0.4 Cryptographic Signatures

Now that we understand how elliptic curve cryptography works, we can see how cryptographic signatures allow users to securely authenticate transactions on a decentralized ledger.

A cryptographic signature is a mathematical proof that a specific message was signed by the owner of a private key. Unlike a traditional signature, a cryptographic signature cannot be forged, and anyone can verify its authenticity.

Let’s revisit our transaction example:

A sends 3 coins to B

Instead of sending a password or relying on a central authority, A generates a digital signature using their private key. The signed transaction might look like this:

m = "A sends 3 coins to B"; Signature of m by A

Anyone can verify this signature using A’s public key. If the signature is valid, it proves that A authorized the transaction. If the signature is invalid, the transaction is rejected.

Schnorr Signature

One of the most widely used applications of ECC in cryptocurrency is Schnorr Signature, which allows users to sign transactions securely. Here’s how it works:

$A$ user generates a private key $a$ and computes the corresponding public key $A=a\cdot G$ .
When signing a message $m$ (such as a transaction), the user creates a unique digital signature $(R,s)$ using his private key $a$ .
1. $A$ generates a random scalar $r \in [1, q-1]$ . It should be new and never be used again.
2. $A$ computes $R = r\cdot G$ .
3. $A$ gets $e=h(A|R|m)$ , with $(A|R|m)$ the concatenation of bit representation of those elements.
4. $A$ can then compute $s=r+ea$ .
5. The final signature is $(R, s)$ .
Anyone can verify the signature $(R, s)$ of message $m$ using the public key $A$ :
1. The verifier computes $e=h(A|R|m)$ ,
2. This enables the verifier to check the message by comparing $s\cdot G- R$ and $e\cdot A$ . If they are equal, the signature is valid, else it's invalid. Because if $A$ chosed $s=r+ea$ at step 2.d, then: $s\cdot G- R = (r+ea)\cdot G-R=r\cdot G+e\cdot (a\cdot G)-R=e\cdot A$

This enforces that only the owner of the private key could have authorized the transaction, making Schnorr signature the key component of decentralized authentication. Of course a lot of extra security consideration are to be taken care of, but this gives a good general idea of how signing works.

In next chapter, we'll explain how to compute a field element from the message in a secured manner, by explaining how hash functions work.

Previous0.3 Elliptic Curve Cryptography Next0.5 Blockchain: Bitcoin

Last updated 4 months ago