One of the newest ideas that the Nexus Tritium update brings to the table is signature chains. Every person or entity has an own signature chain and every event is linked to the signature chain. After the Tritium update the system of Nexus will be account-based, instead of unspent transactions there will be balances, and to have authority to spend some of your balance you need to create a signature on your signature chain.
So, for example, when you are validating a transaction, you are linking it to a signature in the signature chain. When you give ownership of a copyright to someone, you are linking that event to a signature on your signature chain as well, and so on. You could also connect a real-life contract to a signature on your signature chain.
To access your SigChain, you need a username, a password and a PIN Your computer will generate two hashes, Hash_A is generated by the username, the password, your last transaction and the n0nce, which is a number that will increment each time you sign a transaction. Hash_B is generated by your PIN and the n0nce.
What is a hash
A hash is a cryptographic primitive, you can think of it as a fingerprint. For example, the word "Nexus" has the SHA256 hash value of this:
The interesting thing is that, if you don't know the original data ("Nexus"), you will be unable to generate that same SHA256 hash. You should be. Of course, given that the input data can be anything, it could be a 500 pages long book as well, it's easy to understand that collisions does exist. A cryptographic hash function is good enough if it does not worth for an attacker to find such a collision (which would be a security vulnurability)
So, when you access the system, your computer will generate two hashes, Hash_A and Hash_B. From that two hashes, it will generate another hash value, called the MidHash. All of this is happening in your computer.
Generating the keypairs
From the MidHash, your computer will generate a so called keypair, a private key, and a public key. This is called asymmetric cryptography. It is widely used, Bitcoin uses it, other cryptocurrencies also use it, it is used in PGP as well. The idea is that only the private key can decrypt and sign, the public key can encrypt and validate. It's a really cool thing. You can imagine this like a padlock, which you can give to someone, he can click it in, but only you will be able to open it with the key you hold. In this case, the padlock is the public key, and the key for opening is the private key.
So usually we assume, that the public key is safe to share, since the owner of the private key is in control, he can decrypt a message that was encrypted by the public key, and only he can sign a message, the holder of the public key will only be able to verify that message. But there is a problem.
Quantum computers
Following the analogy of the padlock, the problem is, that if you give your padlock to a clever girl, if she has enough time, she will eventually learn how to open it with a hairpin. Because there is some connection between the padlock and the key - the public key and the private key - and although this connection is a quite complex still you can figure it out if you are good enough. Quantum computers are good enough. Quantum computers will be able to get the private keys from public keys, in reasonable time (let's say, minutes or hours or days, not trillions of years, which is the situation today with not quantum computers)
As I said before, when you interact with the system of Nexus, the hashes are generated on your computer. From the MidHash, the keypair is also generated on your computer. From these keys, a parameter called NextHash is generated. Only this will be stored in the decentralized system.
After every signature, a new keypair is generated and from that a new NextHash is generated. The previous keypair won't be valid anymore.
When you next time interact with the system, your computer will generate those keys that were generated - but not used - last time, when the NextHash was generated. This way the system is verifying that it is you, but for that, the public key was not stored. The public key will be only stored on the SigChain after you generate that one signature that you can generate with your private key, after that, this keypair is not valid anymore. At this moment, a new keypair is generated on your computer, NextHash sent to the SigChain, but not the public key, so getting the private key from the public key is not possible.
For more information on Signature Chains, read the whitepaper, you can find Signature Chains in section 4.
Image sources:
1
Wow. Thanks for this post. I know a lot about NEXUS I love it but now I know much more. Im Polish and sometimes this is big challange for me to understand Colin properly. He is genius.
https://steemit.com/polish/@marcelina2009/nexus-w-klku-slowach-o-projekcie#comments
I used your brilliant post. Shared and added some information about Nexus and Colin. Translated to polish. Hope you are fine with that. :)