Elliptic Curve Digital Signature

ECDSA is a U.S. goverment standard, and update of the earlier DSA algorithm adapted to use elliptic curves, and is used by bitcoin for its digital signature theme. These algorithms have received considerable cryptographic analysis over the years and are generally believed to be secure.

More specifically, Bitcoin uses ECDSA over the standard elliptic curve secp256k1, which is estimated to provide 128 bits of security (i.e., it is difficult to break this algorithm as it is to perform 2^128 symmetric-key cryptographic operations, such as invoking a hash function). Although this curve is a published standard, it is rarely used outside Bitcoin, as it was chosen by Satoshi in the early specification of the system and is now difficult to change.

Private key: 256 Bits

Public Key, uncompressed: 512 bits

Public Key, compressed: 257 bits

Message to be signed: 256 bits

Signature: 512 bits

Note that even though ECDSA can technically only sign messages 256 bits long, this is not a problem: messages are always hashed before being signed, so effectively any size message can be efficiently signed.

With ECDSA, a good source of randomness is essential, because a bad source will likely leak your key. It makes intuitive sense that if you use bad randomness when generating a key, then the key your generate will likely not be secure. Buts its a quirk of ECDSA that, even if you use a bad randomness only when making a signature and you use your perfectly good key, the bad signature will also leak your private key. (For those familiar with DSA, this is a general quirk in DSA and is not specific to the elliptic-curve variant.)


Narayanan, Arvind, et al. (2017). Bitcoin and Cryptocurrency Technologies. United States: Princeton Press

Refers to an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. See elliptic curve cryptography.



Leave a Reply

Your email address will not be published. Required fields are marked *