Cryptographic signature schemes are a fundamental component of cryptocurrency networks that verify the integrity and non-repudiation of transaction messages across the network. They employ asymmetric cryptography and take numerous forms.
The types of cryptographic signatures (also known as digital signatures) applied in a specific cryptocurrency are typically selected for certain advantages that they offer. Since their inception, they have been continuously optimized to improve their efficiency and security.
Cryptocurrencies have spawned a vibrant new application of digital signatures, and their future development is sure to accompany more advances in the field of cryptography.
A Brief History
The first conception of digital signature algorithms is credited to Whitfield Diffie and Martin Hellman based on one-way trapdoor functions which they coined in their 1976 paper. Trapdoor functions are widely used in cryptography and are mathematically composed so that they are easy to compute in one direction and extremely difficult to compute in the reverse direction.
Rivest, Shamir, and Adleman subsequently created the first primitive digital signature algorithm known as RSA. RSA is the most ubiquitous cryptographic algorithm used today and dominates secure transmission of data across the Internet. Soon after, prominent digital signature schemes such as the Lamport Signature and Merkle Trees were developed, with Merkle Trees similarly functioning as a core component of blockchain networks.
Read: What is a Merkle Tree?
Digital signatures use public/private key cryptography where a key pair is used as part of an algorithm to send private messages across unsecured channels. The purpose is to achieve the authenticity of the message through the public key verifying that the message came from the corresponding private key. Encryption is where only the holder of the private key can decrypt the message sent and encrypted with the public key. Non-repudiation is another vital component, meaning that a signer cannot deny that they signed a transaction and it is mathematically impossible for a third-party to forge a signature.
There are typically three components to a digital signature algorithm:
- Key Generation
- Signing Algorithm
- Signature Verification Algorithm
Key Generation is vital to the integrity of the digital signature as it outputs the private key and corresponding public key. In cryptocurrencies, the private key needs to be generated at random to ensure nobody else has access to the corresponding wallet beside the user.
The Signing Algorithm produces a signature given a message (i.e., transaction) and the private key.
The Signature Verification Algorithm verifies the authenticity of the signature when it is given the message, public key, and digital signature
After the recipient of a transaction verifies the authenticity of a message, they can verify the integrity by running the message through the same hashing algorithm as the sender. There are numerous cryptographic signature schemes available today, so let’s take a look at some of the most common and some of the more advanced schemes on the horizon.
Lamport signatures were one of the earliest digital signatures and are specifically one-time keys that cannot be reused. Invented by Leslie Lamport in 1979, Lamport signatures can be secured using any one-way trapdoor function, making them exceedingly flexible in their design. Typically they use hash functions, and their security relies directly on the security of the hash function.
Lamport signatures can be constructed from advanced cryptographic hash functions such as the quantum resistant Skein or Keccack hash. Since they can accommodate large hash functions like Skein and Keccack, Lamports are ideal for early stage quantum resistance, although the dynamic potential of quantum computers and resulting advances from their emergence is nearly impossible to predict.
RSA Digital Signature Algorithm
RSA is more cumbersome than other digital signature algorithms and is used for bulk encryption rather than directly encrypting user data. However, it remains by far the most popular digital signature algorithm used today.
Elliptic Curve Digital Signature Algorithm (ECDSA)
ECDSA is used in many cryptocurrencies and is the digital signature algorithm of choice for Bitcoin until its pending transition to Schnorr Signatures. ECDSA is more efficient than RSA cryptography due to its much smaller key size. This is an optimal choice for blockchains who need to reduce blockchain bloating and have been grappling with increasing sizes of full clients.
ECDSA relies on the notion of point multiplication to provide the one-way trapdoor functionality needed for a digital signature. The encryption for ECDSA is based on an algebraic function and its curve over a finite graph. Good randomness is essential for any digital signature algorithm but is particularly crucial with ECDSA.
A 384-bit ECDSA key is considered secure enough for the most classified government information by the NSA.
A ring signature is a type of digital signature that obfuscates the actual signer of a transaction by muddling their signature together within a group (ring) of other valid signatures. The design should make it so that it is computationally infeasible to determine who the true signer of the transaction is.
Ring signatures are used in the CryptoNote coins, including Monero. Monero uses ring signatures by taking a transaction senders account key and mixing it with other public keys so that all ring members are equal and valid. Public keys can be used multiple times for various ring signatures across the network. In Monero, they are designed to increase the fungibility of the XMR token by ensuring that transaction outputs are untraceable.
There are several types of ring signatures. Ring signatures in Monero are based on traceable ring signatures before being optimized to become Ring Confidential Transactions, which is their current iteration in Monero.
Widely considered the best digital signatures by cryptographers, Schnorr signatures have numerous advantages over other methods. Schnorr signatures were made possible for integration into Bitcoin with Segregated Witness and have long been one of the top priorities among Bitcoin developers to replace the ECDSA.
Schnorr signatures are known for their elegant simplicity and efficiency. The trapdoor function that secures Schnorr signatures is based on specific discrete logarithm problems. Like other trapdoor functions such as prime factorization in RSA, these problems are intractable, making them one-way functions.
One of the most critical advantages of Schnorr signatures is their support of multi signatures. In Bitcoin, transaction inputs all require their own signature, leading to an inefficient amount of signatures included in each block. With Schnorr signatures, all of these inputs can be aggregated into one signature, saving vast amounts of space in each block. Moreover, Schnorr signatures can increase privacy by incentivizing users to use CoinJoin, the coin mixing technique that was traditionally too inconvenient to use regularly. Schnorr signatures reduce the size of transactions in CoinJoin, lowering the mining fee and making it more viable for wallet services to integrate as a feature.
Finally, Schnorr signatures can help augment the capacity of multisig transactions. Vastly more complex multisig transactions such as twenty of one hundred or fifty of a thousand are possible with the same digital signature size as a traditional transaction. The consequences of this are more complex smart contract functionality and better network scalability.
Cryptographic signatures have been a fascinating field of study since their inception. Cryptocurrencies have accelerated the pace of developments in the field of cryptography since their proliferation and entrance into the mainstream. More advanced signature schemes will assuredly evolve as the industry progresses.
For now, ECDSA seems to dominate as the primary choice for most cryptocurrency networks while ring signatures are popular among more privacy-oriented cryptocurrencies. There has been a significant amount of excitement surrounding Schnorr signatures for a while, and their pending integration into Bitcoin should provide some excellent benefits to the legacy cryptocurrency.