ECDSA
Lesson 2 covered the mathematical equations used in ECDSA and there is no need for learners to remember these equations.
Consider an elliptic curve E with the above properties, and we have two parties, Alice and Bob, wherein Alice wants to sign a message '' and send it to Bob.
With no surprise, the protocol Alice and Bob agree to use is ECDSA.
Step 1 - Generating Private/Public Key Pair
Alice generates private and public key pairs.
For this, Alice chooses a random integer where . The randomly chosen integer becomes the private key for Alice.
Alice computes , and this value is the public key for Alice, denoted as . Alice shares this public key with Bob. (Recall this computation is done using scalar multiplication, and it is a point on an elliptic curve, so it has an and co-ordinate)
The keys are now
Notice that Bob knows the domain parameters , and the public key () is shared with Bob.
Step 2 - Signing
Alice uses a private key to compute the signature for the message '':
1. Alice chooses a random ephemeral key such that (notice this is like choosing a private key in step 1)
2. Alice computes (notice this is like computing public key in step 1)
3. Let , i.e., the -coordinate of point on the elliptic curve
a. If , then they need to return to step 1 and start again. (This is because if , the value of '' calculated in step 5 will be independent of private key '', which would imply signing without using the private key. It will defeat the purpose of digital signatures).
4. Compute the hash of message '' by using the hash function ',' i.e., . There are two reasons for performing the hash of the message. The first reason is to manage the arbitrary length of the message and make its length at least as long as . Secondly, it makes the signing more secure by preventing a specific attack.
5. Compute
The signature consists of a pair of integers ()
Note: The value for and needs to be between 1 and . i.e.
and require to be in the range of , which is the reason for applying in steps 3 and 5.
Step 3 - Verification
For verification, Bob has values , i.e., the message and the signature computed during signing. Bob needs to perform three additional calculations (Step 1-3) before he can verify the signature (Step 4,5)
1. Calculate value
2. Using , calculate
3. Using again, calculate
4. Compute ( is the generator, and is the public key for Alice). Again, as this is a point on the curve, it has an and co-ordinate, i.e.,
5. The verification, denoted as for , is as follows:
a. if , it implies the signature is valid
b. if , it indicates the signature is invalid
Last updated
Was this helpful?