ECDSA (Elliptic Curve Digital Signature Algorithm)

Elliptic Curve Digital Signature Algorithm

ECDSA stands for “Elliptic Curve Digital Signature Algorithm”, it is a cryptographically secure digital signature scheme, based on the elliptic-curve cryptography (ECC). it’s used to create a digital signature of data (a file for example) in order to allow you to verify its authenticity without compromising its security. Think of it like a real signature, you can recognize someone’s signature, but you can’t forge it without others knowing. The difference however between an ECDSA signature and a real signature is that it's simply impossible to forge the ECDSA signature. ECDSA keys and signatures are shorter than in RSA for the same security level. A 256-bit ECDSA signature has the same security strength like 3072-bit RSA signature.

Blockchain implementations such as bitcoin and Ethereum use elliptic curves to generate public and private key pairs. Elliptic curve was invented by Neal Koblitz and Victor Miller in 1985.

A 256 ECC(Elliptic curve cryptography) public key provides comparable security to a 3072-bit RSA public key.Hence, the primary advantage of using ECC is reduced key size and speed. .

Elliptic curves has nothing to do with ellipses, Ellipses are formed by quadratic curves, (X²) while elliptic c urves are formed by cubic equations (X³) .The Standard for Efficient Cryptography Group (SECG) is an international consortium to develop commercial standards for efficient and interoperable cryptography based on ECC. .

The SECG Website is https://www.secg.org .

The SECG has published a document with a recommended set of elliptic curve domain parameters, referred by the letters , {p, a, b, G, n, h}, they are collectively referred to as Elliptic curve domain parameters.

Creating digital signatures based on the math of elliptic curves is called the Elliptic Curve Digital Signing Algorithm, short ECDSA.
An elliptic curve is the set of points that satisfy a specific mathematical equation. The equation for an elliptic curve looks something like this:

y2 = x³ + ax + b

From the curve above, the elliptic curve has some interesting characteristics;

• 1. Its symmetric around the x-axis and for any x coordinate, you will have two values of y, one will be positive and another negative.
• 2. If a line is tanganet to the curve, it intersects another point.
• 3. If you draw a straight line through the curve, it would intersect in not more than three points.
• 4. All vertical lines, (slope = infinity) intersects the point at infinity
• 5. The curve has an ever increasing slope after a point of inflection.

We have a curve defined by the math function

y² = (x³ + a * x + b) mod p

a and b are constant values, and can be real numbers, integers or rational numbers. The modulo is a prime number and makes sure that all the values are within our range of 160 bits and it allows the use of “modular square root” and “modular multiplicative inverse” mathematics which make calculating stuff easier (I think). Since we have a modulo (p) , it means that the possible values of y² are between 0 and p-1, which gives us p total possible values. However, since we are dealing with integers, only a smaller subset of those values will be a “perfect square” (the square value of two integers), which gives us N possible points on the curve where N < p (N being the number of perfect squares between 0 and p). Since each x will yield two points (positive and negative values of the square-root of y² ), this means that there are N/2 possible ‘x‘ coordinates that are valid and that give a point on the curve. So this elliptic curve has a finite number of points on it, and it’s all because of the integer calculations and the modulus.

Assume, we want to add two points on the line, say P₁(x₁,y₁) and P₂(x₂,y₂)

The first step is to find the point-slope form of the line.

Then we can define the slope as

λ = ( y₂ - y₁)/( x₂ - x₁)

y- y₁ = λ ( x - x₁)

The slope intercept form of the line is:

y = λx - λx₁ + y₁

Let, µ = y₁ - λx₁

y = λx + µ

Then to find the coordinates of the third point (x₃,y₃)

Replace y in the Original equation of the curve.

y² = x³ + ax + b

where a and b are constants

( λx + µ)² = x³ + ax + b

After distributing and rearranging, we get the polynomial

0 = x³ - λ²x² - 2 λx µ - µ² + ax + b

The polynomial has 3 roots. x₁, x₂, x₃,

And since it is a polynomial, The coefficient of x² is the opposite sum of the roots.

x₁ + x₂ + x₃ = λ²

x₃ = λ² - x₁ - x₂

We fix x₃ in to our original equation and reflect it

y₃ = y₁ - y₃ – y₁

y₃ = λ(x₁ - x₃) – y₁

Algebraically,

for P + P = R = 2P

slope S = (3x²_p) + a / ( 2y_p)

for the x-cordinate

x_r = s² - 2x_p

for the y-cordinate

y_r = s(x_p - x_r) - y_p

Why do we reflect ?

When we try to add infinity to a point. i.e adding points on a vertical line,
The third point is usually infinity.

Then find the third point of intersection

Reflect it and the result is the original point

P + ∞ = P , therefore, infinity is the identity for point addition

Inverses

Adding a point with its reflection is ∞, since they are in a straight line

P + P’ = ∞

Therefore, the reflection of a point is its inverse.

So, if we have to add a point and its reflection

P = (x, y) and -P(x, -y)

Then we can say, a point minus itself is infinity

P – P = ∞

The elliptic curve performs two major function;

• • Point addition
• • Point Multiplication(point doubling).

Mathematically,

The addition Law, states to add two points on the curve, say A and B, we first find the line between the two points , then we find the third point of intersection X, then we reflect it to get C.

Then, a second case,The multiplication is when we want to add a point to itself, say A.
We find the tangent line, to the point

And then find the second point of intersection, then we reflect it to get 2A.

Point Addition

Consider the curve above. We have two points A and B, to add the points, we draw the line between then and you notice the third intersection X, from there we draw a vertical line down and across the x-axis where the line intersects the curve again is the sum of the two points C..remember that the curve is symmetric on the x axis In this case, we define X = -C to represent the symmetrical point of X on the x axis. This explains the concept of point addition.so, A+B = C.

In ECC adding two vertical points, is an undefined procedure, this results to what is know as elliptic identity and commonly denoted as infinity X + C = ∞. This is because , to add two vertical points, the line does not make a third interception as explained above.

Point Multiplication

So, lets consider adding a point to itself, we do this by drawing a tangent to that point , say A considering the curve below. Then, from its point of intersection on the curve , we draw a vertical line down , across the x-axis to the point where it intersects the curve, then we call this new point B. Now, this is referred to as point doubling and is the way we use to achieve multiplication . so we refer B as A+A= 2A.

So to calculate 3A, we perform point doubling three times, so we add A to itself 3 times so we draw a line between 2A and A and where the line cuts the curve, we draw a vertical line across the x-axis and this new point is 3A. so, to perform few computations involves a lot of jumping around the curve , this is where ECC gets its strength since it is infeasible to divide the multiplication and find the specific point you multiplied to get there , unlike regular algebras. And this is known as the Elliptic Law Discrete Logarithm.

To recap, if you have a point say,
R = k*P, k(No of times P was added) . where you know R(The result of adding P , K times), and P(The starting point of addittion). there is no way to find out what the value of ‘K‘ is. Since there is no point subtraction or point division, you cannot just resolve k = R/P. Also, since you could be doing millions of point additions, you will just end up on another point on the curve, and you’d have no way of knowing “how” you got there. You can’t reverse this operation, and you can’t find the value ‘k‘ which was multiplied with your point P to give you the resulting point R.

We will discuss the part of ECC that is related to Diffie -hellman, Bitcoin Cryptography and digital signatures in the next chapter.