[ECDSA Home][Home]
With a digital signature, we sign a message with a private key, and then prove it with the related public key. The signature typically takes the form of (\(r,s\)), and where \(r\) and \(s\) are used with the message to provide the signature. In this case we will generate signatures for the main methods used in ECDSA for difference curves (such as secp256k1, NIST-P256 and Brainpool-256r1). The number value in the curve normally identifies the number of bits in the private key, such as secp256k1 having 256 bits in the private key. This relates to the bit length of the prime number used to define the field. With a standard ECDSA implementation we take 256 bits of random data to generate each of the signatures. Unfortunately, if we use the same random number for at least two signatures, we can recover the private key. Instead of using a random number, RFC6979 uses HMAC-SHA256(private_key, message) in order to overcome the private key leakage problem. The signature then becomes deterministic, and where we always produce the same output for a given set of inputs. In the same runs, we use a \(k\) value of 9, and which will always produces the same message and set of keys. In this way, the output is deterministic. We will also get the same signature each time for the RFC6979 version, and where the same message and key pair will always produce the same signature. In each case, we will generate a random key pair for the signature test.