Study Notes: Chapter 2 – Cryptographic Hash Functions and Digital Signatures

1. Revisiting the Cookie Token Spreadsheet

Q1: How do cookie tokens help illustrate the basics of a digital currency system?

The cookie token spreadsheet is a simplified analogy to understand how transactions, money supply, and security might work. Each spreadsheet entry describes who sends tokens to whom, just as Bitcoin’s ledger (the blockchain) records who sends bitcoins.

Q2: What are the main features of this cookie token system?

Finite Money Supply: Lisa, who maintains the spreadsheet, gets daily rewards of cookie tokens, but the amount halves every four years, ensuring the supply stays below 21 million.
Trusted Authority: Everyone trusts Lisa not to alter or delete entries dishonestly—she only appends new records for transfers.
Transferring Tokens: To transfer cookie tokens, people ask Lisa to update the spreadsheet, just like a centralized ledger.

Figure 2. Cookie token spreadsheet structure (Sender, Recipient, Amount).

2. Cryptographic Hashes

Q3: What is a cryptographic hash function, in simple terms?

A cryptographic hash function transforms any input data (files, text, images) into a fixed-size, seemingly random output. It’s like a “digital fingerprint”: small changes in the input produce entirely different outputs.

Q4: Why are cryptographic hash functions important in Bitcoin?

They ensure data integrity. By comparing hashes of transactions or blocks, one can easily detect tampering. They’re also the basis for mining, block chaining, and digital signatures.

Figure 7. Even a tiny change in the file drastically changes the hash.

Q5: What are the core properties of cryptographic hash functions?

Deterministic: The same input always yields the same hash.
Sensitive: A slight change in input changes the output drastically.
Fixed-size output: For example, SHA-256 always produces 256 bits.
Hard to invert: Finding an input that produces a given hash requires astronomical brute force.

Q6: How big is a SHA256 hash, and why is that significant?

A SHA256 hash is 256 bits (32 bytes). This large size makes brute-force attacks impractical. Finding a “collision” or forging inputs that produce a specific hash is computationally unfeasible with current technology.

Figure 11. How small changes produce drastically different SHA256 hashes.

3. Digital Signatures

Q7: What problem do digital signatures solve in the cookie token system?

Digital signatures confirm that a message (like a payment request) truly comes from the rightful owner. In our analogy, they stop someone like Mallory from impersonating John by forging “transfer” emails to Lisa.

Figure 1. Digital signatures in action.

Q8: How do key pairs (private key/public key) enable digital signatures?

Private Key: A secret number used to sign messages. Only the person who holds this key can create valid signatures.
Public Key: Derived from the private key and shared openly. It verifies signatures. If the signature checks out with your public key, it means your private key must have been used.

Figure 15. The digital signature process with key pairs.

Q9: Could you describe the typical three steps when sending a signed message?

Preparation: Generate a private key and derive a public key. Give the public key to the receiver (e.g., Lisa in our story).
Signing: Hash the message and then encrypt that hash with your private key. The result is the digital signature.
Verification: The receiver decrypts the signature with your public key and compares it to the hash of the message they received. If they match, the signature is valid.

Figure 19. A message is hashed, then “encrypted” (signed) with the private key.

4. Storing and Securing Private Keys

Q10: What happens if someone steals your private key?

They can sign transactions in your name and spend your tokens (or bitcoins). The system sees the valid signature and processes the transfer as if you authorized it. There’s no way to undo these transactions if the thief has your key.

Q11: What are some ways to secure private keys?

Encrypt the Key: Protect it with a strong passphrase so even if someone copies the file, they still need the password.
Keep it Offline: Store on a computer or device with no network access or even physically on paper.
Split the Key: Break the key into parts (though carefully) so multiple pieces are required to reconstruct it.

Each option balances security against theft vs. risk of you losing access to your own key.

Figure 23. Examples of different private key storage options, each with different security and convenience trade-offs.

5. Key Takeaways / Summary

Cookie Tokens & Bitcoin: Like Bitcoin, cookie tokens have a controlled issuance schedule. This example system helps illustrate mining rewards and ledger appends.
Cryptographic Hashes: Hash functions are one-way, fixed-size, and sensitive to even tiny input changes. They verify data integrity.
Digital Signatures: A private key signs (encrypts the hash of a message), and a public key verifies. This ensures only the owner of the private key can authorize spending.
Private Key Security: You control your assets only as long as you control your private key. Storing keys safely is crucial.
Moving Toward Bitcoin: We’ve added digital signatures and hashing principles—essential building blocks of Bitcoin’s security model. Next chapters replace “Lisa’s spreadsheet” with a decentralized blockchain.

End of Study Notes for Chapter 2. These principles—hashing, signing, private/public keys—lay the foundation for deeper Bitcoin concepts in subsequent chapters!