DAOrayaki: The role of signatures in digital assets and cryptocurrencies
Original Author: Iraklis Leontiadis
Original Title: The Role of Signatures in Digital Assets and Cryptocurrencies
Chances are you're reading this while you're using a browser that secures communication between the content endpoint and the content endpoint, thanks to authentication enabled by core cryptographic primitives. You may not have heard of abstract terms like encryption, signatures, and message authentication codes, but end-to-end security is also being protected by these technologies, and an external party cannot Read the transmitted content or change the content if found. In this article, we will focus on analyzing the internal structure of digital signatures and their role in digital assets and cryptocurrencies.
For previous articles, please refer to:DAOrayaki|Product principles for non-financial decentralized applications
traditional signature
image description
digital signature
digital signature
How to solve this problem? In traditional signatures, the sender's handwritten signature for issuing information is unique (or the same), and the way digital signatures are adopted is to bind the information that needs to be signed with the signature itself, and each electronic signature that issues information is a new byte stream. On this basis, if you want to forge an electronic signature, the difficult problem that needs to be solved is almost impossible with the tools and knowledge currently available, so it is relatively safer.
image description
electronic signature
The verification authority binds the sender's public key and its metadata signature (which is publicly identifiable). The security of the protocol not only depends on the security guarantee of the signature, the security implementation of the whole process, the secure storage of the secret key and the reliable communication channel, but also depends on whether the verification institution itself is secure enough. Attackers can perform man-in-the-middle attacks or impersonate interested parties, and the consequences of attacking a validating authority and issuing "fake" certificates can be dire, as can be seen all over the place, such as Diginotar, Comodo, and MonPass.
Signatures in digital assets
With the advent of distributed ledger technology and financial applications based on it (cryptocurrency), interest in digital signatures has been raised. Digital signature is the core of the digital asset system, which guarantees the ownership of digital assets and prevents the problem of double spending (spending more than holding).
In an encrypted currency system, when Steve wants to send a certain amount of digital assets (such as Bitcoin) to Laura, Steve will sign a byte stream containing the spending information in his account, and then have a public The miners (verifiers) of the information verify the validity of the signature, and use it as a block on the main distributed ledger according to the basic consensus mechanism, and finally complete the transaction.
If there is a flaw in the digital signature, it will have a destructive impact on the fairness and security of the system. Attackers can initiate unauthorized transactions through insecure private key storage, or potential flaws in the underlying algorithm, causing losses that may never be recovered. In the traditional financial system, the card number and password are secret keys, so the security of financial digital assets includes the security of secret keys and digital signatures.
There are currently three signature-managed distributed ledger systems: ECDSA, Schnorr, and EdDSA. These signature schemes all rely on groups of elliptic curves and mathematical puzzles. Different curves offer different efficiency and safety guarantees, e.g. the Edwardian curve is generally considered more secure because it is easier to implement in constant time to avoid side-channel attacks due to its general form.
In the following, we will treat the underlying group of elliptic curve operations as a "black box", emphasizing only the algebraic equations above. All signatures below perform arithmetic operations on a base group G with a prime number order of q. All operations are modulo operations of q and there is a hash function H. Input any byte stream and output the elements in Zq .
ECDSA signature
When the Bitcoin network went live, Satoshi Nakamoto decided to make ECDSA the base signature scheme. The first step of the signature algorithm is to sample a new random k, if not, the adversary can extract the key through two different signatures of different information (such as the PS3 hacking event). If repeating randomness sounds extreme, repeating only a fraction of the bytes in k is enough to extract the remaining randomness with good probability.
Another disadvantage of signatures is that it is not easily compatible with the signature by-products required by blockchains, namely: multi-signature, aggregate signature, and MPC protocols. The reason is the effect of the inverse element k^-1 on the non-linear equation that computes the s part of the signature.
image description
ECDSA signature
Schnorr signature
image description
Schnorr signature
EdDSA signature
image description
in conclusion
in conclusion
Cryptography research evolves with the design, implementation, and deployment of blockchain ecosystems: threshold cryptography, zero-knowledge proofs, aggregate signatures, VDFs, VRFs, distributed random beacons, and more. Over the past few years, the amount of work put into digital signatures from both research and engineering has grown exponentially, and we have witnessed the shortest time cycles from protocol description to POC to production.
We will also see new signatures that replace the ones above; faster, more secure, and easier to implement. Every step from protocol description to POC to production needs to be thoroughly reviewed, and a small flaw can cause huge losses. It takes years of accumulation from early adoption to becoming a standard. Encryption protocols are at the heart of every digital financial system. To ensure the security of digital assets, there are always trade-offs in the best choice.
Encryption protocols do not exist independently in the production environment. Security analysis is only the first step. Product owners, engineers, QA, and devops need to strengthen cooperation with cryptographers to understand the risks of deploying encrypted code and ensure protection from malicious users. Influence. Perfect security will never exist, and at Parfin we take all necessary steps to secure the underlying infrastructure, trust as much as possible and minimize potential exposure of critical information.
