ECDSA Digital Signature Algorithm

I. Overview of ECDSA

Elliptic Curve Digital Signature Algorithm (ECDSA) is the simulation of digital Signature Algorithm (DSA) using Elliptic curve cryptography (ECC). ECDSA became the ANSI standard in 1999 and became the IEEE and NIST Standard in 2000. It was accepted by ISO in 1998, and some of its other standards are also considered in the ISO. Unlike the common discrete logarithm problem (discrete logarithm problem DLP) and the large number decomposition problem (integer factorization problem IFP), the elliptic curve discrete logarithm problem (elliptic curve Discrete logarithm problem ECDLP) There is no solution for sub-exponential time. Therefore, the unit bit strength of elliptic curve cipher is higher than that of other public key system.

The digital Signature Algorithm (DSA) is described in detail in the Federal Information Processing Standard FIPS, known as the digital signature standard. Its security is based on the discrete logarithm problem on the vegetarian domain. Elliptic curve Cryptography (ECC) was invented by Neal Koblitz and Victor Miller in 1985. It can be thought of as an elliptic curve simulation of a cryptographic system previously based on discrete logarithm problem (DLP), except that the group element is replaced by the number of elements in the element domain as a point on an elliptic curve on a finite field. The security of Elliptic Curve cryptosystem is based on the problem of elliptic curve discrete logarithm (ECDLP). Elliptic curve discrete logarithm problem is far more difficult to discrete logarithm problem, Elliptic curve cryptography system Unit bit strength is much higher than the traditional discrete logarithm system. Therefore, in the case of a shorter key, ECC can achieve the same level of security as the DL system. The benefits are smaller calculation parameters, shorter keys, faster operations, and shorter signatures. The Elliptic curve cipher is therefore especially suitable for applications where processing power, storage space, bandwidth, and power consumption are limited.

second, the principle of ECDSA

ECDSA is the combination of ECC and DSA, the entire signature process is similar to DSA, the signature is not the same as the algorithm used in ECC, the final signature of the value is also divided into r,s.
The signing process is as follows:
1, select an Elliptic Curve EP (A, B), and the base point G;
2, select the private key K (K<n,n is the order of G), using the base point G to calculate the public key k=kg;
3, produce a random integer R (r<n), calculate point R=rg;
4, the original data and point R coordinate value x, y as the parameter, calculate SHA1 as hash, that is HASH=SHA1 (original data, x, y);
5. Calculate S≡r-hash * k (mod n)
6, R and s as the signature value, if R and s one is 0, re-executed from step 3rd
The verification process is as follows:
1, the receiving party after receiving the message (m) and the signature value (R,s), the following operation
2, Calculation: Sg+h (m) p= (x1,y1), r1≡x1 mod P.
3. Verification equation: R1≡r mod p.
4, if the equation is established, accept the signature, otherwise the signature is invalid.

Third, the implementation of ECDSA in JDK

Special Note: The ECDSA signature algorithm is only implemented after JDK1.7, the most common scenario is the design of the product key for the installation of Microsoft products

1. Keypairgenerator

The Keypairgenerator class is used to generate public and private key pairs. The key pair generator is constructed using the GetInstance factory method, which returns a static method of an instance of a given class.
The key pair generator for a particular algorithm can create a public/private key pair that can be used with this algorithm. It can also associate algorithm-specific parameters with each generated key.
There are two ways to generate a key pair: an algorithm-independent approach and an algorithm-specific approach.


Below we will follow the specified ECDSA algorithm to generate the secret key keypairgenerator.getinstance ("EC");

2. EC Dsapublickey

ECDSA the public Key interface

3. EC Dsapublickey

ECDSA The private key interface

4. Pkcs8encodedkeyspec

The Pkcs8encodedkeyspec class inherits the Encodedkeyspec class, which represents the private key in encoded format.
Pkcs8encodedkeyspec class uses the PKCS#8 standard as the encoding format for key specification management

5. Signature

The Signature class is used to provide digital signature algorithm functionality for applications. Digital signatures are used to ensure the validation and integrity of digital data.

Of all the algorithms, the digital signature can be the NIST standard ECDSA, which uses ECDSA and SHA-1. The ECDSA algorithm using the SHA-1 message digest algorithm can be specified as SHA1WITHECDSA.

Iv. Realization of

The implementation steps of ECDSA are similar to the RSA Digital Signature Algorithm we learned before
Implementation steps
First step: Initialize the key group to generate the public and private keys of the ECDSA algorithm
Step Two: Execute the private key signature, use the private key signature, generate the private key signature
Step three: Execute public key signature, generate public key signature
Fourth step: Use public key to verify private key signature
Note: The so-called public key and private key in pairs appear. The principle of compliance is "private key signing, public key authentication".

