8 min read · Aug 22, 2023
--
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a cryptographic algorithm used in Ethereum to ensure that funds can only be spent by their owners. It is a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.
ECDSA works over the algebra of elliptic curves. This algorithm allows a person to sign a message using their private key, so that anyone else can verify that the signature actually belongs to that person, also knowing their public key.
ECDSA is used in Ethereum for creating and verifying digital signatures for transaction authentication. Ethereum transactions are signed with the private key of the sender using the ECDSA algorithm, and the signature is included in the transaction data.
The key components of ECDSA are:
- Key Pair Generation: This involves selecting a random private key, which is a secret number, and using it to derive a public key, which can be shared publicly. The public key is derived by multiplying a fixed point on the elliptic curve by the private key.
- Message Hashing: The message that needs to be signed is hashed using a cryptographic hash function, which produces a fixed-length hash value.
- Signing the Message: The ECDSA digital signature is created by performing a series of mathematical operations on the hash value and the private key. These operations result in a unique signature that can only be generated by the sender’s private key.
- Signature Verification: The recipient of the message uses the public key to validate the signature. If the signature is valid, the recipient can be sure that the message was sent by the owner of the private key.
- Domain Parameters: An elliptic curve E defined over a discrete space Fq with characteristic p and a base point G domain parameters might be distributed by a group of entities or unique to a single user.
The security of ECDSA relies on the difficulty of solving the elliptic curve discrete logarithm problem, which involves finding the private key given the public key and the generator point. The elliptic curve discrete logarithm problem is believed to be computationally infeasible for sufficiently large key sizes, making ECDSA a secure digital signature algorithm.
The Elliptic Curve Discrete Logarithm Problem (ECDLP) is the hard problem underpinning elliptic curve cryptography. This problem involves finding an integer (d) such that (dG = Q), where (G) is a known point on the elliptic curve and (Q) is another point on the curve. (d) is the private key and (Q) is the public key. The security of ECDSA relies on the difficulty of solving the ECDLP, which is believed to be computationally infeasible for sufficiently large key sizes. Given the public key and the generator point, it is computationally infeasible to derive the private key, therefore providing security for the ECDSA.
Here is a step-by-step breakdown of the mathematical operations involved in signing and verifying a message in ECDSA:
Signing the Message:
- Calculate the message hash, using a cryptographic hash function like SHA-256: (h = hash(msg)).
- Securely generate a random number (k) in the range ([1..n-1]), where (n) is the order of the elliptic curve.
- Calculate the random point (R = k * G), where (G) is the generator point of the elliptic curve, and take its x-coordinate: (r = R.x). If (r) is equal to 0, go back to step 2.
- Calculate the signature proof: (s = k^{-1} * (h + r * privKey) \mod n), where (privKey) is the private key of the signer. If (s) is equal to 0, go back to step 2.
- The signature is the pair ((r, s)).
Verifying the Signature:
- Calculate the message hash, with the same cryptographic hash function used during the signing: (h = hash(msg)).
- Calculate the modular inverse of the signature proof: (s_1 = s^{-1} \mod n).
- Recover the random point used during the signing: (R’ = (h * s_1) * G + (r * s_1) * pubKey), where (pubKey) is the public key of the signer.
- Verify the signature by checking if the x-coordinate of (R’) is equal to (r): (r’ = R’.x). If (r’ = r), the signature is valid. If not, the signature is invalid.
In summary, the ECDSA signing algorithm uses the sender’s private key to generate a unique signature for a message, while the verification algorithm uses the sender’s public key to verify the authenticity of the signature. The security of ECDSA is based on the difficulty of the ECDLP, which ensures that it is computationally infeasible to derive the private key given the public key and the generator point, thus making it a secure digital signature algorithm.
Ethereum’s implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) uses the secp256k1 elliptic curve and the SHA-256 cryptographic hash function.
Cryptographic Hash Function
The cryptographic hash function used in Ethereum’s ECDSA is SHA-256 (Secure Hash Algorithm 256-bit). A hash function takes an input (or ‘message’) and returns a fixed-size string of bytes, which is typically a digest that is unique to each unique input. It is deterministic so the same input will always result in the same output[0].
In Ethereum’s ECDSA, the message to be signed is first processed through the SHA-256 hash function, which produces a fixed-length hash value. This hash value is then used in the signing and verification processes[0].
import hashlibmessage = "Hello, Ethereum!"
message_bytes = message.encode('utf-8')
hash_object = hashlib.sha256(message_bytes)
hex_dig = hash_object.hexdigest()
print(hex_dig)
Elliptic Curve
The specific elliptic curve used in Ethereum’s ECDSA is known as secp256k1. This is a standardized elliptic curve, which means its parameters (a, b, and p) are predefined[1].
The equation for secp256k1 is y² = x³ + 7, which means that a = 0 and b = 7. The order of this elliptic curve is a very large number, making it suitable for cryptographic purposes due to the computational difficulty of solving the elliptic curve discrete logarithm problem[1].
