A Cybersecurity Tongue Twister: Some Simple Signature, So Something Schnorr

A Cybersecurity Tongue Twister: Some Simple Signature, So Something Schnorr

Okay. That was a tongue twister for you!

So, to understand the tongue twister, let’s keep it nice and simple and maybe — along with way — you will learn a little bit about the magic of elliptic curve cryptography (ECC). For this, we will focus on the magic of the Schnorr signature, which allows us to merge public keys and signatures together, just by adding them.

Let’s first start with an overview. In this case, Bob wants to sign a message (M). For this he has a private key of sk and generates a public key of P=sk.G, and where G is the base point on the elliptic curve.

To sign a message, Bob generates a random number for his signature (k), an and then computes:

R=k.G

s=k−H(M||R).sk

and where H() is the hash of the associated byte values, and (M||R) is appended byte values from M and R. Bob then sends the message (M) and the signature (R,s) to Alice. When Alice received the signature and the message, she checks:

H(M||R).P+s.G=R

If they are the same, the signature checks out. This works because:

H(M||R).P+s.G=H(M||R).(sk.G)+(k−(H(M||R).sk).G
=H(M||R).(sk.G)+k.G−(H(M||R).sk.G
=k.G

And that’s it, folks!

If you want to learn more of the major of the Schnorr signature, try here:

https://asecuritysite.com/schnorr

and here’s the doodle: