-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathindex.html
328 lines (319 loc) · 16.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<script>
(function (i, s, o, g, r, a, m) {
i['GoogleAnalyticsObject'] = r; i[r] = i[r] || function () {
(i[r].q = i[r].q || []).push(arguments)
}, i[r].l = 1 * new Date(); a = s.createElement(o),
m = s.getElementsByTagName(o)[0]; a.async = 1; a.src = g; m.parentNode.insertBefore(a, m)
})(window, document, 'script', 'https://www.google-analytics.com/analytics.js', 'ga');
ga('create', 'UA-88720806-1', 'auto');
ga('send', 'pageview');
</script>
<link rel="stylesheet" href="github-markdown.css">
<title>Cryptography behind cryptocurrencies</title>
<style>
.markdown-body {
box-sizing: border-box;
min-width: 200px;
max-width: 980px;
margin: 0 auto;
padding: 45px;
}
@media (max-width: 767px) {
.markdown-body {
padding: 15px;
}
}
table {
line-height: 1.2;
}
.note {
color: grey;
}
</style>
</head>
<body>
<article class="markdown-body">
<h1>Cryptography behind top 20 cryptocurrencies</h1>
<br>
<p>Items marked with <span class="note">*</span> have some additional notes, which you can display by hovering on them.</p>
<table class="tg">
<tr>
<th class="tg-fymr">Name</th>
<th class="tg-fymr">Type</th>
<th class="tg-fymr">Signing alg</th>
<th class="tg-fymr">Curve</th>
<th class="tg-fymr">Hash</th>
<th class="tg-fymr">Address encoding</th>
<th class="tg-fymr">Address hash</th>
</tr>
<!-- BITCOIN-->
<tr>
<td class="nameme"><b>Bitcoin</b></td>
<td class="accountnt">UTXO</td>
<td class="signing">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash">SHA-256</td>
<td class="addr">base58, bech32</td>
<td class="addr">SHA-256, RIPEMD-160</td>
</tr>
<!-- ETHEREUM-->
<tr>
<td class="name"><b>Ethereum</b></td>
<td class="account">account</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash" title="Not the same as SHA-3. See footnote [1].">Keccak-256 <span class="note">*</span></td>
<td class="addr-encoding"
title="Ethereum does not use any encoding for addresses, though it introduced checksums in EIP-55 based on capitalization of some letters in hex format of the public key.">
none (just hex) <span class="note">*</span>
</td>
<td class="addr-hash" title="Same as for transaction hash, this is not the same as SHA-3. See footnote [1].">last 20B of Keccak-256 <span class="note">*</span></td>
</tr>
<!-- XRP -->
<tr>
<td class="name"><b>XRP</b></td>
<td class="account">account</td>
<td class="signing" title="And EdDSA experimentally.">ECDSA <span class="note">*</span></td>
<td class="curve" title="And ed25519 experimentally.">secp256k1 <span class="note">*</span></td>
<td class="hash">first half of SHA-512</td>
<td class="addr" title="Ripple uses base58, but works with different alphabet, because why not.">base58 with different alphabet <span class="note">*</span></td>
<td class="addr">SHA-256, RIPEMD-160</td>
</tr>
<!-- Litecoin -->
<tr>
<td class="name"><b>Litecoin</b></td>
<td class="account">UTXO</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash" title="Litecoin uses scrypt for PoW, but for transactions signing it is still SHA-256.">SHA-256 <span class="note">*</span></td>
<td class="addr-encoding">base58, bech32</td>
<td class="addr-hash">SHA-256, RIPEMD-160</td>
</tr>
<!-- EOS -->
<tr>
<td class="name"><b>EOS</b></td>
<td class="account">account</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash">SHA-256</td>
<td class="addr-encoding"
title="With EOS, valuables are held in accounts where each account has at least two public/private key pairs. Accounts are registered and a human-readable format is used to represent them (12 chars).">
none <span class="note">*</span>
</td>
<td class="addr-hash"
title="With EOS, valuables are held in accounts where each account has at least two public/private key pairs. Accounts are registered and human-readable format is used to represent them (12 chars).">
none <span class="note">*</span>
</td>
</tr>
<!-- BCASH -->
<tr>
<td class="name" title="lol"><b>Bitcoin Cash</b></td>
<td colspan="6" align="center"
title="With the exception that Bitcoin Cash uses 'cashaddr' format for addresses, which is built on top of bech32.">
Same as Bitcoin <span class="note">*</span>
</td>
</tr>
<!-- STELLAR -->
<tr>
<td class="name"><b>Stellar</b></td>
<td class="account">account</td>
<td class="signing-alg">EdDSA</td>
<td class="curve">ed25519</td>
<td class="hash" title="See footnote [2].">SHA-256 and SHA-512 in EdDSA <span class="note">*</span></td>
<td class="addr-encoding">base32</td>
<td class="addr-hash">none</td>
</tr>
<!-- BINANCE -->
<tr>
<td class="name"><b>Binance Coin</b></td>
<td colspan="6" align="center" title="Although they plan to release their own mainnet soon.">Ethereum ERC-20 token <span class="note">*</span></td>
</tr>
<!-- TETHER -->
<tr>
<td class="name"><b>Tether</b></td>
<td colspan="6" align="center">Bitcoin Omni layer / Ethereum ERC-20 token</td>
</tr>
<!-- TRON -->
<tr>
<td class="name"><b>TRON</b></td>
<td class="account">UTXO</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash">SHA-256</td>
<td class="addr-encoding">base58</td>
<td class="addr-hash" title="Not the same as SHA-3. See footnote [1].">last 20 bytes of Keccak-256 <span class="title">*</span></td>
</tr>
<!-- CARDANO -->
<tr>
<td class="name"><b>Cardano</b></td>
<td class="account">UTXO</td>
<td class="signing-alg">EdDSA</td>
<td class="curve">ed25519</td>
<td class="hash" title="See footnote [2].">none and SHA-512 in EdDSA <span class="note">*</span></td>
<td class="addr-encoding">base58</td>
<td class="addr-hash">none</td>
<!-- checksum: crc32 -->
<!-- binary format: CBOR -->
</tr>
<!-- MONERO -->
<tr>
<td class="name"><b>Monero</b></td>
<td class="account" title='Since tracking of "unspent" outputs is impossible in Monero, this should be just "TXO" to be entirely correct.'>UTXO <span class="note">*</span></td>
<td class="signing-alg" title="See footnote [3]."><i>it's complicated</i><span class="note">*</span></td>
<td class="curve">ed25519</td>
<td class="hash" title="Not the same as SHA-3. See footnote [1].">Keccak-256 <span class="note">*</span></td>
<td class="addr-encoding">base58</td>
<td class="addr-hash" title="Not the same as SHA-3. See footnote [1].">Keccak-256 <span class="note">*</span>
</td>
</tr>
<!-- IOTA -->
<tr>
<td class="name"><b>IOTA</b></td>
<td class="account">UTXO</td>
<td class="signing-alg">Winternitz one time signature scheme</td>
<td class="curve" align="center">-</td>
<td class="hash" title="Their own creations. Kerl is somewhat based on Keccak. See footnote [4].">Curl, Kerl <span class="note">*</span></td>
<td class="addr-encoding">none</td>
<td class="addr-hash">Kerl</td>
</tr>
<!-- DASH -->
<tr>
<td class="name"><b>Dash</b></td>
<td class="account">UTXO</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256k1</td>
<td class="hash" title="Dash uses X11 for PoW, but for transactions signing it still uses SHA-256.">SHA-256 <span class="note">*</span></td>
<td class="addr-encoding">base58</td>
<td class="addr-hash">SHA-256, RIPEMD-160</td>
</tr>
<!-- MAKER -->
<tr>
<td class="name"><b>Maker</b></td>
<td colspan="6" align="center">Ethereum ERC-20 token</td>
</tr>
<!-- NEO -->
<tr>
<td class="name"><b>NEO</b></td>
<td class="account">account</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">secp256r1</td>
<td class="hash">SHA-256</td>
<td class="addr-encoding">base58</td>
<td class="addr-hash">SHA-256, RIPEMD-160</td>
<!-- SHA-256 for checksum - first 4 bytes-->
</tr>
<!-- ONTOLOGY -->
<tr>
<td class="name"><b>Ontology</b></td>
<td class="account">account</td>
<td class="signing-alg">ECDSA</td>
<td class="curve">nist256p1</td>
<td class="hash">3x SHA-256</td>
<td class="addr-encoding">base58</td>
<td class="addr-hash">SHA-256, RIPEMD-160</td>
</tr>
<!-- ETHEREUM CLASSIC -->
<tr>
<td class=" name"><b>Ethereum Classic</b></td>
<td colspan="6" align="center">Same as Ethereum</td>
</tr>
<!-- NEM -->
<tr>
<td class="name"><b>NEM</b></td>
<td class="account">account</td>
<td class="signing-alg">EdDSA</td>
<td class="curve">ed25519</td>
<td class="hash" title="See footnote [1] and [2].">none and Keccak-256 in EdDSA <span class="note">*</span></td>
<td class="addr-encoding">base32</td>
<td class="addr-hash">Keccak-256, RIPEMD-160</td>
</tr>
<!-- ZCASH -->
<tr>
<td class="name"><b>Zcash</b></td>
<td class="account">UTXO</td>
<td class="signing-alg" title="ECDSA for transparent transactions.">ECDSA, zk-SNARKs <span class="note">*</span></td>
<td class="curve"
title="secp256k1 is used for public (Bitcoin-like) transactions, Jubjub and BLS12-381 are used with zk-SNARKs for shielded (private) transactions.">
secp256k1, Jubjub <span class="note">*</span>
</td>
<td class="hash">SHA-256</td>
<td class="addr-encoding">base58, bech32</td>
<td class="addr-hash">SHA-256, RIPEMD-160</td>
<!-- Ed25519 for JoinSplit signatures? -->
</tr>
<!-- TEZOS -->
<tr>
<td class="name"><b>Tezos</b></td>
<td class="account">account</td>
<td class="signing-alg" title="EdDSA is recommended by Tezos.">EdDSA, ECDSA <span class="note">*</span></td>
<td class="curve">ed25519, secp256k1, secp256r1</td>
<td class="hash" title="See footnote [2].">BLAKE2 and SHA-512 in EdDSA <span class="note">*</span></td>
<td class="addr-encoding">base58</td>
<td class="addr-hash">BLAKE2</td>
</tr>
</table>
<h2>Notes</h2>
<p>Items marked with <span class="note">*</span> have some additional notes, which you can display just by hovering on them.</p>
<ul>
<li>[1]: The Keccak hash function has won the SHA-3 competition and is thus the underlying hash function in SHA-3.
