and must be kept safe and confidential. The public key is extracted from the private key, so the private key is very long, 968 bits, 1024 bits, 2048 bits, and 4096 bits.
The principle of encryption and decryption of public and private keys:

1. A public key corresponds to a private key;
2. In the key pair, let everyone know that the public key, only what you know, is the private key;
3. If the data is encrypted with one of the keys, only the corresponding key can be decrypted;
4. If one of the keys can be used to decrypt the data, the data must be encrypted by the corresponding key.
   For traditional symmetric encryption, the security of ciphertext depends entirely on the confidentiality of the key. Once the key is compromised, there will be no confidentiality. But the asymmetric key encryption system has completely changed this situation. In the public key cryptosystem, the public key is public, and only the private key needs to be kept secret. Knowing the public key and cryptographic algorithms to infer that the private key is computationally infeasible. Thus, as long as the private key is secure, encryption is trusted.
   Private key public key address
   Private key: randomly generated, expressed in hexadecimal format (256-bit binary number, displayed as 64-bit hexadecimal number, each hexadecimal number 4 bits)
   Public key: The private key is processed by the SECP256K1 algorithm to generate a public key. This algorithm cannot reverse the private key from the public key, which is the basic algorithm for securing bitcoin security.
   Wallet address: Calculate the SHA256 hash value with the public key K as input, and calculate the RIPEMD160 hash value with this result to obtain a number of 160 bits (20 bytes). The same bitcoin address cannot be deduced. Public key, ie: A = RIPEMD160 (SHA256(K)) In the formula, K is the public key and A is the generated bitcoin address.
   
   Private key - public key - wallet address relationship
   The private key can push the public key and the wallet address, but not the other way around.
   Private key-public key relationship
5. The public and private keys appear in pairs
6. The public key is called the public key, and only the private key known to you;
7. The data encrypted with the public key can only be decrypted by the corresponding private key;
8. The data encrypted with the private key can only be decrypted by the corresponding public key;
9. If the public key can be used for decryption, it must be the secret of the corresponding private key;
10. If the private key can be used for decryption, it must be the secret of the corresponding public key;
    Private key-public key-wallet address is mutually generated
    
    As can be seen from the above figure, the private key can generate the public key and the wallet address, but the public key cannot generate the private key. At the same time, the wallet address cannot generate the public key. Specifically look at the following picture:

1. First use the random number generator to generate a “private key”. Generally speaking, this is a 256-bit number. With this number of digits, you can operate the bitcoin in the corresponding “wallet address”, so it must be safely saved.
2. The “private key” is processed by the SECP256K1 algorithm to generate the “public key”. SECP256K1 is an elliptic curve algorithm that can be counted as a “public key” when it is known by a “private key”. When the “public key” is known, it cannot be calculated as a “private key”. This is the algorithmic basis for securing bitcoin security.
3. Like SHA256, RIPEMD160 is also a Hash algorithm. The “public key” can be used to calculate the “public key hash”, which in turn does not work.
4. Connect a byte address version number to the “public key hash” header (this byte is “0” for the pubkey address of the Bitcoin network), and then perform two SHA256 operations on it, the result will be The first 4 bytes are used as the checksum of the “public key hash” and are connected at the end.
5. The result of the previous step is encoded using BASE58 (the customized version of Bitcoin), and the “wallet address” is obtained.
   For example, 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
   Transaction verification process
6. Generate transaction information:
   Payment address, payment address, amount.
7. Signature:
   The payer uses the private key to sign the transaction information (summary) to generate signature information;
   At the same time, the private key also generates the public key of the payer;
   This step ensures the source and integrity of the information.
8. Broadcast
   Broadcast transaction information and signature information to the network.
9. Verification
   The node compares the signature information + the public key operation result of the payment with the original transaction information.
   
   Both the collection node and other nodes in the Bitcoin network can verify that the transaction is valid. The valid transaction that passes the verification will be packaged by the miner into a new block and uploaded to the blockchain. Generally, the confirmed payee of the 6 blocks can be fully confirmed. (10 minutes, one hour, the reason is that it is almost impossible for an attacker to tamper with the network after 6)