sudo: Root or user password?

Just a basic curiosity I had so I can better understand how this is meant to work: I noticed that on systems where the user and root passwords differ `sudo` will ask for the user pass. I was always under the impression it required the password of the root account instead since you're invoking an action through it. It also seemed more secure as you're required two passwords to make system changes, your user password as you need to be logged in then the root password for `su` commands... then again if you know the root password you can login as root directly so not much of a benefit.

Is this an universal decision in all distributions? And is it indeed the most secure way? I'm fine either way personally, just curious if this is a design choice everywhere and why it was taken.