Difference between revisions of "Elliptic Curve Digital Signature Algorithm"
Owen Vaughan (talk | contribs) |
|||
| Line 1: | Line 1: | ||
| − | '''Elliptic Curve Digital Signature Algorithm''' or '''ECDSA''' is a cryptographic algorithm used by Bitcoin to ensure | + | '''Elliptic Curve Digital Signature Algorithm''' or '''ECDSA''' is a cryptographic algorithm used by Bitcoin to ensure the effective and secure control of ownership of funds. |
A few concepts related to ECDSA: | A few concepts related to ECDSA: | ||
| − | * [[Private Keys|private key]]: A secret number, known only to the person that generated it. A private key can be a randomly generated number but in 2019 most wallets use deterministic key schemes derived from [[BIP 0032]]. In Bitcoin, someone with the private key that corresponds to funds on the [[ | + | * [[Private Keys|private key]]: A secret number, known only to the person that generated it. A private key can be a randomly generated number but in 2019 most wallets use deterministic key schemes derived from [[BIP 0032]]. In Bitcoin, someone with the private key that corresponds to funds on the [[blockchain]] can spend the funds. In Bitcoin, a private key is a single unsigned 256-bit integer (32 bytes). ['''OV Comment 1''']{This integer is used as a co-ordinate on an elliptic curve and used to find its own unique path through the math to the public key.} |
| − | * public key: A number that corresponds to a private key, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine by using ECDSA to validate that a signature was generated by the private key that corresponds to the public key that has been proffered, without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called ''x''. Uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called ''x'' and ''y'' (2 * 32 bytes). The prefix of a compressed key allows for the ''y'' value to be derived from the ''x'' value. | + | * public key: ['''OV Comment 2''']{A number that corresponds to a private key}, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine by using ECDSA to validate that a signature was generated by the private key that corresponds to the public key that has been proffered, without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called ''x''. Uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called ''x'' and ''y'' (2 * 32 bytes). The prefix of a compressed key allows for the ''y'' value to be derived from the ''x'' value. |
| − | * [[Protocol#Signatures|signatures]]: A string of bytes proving that a private key was used to sign a message. A signature is mathematically generated from a [[hash]] of the message being signed and a private key. The signature itself is two numbers known as ''r'' and ''s'' and the message being signed is the Bitcoin transaction (minus the signature data). With the public key, a mathematical algorithm (signature verification) can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Signatures are | + | * [[Protocol#Signatures|signatures]]: A string of bytes proving that a private key was used to sign a message. A signature is mathematically generated from a [[hash]] of the message being signed and a private key. The signature itself is two numbers known as ''r'' and ''s'' and the message being signed is the Bitcoin transaction (minus the signature data). With the public key, a mathematical algorithm (signature verification) can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Signatures are usually 71, 72, or 73 bytes long, with probabilities approximately 25%, 50% and 25% respectively. |
==See also== | ==See also== | ||
* [[Secp256k1]] | * [[Secp256k1]] | ||
| + | ['''OV Comment 4'''] | ||
==External Links== | ==External Links== | ||
* [https://en.wikipedia.org/wiki/Elliptic_Curve_DSA Elliptic Curve Digital Signature Algorithm - Wikipedia article] | * [https://en.wikipedia.org/wiki/Elliptic_Curve_DSA Elliptic Curve Digital Signature Algorithm - Wikipedia article] | ||
Revision as of 11:22, 15 November 2019
Elliptic Curve Digital Signature Algorithm or ECDSA is a cryptographic algorithm used by Bitcoin to ensure the effective and secure control of ownership of funds.
A few concepts related to ECDSA:
- private key: A secret number, known only to the person that generated it. A private key can be a randomly generated number but in 2019 most wallets use deterministic key schemes derived from BIP 0032. In Bitcoin, someone with the private key that corresponds to funds on the blockchain can spend the funds. In Bitcoin, a private key is a single unsigned 256-bit integer (32 bytes). [OV Comment 1]{This integer is used as a co-ordinate on an elliptic curve and used to find its own unique path through the math to the public key.}
- public key: [OV Comment 2]{A number that corresponds to a private key}, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine by using ECDSA to validate that a signature was generated by the private key that corresponds to the public key that has been proffered, without requiring the private key to be divulged. In Bitcoin, public keys are either compressed or uncompressed. Compressed public keys are 33 bytes, consisting of a prefix either 0x02 or 0x03, and a 256-bit integer called x. Uncompressed keys are 65 bytes, consisting of constant prefix (0x04), followed by two 256-bit integers called x and y (2 * 32 bytes). The prefix of a compressed key allows for the y value to be derived from the x value.
- signatures: A string of bytes proving that a private key was used to sign a message. A signature is mathematically generated from a hash of the message being signed and a private key. The signature itself is two numbers known as r and s and the message being signed is the Bitcoin transaction (minus the signature data). With the public key, a mathematical algorithm (signature verification) can be used on the signature to determine that it was originally produced from the hash and the private key, without needing to know the private key. Signatures are usually 71, 72, or 73 bytes long, with probabilities approximately 25%, 50% and 25% respectively.
See also
[OV Comment 4]