Add support for Elliptic Curves (verifying and creating ECDSA signatures)

[kylef]

I have no idea where to begin otherwise I'd make a pull request (requirement for kylef/JSONWebToken.swift#5). Maybe one day I'll find time to take a look into implementing this.

[krzyzanowskim]

Tough one. Elliptic Curves are so far away that I can't see it in my roadmap ;). First RSA, then Elliptic Curves, or the other way around.

Let's keep it open for inspiration.

[ColtonProvias]

I have a few projects here where elliptic curves are the only option for keys. Also, many sites are moving away from RSA to ECDSA certificates, so it may be good to reassess support.

[rustymagnet3000]

HI @krzyzanowskim

Not quite the same use case. Are you thinking of offering a Diffie-Hellman Key Exchange API? I was thinking of Client A (iOS) talking to Client B (MacOS) and they wanted to agree on a symmetric shared secret using unauthenticated DH. CryptoSwift for both sides ✅

I am playing with Diffie-Hellman Key Exchange with OpenSSL to make sure I have understood the concepts.

[olutsenko]

Hi,

There is also a requirement from Apple to use ECDSA when accessing CloudKit Using a Server-to-Server Key. Having ECDSA support would be highly appreciated.

Regards,
Oleg

[krzyzanowskim]

im working on this and other things, no ETA though

[olutsenko]

@krzyzanowskim Thanks for the update. Great work!

[saltyskip]

Yes elliptic curve support would be huge, any updates?

[TofPlay]

Yes elliptic curve support would be huge, ...

totally agree 👍 😁

[saltyskip]

I'm willing to chip in some time to help out on it as well, if you have a branch in progress, seems like Swifts lack of support for Big Int is the first major roadblock to overcome

[krzyzanowskim]

I'm ready to add that though, just hard to find spare time..Would you consider donations to keep the project more vital in these days?

[saltyskip]

Sure I would contribute to that

[TofPlay]

@saltyskip for the Big Int support you can check this component GitHub:attaswift/BigInt

[shreyasthiagaraj]

+1 on Elliptic Curve support! Any updates? I would contribute to that :)

[ethanhuang13]

+1 on elliptic curve support. It's requirement for generating JWT used on many Apple server APIs, including APNs, Apple Music API, and the upcoming App Store Connect API.

[danshev]

Would love this. I download a public key (DER) from a server and then need to use that key to verify a signature. I'm absolutely banging my head against the wall.

[ethanhuang13]

Hi all, I believe many want EC support here is because they need to create and sign JWT for Apple's server APIs. If you want to sign Apple's JWT on iOS/macOS, you could give CupertinoJWT a try, which was pre-released recently. I've wrote it because I couldn't find a solution for creating JWT used for Apple's server APIs on iOS/macOS. It use Security and CommonCrypto only as dependencies.

[drewpitchford]

Yes, EC support would be awesome!

[Sajjon]

I've written a pure Swift library called EllipticCurveKit, which has support for ECDSA, Schnorr Signatures (ECSS), and both secp256k1 and secp256r1. I've made it highly modular so it is very easy to support any curve.

⚠️ As mentioned in the README it is not properly audited ⚠️ and pretty slow compared to e.g. BouncyCastle or blazing fast C library bitcoin-core/secp256k1. Although some of Zilliqa's members have glanced at it.

In the branch called "Equations" I support any curve, and most curve forms.

Doing the straightforward Double-Multiplication Algorithm, requires the differentiation of the curve equation, which most projects implements use hard-coded differentiation (since the equations usually are rather simple. I wanted to be able to support ANY curve, therefore I experiment in the above-mentioned branch with a run-time partial differentiation, thanks to EquationKit(which I wrote specifically for this purpose).

[Sajjon]

With the help of smart people in this thread, it would be cool to migrate EllipticCurveKit into this repo, make it faster and more secure 🎉.

One idea I've had for performance improvement is to swtitch from attaswift/BigInt(which I currently use) to Apple/vecLiv/vBigNum.

And implement more of the performance optimized algorithms that can be found on Explicit-Formulas Database(the EC bible).

[krzyzanowskim]

@Sajjon I'm ok with that. that'd be great. wanna start with PR?

[Sajjon]

@krzyzanowskim Sure, when I have the time... Probably not for a couple of weeks though.

Currently, CryptoSwift has no dependencies, but I use (and need) BigInt and BigUInt. Or at least Int512 and UInt512. In EllipticCurveKit I use awesome attaswift/BigInt.

AFAIK CryptoSwift does not contain any BigInt implementation, right? Would you be OK to add it as a dependency?

If not, one alternative could be to copy paste Apple's Prototype BigInt straight into CryptoSwift. I haven't tried it out, but it looks promising and similar. And Karoy Lorenty who created attaswift/BigInt is working at Apple and has written lots of the code of the Apple prototype.

[danshev]

Not sure if this helps at all, but just in case:

https://gist.github.com/danshev/01b83d702b5ca265e43dfe7223924b68

[krzyzanowskim]

AFAIK CryptoSwift does not contain any BigInt implementation, right? Would you be OK to add it as a dependency?

there is UInt128, that's may be a good start ;) We don't need fully featured Int for EC afair, so maybe it's enough to implement what's needed.

[Sajjon]

@krzyzanowskim We need at the very least Int256 and UInt256, the Galois (finite) Field of all 256 curves, such as secp256k1 requires 256-bit scalars. Since the Elliptic curves are mirrored on the x-axis we can have both positive and negative Y-values (or rather, for every X-value of a point on the curve there are only two possible Y-values, either positive or negative). It is thus convenient to model this using a signed Int256.

Some Elliptic Curve Method operations, e.g. the fundamental Double-Multiplication Algorithm can result in values being larger than 256 bits - temporarily - until they have been reduced to 256 bit using modulus (mod P, where P is the size of the Galois Field). Thus it is practical to use a non-fixed-with in, such as attaswift/BigInt or Apples _BigInt.

A powMod function is extremely convenient, attaswift/BigInt has it

func power(_ exponent: BigUInt, modulus: BigUInt) -> BigUInt

For the operations resulting in very big numbers, that we reduce using mod P (size of the Field).

[Sajjon]

Ping @krzyzanowskim how would we proceed regarding BigInt?

[krzyzanowskim]

I'm in favor to not use external dependency. if anything https://github.com/attaswift/BigInt is my favorite.

The maintainability is my biggest concern here now. If Int256/UIn256 is all we need, I'd go and start with that plus whatever is necessary to save larger value temporary - Not starting with building BIGNUM at the start. In my opinion that can end up with a more straightforward code to follow in the future.

@Sajjon if you'd like to work on that, I'd be more than happy to help/assist - feel free to open PR and continue work on a branch.

[shreyaspapi]

Is this still in works? the last updates seems to be of 2019😅

[krzyzanowskim]

once we merge RSA, we can thing about EC #887

[nathanfallet]

For now, my RSA implementation is working, but extra features like PEM import/export and doc is missing. I can try to find time in the week to document what I've done so far (in the README), and make another PR to add PEM features later, so that you will be able to use BigInt directly.
@krzyzanowskim What do you think of this?

[vincentiss]

Is this still in works? the last updates seems to be of 2021😅

[Sajjon]

If you are interested in ECDSA on secp256k1 you can use my package K1: https://github.com/Sajjon/K1
If you are interested in BLS, have a look at my package Bells: https://github.com/Sajjon/bells