Quiz Entry - updated: 2026.07.14
How do ECDH (Elliptic Curve Diffie-Hellman) and ECDSA (Elliptic Curve Digital Signature Algorithm) work?
ECDH is DH using point multiplication instead of modular exponentiation. ECDSA is the elliptic curve version of DSA. Both use the same curve parameters but much smaller keys.
* ECDSA signing forms $(r,s)$ from the hash, a fresh nonce $k$, and the private key $d$; verification recomputes a point from public data and accepts iff its x-coordinate equals $r$. *
ECDH (Key Exchange):
- Public parameters: Curve $E$ and base point $G$ (generator) of order $n$
- Alice: secret $a$, publishes $A = a \cdot G$
- Bob: secret $b$, publishes $B = b \cdot G$
- Shared secret: $K = a \cdot B = b \cdot A = ab \cdot G$
- Identical to classical DH, but with point multiplication replacing modular exponentiation
ECDSA (Signing):
- Hash the message: $h = H(m)$
- Choose random $k$, compute $R = k \cdot G$, let $r = x_R \mod n$
- Compute $s = k^{-1}(h + r \cdot d) \mod n$ where $d$ is the private key
- Signature is $(r, s)$
ECDSA (Verification):
- Compute $h = H(m)$
- Compute $u_1 = h \cdot s^{-1} \mod n$ and $u_2 = r \cdot s^{-1} \mod n$
- Compute $R' = u_1 \cdot G + u_2 \cdot Q$ (where $Q$ is the public key)
- Valid if $x_{R'} \equiv r \mod n$
Key advantage: ECDSA is inherently probabilistic (random $k$) and doesn't have RSA's homomorphic weakness. Used in Bitcoin, TLS 1.3, and most modern protocols.
Go deeper:
Corbellini — ECC part 3: ECDH and ECDSA — both protocols worked end-to-end with code.
Elliptic-curve Diffie–Hellman — Wikipedia — the key-agreement details.
ECDSA — Wikipedia — the signing and verification equations, formalised.