ECDSA Signatures

What’s a Digital Signature?

Alice wants to send a message to Bob. But how does Bob know it’s really from Alice?

A digital signature proves two things:

  1. The message came from Alice (not an imposter)
  2. The message wasn’t tampered with

Bitcoin and Ethereum use ECDSA to sign every transaction.

The Setup

Alice has her ECC key pair:

  • Private key: dd (a secret number only she knows)
  • Public key: Q=dGQ = dG (a point everyone can see)

She wants to sign a message so anyone can verify it came from her.

How Signing Works

Alice has a message. Here’s what she does:

1. Hash the message

Any message becomes a fixed-size number hh. This is the message’s fingerprint.

2. Pick a random number kk

This is a one-time secret. It must be random and never reused.

3. Compute rr

Multiply: R=kGR = kG (a point on the curve)

Take just the x-coordinate: rr = x-coordinate of RR

4. Compute ss

s=h+drks = \frac{h + d \cdot r}{k}

This mixes together the message hash (hh), her private key (dd), and the random value (kk).

5. The signature is (r,s)(r, s)

Two numbers. Alice sends these along with her message.

How Verification Works

Bob receives the message and signature (r,s)(r, s). He also knows Alice’s public key QQ.

1. Hash the message

Bob computes the same hash hh from the message.

2. Compute a check point RR'

Using only public information:

R=hG+rQsR' = \frac{h \cdot G + r \cdot Q}{s}

3. Compare x-coordinates

If the x-coordinate of RR' equals rr, the signature is valid.

Bob never needed Alice’s private key. He verified using only public information.

Why Only Alice Can Sign

The signature formula uses Alice’s private key dd:

s=h+drks = \frac{h + d \cdot r}{k}

To forge a signature, an attacker would need to find dd from Q=dGQ = dG.

That’s ECDLP. Practically impossible.

The Random kk is Critical

If Alice ever uses the same kk for two different messages, an attacker can compute her private key.

In 2010, Sony’s PlayStation 3 signing key was stolen because they used the same kk every time.

The random number kk must be truly random and never repeated.