Digital Signature Algorithms

io.finnet technology works with multiple digital signature standards

Digital signatures are a cryptographic primitive that underpins the security of blockchains and digital asset custody solutions like io.vault. They provide three key properties:

  1. Authentication - Verifying the identity of the signer
  2. Non-repudiation - The signer cannot deny having signed the message
  3. Integrity - Detecting if the message has been altered since signing

io.vault supports two primary digital signature algorithms: the Elliptic Curve Digital Signature Algorithm (ECDSA) and the Edwards-curve Digital Signature Algorithm (EdDSA). Let's explore in more depth.

Curve and Signature Support

io.vault supports the following algorithms and elliptic curves.

ECDSAEdDSABIP-340 (Schnorr)
Curvesecp256k1 / NIST P-256Edwards25519secp256k1
COSE NameES256K / ESKEC256 / ESP256ED25519โ€”
Bitcoin Address TypeSegWitโ€”Taproot
Public Key Size33 bytes (compressed), 65 bytes (uncompressed)32 bytes33 bytes (compressed)
HD WalletsYes, UnhardenedYes, UnhardenedYes, Unhardened
XPub FormatStandard BIP32BIP32-like with 0x00 prefix + 32-byte keyStandard BIP32

Elliptic Curve Digital Signature Algorithm (ECDSA)

ECDSA is the signature scheme used in Bitcoin, Ethereum, and many other blockchains. It's based on the algebraic structure of elliptic curves over finite fields.

Key facts about ECDSA:

  • Relies on the assumed difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP)
  • Uses a curve and base point defined in a standard, e.g., secp256k1 in Bitcoin
  • Private key is a random integer, public key is a point on the curve
  • Signing involves generating a random nonce and computing a signature (r, s)
  • Verification checks a mathematical relationship between the message, public key, and signature

ECDSA has good performance and relatively short signature sizes, making it well-suited for blockchain use.

Edwards-curve Digital Signature Algorithm (EdDSA)

EdDSA is a more recent signature scheme based on twisted Edwards curves. It's designed to be faster and more secure than ECDSA.

Notable differences from ECDSA:

  • Uses a different curve form for better performance and implementation security
  • Deterministic nonce generation to prevent common ECDSA pitfalls
  • Includes a hash of the private key in the signature for better malleability resistance
  • Cleaner and more efficient implementation

EdDSA is seeing increasing adoption, particularly in newer blockchain platforms and protocols. The most common variant is Ed25519, which uses the curve Curve25519 and the hash function SHA-512.

io.finnet supports both ECDSA and EdDSA across different blockchains. The MPC and TSS schemes are agnostic to the underlying signature algorithm.

Hierarchical Deterministic (HD) Wallets

HD wallets (defined in BIP32) allow a single seed to deterministically derive a structured tree of keypairs. io.vault fully supports HD wallet semantics across all supported curve types.

Key features of HD wallets in io.vault:

  • Unhardened derivation is supported for all curve types (secp256k1, secp256r1, Ed25519), allowing public key derivation without knowledge of private keys.
  • BIP44 path structure (e.g., m/44/60/0/0/0) is used for adherence to chain-specific conventions.
  • XPub / XPrv formats are standardized:
    • For ECDSA: Standard BIP32 format with version bytes (xpub, ypub, etc.)
    • For EdDSA: BIP32-like format with a fixed prefix and 32-byte keys
    • XPrvs can be exported when all key shards are collected as part of a Disaster Recovery process.
  • Secure key management: io.vault does not persist raw seeds but rather creates wallets with MPC-generated sharded seeds that are distributed across devices and kept in encrypted storage.
  • Multi-chain support: A single HD wallet can derive keys across multiple blockchains and signature schemes, enabling multi-asset custody from one root.

Why HD wallets matter in secure custody:

  • Operational scalability: A single seed gives access to billions of keypairs, all deterministically derived.
  • Auditability: Clear derivation paths enable hierarchical access control, user-level partitioning, and deterministic tracking of key lineage.
  • MPC compatibility: In io.vault, HD key derivation is performed under threshold control, so no single party ever sees the root or derived key material at any point.
๐Ÿ“˜

Note

io.vault's implementation of HD wallets ensures cryptographic isolation and full determinism across all derived keys, making it suitable for regulated institutions requiring deterministic audit trails and secure backup strategies with multiple addresses stemming from a single MPC-secured seed.


Whatโ€™s Next

Dive deeper into how these signature algorithms are used in practice to secure blockchain transactions.