Cryptographic Signature

A cryptographic signature authenticates the identity of the signer. It proves that a message (e.g., a transaction) originated from the holder of a specific private key. This is the digital equivalent of a handwritten signature or a wax seal, providing non-repudiable proof of origin. For example, when you sign an Ethereum transaction with your wallet, the network verifies it was signed by the address derived from your private key.

Signatures guarantee data integrity. The signature is cryptographically bound to the exact content of the signed message. If even a single bit of the original data is altered after signing, the signature verification will fail. This property ensures that a signed transaction cannot be modified in transit—changing the recipient address or amount invalidates the signature, protecting against man-in-the-middle attacks.

Non-repudiation prevents the signer from later denying they authored the signature. Because the signature is generated with a private key that should be exclusively controlled by the signer, successful verification serves as undeniable proof of their action. This is a critical legal and logical property for financial transactions and smart contract interactions, creating accountable audit trails on-chain.

Anyone with access to the public key, the message, and the signature can verify its validity without needing the signer's private key. This enables trustless verification in decentralized systems. For instance, any Ethereum node can independently verify the signature on a transaction using the sender's public address, ensuring the network reaches consensus without relying on a central authority.

Different mathematical schemes implement these features. The most common are:

• ECDSA (Elliptic Curve Digital Signature Algorithm): Used by Bitcoin and Ethereum. Relies on the secp256k1 elliptic curve.
• EdDSA (Edwards-curve Digital Signature Algorithm): Used by Solana and Zcash. Often implemented with the Ed25519 curve, offering faster performance and more deterministic signing. Both provide the core features but differ in implementation details and security assumptions.

It is crucial to distinguish a digital signature from a Message Authentication Code (MAC). Both provide integrity and authentication, but a MAC uses a shared secret key between parties, while a digital signature uses a public/private key pair. This makes digital signatures capable of non-repudiation and public verifiability, which are essential for open, permissionless blockchains where parties do not pre-share secrets.

ECDSA is the most widely used digital signature algorithm in blockchain, forming the basis for Bitcoin and Ethereum's original account security. It uses elliptic curve cryptography to generate a key pair: a private key for signing and a public key for verification.

• Key Property: Provides strong security with relatively short keys (e.g., 256-bit).
• Common Use: Securing transactions on Bitcoin (secp256k1 curve) and Ethereum 1.0.
• Limitation: Susceptible to faulty random number generators, which can lead to key compromise.

EdDSA is a modern, high-performance signature scheme based on twisted Edwards curves, most notably Ed25519. It is designed to be faster and more secure against side-channel attacks than ECDSA.

• Key Property: Uses deterministic nonces, eliminating the risk of random number generator failure.
• Common Use: The preferred algorithm for many modern protocols, including Solana, Zcash (Sapling), and SSH key authentication.
• Advantage: Offers simpler, safer implementation and faster batch verification.

Schnorr signatures are a simple, efficient digital signature scheme known for their linearity, which enables powerful signature aggregation. A single aggregated signature can validate all transactions in a batch, improving privacy and scalability.

• Key Property: Enables multi-signature schemes (MuSig) where a group signature looks identical to a single-party signature.
• Common Use: Implemented in Bitcoin via Taproot upgrades and used in networks like Cardano and Stellar.
• Benefit: Reduces on-chain data footprint and enhances privacy for complex smart contracts.

BLS signatures are a pairing-based cryptography scheme that supports efficient signature aggregation and threshold signing. Multiple signatures can be compressed into a single, constant-sized signature, regardless of the number of signers.

• Key Property: Enables native threshold signatures and is friendly to zero-knowledge proofs.
• Common Use: Critical for Ethereum 2.0's consensus (validator attestations), Dfinity, and Chia. Used in distributed key generation (DKG) protocols.
• Trade-off: Computationally intensive but offers unparalleled aggregation capabilities.

RSA is an early public-key cryptosystem that can be used for both encryption and digital signatures. Its security relies on the practical difficulty of factoring the product of two large prime numbers.

