## Signatures

In order to securely move value from Alice to Bob, Alice needs to prove she has the right to move the funds. The most direct and reliable way of accomplishing this task is to use a public key signature scheme where funds are connected to a public key and Alice controls an associated private key.

There are hundreds of possible schemes with different security parameters and assumptions. Some rely upon mathematical problems connected to elliptic curves, whereas others are connected to exotic concepts using lattices.

The abstract goal is always the same. There exists a hard problem that cannot be solved unless someone has a secret piece of knowledge. The holder of this piece of knowledge is said to be the owner of the keypair and should be the only entity that has the ability to use it.

There are two groups of concerns a cryptocurrency faces with choosing a signature scheme. First, there is the long-term security durability of the scheme itself. Some cryptographic schemes used in the 1970s and 1980s such as DES have been broken. The period over which the scheme should be expected to survive must be decided upon.

Second, there are many enterprises, governments and other institutions that have preferred, or in some cases, mandated the use of a particular scheme. For example, the NSA maintains the Suite B protocol set. There are standards from ISO and even W3C workgroups on cryptography.

If a cryptocurrency chooses a single signature scheme, it is forced to accept that the scheme could be broken at some point in the future and at least one entity cannot use the cryptocurrency due to legal or industry restrictions. Yet a cryptocurrency cannot support every signature scheme as this would require every client to understand and validate each scheme.

For Cardano, we decided to start with using elliptic curve cryptography, the Ed25519 curve in particular. We also decided to enhance the existing libraries by adding support for HD wallets using Dr Dmitry Khovratovich and Jason Law’s Specification^{8}.

This said, Cardano will support more signature schemes in the future. In particular, we are interested in integrating quantum computer resistant signatures to our system. We are also interested in adding SECP256k1 to enhance interoperability with legacy cryptocurrencies such as Bitcoin.

Cardano has been designed with special extensions that will allow us to add more signature schemes through a soft fork. They will be added as needed and during major updates planned in the roadmap^{9}.

**Footnotes**

8: This is the documentation for Cardano's HD Wallet Implementation. We believe Cardano is the first cryptocurrency to support Ed25519 HD Wallets.

9: See cardanoroadmap.com.