Unlocking the Power of Digital Signature Legitimateness for R&D in Mexico

How to eSign a document: digital signature legitimateness for R&D in Mexico

Okay, so let's look at digital signatures  and we'll look at three main types of digital   signatures. These are three of the  most common signatures that we'll find.   The first one is the Elliptic Curve Digital  Signature Algorithm (ECDSA), the next one is   EdDSA, and the last one that we'll look at  is the Schnorr signature method. So these   are the three methods that we'll look at  in terms of understanding our signatures.   Basically what we have is that we have  Bob and Alice and we have a message.   Alice has a private key we'll  call it sk and a public key   pk. What happens is that she uses her private  key (sk) to produce a signature (r,s)   and then Bob will use the message, and Alice's  public key, to prove the signature on the message.   So let's look at the detail of  how each of these methods work.   Each of them now is an elliptic  curve method because it's much more   efficient than using discrete logs. So with  elliptic curve methods we have a base point   on the elliptic curve. So our elliptic  curve might have an equation such as this y^2 = x^3 + ax +b (mod p) and then we work out we generate a private key sk - 256-bit values typically - and create a   point (sk.G) which is G added sk times. With an  elliptic curve that's an efficient operation.   This becomes the public key (sk.G)  and sk is the secret key private key   and the public key. Alice keeps this scalar value  secret but can release this point value here So let's have a look at the detail so we can use a  number of curves we can use the one that's used in   bitcoin which is this one and that's a=0 and  b=7, or we could use the NIST curve of P-256   as long as Bob and Alice know the curve that  they're using and the parameters involved then   everything is fine and probably when we're sending the signature we might send the parameters that   we've used here. But there is a prime number  which is used and there is also a value of n.   n is the order of the curve and it relates to  the total number of points that are possible   when we're conducting our operations that  don't involve points, we will always do a (mod   n) with that. So let's see how this actually works initially what we do is we take the message and we   create a hash of it. So it might be SHA-512  and then what we do is that we mask off the   bottom 32 bytes of the hash - this gives us a  256-bit hash which should be secure. Now what   we do is that we create a random value k.  k will vary the signature each time and we   don't have to pass k. But k will make sure that  each time the (r, s) value vary then we create   another point called r which is k times G so  it's G and we add that k times to get this point   R. We then take the x value of the x  point of it and do a (mod of n) then for s   we create k to the minus one - inverse k  mod n - times h plus r times the secret key (sk).   Alice knows the secret key. She knows the value of r and h and you can work out the inverse of k mod   n it's a special operation that we have fairly  simple there she then sends the value of   r and s along with the message and her public key  and the bob will now hopefully go and check that   message so Bob does the same thing  almost takes the hash of the message   because he's received that then takes the lower  part of the message lower 32 bytes (256 bits)   and then works at a value of c just inverse of s   mod of n then works out two values u1 is  h times c and u2 is equal to r times c next Alice will check the value of r or the point  r is equal to the x point of u1 g plus u2   times the public key okay so u2 u1 is hc   g it's a point r c p k so the next thing we'll  do is that we'll then group c h g plus r p k   and the value of c is the inverse of the  inverse of s so it's hg plus rpk divided by   k to the minus 1 h plus r s k okay so that's the value of that okay so then that's equal to hg plus r   s k g because the secret key times g is the public  key divided by k to the minus one h plus r s k   and that and that is the same so that becomes  g and we move k up to the top that becomes   r k which is equal to this here if  we take the x coordinate of that   that will equal to the value of r  and if this works then we can prove that Alice was the one that signed it with her   private key and in this case we're using the  public key from Alice here and the r and the   s value to be able to match this here so this is  e c d s a and it's used for like extensively and   things like bitcoin and in signing transactions it  has weaknesses and those weaknesses are overcome   normally using this other method here and it uses  an Edwards twisted curve typically with the curve   of curve two five five one nine which has a  prime number of two to the power of 255 minus   19. it also has a base point  if you're interested equal to 9   that's the best point for the x value and  typically in Curve 25519 we don't bother   about the y coordinates we only bother about the  x coordinate when we're doing our calculations   so let's see how this one works so  again Alice will have a secret key and then we'll work out the public  key is equal to the secret key times g okay there was a secret key there that we had and  there was the public key there before that was the   key pair now as before we'll take a hash of the  message and we can use the lower 32 bytes for this   so that would be 32 bit that now what we'll  do is we'll do something slightly different   we'll take a hash of this hash and then we'll  append it with the message sorry we take a hash   of the secret key here sorry that should be  the hash of the secret key here and then that   is then used in there where we append the byte  array of this onto the byte array of the hash   so in this case it'll be 32 bytes and then  whatever we have for the message will be appended   onto that and we'll create our hash now we'll  create our r value equal to rG as we did before and our s value becomes r plus the hash of r appended with public key appended with the  message and times s k and we've also got a mod   n in there i won't put on there just now but  that's the calculation that we would have   and so we have our signature of rs again and  we can take the x point for this and we can do   a mod n to work out the value of r that we're  going to use we work out this value for r   now on the other side Bob we'll take the hash  of r.pk the message there because he's received   r takes the x coordinate of that and takes  that's part of the hash takes the public key   and then takes the message and regenerates  the value of s and then checks sG and v 2. so v1 is equal to sg and v2 is equal  to r plus the public key times s here so we now need to prove that these two values  are the same and we'll just do that because v2   is equal to r plus pk times  s and r is equal to rG and pk times s which is the hash of  r our pk and then the message   okay so we have rG pk then this hash here so that  is equal to rg plus s k g and the hash of r b k m there and we find that s is r plus h r p k m and we take the g out and that  becomes s g which is equal to that one   so if the two values v one and v two are equal  when alice when bob calculates its s value here   and then the v1 v2 using the lowercase s here  and the big s here for that one if they match   then then the signature is correct   this is a more secure method than this method  because of this hashing that goes on here as a final method let's look  at the Schnorr method for signing so in this case what we do is that  again we create our secret key   and we have our public key equal to the secret key   times g as we did before now what we do again is  we create a k value and we create a point k g for   that then we create our s value equal to k minus  the hash value of the message appended with r   times the private key this becomes the s value  and the r value is equal to just the x coordinates   mod n and this one here is also more than so  we end up with our s and our r value in here now Bob will check this and we'll check  that pk h the message and the r value plus s g is equal to k g which is equal to the r value that's the sent big so pk times the hash plus sg is equal to kg where kg is equal to the r value that's the sent so it's an s and an r value that sent this time  so then this becomes our secret key times g   and the hash of m r plus the k value the s value  which is k minus the hash the message for r times x times six key times g this  is this part here for the s value   now what we have is that's equal to x secret  key times g times the hash of the message that part there plus k G sk minus s k G hash of m, r and we can see  that this part cancels with this part   so we end up with a value equal to kG  and that proves the Schnorr signature