The Elliptic Curve Digital Signature Algorithm (ECDSA)

Rohan Pinto

Elliptic Curve Digital Signature Algorithm or ECDSA is a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners. While the private key is a secret number, known only to the person that generated it.

For decades, people, private firms and government institution have been struggling with threats of data manipulation. It has been a rough journey for some firms and individuals who have fallen due to data manipulation and theft. The blockchain technology has presented the world with a unique solution that ensures there is no data manipulation. It is now possible to create data signatures and hence promoting data integrity and validity. Firms do no longer have to incur the wrath of data loss and manipulation, through Elliptic Curve Digital Signature Algorithm (ECDSA), data is now safe. Elliptic Curve Digital Signature Algorithm (ECDSA) is an algorithm that is cryptographically used in the creation of digital signatures of any data and provides a room for authenticity verification (Kakaroto, 2012). However, in Bitcoin, it is deployed in ensuring rightful expenditure of funds.

ECDSA adopts various concepts in its operation. This involves private keys, public keys and signature. The three features aid in the general operation of the ECDSA. The private key is randomly generated and it is only known to the generating person. Additionally, the key represents a secret number of which the bearer can access funds on a private ledger that correspond to the funds. Contrary to that, the private key can be deployed in the creation of digital signatures on varied data that take in use the digital data algorithm. However, in Bitcoin, the private key is 32 bytes which a composition of 256 unsigned bit integer. On the other hand, a public key is a number that is usually in correspondence to the private key. However, it does not necessarily need to be kept a secret. Additionally, a calculation can be carried out from the private key to determine a public, but the inverse is not possible. A public key is mainly used in the determination of the genuineness of a signature (Snifikino, 2014). However, this process does not necessitate for the divulging of the private key.

Bitcoin provides two types of public keys which can either be compressed or uncompressed keys. The signature refers to a number that acts as proof of a signing operation. The generation of the signature is done mathematically from a private key and a hash of what is to be signed. A mathematical algorithm along with the public can be implemented on the signature in the determination of its originality, that is, its generation from a private key and a harsh. A digital signature provides an opportunity for vouching for any messages.

Private key: A secret number, known only to the person that generated it. A private key is essentially a randomly generated number. In Bitcoin, someone with the private key that corresponds to funds on the public ledger can spend the funds. In Bitcoin, a private key is a single unsigned 256 bit integer.

Everyone has probably heard of ECDSA in one form or another. Some people will better recognize it when I say “Digital signature”, and some people will just have no idea what I’m talking about.

If you want to see how Elliptic Curve Digital Signature Algorithm functions, it’s difficult to make sense of it on the grounds that most reference reports online are lacking. They are either excessively essential – they just clarify the rudiments of the calculation and you’re left pondering “how can it really work?” – or they are excessively best in class and totally skirt the nuts and bolts which they accept you should definitely know. So you’re battling between “how can it truly work” and “How could we arrive?”. So on the off chance that you don’t have a degree in Mathematics or Cryptography, yet at the same time need to see how it really functions (other than “enchantment happens, and the mark is checked”), you’re stuck between a rock and a hard place in light of the fact that there is no “ECDSA for novices” anyplace.

I chose to look into ECDSA to better see how it can ensure my information and to see how secure it really is. In the wake of completing a ton of research lastly making sense of it, I chose to compose a clarification of how ECDSA functions, what the calculation is, the means by which a computerized mark can be confirmed and how it’s difficult to fashion such a mark. Seeing the greater part of that isn’t paltry yet I attempted to clarify as well as can be expected while accepting as meagre as conceivable on the pursuer’s learning and ideally anybody can comprehend it now.

The main benefit of Elliptic Curve Digital Signature Algorithm is that the party authenticating the peripheral is relieved from the constraint to securely store a secret. The authenticating party can authenticate thanks to a public key that can be freely distributed. Authentication ICs, such as those among Maxim’s Deep Cover embedded security solutions; help simplify implementation of robust challenge-response authentication methods that form the foundation of more effective application security. The ECDSA authenticators also enable easier authentication of goods from third parties or subcontractors.

The private key can be utilized to make an advanced mark for any bit of information utilizing a computerized signature calculation. This commonly includes taking a cryptographic hash of the information and working on it scientifically utilizing the private key. Anybody with people in general key can watch that this mark was made utilizing the private key and the fitting mark approval calculation. A computerized mark is an effective apparatus since it enables you to openly vouch for any message.

