Elliptic Curve Digital Signature Algorithm or ECDSA is a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners. It is dependent on the curve order and hash function used. For bitcoin these are Secp256k1 and SHA256(SHA256()) respectively.
A few concepts related to ECDSA:
x. The older uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called x and y (2 * 32 bytes). The prefix of a compressed key allows for the y value to be derived from the x value.r and s. With the public key, a mathematical algorithm can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Resulting signatures are either 73, 72, or 71 bytes long (with approximate probabilities of 25%, 50%, and 25%, respectively--although sizes even smaller than that are possible with exponentially decreasing probability).[1]The ECDSA signing and verification algorithms make use of a few fundamental variables which are used to obtain a signature and the reverse process of getting a message from a signature.
r and s: These numbers uniquely represent the signature.z: The hash of the message we want to sign. Normally we are required to use the left-most N bits of the message hash, where N is the length of the hash function used, however, this rule does not apply to bitcoin signatures because the length of the hash function used, SHA256, equals the bit length of the secp256k1 curve (256) so no truncation is necessary.k: A cryptographicly secure random number which is used as a nonce to calculate the r and s values.dA and QA: These are the private key number and public key point respectively, used to sign and verify the message. Wallets can derive a copy of these when give an address contained inside the wallet.The signing algorithm computes the signature pair r and s from dA and z.
n of the curve. For Secp256k1 this is FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141.k between 1 and n-1.Important: Do not reuse k after a signature is made with it because there are flaws that enable an attacker to derive private keys from signed messages if they know the shared nonce k used in them.
(x, y) = k*G, where G is the generator point of the secp256k1 curve, which is 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 in uncompressed form, however the compressed form can also be used.r = x mod n. If r=0, generate another random k and start over.s = k-1(z + r*dA) mod n. If s=0, generate another random k and start over.The verification algorithm ensures that the signature pair r and s, QA and z are all consistent.
r and s are between 1 and n-1.u1 = z*s-1 mod n and u2 = r*s-1 mod n.(x, y) = u1*G + u2*QA and ensure it is not equal to the point at infinity. The point at infinity is a special point that results when you add two points whose result would otherwise not lie on the curve, such as two points with the same X value but inverted Y values.r = x mod n then the signature is valid. Otherwise, or if any of the checks fail, then the signature is invalid.RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4