Signature Algorithms-ECDSA

What Is ECDSA?

ECDSA is short for Elliptic Curve Digital Signature Algorithm, which is mainly used to create a digital signature for data (such as a file). users can verify its authenticity without undermining its security. Think of it as an actual signature, you can identify the signatures of others, but you can't forge it without leave a trace. The difference between an ECDSA signature and a real signature is that it is impossible to forge an ECDSA signature.

ECDSA does not encrypt or prevent someone from seeing or accessing your data, what it protects against though is making sure that the data was not tampered with. Two words are worth noting here in "ECDSA" and that's "Curve" and "Algorithm" because it means that ECDSA is basically all about mathematics..

Why Use ECDSA?

Files (applications, game maps, data) are signed using ECDSA signatures, the public key will be bundled with the application/game/device and verifies the signature to make sure the data has not been modified, while the private key is kept under lock in a safe somewhere. Since signatures can be verified using the public key, but new signatures cannot be created/forged, the public key can be safely distributed with the application/game/device.

The Hash

ECDSA is used with a SHA1cryptographic hash of the message to sign (the file). A hash is simply another mathematical equation that you apply on every byte of data which will give you a number that is unique to your data.What ECDSA signs is actually that hash, so if the data changes, the hash changes, and the signature isn’t valid anymore.

The ECDSA Equation

Well Elliptic Curve cryptography is based on an equation of the form :

y^2 = (x^3 + a * x + b) mod p

Since each x will yield two points (positive and negative values of the square-root of y^2), this means that there are N/2 possible ‘x‘ coordinates that are valid and that give a point on the curve. So this elliptic curve has a finite number of points on it, and it’s all because of the integer calculations and the modulus.

The Security of ECDSA

Due to the trapdoor feature of ECDSA, dA or k cannot be calculated from Qa and R, which makes the ECDSA algorithm secure, the private key cannot be found, and the signature cannot be forged without knowing the private key.