Feed for tag: ecdsa
An Overview of the Upcoming Multisignature Standard by Andrew Poelstra

ECDSA has been the preferred signature algorithm for most blockchain networks for verifying ownership and transfer of assets on the networks. However, this complex scheme that has been used in Bitcoin since 2008 started to show its limits. For example difficulties in producing multisignatures and added complexity in second layer Bitcoin networks like Lightning and crhoss-chain atomic swaps. Last year, a proposal called MuSig, or MultiSignature Scheme, was made. It offers many improvements over ECDSA and is probably one the most important cryptographic improvements to Bitcoin that would help increase privacy and efficiency in transactions.

Andrew Poelstra, one of the key researchers and co-author of the paper published a technical overview on this upcoming cryptographic scheme and its applications.

Mast and Schnorr Signatures
Bitcoin’s development effort for the past few years has been focused on a few key concepts, privacy, scalability and efficiency. One of the first improvements was Segregated witness which is ushering in the rest, Lightning Network followed but was an effort in a different direction as it took transactions off-chain rather than optimizing the on-chain process. Some of the upcoming technologies aimed at optimizing this process are Schnorr Signatures and Merkelized Abstract Syntax Trees or MAST for short.
BIP 322: Generic Signed Message Format

Message signing and verification is one of the quirks included in Bitcoin clients, although it isn’t used as much, this quirk can help you in different situations like proving the ownership of an address, proving a payment to a real world vendor or like a simple proof of an anonymous identity and avoiding fraud.

Currently this only works with P2PKH addresses (legacy addresses starting with a 1), leaving out a standard way to do it with P2SH or any different type of segwit addresses. Note that there exist some non-standard implementations with limited functionnality.

BIP Proposal for 64-byte Elliptic Curve Schnorr Signatures

One of the core components of Bitcoin is the Digital signature algorithms, it is used in making public keys out of private keys, signing transactions and in multisig transactions. Bitcoin so far has been using Elliptic Curve Digital Signature Algorithm ECDSA, for the past few months developers in the Bitcoin community have been talking about changing this algorithm into another one called Schnorr Signatures.

Schnorr is another signing algorithm that bring multiple benefits to the table. A new BIP was recently submitted by Peter Wuille about the changes that should happen in the future to Bitcoin’s signing algorithm with all the bells and whistles it should bring. The security of Schnorr is easily provable given a certain assumption, this is not the case for ECDSA.

Scriptless Scripts With ECDSA

Pedro Moreno Sanchez via Bitcoin Dev linked the following paper, Multi-Hop Locks for Secure, Privacy-Preserving and Interoperable Payment-Channel Networks.

…my co-authors and I have been working hard to get ready an extended version of the paper for this work…

In this paper, we describe in detail the scriptless script (SS) ECDSA construction and formally prove its security and privacy guarantees. Additionally, we describe several other constructions of interest for the LN:

-The SS Schnorr, initially proposed by A. Poelstra. We formally describe the protocol and prove its security and privacy guarantees

-Interestingly, we show that it is possible to combine SS ECDSA and SS Schnorr without losing security or privacy. This allows interoperability between different implementations.

-A framework to combine script-based cryptographic locks using partially homomorphic one-way functions.

-Possible applications. For instance, SS ECDSA could be used today in Bitcoin to perform atomic swaps where the resulting transaction no longer reveals the cryptographic condition. Instead, it is embedded in a regular ECDSA signature. This provides several advantages such as reduced transaction size and better privacy/fungibility among others.

A cornerstone of their approach is to provide interoperability between different signature schemes. The utility of such an approach is a form of “cryptographic future-proofing” where if one scheme is broken there are fall-back functions that are still secure.