Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [ecdsa]

The Elliptic Curve Digital Signature Algorithm

The Elliptic Curve Digital Signature Algorithm is one of the core algorithms used by Bitcoin.

238 questions
6
votes
2 answers

What is is minimum possible number for an ECDSA private key?

Private keys are 256 bit numbers. I know the max. possible number is something around: 115792089237316195423570985008687907852837564279074904382605163141518161494336 What about the min. number possible? Thanks.
John Smith
  • 271
  • 2
  • 10
6
votes
1 answer

Is normal ECDSA verification slower than a verification method based on Public Key Recovery?

Background info: This post on the Cryptography stack exchange shows how to almost uniquely recover the public key from the signature, hash of the signed data, and knowledge of the curve:…
morsecoder
  • 14,168
  • 2
  • 42
  • 94
5
votes
1 answer

How do you invert an ECDSA multiplication to get the generator?

Pieter Wuille said: [...](people often assume that no inverse for EC multiplication exists, which is true, but only to solve for k in k*P = Q; solving for P is possible). When you multiply a scalar value by an EC point, you get an EC point.…
Nick ODell
  • 29,396
  • 11
  • 72
  • 130
3
votes
1 answer

Are there any signatures where the recid (v) is equal to 29,30 (or 33,34 compressed)?

Peter Wuille recently explained how ECDSA pubkey recovery is done, in response to my question. So it's basically that for a given base64 signature, the value v in v,r,s provides the specific coordinates, hence the recid (recovery ID). Example from…
Wizard Of Ozzie
  • 5,298
  • 4
  • 31
  • 63
3
votes
1 answer

Why do keys need both X and Y coordinates, if X can be solved for Y using the curve equation?

Reference: https://en.bitcoin.it/wiki/File:PubKeyToAddr.png and https://en.bitcoin.it/wiki/Secp256k1 Why do we need both X and Y to make a private key?
pinhead
  • 5,144
  • 2
  • 24
  • 43
2
votes
2 answers

How to figure out the coordinates of a compressed G point?

I really can't get my head around this ECDSA thing... So far I know that it's used for validating transactions by having a private key sign its signature to the transaction. I've come to the math part of ECDSA, but I just can't find any sources that…
cppnoob
  • 21
  • 2
2
votes
1 answer

Can someone explain me ECDSA (creating public from private key) with 8-bit numbers?

Trying to understand Elliptic Curve maths with 256-bit numbers seems like hard to explain/understand. I wonder if by lowering down the possible numbers get's a little bit easier.
John Smith
  • 271
  • 2
  • 10
2
votes
1 answer

PEM format for ECDSA

I have been looking at Coinapult's API documentation which details the use of PEM format in python-ecdsa. Specifically, private keys and public keys need to be formatted using PEM. Let's take Coinapult's specified public key: -----BEGIN PUBLIC…
Wizard Of Ozzie
  • 5,298
  • 4
  • 31
  • 63
2
votes
3 answers

In Elliptic Curve Addition, where does the second point come from?

I have a limited understanding of elliptic curve terminology, but if you can bear with me I'd like to ask this question anyway. I'll start with what I understand... You do EC multiplication with the private key to get the public key. EC…
inersha
  • 3,063
  • 1
  • 17
  • 41
1
vote
1 answer

PUBLIC ECDSA KEY

I want to know how I can build a Python script that can Calculate Public Key ECDSA from a Private Key (HEX) and the result is similar to the imagen
Alfredo Eduardo
  • 11
  • 1
1
vote
2 answers

Why are r and s modulo N? (not P)

As Peter Wuille mentions here, the ECDSA signature values (r, s) are modulo N (eg verifying ECDSA signatures, where u1 = z * w % N), whereas the rest of the ECDSA functionality in Bitcoin seems to be modulo P. Why is this so?
Wizard Of Ozzie
  • 5,298
  • 4
  • 31
  • 63
1
vote
1 answer

ECDSA sign of transaction

What is true sign of transaction in bitcoin testnet (https://blockstream.info/testnet/tx/c6c232a36395fa338da458b86ff1327395a9afc28c5d2daa4273e410089fd433) : c6c232a36395fa338da458b86ff1327395a9afc28c5d2daa4273e410089fd433 Original RAW transaction :…
bit_user
  • 11
  • 2
0
votes
0 answers

The Generator Point (G) in Eliptic curve Cryptography

I am aware that the generator point (G) in Ecdsa is constant... But if I we're to calculate an equation using this number, I don't know if I should use the compressed or the uncompressed format of the generator point (G). And how should I apply the…
Dave Kent
  • 29
  • 6
0
votes
1 answer

Testing the blockchain for ECDSA signature random collision

The wikipedia page on ECDSA signature explains how the signer's private key can be recovered if two signatures are produced with the same random (private key looking) element k. In fact, it is claimed on the DSA page that a fault in the…
Sven Williamson
  • 1,524
  • 10
  • 24
0
votes
0 answers

Why do we need additional secret value (k) in ECDSA?

Formula for calculating an ECDSA signature (r, s) is: s = k-1(z + qr) k - private key for a random point R z - hash of a message q - original private key r - x(R) I am interested in why do we need two secret values (k and q) in a formula for…
LeaBit
  • 930
  • 1
  • 13
1
2