• Key Property: A versatile algorithm used for key exchange, encryption, and signing.
• Common Use: Foundational for TLS/SSL certificates, PGP encryption, and some enterprise blockchain permissioning systems. Less common in native blockchain transaction signing due to larger key sizes.
• Context: Provides a benchmark for understanding public-key cryptography's evolution.

A cryptographic signature system is built on a mathematically linked key pair:

• Private Key: A secret number known only to the owner, used to sign messages. It must be kept secure.
• Public Key: A number derived from the private key, shared publicly, used to verify signatures. It often serves as a public address. The security relies on the one-way nature of the cryptographic function: deriving the public key from the private key is easy, but reversing the process is computationally infeasible.

The process ensures data integrity and authentication:

1. Signing: The sender generates a hash of the transaction data and encrypts it with their private key, creating a unique digital signature.
2. Verification: The network decrypts the signature using the sender's public key to recover the hash. It then independently hashes the received transaction data. If the two hashes match, the signature is valid, proving the data is unaltered and came from the rightful key holder.

ECDSA is the most common signing algorithm in blockchains like Bitcoin and Ethereum. It offers strong security with relatively small key sizes.

• Mechanism: It uses the algebraic structure of elliptic curves over finite fields to generate signatures.
• Benefits: Provides the same level of security as older algorithms (like RSA) with much shorter keys, reducing storage and bandwidth requirements.
• Standard: The secp256k1 curve is the specific elliptic curve used by Bitcoin and Ethereum.

A valid cryptographic signature provides two critical guarantees:

• Non-Repudiation: The signer cannot later deny having signed the message, as the signature is uniquely tied to their private key.
• Data Integrity: Any alteration to the original signed message—even a single bit—will cause the verification to fail. This protects against tampering in transit. These properties are why signatures are the basis for transaction authorization on-chain.

When Alice sends 1 BTC to Bob:

1. Alice's wallet creates a transaction message specifying the amount and Bob's address.
2. The wallet hashes this message and signs the hash with Alice's private key.
3. The signed transaction is broadcast to the network.
4. Bitcoin nodes use Alice's public key (derived from her sending address) to verify the signature.
5. If valid, the transaction is included in a block. The signature proves Alice authorized the spend of her UTXOs.

Beyond basic ECDSA, other signature schemes enable advanced functionality:

• Schnorr Signatures: Used by Bitcoin (Taproot), allowing signature aggregation for better privacy and scalability.
• EdDSA (Ed25519): Used by Solana and other chains, known for performance and security.
• Multi-Signature (Multisig): Requires signatures from multiple private keys to authorize a transaction, used for shared wallets.
• Threshold Signatures: A form of distributed key generation where a subset of participants can collaboratively create a signature.

The asymmetric cryptographic system underpinning digital signatures. It uses a mathematically linked key pair:

• Private Key: A secret number used to sign data.
• Public Key: A publicly shared number used to verify signatures. This allows anyone to verify a signature's authenticity while ensuring only the private key holder can produce it, establishing secure ownership for blockchain addresses.

A cryptographic signature is applied to a hash of the data, not the data itself. A hash function (like SHA-256) creates a fixed-size, unique fingerprint of arbitrary input. Signing the hash is efficient and ensures integrity—any change to the original message results in a completely different hash, causing the signature verification to fail.

A core security property provided by digital signatures. It means the signer cannot later deny having signed the message. Because the signature is uniquely generated with their private key (presumed secure), it serves as cryptographic proof of origin. This is essential for blockchain transactions, preventing parties from falsely claiming they did not authorize a transfer.

An alternative signature scheme gaining adoption in blockchains like Bitcoin. Key advantages over ECDSA include:

• Linearity: Signatures can be aggregated, allowing multiple signatures to be combined into one, saving block space.
• Provable Security: Simpler security proofs under standard assumptions.
• Batch Verification: Multiple signatures can be verified faster as a group, improving node performance.

A modern, high-performance digital signature scheme using twisted Edwards curves (like Ed25519). It is designed to be faster and more secure against certain implementation errors than ECDSA. Used by protocols like Solana and Zcash, EdDSA offers:

• Deterministic Signatures: No need for a random number generator, reducing risk.
• Simplified Implementation: Less prone to side-channel attacks.
• Compact Signatures: Small, fixed-size outputs.