Here is a Python example of creating a private/public key pair using the secp256k1 curve:
from ecdsa import SigningKey, SECP256k1# Generate a new private key
private_key = SigningKey.generate(curve=SECP256k1)
# Derive the public key
public_key = private_key.get_verifying_key()
print("Private key:", private_key.to_string().hex())
print("Public key:", public_key.to_string().hex())
In summary, Ethereum’s ECDSA uses the SHA-256 hash function and the secp256k1 elliptic curve. The security of this system relies on the computational difficulty of finding the discrete logarithm in the group of points on the elliptic curve, making it a robust choice for digital signatures in the Ethereum network[2].
The secp256k1 elliptic curve was chosen for Ethereum’s ECDSA due to several beneficial properties.
Firstly, it was constructed in a special non-random way that allows for particularly efficient computation. As a result, it is often more than 30% faster than other curves if the implementation is sufficiently optimized [1].
Secondly, secp256k1’s constants were selected in a predictable way, which significantly reduces the possibility that the curve’s creator inserted any sort of backdoor into the curve [1]. This addresses some of the concerns raised about the potential for hidden weaknesses [0].
Thirdly, the adoption of secp256k1 also allows Ethereum to have better interoperability with Bitcoin [2], as Bitcoin also uses the same elliptic curve for its ECDSA implementation.
In Ethereum, ECDSA is used to ensure the integrity and authenticity of transactions. Here’s how it works in the context of a transaction:
- Transaction Creation: The sender of a transaction generates a signature using their private key and the transaction data as input. This signature is then included in the transaction data that’s broadcast to the Ethereum network [4].
- Transaction Verification: Nodes in the Ethereum network use the sender’s public key (which is derived from their address) and the transaction data to verify the signature. If the signature is valid, the nodes accept the transaction and include it in the blockchain. This confirms that the transaction was indeed created by the sender and hasn’t been tampered with [4].
- Public Key Recovery: Ethereum actually goes a step further than simply including the signature in the transaction data. It uses a feature of ECDSA that allows the sender’s public key to be recovered from the signature itself. This means that Ethereum transactions don’t need to include the sender’s address — they just include the signature, and nodes can derive the sender’s address from the signature. This saves space in the transaction data and makes transactions slightly more efficient [3].
In summary, Ethereum’s choice of secp256k1 for its ECDSA implementation offers computational efficiency, security, and interoperability with Bitcoin. The use of ECDSA in Ethereum transactions ensures their integrity and authenticity, providing a robust security layer for the Ethereum network.
- What is ECDSA?
ECDSA is a cryptographic algorithm used in Ethereum for creating and verifying digital signatures for transaction authentication. It is based on the algebra of elliptic curves and allows a person to sign a message using their private key, so that anyone else can verify the signature knowing their public key.
ECDSA is a cryptographic algorithm used in Ethereum for creating and verifying digital signatures for transaction authentication. It is based on the algebra of elliptic curves and allows a person to sign a message using their private key, so that anyone else can verify the signature knowing their public key.
2. Key Components of ECDSA:
- Key Pair Generation: A random private key is selected and used to derive a public key.
- Message Hashing: The message to be signed is hashed using a cryptographic hash function (SHA-256 in Ethereum), which produces a fixed-length hash value.
- Signing the Message: The ECDSA digital signature is created by performing a series of mathematical operations on the hash value and the private key.
- Signature Verification: The recipient of the message uses the public key to validate the signature.
- Domain Parameters: Constitutes the elliptic curve E defined over a discrete space Fq with characteristic p and a base point G.
- How Does ECDSA Ensure Security?
The security of ECDSA relies on the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP). Given the public key and the generator point, it is computationally infeasible to derive the private key.
2. Use of Specific Cryptographic Hash Function & Elliptic Curve:
Ethereum’s ECDSA uses the SHA-256 hash function (Secure Hash Algorithm 256-bit) for message hashing and the secp256k1 elliptic curve for key pair generation and signature creation/verification process.
3. Why secp256k1 Curve?
The secp256k1 curve offers computational efficiency, security from potential backdoors, and interoperability with Bitcoin.
4. Practical Applications of ECDSA in Ethereum:
Ethereum uses ECDSA to ensure the integrity and authenticity of transactions. It includes transaction creation and verification, and public key recovery, which makes the Ethereum transaction slightly more efficient.
“Got thoughts? Drop them in the comments! If you liked this, give it a clap or share. Stick around for more, and big thanks for reading along with me. Let’s keep the conversation going!” 👍🗨️🚀
- GitHub: https://github.com/fitsaleem
- LinkedIn: https://www.linkedin.com/in/saleem-raza/
- YouTube: https://www.youtube.com/fitcodding
I’m always happy to connect and discuss ideas related to Blockchain, web3 development, and technology in general. Looking forward to hearing from you!
