**The role of public-key cryptography in the SYL ecosystem**

To continue our series of articles explaining the technical aspects of XSL Labs’ technology, we will now focus on cryptographic protocols. Indeed, the XSL Labs ecosystem will be in part based on public-key cryptography, which will allow trust to be established between the different entities in the ecosystem. In this blog post, we will quickly go through the history and evolution of cryptographic protocols to understand their functionality and implementation in the SDI.

As early as Antiquity, to convey important messages in the context of war, Julius Caeser used an offbeat alphabet in which the letters were moved three positions: he wrote a ‘d’ for an ‘a’, an ‘e’ for a ‘b’, etc.

This “Caesar cipher” is one of the earliest known cryptographic protocols. It is a substitution cipher in which the algorithm or encryption method causes each letter of the alphabet to be substituted by a letter of the encrypted alphabet. To increase the level of security of this cryptographic protocol, Caesar also encrypted his text with Greek characters which were not understood by the hostile Gauls and he would also shuffle his text so that it could not be transcribed word by word.

Subsequently, many protocols increasingly complex emerged.

Europe, cryptographic protocols only reappeared around the 15th and 16th centuries, most notably with the Vigenère cipher which is a complex substitution cipher with a key system. The key, which can be a word or a sentence, allows to replace each letter of a message according to a system of correspondence. The innovation is that the same letter can now be substituted by different characters, according to the table below:

In principle, both parties must know the key: the sender encrypts with it and the receiver uses it to decrypt the text. In fact, it was not until 1863 that a method to determine the size of the key was discovered by Friedrich Kasiski. However, even an extremely long key cannot ensure the security of this protocol. In spite of that, Vigenère ciphers will experience an increased use in the twentieth century with keys formed by letters taken at random, until they are eventually replaced by new mechanical cipher devices.

The most notorious is certainly the Enigma machine, used in the Second World War to send messages and whose encryption capacities exceed 10^{16} possibilities. Today, computers have replaced mechanical cipher devices. Many IT standards use different cryptographic protocols to secure content and, above all, authenticate issuers. In regards to cryptography and the Internet, French cryptologist Jacques Stern stated “with the Internet and the Web […] cryptology has gone from being a science of secrecy to a science of trust.”

Cryptography, which literally means “hidden writing” or secret writing, is the field of study that aims to ensure the confidentiality of messages.

It requires three properties:

– confidentiality: ensuring that information is only attainable to authorized persons (who can read the message).

– authenticity: ensuring that the message comes from the expected sender. It is about being certain of the origin of the message (who sent the message).

– integrity: ensuring that the data is what it should be. In other words, it is about ensuring that the data has not been altered during its transmission (has the message been changed?).

Cryptography protocols are divided into two sections: symmetric-key cryptography and public-key cryptography, which we will look at now.

In symmetric-key cryptography, also known as secret key cryptography, the sender and receiver must first exchange the secret key that allows the message to be read. The key is therefore shared between the sender and the receiver.

The sender uses the key to encrypt the message. The message is then sent to the receiver who can decrypt it using the same secret key.

Unfortunately, symmetric-key cryptography has some problems, the first being the transmission of the secret key. Indeed, the key encrypts and decrypts the message and its transmission creates confidentiality risks. In addition, when there is a large number of receivers, it implies having to use one secret key per receiver, which can be impractical. Public-key cryptography solves these problems.

Public-key cryptography is a field of cryptography in which a distinction is made between public and private data. In it, a pair of keys is used:

– public keys, which can be known to everyone

– private keys, which are known only to their owner

Key pairs are generated through the use of cryptographic algorithms, with one-way mathematical functions.

Thanks to this protocol, it is possible for everyone to encrypt a message using a public key. However, the message can only be decrypted by the person who holds the private key associated with the public key.

Unlike symmetric-key cryptography protocols, public-key cryptography allows certified and secure identification of the message’s sender. With it the sender can prove that the encrypted and signed document comes from him. The private key is used to sign the message and the public key is used to verify the signature.

The process goes like this: the fingerprint or “hash” of the message is created by the sender **[1]**, which is then encrypted with his private key to form the signature of this message. Finally, the message and signature are sent to the receiver.

On the other side, the receiver of the message generates as well the hash of the message using the same hash function as the sender. He then decrypts the signature with the sender’s public key and compares the value calculated to that of the message fingerprint.

If the two values are equal, then the signature is authentic. The receiver can be certain that the sender is legitimate and that the message is untampered.

If the values obtained are different, the message is not authentic.

The development of decentralized identifiers involves the use of authentication protocols such as digital signatures. These protocols are mentioned in the W3C work framework relating to DID **[2]**, without specific tools to implement being specified.

These protocols are vital for the creation of trust in the system: it is necessary to be able to prove the integrity of the transmitted data, and to be able to verify the authenticity of the issuer.

That is why XSL Labs’ SDI relies on public-key cryptography protocols and in particular the use of digital signatures, to meet these requirements.

The private / public key pair is created during the creation of the SDI. The SDI subject keeps his private key while the public key is recorded in the smart contract.

This way, the public key is directly available and useable in digital signatures to interact with other SDI subjects, other DIDs, or with authorities to request Verifiable Credentials or even to share Verifiable Presentations.

A notable use case of the digital signature is when the SDI subject requests a Verifiable Credential to a trusted issuer who will have to verify that the request does indeed come from the SDI subject through his signature.

Likewise, when the SDI subject holds Verifiable Credentials and wishes to share a Verifiable Presentation, he must sign the Verifiable Presentation with his private key. The receiver would then be able to verify the Verifiable Presentation’s authenticity with the SDI subject’s public key.

It is the birth of an ecosystem of trust where the identity of users is guaranteed, as well as the integrity of the data they choose to share.

As we have seen, the history of cryptography began in ancient times. As for its technique, it has never ceased to evolve thanks to the ingenuity of thinkers and technological developments, which provided more possibilities and computing power. Whether encryption or signatures or Verifiable Credentials, cryptography accompanies henceforth a digitally-oriented world to meet ever greater demands for trust and confidentiality.

[1] The hash is the result of applying a hash function to data. It is a one-way mathematical function that calculates a digital fingerprint used to effectively identify data.

[2]Pour plus d’informations : https://www.w3.org/TR/did-core/