Loading API Reference...
API Reference Intermediate 15 min read

Signatures Module

Complete API reference for digital signature implementations including ECDSA, EdDSA, and Schnorr signatures with practical examples and security considerations.

Overview

The Forge EC Signatures module provides secure, high-performance implementations of industry-standard digital signature algorithms. All implementations are designed with constant-time operations to prevent timing attacks.

Supported Algorithms

  • ECDSA: Elliptic Curve Digital Signature Algorithm (FIPS 186-4)
  • EdDSA: Edwards-curve Digital Signature Algorithm (RFC 8032)
  • Schnorr: Schnorr signatures (BIP 340)

Key Features

  • Constant-time implementations
  • Memory-safe Rust code
  • Support for multiple curves
  • Comprehensive error handling
  • Zero-copy serialization
  • WebAssembly compatibility
Import Statement: All signature types are available through the main signatures module. 
use forge_ec::signatures::*;

ECDSA Signatures

Elliptic Curve Digital Signature Algorithm (ECDSA) is widely used in blockchain applications and TLS. Forge EC provides a secure, RFC-compliant implementation.

Basic Usage

ECDSA Example 
use forge_ec::signatures::ecdsa::*;
use forge_ec::curves::secp256k1::Secp256k1;

// Generate a new ECDSA keypair
let private_key = PrivateKey::::new();
let public_key = private_key.public_key();

// Message to sign
let message = b"Hello, ECDSA!";

// Create signature
let signature = private_key.sign(message)?;

// Verify signature
let is_valid = public_key.verify(message, &signature)?;
assert!(is_valid);

println!("ECDSA signature verified successfully!");

Supported Curves

  • secp256k1: Bitcoin and Ethereum standard
  • secp256r1 (P-256): NIST standard curve
  • secp384r1 (P-384): Higher security NIST curve
  • secp521r1 (P-521): Highest security NIST curve

Advanced ECDSA Features

Advanced ECDSA Usage 
use forge_ec::signatures::ecdsa::*;
use forge_ec::curves::secp256k1::Secp256k1;
use forge_ec::hashing::sha256;

// Custom hash function
let private_key = PrivateKey::::new();
let message = b"Custom hashed message";
let hash = sha256(message);

// Sign pre-hashed message
let signature = private_key.sign_prehashed(&hash)?;

// Verify with custom hash
let public_key = private_key.public_key();
let is_valid = public_key.verify_prehashed(&hash, &signature)?;

// Signature serialization
let signature_bytes = signature.to_bytes();
let signature_der = signature.to_der();
let signature_hex = signature.to_hex();

// Signature deserialization
let recovered_sig = Signature::from_bytes(&signature_bytes)?;
let recovered_der = Signature::from_der(&signature_der)?;
let recovered_hex = Signature::from_hex(&signature_hex)?;

EdDSA Signatures

Edwards-curve Digital Signature Algorithm (EdDSA) provides fast signature generation and verification with built-in protection against many side-channel attacks.

Ed25519 Implementation

Ed25519 Example 
use forge_ec::signatures::eddsa::*;
use forge_ec::curves::ed25519::Ed25519;

// Generate Ed25519 keypair
let private_key = PrivateKey::::new();
let public_key = private_key.public_key();

// Message to sign
let message = b"Hello, Ed25519!";

// Create EdDSA signature
let signature = private_key.sign(message)?;

// Verify signature
let is_valid = public_key.verify(message, &signature)?;
assert!(is_valid);

// Ed25519 signatures are deterministic
let signature2 = private_key.sign(message)?;
assert_eq!(signature, signature2);

println!("Ed25519 signature verified successfully!");
Performance Advantage: Ed25519 signatures are typically 2-3x faster than ECDSA while providing equivalent security levels.

Schnorr Signatures

Schnorr signatures provide excellent security properties and are used in Bitcoin's Taproot upgrade. They offer key aggregation and batch verification capabilities.

Basic Schnorr Implementation

Schnorr Example 
use forge_ec::signatures::schnorr::*;
use forge_ec::curves::secp256k1::Secp256k1;

// Generate Schnorr keypair
let private_key = PrivateKey::::new();
let public_key = private_key.public_key();

// Message to sign
let message = b"Hello, Schnorr!";

// Create Schnorr signature
let signature = private_key.sign(message)?;

// Verify signature
let is_valid = public_key.verify(message, &signature)?;
assert!(is_valid);

println!("Schnorr signature verified successfully!");

Key Management

Proper key management is essential for cryptographic security. Forge EC provides secure key generation, serialization, and storage utilities.

Key Generation

Secure Key Generation 
use forge_ec::signatures::ecdsa::PrivateKey;
use forge_ec::curves::secp256k1::Secp256k1;
use forge_ec::rng::SecureRng;

// Use cryptographically secure RNG
let mut rng = SecureRng::new();
let private_key = PrivateKey::::generate(&mut rng);

// Derive public key
let public_key = private_key.public_key();

// Secure serialization
let private_bytes = private_key.to_secure_bytes();
let public_bytes = public_key.to_bytes();

Error Handling

Forge EC provides comprehensive error handling for all signature operations. Always handle errors appropriately in production code.

Error Handling Example 
use forge_ec::signatures::ecdsa::*;
use forge_ec::errors::*;

fn safe_signature_verification(
    public_key: &PublicKey,
    message: &[u8],
    signature: &Signature
) -> Result {
    match public_key.verify(message, signature) {
        Ok(is_valid) => {
            if is_valid {
                println!("✅ Signature verification successful");
            } else {
                println!("❌ Signature verification failed");
            }
            Ok(is_valid)
        }
        Err(e) => {
            eprintln!("Error during verification: {}", e);
            Err(e)
        }
    }
}

Security Notes

Important security considerations when using digital signatures:

Security Guidelines:
  • Never reuse nonces in signature generation
  • Always use cryptographically secure random number generators
  • Protect private keys with appropriate access controls
  • Validate all inputs before processing
  • Use constant-time operations to prevent timing attacks