Strict signatures DER (Distinguished Encoding Rules) are a type of encoding used to guarantee the suitability of a digital signature under any environment, and are used in Bitcoin and cryptocurrencies to ensure the validity of signatures. digital.
Bitcoin is, without a doubt, highly specialized cryptographic software and a demonstration of this can be seen in the strict DER signatures, a cryptographic implementation aimed at providing higher levels of security in the protocol, especially in the signature system of Bitcoin.
Strict signatures DER (Distinguished Encoding Rules), they are a type of secure encryption that is used to guarantee the suitability of a digital signature under any environment. I mean, it doesn't matter if you wallet It is on a computer, smartphone or other device, its encoding will be the same and its resolution will be deterministic from beginning to end. This is vital for Bitcoin, as it guarantees that its digital signatures will be secure under various criteria.. And for us users, it gives us the assurance that the system has high security standards.
Now what is the origin of strict DER signatures? When did its development begin? How do they work and where do they apply? We will examine this and much more below.
The development of strict DER signatures
As you may already know, Bitcoin uses digital signatures of the type ECDSA to guarantee a high level of security in your transactions. The use of ECDSA together with the cryptographic curve secp265k1, is what shields Bitcoin in terms of access to its Tokens and it gives us the assurance that our funds cannot be easily hacked.
For Bitcoin to make use of these functions, it was initially developed using the crypto security library OpenSSL, a well-known free software project that for the moment remains an undisputed leader in cryptography in the industry. However, OpenSSL has been through a series of security scandals that little by little have eroded trust in the project.
For example, in 2009 during the early birth of Bitcoin, OpenSSL presented a serious vulnerability (CVE-2008-5077) that affected its implementation of ECDSA signatures, leaving projects like Bitcoin vulnerable. Another serious problem arose in 2014 (CVE-2014-0076), which also affected this function. As these failures many others began to emerge from the project and before the events, Gregory Maxwell He stated that it was time to abandon OpenSSL and its constant problems.
Those initial steps to migrate to another secure crypto implementation were later supported by Pieter Wuille, who in 2015 introduced the BIP-66 (BIP - Bitcoin Improvements Proposals) called "Strict DER Signatures". Thus was born the DER implementation that would take the reins of development in Bitcoin, and that left OpenSSL aside along with its problems and disrespect for security standards.
In this way, the new strict Bitcoin DER signature standard would apply to OP_CODES or operation codes, OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG or OP_CHECKMULTISIGVERIFY, to which ECDSA verification applies and therefore must be encoded using a strict DER signature.
How do strict DER signatures work?
Basically what DER encoding does is; ensure that ECDSA verifications are correct at all times. To achieve this, each signature is verified not only in formation but also in the way it has been coded.
First of all, ECDSA signatures go through a DER verification, this is in charge of checking that the signature coding is correct. Each ECDSA signature must be carefully encoded (or written) in Bitcoin, and any modification in this regard indicates that the signature is not trusted.
In that case, the Bitcoin protocol simply rejects the signature and stops the execution of the Bitcoin Script associated with said signature. However, if the strict DER signature is valid, but the ECDSA signature is not, the execution of the associated Bitcoin Script will end up invalidating the signature at the end of its execution when it fails the script verification.
In either of the two cases described above, we can be sure that the ECDSA firms will do their job: keep our bitcoins and the operations we carry out with them safe. And in this very specific case, the strict DER signatures help us to have a new security measure to maintain said operation in any situation.
The specification or design used by Bitcoin for its DER implementation respects the standards of the International Telecommunication Union (ITU - International Telecommunication Union), specifically the X.690 - 2015 standard, which makes clear the high quality of the implementation.
Describing how it works
As we know, a digital signature in Bitcoin is part of the scriptSigs and scriptWitnesses of the transactions. Said signature actually consists of a DER encoding of an ECDSA signature, to which a sighash-type byte is added.
To generate this encoding, the following procedure is used:
- The “Composite Object” is generated using 1 byte of information and marking it with the code 0x30 . This composite object is the tuple of the (R, S) values of the ECDSA signature.
- The 1-byte length of the composite object.
- The R value of the signature consists of:
- A 1-byte "Integer" type marked with 0x02
- 1-byte length of integer
- bytes of variable-length R value
- The S value of the signature, which consists of:
- A 1-byte "Integer" type marked with 0x02
- 1-byte length of integer
- variable-length S-value bytes
- The sighash type byte
As a result of this scheme, DER signatures are shorter than their ECDSA counterparts, reaching a maximum of 73 bytes (approx 73 characters). This is very important, as it makes them easier to handle, they consume less bandwidth when sent to the network, reducing network overhead, and increasing the number of transactions that can fit in a block, increasing the scalability of the network.
How much do you know, cryptonuta?
Can misuse of DER signatures lead to a hard fork?TRUE!
It may seem trivial but incorrect representation of a DER signature using DER can lead to a blockchain being hard forked. This was precisely what happened in Bitcoin and it was what led the developers to create their own cryptographic tools for the project. This is because DER signatures in one or more nodes and miners can vary, and such variations can lead to chain validation problems causing the main chain to be divided into two or more parts.
Why is good DER encoding important?
First of all, we must remember that ECDSA is a deterministic digital signature system, so under any criteria, this algorithm must always return the same signature, under the same generation conditions. This is essential for security and guarantees that two ECDSA signatures will never be the same. The same is repeated in the case of DER encoding; that is, there is only a single data stream that validly encodes certain values given for an ECDSA signature.
However, there are some buggy implementations (like OpenSSL) that produce bad encodings in some cases. Therefore, ECDSA signature verifiers are often a bit lenient in what they accept. In Bitcoin, this is unacceptable because it leads to signature verification errors and breaks the consensus of the network. Faced with such problems, Bitcoin Developers decided to create their own DER implementation tailored to the specific needs of Bitcoin, thus preventing other implementations from affecting its operation.