Skip to content

ECDSA Primer

Matt S edited this page Feb 12, 2018 · 11 revisions

Summary

In the context of cryptography, the elliptic-curve digital signing algorithm (ECDSA) is the message signing algorithm chosen for CV deployment. This algorithm uses elliptic curve cryptography to generate a unique number, called a signature, that is appended to messages. ECDSA uses points along a curve to represent keys that are used for signing and verification purposes.

This document consists of a set of definitions for reference, as well as the basic procedure and pseudocode for creating and verifying a signature.

Definitions

Elliptic curve

A special curve function that follows the formula y3 = x2 + ax + b. The values of a and b are either chosen (as in secp256k1) or are randomly generated (as in secp256r1) Note - not sure if this is correct?. Note that an elliptic curve in crypto is defined as both the function that maps the curve as well as the set of all valid numbers [1,n-1], the field, that fit a set of security requirements for the curve.

Generator Point (G)

Sometimes called "point at infinity", this number is the chosen starting point from which the r and s values of the signature are created. If the curve is a defined curve, such as in secp256k1, this number is always the same number. The private key of ECDSA is the result of multiplying the generator point by a random number da: Qa = da x G. Note that this is elliptic curve multiplication.

Public/Private Key

In the context of ECDSA, the private key is a cryptographically secure randomly generated integer in the range of [1,N-1], where N is the field of the function (see Field Size (N) below). The public key is a point that is obtained by doing elliptic curve multiplication of the generator point by the private key. Note - the security of ECDSA rests entirely on the difficulty of reversing this multiplication operation.

Elliptic Curve Multiplication

TODO

Elliptic Curve Addition

TODO

secp256r1

The standard ECDSA implementation chosen for CV deployments. This defines a proven prime from which all public/private keys are predictably derived. Uses a random curve.

secp256k1

The standard ECDSA implementation chosen by BitCoin. More documentation is present on this standard, so examples are taken from this. Uses the Koblitz curve y3 = x2 + 7, designed for speed, slightly less secure than secp256r1.

Message

The data we want to sign, in the context of the ODE this is an ASN.1-encoded IEEE1609.2 package that, if decoded, contains the public key used to sign the message and a sha256 digest of the message.

Digest

This is a sha256 hash of the message, this is what is actually signed by the ECDSA routine. By definition of a hashing function, a message digest is always a fixed length.

Signature

A difficult-to-reproduce message appended to a message, secure enough to be considered non-reputable. An ECDSA signature is a concatenation of two numbers, r and s:

r = x1 mod n

s = k-1 (z + rda) mod n

Where n is the largest number in the field of the chosen function, k is the CSRNG number, and da is the private key integer.

Proven Prime (P)

This is a large prime number chosen by a given standard. In secp256k1 corresponding to the value 2256 - 232 - 29 - 28 - 27 - 24 - 1. Equivalent to 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f or approximately 1.158 x 1077. All valid points on the secp256k1 curve are less than this number, because to generate a point the X and Y values are the result of a modulo function by this number. In the case of secp256r1, this number is created through a guess-and-check process and _then included for reference for verifying public keyNot sure if this is true?.

Field Size (N)

This represents how many valid points are possible in a given curve and proven prime. In the context of CV, this number is 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551. A special property of ECDSA math is that these numbers are unique to a specific curve.

Ephemeral point

TODO. Possibly another name for the generator point?

References

Standards Definition Document: http://www.secg.org/SEC2-Ver-1.0.pdf

Releases

Change Notices

Informational Reference

  • Decode a file with asn1c
  • Deposit BSM to S3
  • Docker fix for SSL issues due to corporate network
  • Docker management
  • ECDSA Primer
  • Filter BSMs through PPM module
  • Geofence Filtering for PPM
  • Import BSMs from RSU log file
  • Import TIMs from RSU log file
  • jpo security svcs Integration
  • Link host directory to Docker directory
  • Migrating from SDW websocket depositor to SDW Depositor Submodule
  • ODE Release Deployment
  • ODE Release Preparation
  • Prepare a fresh Ubuntu instance for ODE installation
  • Process for Handling Bugs (Code Defects)
  • Run the ODE using the ASN codec module
  • Query RSU for set TIMs
  • Schema Version 6 Change Notice
  • Signed Message File Import
  • TIM REST Endpoint Changes
  • Using the .env configuration file
  • Using the ODE test harness

Test Procedures

  • Delete TIM on RSU test
  • Event Logger Test
  • Import Decode and Deliver BSM Test
  • Manage SNMP Test
  • Sending PDM to RSU Test
  • Sending TIM to RSU Test
  • Submit_TIM_To_SDW Test

Archived

  • Log File Changes (schemaVersion=4)
  • Receive BSMs over UDP
  • Receive ISD via UDP and deposit to SDC
  • Receive VSD via UDP and deposit to SDC
  • Run the crypto test vectors code with ODE team's OSS encoder
  • SchemaVersion 5 Change Notice
Clone this wiki locally