Photo by Romain Dancre on Unsplash

I have been investigating ECDSA signatures and the DER format. Overall, in hex format, I always found that the DER signature starts with a “30” — to identify SEQUENCE — and then followed by two integers: r and s. But, when I was updating my Google Java Tink code I found this as a signature [here]:

Signature generator
Text: hello
Type: ECDSA_P256
Sig (Base64): ASZfrgQwRAIgZ7zQ37QHqqMjPMxObgq/58taZWSTrbXUkkyEoamBexICICCACK4t/8ooWS1HhT9BXQpaE6yH70zVDZe0x63O4DEw
Sig (Hex): 01265FAE043044022067BCD0DFB407AAA3233CCC4E6E0ABFE7CB5A656493ADB5D4924C84A1A9817B120220208008AE2DFFCA28592D47853F415D0A5A13AC87EF4CD50D97B4C7ADCEE03130
Valid SignaturePrinting out key:
"primaryKeyId": 643804676,
"key": [{
"keyData": {
"typeUrl": "", …

Photo by Markus Spiske on Unsplash

I created the web site as I found there were very few sites that have practical implementations of the core methods. As a teacher, too, I believe that I should not give students something that I don’t know how to implement myself. And so the Web site has grown, as my knowledge of the field has grown. For me, it is a scratchpad for ideas, and where I want to show that the implementation of fairly complex cryptography methods is actually quite easy to understand. Along with this, things become real when they are made practical.

And so I…

Photo by michael schaffler on Unsplash

I love detail. As a child, I would spend a great detail of time taking the back of things, in order to understand how things actually work. So in Cybersecurity, I love probing around and investigating the core formats. In fact, I think it is one of the most important skills. So, I’ve been investigating the DER format for storing cryptography asset, including for storing keys and digital certificates. If you want to understand the DER format, please read this:

Now we generate an RSA key with:

openssl genrsa -out private.pem 1024

This produces a PEM file:


Photo by Lewis Keegan on Unsplash

One of the great things about cryptography is the way we have managed to migrate our methods. This migration is often required when we introduce new methods (such as with ECC) or where methods are deprecated (such as for DES). We thus have ways to define new methods and which can be easily interpreted by applications. At the core of this is the DER format for defining our cryptography.

We need ways to distribute our public keys, private keys and digital certificates in a portable format. One of the most common forms is Distinguished Encoding Rules (DER) encoding of ASN.1…

Photo by Cytonn Photography on Unsplash

With a digital signature, we sign a message with a private key (sk), and then prove it with the related public key (pk). The signature normally takes the form of (r,s). In this case we will generate signatures for the main methods used in ECDSA and EdDSA.

For ECDSA, Alice signs the message with the following:

  1. Create a hash of the message e=HASH(m).
  2. Let h be the Ln be the leftmost bits of e, Ln has a bit length of the group order N.
  3. Create a random number k which is between 1 and N−1.
  4. Calculate a point on the…

Photo by Markus Winkler on Unsplash

My three main tips for researchers:

  • To be known to be an expert in something, rather than being general in lots of areas.
  • Pick two papers to read each week.
  • Implement the methods from the papers and validate them.

For the papers, for me, I select one classic paper of the past — and which has hundreds of citations - and another is a fairly new paper which is showing potential. I thus search Google Scholar on a regular basis and look for papers that have relatively high citations for their recent publication. These papers perhaps show an upward tick…

I am a great fan of the work of Greg Maxwell, so here’s one of his classics [here]:

Photo by DocuSign on Unsplash

The Schnorr signature method supports the merging of public keys to produce a single signature for a transaction [Schnorr aggregate]. Unfortunately, it is not secure and suffers from the cancellation problem [here], but which can be overcome with the MuSig method or the BN Method [here]. In this article we will simplify the method in order to illustrate how it works, and use just two signers (Bob and Alice). The MuSig method is outlined by Greg Maxwell et al in this paper [1][here]:

We live in a fake digital world, and where we have basically scaled wet signatures into a digital world with scribbles on an electronic document. The most trusted method is to sign for a message with a private key and to prove with the associated public key. But what happens when we have many signers, we would have to add the signature for each person on the document and provide each of their public keys. This might take some time to check. So can we merge the signatures into one signature, and also merge the public keys, so that someone…

We have a number of possible types of elliptic curve methods. These have a field (the prime number used), the order (the number of elliptic curve points), an a value, a b value, and a generator point (G). For a Weierstrass curve the standard form is y²=x³+ax+b (such as secp256k1). With a twisted Edwards curve (such as Ed25519) we have the form of ax²+y²=1+dx²y². A Montgomery curve has the form of by²=x³+ax²+x.

With ECC, we typically take a base point (G) and multiply it with our private key (sk), and then generate our public key point (sk.G). …

Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store