gost n blockchain - zeronights 2017 · 2017-11-27 · gost n blockchain compressed signature and...
TRANSCRIPT
![Page 1: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/1.jpg)
GOST N BLOCKCHAIN
COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012
by Dmitriy Bozhko and
Alexey Troshichev
![Page 2: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/2.jpg)
WHO WE ARE
DMITRY BOZHKOCrypto Core [email protected]
DISTRIBUTED LEDGERSBlockchain Dev and Security
www.ledgers.world
ALEXEY TROSHICHEVEl Capitan
2
![Page 3: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/3.jpg)
DIGITAL SIGNATURE
Is the person who signed a message the same person who announces that he signed the message?
Signed and announced messages are the same?
Digital signature is to answer the following questions:
3
![Page 4: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/4.jpg)
DIGITAL SIGNATURE: CLASSIC APPROACH
4
![Page 5: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/5.jpg)
DIGITAL SIGNATURE: NEW APPROACH
5
![Page 6: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/6.jpg)
BENEFITS OF PUBLIC KEY RECOVERY
Less data to send and store: MSG + SIG + PubK > MSG + SIG
Suitable for short messages
Standard for cryptocurrency world: Bitcoin,Ethereum,Litecoin….
6
![Page 7: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/7.jpg)
WHY GOST?
Legal power of digital signature
Reuse of cryptocurrency algorithms without modification
7
![Page 8: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/8.jpg)
SIGNATURE ALGORITHMS
Elliptic Curve Digital Signature Algorithm (ECDSA)
GOST R 34.10-2012 (RFC7091)
8
![Page 9: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/9.jpg)
PUBLIC KEY RECOVERY (ECDSA)
9
1. Let 𝒙 = 𝒓 + 𝒋𝒏2. Convert the integer 𝒙 to an octet string 𝑿.3. Convert the octet string 𝟎𝟐𝟏𝟔||𝑿 to an elliptic curve point 𝑹. If this conversion
routine outputs invalid then do another iteration of Step 1.4. If 𝒏𝒓 ≠ 𝟎 then do another iteration of Step 1.5. Use the hash function to compute the hash value: 𝑯 = 𝑯𝒂𝒔𝒉(𝑴).
If the hash function outputs invalid, output invalid and stop.6. Derive an integer 𝒆 from 𝑯.7. For 𝒌 from 𝟏 to 𝟐 do the following:
1. Compute a candidate public key as 𝑸 = 𝒓−𝟏(𝒔𝑹 − 𝒆𝑮)2. Verify that 𝑸 is the authentic public key.
If 𝑸 is authenticated, output 𝑸 and stop.3. Change 𝑹 to −𝑹.
Find public key 𝑸 using signature 𝑺 = (𝒓, 𝒔) as follows :
2. Output invalid
1. For 𝒋 from 𝟎 to 𝒉 do the following:
Stop
Stop
![Page 10: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/10.jpg)
ECDSA vs GOST R 34.10-12SIGN / VERIFY ALGORITHM DIFFERENCES
10
Sign Verify Recover
ECDSA 𝒔 = 𝒌−𝟏(𝒆 − 𝒓𝒅𝑼) 𝑪 = 𝒔−𝟏𝒆𝑮 + 𝒔−𝟏𝒓𝑸 𝑸 = 𝒓−𝟏(𝒔𝑹 − 𝒆𝑮)
GOST R 34.10-2012 𝒔 = 𝒌−𝟏(𝒓𝒅𝑼 + 𝒌𝒆) 𝑪 = 𝒆−𝟏𝒔𝑮 + 𝒆−𝟏𝒓𝑸 𝑸 = 𝒓−𝟏(𝒔𝑮 − 𝒆𝑹)
![Page 11: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/11.jpg)
PUBLIC KEY RECOVERY (GOST R 34.10-12)
11
![Page 12: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/12.jpg)
COMPRESSED SIGNATURE CALCULATING(GOST R 34.10-12)
12
![Page 13: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/13.jpg)
QUESTIONS?
DMITRY BOZHKOCrypto Core [email protected]
DISTRIBUTED LEDGERSBlockchain Dev and Security
www.ledgers.world
ALEXEY TROSHICHEVEl Capitan
13
![Page 14: GOST N BLOCKCHAIN - Zeronights 2017 · 2017-11-27 · GOST N BLOCKCHAIN COMPRESSED SIGNATURE AND PUBLIC KEY RECOVERY WITH GOST R 34.10-2012 by Dmitriy Bozhko and Alexey Troshichev](https://reader036.vdocument.in/reader036/viewer/2022062922/5f05e7867e708231d4154d58/html5/thumbnails/14.jpg)