Bitcoin Forum
November 17, 2018, 07:54:37 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: how is "s" kept as an integer in ECDSA?  (Read 62 times)
Anonymous Kid
Member
**
Offline Offline

Activity: 176
Merit: 21


View Profile
October 09, 2018, 01:15:06 PM
 #1

from wikipedia

Quote
G is a basepoint on a curve.
Alice picks a key; d_{A} and a corresponding pub key; Q_{A} = d_{A} * G

Calculate e = HASH(m), where HASH is a cryptographic hash function, such as SHA-2.
Let z be the L_{n} leftmost bits of e, where L_{n} is the bit length of the group order n.
Select a cryptographically secure random integer k from [1,n-1].
Calculate the curve point (x_1, y_1) = k * G.
Calculate r = x_1 mod n. If r = 0, go back to step 3.
Calculate  s=k^-1(z+rd_{A}) mod n. If s=0, go back to step 3.
The signature is the pair (r,s).

But how can s be an integer since k^-1 will yield a decimal amount (e.g. 123.12347)?
1542484477
Hero Member
*
Offline Offline

Posts: 1542484477

View Profile Personal Message (Offline)

Ignore
1542484477
Reply with quote  #2

1542484477
Report to moderator
1542484477
Hero Member
*
Offline Offline

Posts: 1542484477

View Profile Personal Message (Offline)

Ignore
1542484477
Reply with quote  #2

1542484477
Report to moderator
1542484477
Hero Member
*
Offline Offline

Posts: 1542484477

View Profile Personal Message (Offline)

Ignore
1542484477
Reply with quote  #2

1542484477
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Anonymous Kid
Member
**
Offline Offline

Activity: 176
Merit: 21


View Profile
October 09, 2018, 01:31:03 PM
 #2

Oh wait. I just realised that all integers belong to a finite integer field of [1, n-1].

So you have to do finite field math or whatever its called.
Quote
The tricky one is division; that is not division on the field of integers followed by a modulus operation. Instead, it involves finding the multiplicative inverse of a number; that is, given b, we find the field member b^−1 such that b×b^−1=1. Then, a/b=a×b^−1

so thats how k^-1 is calculated. someone please correct me if im wrong... or tell me if im right lol. im still not sure if thats correct
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1582
Merit: 1750


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
October 10, 2018, 12:48:27 AM
 #3

The integer operations are modulo n. So yes, the inverse of an integer a mod n is a number b = a^-1 mod n such that a * b = 1 mod n.

There are efficient algorithms for finding such an inverse which is why ECDSA (and other cryptosystems) can use inverses modulo n.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!