However, some modifications had been introduced in the final stage of standardization, which lead to two
<i>very similar but yet different</i> hash functions with completely different outputs. Keccak: as introduced
by its authors; SHA-3: as standardized in <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf">FIPS-202</a>.
Many cryptocurrencies (such as Ethereum) chose SHA-3 for their hashing algorithm, but did so before the standard was finalised.
This resulted in them using the Keccak function instead of what is now considered as SHA-3.
<br> Source: <a href="https://en.wikipedia.org/wiki/SHA-3">Wikipedia</a>,
<a href="https://ethereum.stackexchange.com/questions/550/which-cryptographic-hash-function-does-ethereum-use">Ethereum SE</a>,
<a href="https://ethereum.github.io/yellowpaper/paper.pdf">Ethereum yellow paper</a>
</li>
<li>[2]: EdDSA hashes the message internally before signing and this function can be chosen. The default is
SHA-512. Some cryptocurrencies are leaving this up to the EdDSA algorithm exclusively and do not hash the message
beforehand. Others do. This summary tries to list both, the "outter" hash that is used before inserting it into the algorithm
and also the EdDSA's internal one.<br>
Source: <a href="https://tools.ietf.org/html/rfc8032">RFC 8032</a>
</li>
<li>[3]: Monero transactions are based on Elliptic Curve Cryptography using curve Ed25519, but transaction inputs are signed
with so-called Multilayered Linkable Spontaneous Anonymous Group signatures (MLSAG), and output amounts (communicated to recipients via ECDH)
are concealed with Pedersen commitments and Borromean ring signatures (later replaced with Bulletproofs).
<br>Source: <a href="https://www.getmonero.org/library/Zero-to-Monero-1-0-0.pdf">From Zero To Monero</a>,
<a href="https://lab.getmonero.org/pubs/MRL-0005.pdf">Ring confidential transactions</a>,
<a href="https://people.xiph.org/~greg/confidential_values.txt">Confidential transactions</a>,
<a href="https://pdfs.semanticscholar.org/4160/470c7f6cf05ffc81a98e8fd67fb0c84836ea.pdf">Borromean ring signatures</a>,
<a href="https://eprint.iacr.org/2017/1066.pdf">Bulletproofs</a>
</li>
<li>[4]: Vulnerabilities were found in the Curl hash function, causing several dispute between IOTA
engineers and some cryptographers.
<br> Source:
<a href="https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367">Cryptographic vulnerabilities in IOTA</a>,
<a href="https://github.com/mit-dci/tangled-curl/blob/master/vuln-iota.md">IOTA Vulnerability Report</a>
</ul>
<h2>Columns description</h2>
<ul>
<li><b>Type:</b> Whether the cryptocurrency is based on the UTXO model or not. Transactions in the UTXO
model always spend the whole input, with some of the coins returned as a change.
In account-based model, there is no such mechanism and just a simple account book is used.
</li>
<li><b>Signing algorithm:</b> What signing algorithm is being used, all present cryptocurrencies use Elliptic Curve Cryptography.</li>
<li><b>Curve:</b> What elliptic curve is being used in the underlying signing algorithm.</li>
<li><b>Hash:</b> What hash function is being used to hash the transaction data that are then signed.</li>
<li><b>Address encoding:</b> What algorithm is being used to encode the address.</li>
<li><b>Address hash:</b> What hash function is being used for addresses.</li>
</ul>
<br>
<h2>Credits</h2>
<ul>
<li>Tomas Susanka, <a href="https://twitter.com/tsusanka">@tsusanka</a></li>
<li>Found a bug? File a PR on <a href="https://github.com/tsusanka/coins-cryptography">GitHub</a></li>
<li>Like it? Tip it using Lightning Network:</li><br>
<!-- Beginning of tippin.me Button -->
<div id="tippin-button" data-dest="tsusanka"></div>
<script src="https://tippin.me/buttons/tip.js" type="text/javascript"></script>
<!-- End of tippin.me Button -->
</ul>
</article>
</body>
</html>