Elliptic curve algorithms work in a cyclic subgroup of an elliptic curve over a finite field. Therefore, the algorithms will need the following parameters:

  • The prime pp that specifies the size of the finite field.
  • The coefficients aa and bb of the elliptic curve equation.
  • The base point GG that generates our subgroup.
  • The order nn of the subgroup.
  • The cofactor hh of the subgroup.

In conclusion, the domain parameters for our algorithms are the sextuple (p,a,b,G,n,h)(p,a,b,G,n,h).

A simple sketch of how a random curve is generated from a seed: the hash of a random number is used to calculate different parameters of the curve is as follows:

If we wanted to cheat and try to construct a seed from the domain parameters, we would have to solve a “hard” problem: hash inversion.

ECDSA works on the hash of the message, rather than on the message itself. The choice of the hash function is up to us, but it should be obvious that a cryptographically-secure hash function should be chosen. The hash of the message ought to be truncated so that the bit length of the hash is the same as the bit length of nn (the order of the subgroup). The truncated hash is an integer and will be denoted as zz.

The algorithm performed by Alice to sign the message works as follows:

  1. Take a random integer kk chosen from {1,…,n−1}{1,…,n−1} (where nn is still the subgroup order).
  2. Calculate the point P=kGP=kG (where GG is the base point of the subgroup).
  3. Calculate the number r=xPmodnr=xPmodn (where xPxP is the xx coordinate of PP).
  4. If r=0r=0, then choose another kk and try again.
  5. Calculate s=k−1(z+rdA)modns=k−1(z+rdA)modn (where dAdA is Alice’s private key and k−1k−1 is the multiplicative inverse of kk modulo nn).
  6. If s=0s=0, then choose another kk and try again.

The pair (r,s)(r,s) is the signature.

In plain words, this algorithm first generates a secret (kk). This secret is hidden in rr thanks to point multiplication (that, as we know, is “easy” one way, and “hard” the other way round). rr is then bound to the message hash by the equation s=k−1(z+rdA)modns=k−1(z+rdA)modn.

Note that in order to calculate ss, we have computed the inverse of kk modulo nn. This is guaranteed to work only if nn is a prime number. If a subgroup has a non-prime order, ECDSA can’t be used.It’s not by chance that almost all standardized curves have a prime order, and those that have a non-prime order are unsuitable for ECDSA.

To generate a ECDSA key pair using OpenSSL, please follow the instructions:

# generate secp384r1 curve EC key pair
# Note: openssl uses the X9.62 name P-384 to refer to curve secp384r1, so this will generate output
% openssl ecparam -genkey -name secp384r1 -out k.pem

# print private key and public key
% openssl ec -in k.pem -noout -text
read EC key
Private-Key: (384 bit)
priv:
0b:f3:3e:81:d5:50:58:e6:c0:f1:b5:82:0e:71:f8:
02:1e:01:58:08:ed:20:2c:4e:1a:08:62:df:a0:a7:
1f:9c:1e:e2:b5:5e:24:0c:c2:45:4d:00:42:7f:96:
2e:ce:74

pub:
04:82:6d:bc:01:22:96:b5:47:6a:2c:64:21:8a:94:
38:d7:7e:38:15:2d:85:4c:4e:2f:bf:59:60:f4:f5:
09:31:d2:ac:d7:6e:1b:e7:ac:26:1d:b1:3f:ad:e0:
f8:5d:0c:52:0e:cf:6d:3f:0a:54:55:11:76:ed:f1:
3e:19:63:0e:90:15:41:8c:8b:b1:e1:96:dd:45:d1:
f2:e3:f2:c1:c7:98:81:cd:ec:38:7b:83:9e:6f:46:
66:63:12:dd:5b:fb:b2
ASN1 OID: secp384r1

NIST CURVE: P-384Please delete colons ‘:’ and new lines for the private key and the public key and fill “EC private key (hex)” and “EC public key (hex)” in above form and choose proper curve name, then you can use them for signing and verification. Elliptic curve cryptography is a capable innovation that can empower speedier and more secure cryptography over the Internet. The time has desired Elliptic Curve Digital Signature Algorithm to be generally conveyed on the web. It is the primary stride towards that objective by empowering clients to utilize ECDSA endorsements on their CloudFlare-empowered webs.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More

Expert Insights in Your Inbox

Subscribe to the blog
Meet the Author

Rohan Pinto

Co-founder of 1Kosmos

Rohan is the co-founder of 1Kosmos. He is a go-to security and identity management expert and the founder of several businesses that have made considerable advancements in blockchain and identity management.