3 stable releases
1.1.1 | May 18, 2024 |
---|---|
1.1.0 | May 17, 2024 |
1.0.0 | May 16, 2024 |
#1047 in Cryptography
Used in pg_ecdsa_verify
25KB
404 lines
ecdsa_verify
: Rust crate for ECDSA Signature Verification
ecdsa_verify
is a pure Rust crate for verifying ECDSA (Elliptic Curve Digital
Signature Algorithm) signatures. This crate provides functions to handle
elliptic curve operations and verify signatures against given message hashes
and public keys.
Why Only Verification?
By limiting the scope to verification, the extension remains simpler and easier to implement and audit. Since verification only involves public keys and no private keys, it is inherently secure against side-channel attacks and much easier to implement correctly than the signature generation algorithm.
The typical use case would be a client needing to authenticate against a server where only the public keys are stored on the server. In this scenario, only the signature verification algorithm is needed on the server side.
This is why the ecdsa_verify
crate only implements the ECDSA signature
verification algorithm.
Features
- Supports the
secp256k1
andsecp256r1
elliptic curves. - Implements elliptic curve operations in Jacobian coordinates.
- Provides a function to verify ECDSA signatures.
Installation
Add the following to your Cargo.toml
:
[dependencies]
ecdsa_verify = "1.1"
Usage
use ecdsa_verify::{verify, Point3D, EcdsaSignature, secp256r1};
use num_bigint::BigInt;
use num_traits::Zero;
fn main() {
let message_hash = hex::decode("48c08394455a5007945a9025c58be18f1795db8a6f8c12e70a00c1cdd6d3df78").unwrap();
let sig = EcdsaSignature {
r: BigInt::parse_bytes(b"7679932563960414347091205306595575529033945270189659289643076129390605281494", 10).unwrap(),
s: BigInt::parse_bytes(b"47844299635965077418200610260443789525430653377570372618360888620298576429143", 10).unwrap(),
};
let public_key = Point3D {
x: BigInt::parse_bytes(b"57742645121064378973436687487225580113493928349340781038880342836084265852815", 10).unwrap(),
y: BigInt::parse_bytes(b"99327750397910171089097863507426920114029443958399733106031194020330646322282", 10).unwrap(),
z: BigInt::zero(),
};
let curve = secp256r1();
let is_valid = verify(&message_hash, &sig, &public_key, &curve);
println!("Signature valid: {}", is_valid);
}
Benchmarks
To benchmark the extension, ensure you are using the Rust Nightly toolchain, then use the following command:
To run the benchmarks, execute:
cargo bench
Benchmark Results
The benchmarks were run on an Intel Core i9-14900K. The results are as follows:
$ cargo bench
Running benches/ecdsa_verify.rs (target/release/deps/ecdsa_verify-f2c7ac91fb3e2e9c)
test bench_verify ... bench: 864,913 ns/iter (+/- 13,821)
License
This project is licensed under the MIT License. See the LICENSE file for details.
Acknowledgements
- Based on v2.2.0 of the starkbank-ecdsa Python library by Star Bank.
Contributing
Bugfixes, optimizations and simplifications are welcome, but no more features. Please open an issue or submit a pull request.
Dependencies
~1MB
~21K SLoC