commit 9ade3257ea81474cdb9cb073b85209c68d6093c3
parent 8e0c026dd1e05fbe3cdb7759eca1b9fadc9eac6f
Author: Emmanuel Benoist <emmanuel.benoist@bfh.ch>
Date: Fri, 4 Jul 2025 17:27:37 +0200
Presentation of ECDSA in simple (but true) way.
Diffstat:
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/doc/cs/article/blind-signatures.tex b/doc/cs/article/blind-signatures.tex
@@ -130,22 +130,30 @@ To be secure, a RSA key needs to be at least 2048 or even better 4096 bit large
\section{Clause Schnorr blind signature}\label{sec:cs}
Eliptic curves cryptography offers the possibility to have much smaller keys. It is however also possible to build a blind signature scheme based on eliptic curves.
-Eliptic curve cryptography bases on the multiplication of a point on the curve G (a generator of the curve with prime order $n$) by a scalar (the private key $k$ ). The result is the public key $K$.
+Eliptic curve cryptography bases on the multiplication of a point on the curve G (a generator of the curve with prime order $n$) by a scalar (the private key $q$ ). The result is the public key $Q$.
-\[K = k.G\]
+\[Q = q.G\]
\paragraph{Signature with eliptic curve cryptography}
In eliptic curves one can use signature with the Eliptic Curve Digital Signature Algorithm (ECDSA).
To sign a message $m$, this scheme uses a cryptographic hash function $h()$ (for instance SHA-256).
-For the signature, we first need to hash the message $m$, $e=h(m)$. Then the signer picks a random nonce $a$ and computes the corresponding point on the curve $A=aG=(x_1,y_1)$. The signer computes $r=x_1 mod n$ (if $r=0$, their pick another nonce $a$).Then one can compute the value $s=a^{-1}(e+kr) mod n$.
+The signer first needs to hash the message $m$, $e=h(m)$. Then the signer picks a random nonce $a$ and computes the corresponding point on the curve $A=aG=(x_1,y_1)$. The signer computes $r=x_1~mod~n$ (if $r=0$, their pick another nonce $a$).Then one can compute the value $s=a^{-1}(e+qr)~mod~n$.
The signature is $(r,s)$.
+\subparagraph{Verification}
+The verifyer of the signature first computes the hash of the message $e=h(m)$. Then $w=s^{-1}$ which is the inverse of the signature $s$.
-The verification of the signature is done like this. First compute $e=h(m)$. Then $w=k^{-1}
+Then, the verifyer computes $u_1=ew~mod~n$ and $u_2=rw~mod~n$. They can generate a point in the curve based on the generator $G$ and the public key of the signer $Q$: $R'=u_1G+u_2Q=(x_1',y_1')$.
+
+The signature is valid if and only if $r\equiv x_1' mod n$.
\paragraph{Blind signature}
+% Fixme Blind signatures Citation
+The blind signature with eliptic cuves has been presented by XXX in \cite{}.
+
+
\paragraph{Clause-Schnorr signature scheme}
@@ -154,7 +162,6 @@ The verification of the signature is done like this. First compute $e=h(m)$. The
\section{Comparisons of the different models}\label{sec:comparison}
-
\section{Conclusion}
