What is EdDSA? (2024)

EThere are several cryptographic signature schemes and among them one of the most important is EdDSA. This scheme was created to digitally and unequivocally sign a document or information. This in order to recognize its authenticity or origin. To achieve this, EdDSA makes use of very powerful asymmetric cryptographic techniques. All this in order to ensure that this digital signature cannot be duplicated.

To make it easier, think of EdDSA as a letter stamp that cannot be duplicated. A stamp that at the same time generates a different imprint for each letter that you issue and address to your recipients. An imprint that allows its recipients to verify that this letter was indeed made and signed by their person. Do you like the idea? Well, that is precisely what EdDSA does and hence its enormous power and usability.

For example, EdDSA can be used to guarantee the authenticity of digital documents. Once a digital document is created and signed, the digital signature creates a unique footprint for that document. A manipulation of it no matter how small the signature is invalid. In this way, the document is protected against manipulation and its authenticity is guaranteed in all situations.

The creation of EdDSA was the result of the work of Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe and Bo-Yin Yang. They brought together DSA technology and ECDSA, to which they applied a new elliptical curve that guarantees safety and performance. The first EdDSA document was presented in 2011 and its entire technical specification is in the public domain.

Technical characteristics

EdDSA is packed with features that make it unique compared to other options. Among these we can highlight:

1. It offers a much faster and computationally efficient signature verification system. This means that it requires little computing power to carry out verifications and can be used on less powerful devices.
2. It has a faster batch verification capability. This is a characteristics related to the previous one. Consuming little power to perform a verification makes a lot much less expensive to verify. But it is also related to efficiency. EdDSA's algorithm is very friendly with CPU caches. This allows the impact on them to be minimal and the verification speed increases.
3. The digital signature system is very fast. The document reading, verification and signing process is almost instantaneous.
4. It offers a fast generation of public and private keys. Key generation is almost as fast as signing.
5. The signature scheme offers a high level of security. EdDSA's security level is comparable to that of systems such as RSA and ECDSA. For example, breaking a well-built EdDSA signature could take about 4 million years or require a quantum computer.
6. Collision resistance. Hash function collisions do not break this system. This adds a layer of defense against the possibility of weakness in the selected hash function.
7. The signatures and keys generated by EdDSA are small. An EdDSA signature occupies about 64 bytes of data. On the other hand, the keys occupy half that size, which makes the system perfect to be applied in systems with reduced bandwidth, storage and power.

How do EdDSA signatures work?

The EdDSA operating process is divided into several stages, among which we have:

Choice of algorithm

First of all we must choose the algorithm to use to create and use our EdDSA signature. Broadly speaking, there are two algorithms whose majority difference is framed in the elliptic curve that it uses. These elliptical curves are the Ed25519 y Ed448. In the case of Ed25519, its security level is very high and comparable with options such as RSA y ECDSA. But Ed448 goes a little further by delivering a clearly higher level of security. However, Ed448 is incompatible with Ed25519 and is more complex to implement.

In any case, the EdDSA operating pillar is the choice of its curve and the level of security required.

Key generation

Once we choose our curve we start the generation of the public key y private key. If EdDSA is a asymmetric cryptography and it is precisely this model that allows its potential to be exploited. At this point, key generation follows the same generation scheme as any asymmetric system. First, the environment must have a random number generator and a safe entropy pool. This ensures the quality of the random numbers applied to the elliptic curve and its unique result.

Once this point has been verified, the generation of the private key begins. This key is what will allow the user to create secure cryptographic signatures at all times. After generating the private key, the creation of the public key begins. The latter is generated in a process of hash the private key using SHA-512. Once the hash is performed, an octal encoding is made to the number generated by the elliptic curve. The result is the public key that we can have so that others can verify the documents that we sign. In this way, we maintain the security of the system and our private key, the origin of our digital signature.

Signed and Verification

Signed using EdDSA is quite simple but effective and secure. The process consists of taking the information that we want to sign and creating a hash of it. This hash guarantees that the random key to generate the public key is completely different at all times. This random key is then applied to the formulation of the elliptic curve which produces the document signature.

This guarantees:

1. Each document generates a unique "fingerprint" in the form of a SHA-512 hash. SHA-512 is used to add additional security and avoid repeated collisions or hashes. This fingerprint or hash is then used to generate the random key that will be used to generate the digital signature of said document.
2. The process of using SHA-512 and generating a unique random key for each document increases security. In this way, each signature is unique to each document and remains publicly verifiable.

As you can see, the operation of EdDSA is not complicated at all and in fact offers security that other systems do not. This makes EdDSA a very powerful and secure digital signing system.

Differences between EdDSA and ECDSA

1. The curves used by both systems are different. EdDSA uses the so-called Edwards elliptic curves, while ECDSA uses more varied elliptic curves.
2. The signature generation process is completely different. ECDSA generates a unique cryptographically verifiable signature. But EdDSA generates different signatures for each document and are equally verifiable. This is a clearly observable leap in security. In fact, ECDSA can be fully exploited due to this flaw, as happened with the PlayStation 3 hack.
3. EdDSA signatures and keys are computationally less expensive than ECDSA's. Furthermore both elements in EdDSA are smaller in size than their ECDSA counterpart. This gives EdDSA the advantage of being very user friendly with computing power and bandwidth.

Uses in blockchain technology

EdDSA technology is not very widely spread in blockchain technology. However, many projects have begun to consider a technological migration towards EdDSA due to its potential.

E.g. Rope de R3 It is one of the big blockchain projects that EdDSA firms use. Similarly, other projects prefer to use EdDSA over ECDSA for security and optimization reasons. And the reasons for this choice are quite obvious considering EdDSA's capabilities.

Certainly the EdDSA technology is not as proven against options like RSA and ECDSA, but it has made room. A site that we can see expanded in the not too distant future in the next evolution of blockchain technology.

Advantages and disadvantages

Advantages

1. They offer a high level of speed, optimization and security in a single application.
2. EdDSA firms are completely deterministic. This means that firms will always have the same properties and values ​​at all times.
3. The system offers resistance to side channel attack. This is a security measure that prevents signatures from being broken by this type of brute force attack.
4. The formulas are valid for all points on the curve, without exceptions. This avoids the need for EdDSA to perform costly point validation on unreliable public values.
5. EdDSA also provides collision resistance, which means that hash function collisions do not break this system (only applies to PureEdDSA).

Disadvantages

1. It lacks the level of testing and standardization of other options known as RSA and ECDSA.
2. Its understanding of use and algorithmic analysis is a little more complex, making software design difficult.
3. They are incompatible with firms such as ECDSA and RSA. This prevents signature mixes from being possible within a blockchain structure without bookmarks.