But hey, at least you won’t have to deal with any math or complex algorithms here. Just sit back and enjoy the ride!
So let’s start from the beginning. Back in the olden days (like, 1976), digital signatures were all the rage. People would use them to sign documents electronically instead of having to print out a physical signature on paper. But there was one problem how do you generate a random number for your signature?
At first, people thought they could just use their birthdays or favorite numbers as the “random” part of their digital signature. But that didn’t work so well because everyone else was doing the same thing and it made the signatures predictable. So then people started using more complex algorithms to generate random numbers like flipping a coin 1024 times and taking the last digit as your “random” number.
But even that wasn’t good enough. The problem with these early methods was that they were too slow and not very secure. It could take hours or even days to generate just one random number, which made digital signatures impractical for everyday use. And if someone managed to guess your “random” number, it would be easy for them to forge your signature.
So in the 1980s and 1990s, researchers started developing more sophisticated methods of random number generation that were faster and more secure. They used things like cryptographic hash functions (which are basically mathematical algorithms) to generate truly random numbers. And they also developed new techniques for protecting these random numbers from being guessed or stolen by attackers.
One example of this is the EdDSA signature algorithm, which was proposed in 2015 and has since become a popular choice for digital signatures due to its efficiency and security properties. The EdDSA algorithm uses a combination of hash functions and field arithmetic to generate random numbers that are both secure and fast to compute.
However, recent research has shown that some implementations of the EdDSA algorithm may be vulnerable to side-channel attacks, which can reveal sensitive information about the secret key used for signing. In 2018, researchers from Google’s Project Zero discovered a vulnerability in Mozilla’s NSS library that allowed attackers to extract the private key used for digital signatures by measuring the timing of certain operations.
This vulnerability was later confirmed and patched by Mozilla, but it highlights the importance of ongoing research into the security properties of cryptographic algorithms and their implementations. Other recent studies have also shown that some popular signature schemes, such as RSA-PSS and ECDSA, may be vulnerable to fault attacks, which can exploit implementation errors or hardware failures to reveal sensitive information about the secret key used for signing.
To address these vulnerabilities, researchers are developing new techniques for generating random numbers in a more secure and efficient manner. One promising approach is the use of deterministic signature schemes, such as EdDSA and SPHINCS+, which generate signatures using a fixed set of inputs that do not require any additional sources of entropy or randomness. This can help to reduce the risk of side-channel attacks and other vulnerabilities associated with traditional random number generation techniques.