###### tags: `zero-knowledge` # Cryptograph stuff Notes to understand what's the diff between ECDSA, Shnorr and BLS Signature ### Eliptical Curse Digital Signature Algorithm Uses ECC as signature scheme. As ECc has improved security over RSA. Requires lesser bits ![](https://i.imgur.com/bcjlnKs.png) Uses a curve function, Generate G (starting point) and integer order n. Bitcoin uses curve function `secp256k1` ECDSA signature scheme: ![](https://i.imgur.com/p3NuvTc.png) Verification Scheme: ![](https://i.imgur.com/CCGZIrk.png) Cons: Signature verification has an inversion which is very computational heavy Every signature will needs to be verified invidually, unable to combine signature ### Schnorr Signature Improvement to signature scheme as it allows the message signature to be verified by batch. Verification method is also much simpler In Schnorr, a random point R needs to be calculated from r. (getting a coordinate x,y from a single value, will result in ambiguous coordinates). This will result in R having 2 valid points on the curve. Special consideration / rule has to be defined to determined the desired R. Signature Scheme ![](https://i.imgur.com/CI1SJlZ.png) Verification Scheme ![](https://i.imgur.com/RTuLwjH.png) Using Schnorr, as the functions are linear, we are able to perform batch validation and key aggregation. (nxn multisig) mxn multisig is possible with the aid of a merkle tree of public keys however as the number of signature increases, the merkle tree size will get too large Cons: - Will require several communcation rounds for multisig, poor UX - Generate of r will require a good random number generator or else hacker can determin our private key. (math explanation [here](https://medium.com/cryptoadvance/how-schnorr-signatures-may-improve-bitcoin-91655bcb4744)) ### BLS Signature Using bilinear pairing and hasing to the curve, we are able to address Schnorr's several shortcomings. BLS addresses, - several communication round - generation of r via a good random number generator - m of n multisig that results in a large merkle tree in Schnorr - cannot combine signature of a block with a single signature #### Hashing to the curve message will be hash and be treated as the x-coordinate on the ECC. The hash is repeated with the initial hashing process does not process a point on ECC. #### Bilinear pairings [here](https://medium.com/@VitalikButerin/exploring-elliptic-curve-pairings-c73c1864e627) for math. in short, pairings allows us to perform add, substract, multiple, divide and other good stuffs, making it possible for us to perform calculations. However, pairing functions are hard to find. And a poorly consturcted pairing fucntions will be susceptible to [MOV attack](https://crypto.stackexchange.com/questions/1871/how-does-the-mov-attack-work) ### Refereces https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/ https://static1.squarespace.com/static/5fdbb09f31d71c1227082339/t/5ff394720493bd28278889c6/1609798774687/PairingsForBeginners.pdf https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm https://medium.com/bitbees/what-the-heck-is-schnorr-52ef5dba289f https://medium.com/cryptoadvance/how-schnorr-signatures-may-improve-bitcoin-91655bcb4744 https://medium.com/cryptoadvance/bls-signatures-better-than-schnorr-5a7fe30ea716 https://hackmd.io/@benjaminion/bls12-381#BLS12-381-For-The-Rest-Of-Us