Fax Signatory Calculated with airSlate SignNow

Fax digital signature man

let's have a look at the e c d s a signature and how we use the nonce and how we could possibly derive the private key if we know the nonce value that's been used to create the signature okay so initially let's look at elliptic curve cryptography and also digital signatures so with elliptic curve cryptography we have a curve in an analog way that looks a little bit like this so if we plot it to that we have an equation that looks like this okay so those are the x y coordinates it draws that curve there and then we make it mod of a prime number it's also known as the order of the curve so all the values that we get are between 0 and n minus 1. the curve itself is defined by the a value the b value and also of this large prime number what we do with elliptic curve is that we take a point on the on the curve called g a generator point and then what we do is that we add g a number of times we just keep adding adding adding doubling the points and so on until we get another point on the elliptic curve we always get another point on the elliptic curve whenever we add uh points we get another cut point on the elliptic curve uh which will be the number of times that we've added a so in this case let's call it our our private key a privilege value and we the way we would represent it is like this so it's like a multiplication privileged value times g or g added privilege times private time sorry so the private key becomes this value here and then the public key is then the x y coordinate of this privileged private times g okay so this becomes our public key point and the private value is the number of times that we've added g or multiplied g there so that's a private key that is typically a 256 bit random value and then as i said we get the xy value for either public key so when it comes to signatures if we take alice and bob then alice has a private key and she also has a public key as we saw that's the private key or 256 bit random value and she has a public key which is that private value multiplied by the g or added those many times so when she takes a message she wants to sign it with our private key so in the e c dsa method we create an r and an s value so we take the message and we take the private key and we create a signature with an r and an s so when bob receives this he looks at the message and then he takes the r and the s value and then takes alice's public key and is able to check that alice did sign it and initially same thing happens with a bitcoin uh transaction where if alice wants to send bob some bitcoins then the transaction is here and then she creates an iris and an rns value to show that she's signed a transaction that goes to bob and then everyone can prove that with alice's public key okay so the way that it works uh as we saw and we'll take bob as an example here is that bob creates his private key 256-bit private key bob then generates his public key by adding g profit private this by the number of uh the the value of the private key to get private times g that becomes his public key he then takes a message and then will generate a nonce value or a random value known as k in this place in this case he then finds a new point on the elliptic curve called k times g so it is the g volume so if we think about it there's a g he finds a new point k g for the r value we only really use the x coordinate of that volume and that becomes the r value on its own so there's no two points on there it's just a single single 256 bit value it then calculates the s value by taking by dividing by k or k to the minus one so that's done with an inverse mod inverse of k mod and where n is the order of of the curve then takes a hash of the message and adds it to r our value here the x coordinate times his private key value the signature then becomes r comma s but if bob releases one of the nonce values with his signature is it possible now for an intruder to find out his private key okay so can we recover the private key if we know r and s and we know at least one of the k values and it's true because if we take our rn and s then if we put that across there that becomes s k is equal to that then if we move that over the other side we end up with this and then private key is r to the minus 1 of s times k minus h m everything is done with a mod of our order and there too so we can see in this case if bob has released his private his nonce value in generating any of the signatures then eve will be able to generate his private key from from that okay so here's some code that we can look at okay so i've just used the standard generator for that for our g there using the nist two 256 six curve and then this defines our order so that's all of our value all of our operations are done mod of this value mode of n in this case we call the order and then we'll generate a random private key and see if we can recover it back from there we can generate the public key which is obviously just uh g times the the privileged and if we want we can generate back the private key based on the public based on the public key then we'll create a random nonce value we have a message and then hash the message to an integer value after that we can then sign the value so we end up with an r and an s value so that's those values in there and that becomes the signature for this message signed by the private key which is the one that we generated here after that we can do r to the minus one using an inverse mod function and with the order and we'll take our s value so this value here is how we reverse back the private key so the private key is equal to r to the minus 1 times k s minus m which is the hash this is the hash of the message and we will do a mod of the order of the curve then hopefully we'll be able to match the key to the key that we've found and show the match there okay so this is an example here [Music] okay so try a message okay so then signature and if we try again we should get another signature because we're using different nodes values in there okay so here's the code here let's try and run that and so this is the the nonce value so if we know that nonce value then it can go in in here and obviously ensure they would normally not know that but if it's leaked then it's possible to discover the key private key that is associated with the with designer okay so if you're interested in and how ec dse actually works uh so as i said we generate a private key and then from there we generate our public key which is our private key times g okay so we work out this x y point which is a newly generated nonce value from there we have r is equal to x mod n and then the s value is given by by this as we've just seen this is how we can derive the private key from there but i'll just show you how the the ecdsm method actually works when it's received and it's checked first we calculate this value and then this value so this is for the receiver as we have here and here we then calculate a point which is u1 g plus u2 and with the public key of the signer this is the public key here if we then go through that for u1 we have fm to the over over s plus the u gives us our privileged g and again it's over s so we can just uh create it like like that okay so if we then uh replace our values here for the s then we can have our privilege private and then the top there hmm g plus r privileged g there just forgot about the g value from there and then this is obviously the same as that so we can take we can cancel that so that becomes h m plus r privileged times g upon h m plus our privilege private k minus one we take cancel that out and we end up with k g which should be the same as that value there so if this is bob signature then alice will check that the r value is equal to what is calculated here okay so that's how ec dsa works but you can see here we have a risk if the nonce value is is released or known for just one of the signatures but then eve can calculate the private key that signed it okay so that's been a quick outline of ec dsa