Score:0

Why are public keys derived from elliptic curve cryptography (ECC) and not from hashing?

cn flag

I've just started studying Bitcoin and cryptocurrencies, so I might be wrong, but so far my understanding is that public keys are derived from private keys using ECDSA, in Bitcoin's case using secp256k1. This is a one-way function and is, technically, computationally safe... Until you take into account quantum computing. With quantum computing, you might be able to brute force and figure out private keys from public keys. Why was ECDSA chosen over hashing algorithms since both are one-way functions but the latter is more secure? Am I missing something?

Score:5
ng flag

…Public keys are derived from private keys using ECDSA … using secp256k1.

Not quite. The transformation of private key to public key is not using ECDSA. It's per the parameters of secp256k1, using an operation called point multiplication, and towards making the public/private key pair usable later for ECDSA.

This is a one-way function… until you take into account quantum computing. With quantum computing, you might be able to brute force and figure out private keys from public keys.

Correct. It's easy to go from private key to public key, not the other way around unless we hypothesize Cryptographically Relevant Quantum Computers (don't hold your breath).

Why was ECDSA chosen over hashing algorithms ?

So that we can digitally sign messages with the private key, and verify the message/signature pairs with the public key; so in a way such that the private key is necessary to produce message/signature pairs that pass verification, for different messages. We could not do this if the public key was obtained by hashing the private key¹. In other words: that the function from private key to public key is one-way is not a sufficient condition to make digital signature possible.


¹ There are signature algorithms based on hashing, but the public key is not obtained by one hash of the private key with a standard hash. The public key comprises multiples hashes, making it much larger than the 33 bytes of an ECDSA secp256k1 public key. Also the number of messages that can be safely signed is limited.

poncho avatar
my flag
Actually, with stateless hash based methods, such as Sphincs and Sphincs+, the number of messages you can sign are effectively unlimited (technically, there is a limit - it's so high you'll never reach it...)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.