1. What is ECDSA?
ECDSA (an acronym for Elliptic Curves Digital Signature Algorithm) is an Elliptic Curve Cryptography (ECC) scheme.
The ECDSA algorithm uses an elliptic curve and a finite field to create a data signature so that third parties can verify the authenticity of the signature and the signatory retains the exclusive ability to create the signature. In the case of bitcoin, the data being signed is a transfer of ownership transaction.
2. Who developed the concept of ECC and when?
The concept of cryptography based on elliptic curves was proposed independently by mathematicians Neil Koblitz and Victor S. Miller in 1985. Although their model was a breakthrough in cryptography, ECC was not widely used until the early 2000s, when it was introduced by Internet service providers.
3. How is ECC used in cryptocurrencies?
The cryptography behind cryptocurrency digital signature schemes allows for transaction verification between two parties in a decentralized network.
ECC has a significant advantage over RSA encryption. The key size used for ECC is much smaller than that required for RSA. At the same time, ECC provides the same level of security. Although RSA encryption is much more widely used on the Internet these days, ECC is a more efficient form of RSA, which is the reason for using this cryptography in cryptocurrencies.
4. Who developed ECDSA and when?
The concept of ECDSA was introduced in 1992 by Canadian mathematician and cryptographer Scott Vanstone.
5. What task does ECDSA perform?
The technology at the heart of bitcoin redefines the concept of ownership. In the traditional sense, owning something – a house, a sum of money, etc. – means either storing (physically/legally) that object personally or entrusting it to a trusted entity (e.g., a bank) for safekeeping.
This is not the case with bitcoin. Bitcoins themselves are not stored centrally or locally, nor does any entity act as their custodian.
Bitcoins exist as records in a blockchain, copies of which are distributed by a network of connected computers. “Owning” a bitcoin means being able to transfer control of it to another user by creating a transfer record in the blockchain. What makes this possible? Access to a pair of ECDSA keys – an open and a closed key.
ECDSA has separate procedures for signing and for verification. Each procedure is an algorithm consisting of several arithmetic operations. The signature algorithm uses the private key and the verification algorithm uses the public key.
6. What is an elliptic curve?
Algebraically, an elliptic curve is represented as an equation of the following form: y2 = x3 + ax + b. For a = 0 and b = 7 (the version used by bitcoin), it looks like this:
Elliptic curves have useful properties. For example, a non-vertical line that intersects a curve at two points will always intersect a third point on the curve. Another property is that a nonvertical line tangent to a curve at one point will exactly intersect another point on the curve. You can use these properties to define two operations: point addition and point doubling.
To add points, P + Q = R, a line is drawn through the points P and Q that intersects the curve at a third point R.
Then a point on the curve symmetric to the third point R about the x-axis is found. This point R is considered to be the sum of P and Q. Example:
Similarly, if a point is doubled, then a line tangent to the elliptic curve at P is drawn and must intersect it at another point R.
The point R that is symmetric to R’ with respect to the x-axis will be considered the doubling point of P. Example:
Together these two operations are used for the product-by-scalar operation, R = a P, defined as adding a point of P to itself a times. For example:
R = 7P
R = P + (P + (P + (P + (P + (P + P)))))
The process of product on a scalar is usually simplified by a combination of addition and doubling of points operations.
R = 7P
R = P + 6P
R = P + 2 (3P)
R = P + 2 (P + 2P)
Here 7P is divided into two steps of doubling the point and two steps of adding the point.
7. What are finite fields?
A finite field in the context of ECDSA can be thought of as a given range of positive numbers within which each calculation must fall. Any number outside this range is turned around so that it falls within the range. If the result of the operation falls outside this range, then at the end of the range a return to the beginning of the range occurs and the calculation continues.
The simplest way is to think of this process as calculating the remainder-of-integer-division operation, or the modulus (mod) operator. For example, 9/7 gives 1 with a remainder of 2:9 mod 7 = 2. The finite field here is 0 to 6, and all operations on modulus 7, whatever number they are performed on, give a result that falls within that range.
8. How are curves combined with finite fields?
ECDSA uses elliptic curves in the context of a finite field, which significantly changes their appearance, but not their fundamental formulas or special properties. The same equation shown in the graph above, in a finite field modulo 67, looks like this:
It is now a set of points in which all x and y values are integers between 0 and 66. The curve still retains its horizontal symmetry.
The addition and doubling of points has now visually changed slightly. The lines drawn on this graph will wrap around the field, maintaining the same slope. Therefore, the addition of points (2, 22) and (6, 25) looks like this:
The circumferential line passing through these two points ends up at the third point (47, 39), and the one symmetrical to it with respect to the x-axis will be (47, 28). This point is the result of the operation.
9. How does ECDSA work in bitcoin?
A protocol like bitcoin selects a set of parameters for an elliptic curve and a representation of its final field that is fixed for all users of the protocol.
The parameters include the equation itself, the simple value of the field modulus, and the base point on the curve. The order of the base point, which is not independently selected but is a function of the other parameters, can be represented graphically as the number of times the point is added to itself until its slope becomes an infinite (vertical) line. The base point is chosen so that the order is a large prime number.
Bitcoin uses very large numbers for the base point of a simple modulus and order. The reliability of the algorithm depends on the fact that these values are huge – making it impractical to use bruteforce or engineering analysis.
In the case of bitcoin:
Elliptic curve equation: y2 = x3 + 7
Simple modulus = 2^256 – 2^32 – 2^9 – 2^8 – 2^7 – 2^6 – 2^4 – 1 = FFFFFFFFFFF FFFFFFFFFFF FFFFFFFFF FFFFFFFFFFF FFFFFFFFFFFFFE FFFFFFFC2F
Foundation Point = 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8
Order = FFFFFFFFFF FFFFFFFFFF FFFFFFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141
This implementation is known as secp256k1 and is part of a family of elliptic curve finite field solutions proposed for use in cryptography.
10. What are the drawbacks of ECDSA?
ECDSA as the current signature method in bitcoin lacks native support for multisignatures, so it is implemented using the standardized Pay-to-Script-Hash (P2SH) smart contract, which involves only including script hashes in the blockchain.
This seemingly random number determines coin ownership. At the moment of spending, the holder reveals the script and the key to decrypt the hash at the same time. Each user can then use the original hash to verify that the script is true and that the spending conditions are met. However, users must disclose all spending conditions, including those that have not been met. For example, coins can be spent if and only if Bob and Alice sign the transaction, or if Alice signs the transaction herself after a week, or if Bob does it while providing a secret number.
The first problem with this model is the lack of privacy. P2SH transactions require that addresses start with the number 3. This gives blockchain analysts the ability to recognize all P2SH transactions on the network and identify the addresses involved in multisignatures.
The second problem is the large amount of data to process, since P2SH requires knowledge of the public keys of all multisignature participants.
These problems are solved by the Schnorr signature scheme and Taproot technology.