The sample code is as follows:

Importjava.security.KeyFactory;ImportJava.security.KeyPair;ImportJava.security.KeyPairGenerator;ImportJava.security.PrivateKey;ImportJava.security.PublicKey;Importjava.security.Signature;ImportJava.security.interfaces.ECPrivateKey;ImportJava.security.interfaces.ECPublicKey;ImportJava.security.spec.PKCS8EncodedKeySpec;ImportJava.security.spec.X509EncodedKeySpec;/*** Elliptic curve Signature Algorithm * * Fast speed Strength High sign short * * Realize square JDK1.7/BC*/ Public classEcdsautil {Private StaticString str = "Hello";  Public Static voidMain (string[] args) {JDKECDSA (); }     Public Static voidJdkecdsa () {Try{keypairgenerator Keypairgenerator= Keypairgenerator.getinstance ("EC"); Keypairgenerator.initialize (256); KeyPair KeyPair=Keypairgenerator.generatekeypair (); Ecpublickey Ecpublickey=(Ecpublickey) keypair.getpublic (); Ecprivatekey Ecprivatekey=(Ecprivatekey) keypair.getprivate (); //2. Execute SignaturePkcs8encodedkeyspec Pkcs8encodedkeyspec =NewPkcs8encodedkeyspec (ecprivatekey.getencoded ()); Keyfactory keyfactory= Keyfactory.getinstance ("EC"); Privatekey Privatekey=keyfactory.generateprivate (PKCS8ENCODEDKEYSPEC); Signature Signature= Signature.getinstance ("SHA1WITHECDSA");            Signature.initsign (Privatekey);            Signature.update (Str.getbytes ()); byte[] Sign =signature.sign (); //Verifying SignaturesX509encodedkeyspec X509encodedkeyspec =NewX509encodedkeyspec (ecpublickey.getencoded ()); Keyfactory= Keyfactory.getinstance ("EC"); PublicKey PublicKey=keyfactory.generatepublic (X509ENCODEDKEYSPEC); Signature= Signature.getinstance ("SHA1WITHECDSA");            Signature.initverify (PublicKey);            Signature.update (Str.getbytes ()); BooleanBOOL =signature.verify (sign);        SYSTEM.OUT.PRINTLN (BOOL); } Catch(Exception e) {e.printstacktrace (); }    }}

Five,ECDSA standard

There are a number of draft standards and standards for ECDSA, which have been approved by the issuing authorities:ANSI X9.62, FIPS 186-2,ieee 1363-2000,iso 14888-3. ECDSA is also standardized by the cryptographic Standardization Organization (SECG, an organization engaged in the study of the universal potential of cryptographic standards).

The main ECDSA standard 1.ANSI X9.62

the project began in1995years, and in1999year formally asANSIstandards promulgated. ANSI X9.62with high security and versatility. Its base field can beFp, or it can bef2m. f2mthe elements in a form can be expressed in the form of a polynomial or a regular base. In the form of a polynomial,ANSI X9.62The requirement modulo polynomial is not about three items, the standard provides some irreducible three formula, and also gives an irreducible five formula. To improve commonality, a modal polynomial is provided for each domain. If the normal base representation method is used,ANSI X9.62Specifies the use of Gauss regular base. The most important safety factor of elliptic curve isN, that is, the base order,ANSI X9.62of theNGreater than2160. Elliptic curves are selected using random methods. ANSI X9.62Specifies the use of a string in bytes to represent points on a curve,ASN.1syntax can clearly describe domain parameters, public keys, and signatures.

2.FIPS 186-2

1997years,NISTbegan to develop including elliptic curves andRSAof the signature algorithmFIPS 186Standard. 1998years,NISTlaunched aFIPS186, it includesRSAwith theDSAdigital signature Scheme, also known asFIPS 186-1. 1999yearsNISTalso for the United Statesg0vmentlaunched a theThe elliptic curve of the species. These curves are followedANSI X9.62and theIEEE 1363-2000the form. -years, includingANSI X9.62described in theECDSA, using the above curveFIPS 186-2The Advent.

3. IEEE 1363-2000

The standard in 2000 year as ieee standard was invented. ieee 1363 Wide coverage, including public key cryptography, key negotiation, based on ifp DLP , ECDLP digital signature. It is associated with ansi X9.62 and fips 186 Completely different, it has no minimum security restrictions (such as no longer limiting the base point), the user can have full freedom.

so IEEE 1363-2000 is not a security standard or a good commonality, its significance lies in providing references for various applications. Its base domain can be, or can be. The elements in a form can be expressed in the form of a polynomial or a regular base. The element representation is an integer, and the element representation is a string. This is consistent with ANSI X9 and FIPS 186 .

4.iso/iec 14888-3

This standard includes several signature algorithms, where The ECDSA section is consistent with ANSI X9.62 .

If you are interested to study, the ECDSA algorithm uses in bitcoin.

ECDSA Digital Signature Algorithm