# Difference between revisions of "Elliptic Curve Digital Signature Algorithm"

m (Add clarification of (and reference to) signature length) |
|||

Line 4: | Line 4: | ||

* [[private key]]: A secret number, known only to the person that generated it. A private key is essentially a randomly generated number. In Bitcoin, someone with the private key that corresponds to funds on the [[block chain]] can spend the funds. In Bitcoin, a private key is a single unsigned 256 bit integer (32 bytes). | * [[private key]]: A secret number, known only to the person that generated it. A private key is essentially a randomly generated number. In Bitcoin, someone with the private key that corresponds to funds on the [[block chain]] can spend the funds. In Bitcoin, a private key is a single unsigned 256 bit integer (32 bytes). | ||

* [[public key]]: A number that corresponds to a private key, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine (in other words, produced with the proper key) without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called ''x''. The older uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called ''x'' and ''y'' (2 * 32 bytes). The prefix of a compressed key allows for the ''y'' value to be derived from the ''x'' value. | * [[public key]]: A number that corresponds to a private key, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine (in other words, produced with the proper key) without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called ''x''. The older uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called ''x'' and ''y'' (2 * 32 bytes). The prefix of a compressed key allows for the ''y'' value to be derived from the ''x'' value. | ||

− | * [[signature]]: A number that proves that a signing operation took place. A signature is mathematically generated from a [[hash]] of something to be signed, plus a private key. The signature itself is two numbers known as ''r'' and ''s''. With the public key, a mathematical algorithm can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. | + | * [[signature]]: A number that proves that a signing operation took place. A signature is mathematically generated from a [[hash]] of something to be signed, plus a private key. The signature itself is two numbers known as ''r'' and ''s''. With the public key, a mathematical algorithm can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Resulting signatures are either 73, 72, or 71 bytes long (with approximate probabilities of 25%, 50%, and 25%, respectively--although sizes even smaller than that are possible with exponentially decreasing probability).<ref>{{cite web | url=https://crypto.stackexchange.com/a/75997/28556/ | title=ECDSA Signature Probability Basis }}</ref> |

==See also== | ==See also== | ||

* [[Secp256k1]] | * [[Secp256k1]] | ||

− | + | ==References== | |

+ | <references /> | ||

==External Links== | ==External Links== | ||

* [https://en.wikipedia.org/wiki/Elliptic_Curve_DSA Elliptic Curve Digital Signature Algorithm - Wikipedia article] | * [https://en.wikipedia.org/wiki/Elliptic_Curve_DSA Elliptic Curve Digital Signature Algorithm - Wikipedia article] |

## Revision as of 19:33, 25 November 2019

**Elliptic Curve Digital Signature Algorithm** or **ECDSA** is a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

A few concepts related to ECDSA:

- private key: A secret number, known only to the person that generated it. A private key is essentially a randomly generated number. In Bitcoin, someone with the private key that corresponds to funds on the block chain can spend the funds. In Bitcoin, a private key is a single unsigned 256 bit integer (32 bytes).
- public key: A number that corresponds to a private key, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine (in other words, produced with the proper key) without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called
*x*. The older uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called*x*and*y*(2 * 32 bytes). The prefix of a compressed key allows for the*y*value to be derived from the*x*value. - signature: A number that proves that a signing operation took place. A signature is mathematically generated from a hash of something to be signed, plus a private key. The signature itself is two numbers known as
*r*and*s*. With the public key, a mathematical algorithm can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Resulting signatures are either 73, 72, or 71 bytes long (with approximate probabilities of 25%, 50%, and 25%, respectively--although sizes even smaller than that are possible with exponentially decreasing probability).^{[1]}