Anonymous user
Elliptic Curve Digital Signature Algorithm: Difference between revisions
Elliptic Curve Digital Signature Algorithm (view source)
Revision as of 20:51, 17 October 2018
, 5 years agoRemark added, cleaner links
No edit summary |
(Remark added, cleaner links) |
||
Line 1:
{{draft task|Cryptography}}
__TOC__
Line 4 ⟶ 6:
===Elliptic curves.===
An [[wp:
'''y^2 = x^3 + ax + b''', where a, b ∈ ℤp and the discriminant ≢ 0 (mod p),
together with a special point 𝒪 called the point at infinity.
which satisfy the above defining equation, together with 𝒪.
Line 14 ⟶ 17:
The addition rule — which can be explained geometrically — is summarized as follows:
<pre>
1. P + 𝒪 = 𝒪 + P = P for all P ∈ E(ℤp).
Then R = P + Q = (xR, yR), where
▲ yR = λ·(xP - xR) - yP,
▲ with
</pre>
▲ λ = (yP - yQ) / (xP - xQ) if P ≠ Q,
Remark: there already is a task page requesting “a simplified (without modular arithmetic)
▲ (3·xP·xP + a) / 2·yP if P = Q (point doubling).
version of the [[Elliptic_curve_arithmetic|elliptic curve arithmetic]]”.
This new page is added because modulo operations are precisely essential for implementing
[[wp:Elliptic_Curve_Digital_Signature_Algorithm|ECDSA]]: we need a discrete, finite field to play in.
===Elliptic curve digital signature algorithm.===
A [[wp:
convinces the recipient that a message has been sent intact by the presumed sender.
Anyone with access to the public key of the signer may verify this signature.
Changing even a single bit of a signed message will cause the verification procedure to fail.
'''
1. Select an elliptic curve E defined over ℤp.<br />
The number of points in E(ℤp) should be divisible by a large prime r.<br />
Line 47 ⟶ 55:
'''ECDSA signature computation.''' To sign a message m, A does the following:<br />
1. Compute message representative f = H(m), using a
[[wp:Cryptographic_hash_function|cryptographic hash function]].<br />
Note that f can be greater than r but not longer (measuring bits).<br />
2. Select a random integer u in the interval [1, r - 1].<br />
Line 62 ⟶ 71:
Accept the signature if and only if c1 = c.
To be cryptographically useful, the parameter r should have at least
The basis for the security of [[wp:Elliptic-
is the intractability of the elliptic curve discrete logarithm problem (ECDLP) in a group of this size:
given two points G, W ∈ E(ℤp), where W lies in the subgroup of order r generated by G,
determine an integer k such that W = kG and 0 ≤ k < r.
Line 76 ⟶ 85:
hash value and a way to tamper with it). The program should be lenient where possible
(for example: if it accepts a composite modulus N it will either function as expected,
or demonstrate the principle of [[wp:
Toy ECDSA is of course completely useless for its cryptographic purpose.
If this bothers you, please add a multiple-precision version.
Line 99 ⟶ 107:
A.9 Elliptic curves: overview (p. 115)<br />
A.10 Elliptic curves: algorithms (p. 121)
=={{header|C}}==
Parallel to: FreeBASIC
<lang c>
/*
Line 447 ⟶ 457:
}
</lang>
{{
(tcc, srand(1); first set only)▼
<pre>
▲(tcc, srand(1); first set only)
E: y^2 = x^3 + 355x + 671 (mod 1073741789)
base point G (13693, 10088)
Line 477 ⟶ 486:
=={{header|FreeBASIC}}==
Parallel to: C
<lang freebasic>
'subject: Elliptic curve digital signature algorithm,
Line 812 ⟶ 822:
system
</lang>
{{
(randomize 1, first set only)▼
<pre>
▲(randomize 1, first set only)
E: y^2 = x^3 + 355x + 671 (mod 1073741789)
base point G (13693, 10088)
|