With a digital signature, we sign a message with a private key (sk), and then prove it with the related public key (pk). The signature normally takes the form of (r,s). In this case we will generate signatures for the main methods used in ECDSA and EdDSA.
For ECDSA, Alice signs the message with the following:
- Create a hash of the message e=HASH(m).
- Let h be the Ln be the leftmost bits of e, Ln has a bit length of the group order N.
- Create a random number k which is between 1 and N−1.
- Calculate a point on the curve as (x1,y1)=k×G.
- Calculate r=x_1 (mod N). If r=0, go back to Step 3.
- Calculate s=k^{−1}(h+rdA)(mod N). If s=0, go back to Step 3.
- The signature is the pair (r,s)
Bob will check with:
- Create a hash of the message e=HASH(m)
- Let h be the Ln leftmost bits of e.
- Calculate c=s^{−1} (mod N), and where N is the order of the curve.
- Calculate u_1=h⋅c(modN) and u_2=r⋅c(modN)
- Calculate the curve point (x1,y1)=u1×G+u2×QA
- The signature is valid if r≡x1(modn), invalid otherwise.
