Crypto Magic: Recovering Alice’s Public Key From An ECDSA Signature
The core of the security of the Internet is based on one thing: PKI (Public Key Infrastructure). With this, Alice has a key pair: a public key and a private key. This can either be an RSA key pair or an Elliptic Curve key pair. If Alice wants to prove her identity and a message, she signs a hash of the message with her private key, and then Bob can prove this with her public key. Two of the most common signing methods are RSA and ECDSA (Elliptic Curve Digital Signature Algorithm). But, how can Bob know that Alice’s public key is correct? Well, this is where PKI comes in. With this Trent — an entity trusted by Bob and Alice — takes Alice’s public key and does his own signs it with his own private key. When Bob receives this signed public key, he checks it against Trent’s public key and will validate this it is Alice’s public key. And everything is fine.
But, why do we even have PKI? Why do we need Trent? Why does Alice have to go to Trent to get a signed version of her keys? Why can’t Alice just produce her key pair, and for Bob to discover her public key from her transactions? Well, with Bitcoin and Ethereum, we don’t need Trent anymore, as anyone can discover Alice’s public key, and validate the transaction. Within Bitcoin and Ethereum, a version of Alice’s public key becomes her public key identity.
