What is the ECDSA signing algorithm?

30 April 2019

Medium min reading

What is ECDSA, meaning of ECDSA, ECDSA explained in Spanish, ECDSA asymmetric cryptography, which means ECDSA,

ECDSA stands for Elliptic Curve Digital Signature Algorithm (Elliptic Curve Digital Signature Algorithm). This system is used to create a digital signature that allows verification by third parties without compromising security.

ECDSA Basic Principles

The mathematical and algorithmic functioning of ECDSA is quite complex. To get started, ECDSA bases its operation on the basis of a mathematical equation that draws a curve. The process, broadly speaking, would be as follows:

Click here to open your user account in Spanish for FREE and securely and receive a €15 gift.

El ECDSA algorithm works through a mechanism of cryptography called, cryptography asymmetric. This signing system generates two keys that are called a private key and public key. Both keys are related by a complex mathematical operation performed on an elliptic curve function.

Under this operating scheme, ECDSA guarantees in the first instance the following:

Unique and unrepeatable signatures for each generation set private keys and public.
The practical impossibility of falsifying digital signatures. This is so because the computational power necessary for this is outside the current limits.

Thanks to these two characteristics, ECDSA is considered a safe standard for deploying digital signature systems. Their use today is so varied that they are applied in almost all computer fields. For example, the security certificate infrastructure SSL y TLS Internet makes heavy use of ECDSA. Bitcoin, the forerunner of blockchain technology, also makes use of ECDSA to achieve the high level of security that characterizes it.

On this curve, a point is chosen at random and it is considered to be its point of origin.

Next, a random number is generated, it is precisely this random number, which we will know as the private key.

ecdsa graphic example

Then, using the private key and the origin point, you perform another equation and we get a second point on the curve, that is your public key. It is precisely the use of this new equation together with the point of origin and the public key, which allows establishing the relationship between the public and private keys.

This process is considered safe, because at the moment it can only be done in one way. In other words, it is only possible to establish the mathematical relationship from a private to a public key, but not the opposite.

In this way, when a user wants to sign a file, they will use their private key (the random number) with a hash of the file (a unique number to represent the file) in a magic equation and that will give you your signature. If someone wants to verify the veracity of the information, they only need the public key and with it they will be able to verify the authenticity.

So the public keys They can be known by everyone, without jeopardizing the authenticity of our signature, since the public key only serves to verify, not to sign.

Why do we use ECDSA?

The need to create a signature system like ECDSA stems from being able to share data securely. In a world connected by networks, a scheme is necessary in which we can share information and validate it. All without having to reveal secrets. Let's see it with the following example:

A company has made an economic report on its activities. This report is delivered to certain investors with limited level of access to information. These investors want to verify the authenticity of the report and the data offered.

At this point we ask ourselves: Will the administrator give him the total access key to the company's data? Or on the contrary, will it not give investors access to the information so that they can verify it?

Both situations are not good and the use of ECDSA can solve it thanks to a third approach:

The administrator makes use of an ECDSA asymmetric signature system. With this, the administrator signs the report with his private key, and gives the public key to investors. Immediately after, investors can verify, using the public key, the authenticity of the information offered. This without the need for unrestricted access to data.

Private, public key and signatures

ECDSA's operating scheme is based on the following three pillars:

The private key, which is actually a secret number known only to the person who generated it. A private key is essentially a randomly generated number. In Bitcoin, someone with the private key corresponding to the funds on the blockchain is the only one who can spend those funds.
The public key, which is a number generated from a mathematical relationship using the private key. It can only be obtained by knowing the private key in advance, and not the other way around. This key is generated for the purpose of being shared publicly so that others can determine if a signature is genuine.

The signature, in reality, is simply a number that indicates to the verifier that the digital signature operation was carried out successfully. A signature is mathematically generated from the hash of what is to be signed, plus a private key. The signature itself is two numbers known as "r" Y "s«. With the public key, a mathematical algorithm can be used in the signature. The purpose of this is to determine what was originally produced from the hash and the private key. A system that works perfectly, without needing to know the private key.

ECDSA and blockchain technology

One of the main problems he faced Satoshi Nakamoto with Bitcoin, it was the distribution of public keys. Nakamoto's vision was to allow sharing small public keys, secure, with low computational cost and easy to use.

These features would be achievable thanks to elliptic curve cryptography. So this is why Nakamoto decided to use ECDSA for his system. And with this, he ensured that:

It was a very secure system. Satoshi decided to use the elliptic curve standard secp256k1 for Bitcoin. This elliptical curve has a very well proven safety, so it was perfect to apply it.
The computational cost of generating keys and validating signatures is very low.
It allows the generation of infinite public keys.

However, 256-bit ECDSA keys are very extensive. Considering that, Nakamoto decided refactor public keys to make them shorter. It was so using Base58 encoding y hash functions , the SHA-256 y RIPE MD-160, reduced the size of the public keys and created the Bitcoin addresses.

For example this address: 1PfS6w6MonCT976xe2jD9tqwo8QkDnonRW.

All this turned out, it is a computer system that allowed its users to send and receive bitcoin safely.

Playing with ECDSA

On the Internet there are many spaces where we can play and learn a little more about how ECDSA works. One of those sites is the Github by Kenji Urushima.

urushima is a Fuji Xerox worker in Japan. In your page website It has an interactive tool that helps to understand how ECDSA works. On this site, we can create private and public keys and sign personalized messages. Experimenting a bit can be key to understanding a little more how this digital signing system works.

Click here to open your user account in Spanish for FREE and securely and receive a €15 gift.

«Investment in cryptoassets is not fully regulated, may not be suitable for retail investors due to high volatility and there is a risk of losing all invested amounts»

Author

Washington Gomez

CISO (Chief Information Security Officer)

Washington Gómez is an information security professional with extensive experience in the field of Information Technology and Security. He currently serves as a CISO at Bit2Me.