EPFL Logo
fr|en
Login
Concept

Elliptic Curve Digital Signature Algorithm

In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography. As with elliptic-curve cryptography in general, the bit size of the private key believed to be needed for ECDSA is about twice the size of the security level, in bits. For example, at a security level of 80 bits—meaning an attacker requires a maximum of about operations to find the private key—the size of an ECDSA private key would be 160 bits. On the other hand, the signature size is the same for both DSA and ECDSA: approximately bits, where is the exponent in the formula , that is, about 320 bits for a security level of 80 bits, which is equivalent to operations. Suppose Alice wants to send a signed message to Bob. Initially, they must agree on the curve parameters . In addition to the field and equation of the curve, we need , a base point of prime order on the curve; is the multiplicative order of the point . The order of the base point must be prime. Indeed, we assume that every nonzero element of the ring is invertible, so that must be a field. It implies that must be prime (cf. Bézout's identity). Alice creates a key pair, consisting of a private key integer , randomly selected in the interval ; and a public key curve point . We use to denote elliptic curve point multiplication by a scalar. For Alice to sign a message , she follows these steps: Calculate . (Here HASH is a cryptographic hash function, such as SHA-2, with the output converted to an integer.) Let be the leftmost bits of , where is the bit length of the group order . (Note that can be greater than but not longer.) Select a cryptographically secure random integer from . Calculate the curve point . Calculate . If , go back to step 3. Calculate . If , go back to step 3. The signature is the pair . (And is also a valid signature.) As the standard notes, it is not only required for to be secret, but it is also crucial to select different for different signatures.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Related courses (11)
COM-401: Cryptography and security
This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how
MATH-489: Number theory II.c - Cryptography
The goal of the course is to introduce basic notions from public key cryptography (PKC) as well as basic number-theoretic methods and algorithms for cryptanalysis of protocols and schemes based on PKC
CS-438: Decentralized systems engineering
A decentralized system is one that works when no single party is in charge or fully trusted. This course teaches decentralized systems principles while guiding students through the engineering of thei
Show more
Related lectures (41)
Elliptic Curve Cryptography in Practice
Explores the practical applications of elliptic curve cryptography in various real-world scenarios and cryptographic operations.
Elliptic Curve Cryptography: Basics and Applications
Explores the basics and applications of elliptic curve cryptography, covering ECM factorization, standard curves, practical examples, and real-world implementations.
Elliptic Curves and Factoring
Explores elliptic curves, factoring, and their role in cryptography, emphasizing standardization and applications.
Show more
Related publications (67)

Side-channel analysis of isogeny-based key encapsulation mechanisms and hash-based digital signatures

Aymeric Genet

Current cryptographic solutions will become obsolete with the arrival of large-scale universal quantum computers. As a result, the National Institute of Standards and Technology supervises a post-quantum standardization process which involves evaluating ca ...
EPFL2024

Exploring SIDH-Based Signature Parameters

Tako Boris Fouotsa, Laurane Chloé Angélina Marco, Andrea Basso

Isogeny-based cryptography is an instance of post-quantum cryptography whose fundamental problem consists of finding an isogeny between two (isogenous) elliptic curves E and E′. This problem is closely related to that of computing the endomorphism ring of ...
Springer2024

Some Mordell-Weil lattices and applications to sphere packings

Gauthier Leterrier

We provide new explicit examples of lattice sphere packings in dimensions 54, 55, 162, 163, 486 and 487 that are the densest known so far, using Kummer families of elliptic curves over global function fields.In some cases, these families of elliptic curves ...
EPFL2024
Show more
Related people (16)
Show more
Related units (1)
Security and Cryptography Laboratory
Related concepts (5)
Curve25519
In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software. The original Curve25519 paper defined it as a Diffie–Hellman (DH) function. Daniel J.
Cryptography
Cryptography, or cryptology (from κρυπτός "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others.
Elliptic-curve cryptography
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. Elliptic curves are applicable for key agreement, digital signatures, pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme.
Show more

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.