LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How do ECDH (Elliptic Curve Diffie-Hellman) and ECDSA (Elliptic Curve Digital Signature Algorithm) work?

ECDH is DH using point multiplication instead of modular exponentiation. ECDSA is the elliptic curve version of DSA. Both use the same curve parameters but much smaller keys.

ECDSA sign and verify sequence: signer hashes the message, picks random k, forms r and s; verifier recomputes a point and checks its x-coordinate equals r

* ECDSA signing forms $(r,s)$ from the hash, a fresh nonce $k$, and the private key $d$; verification recomputes a point from public data and accepts iff its x-coordinate equals $r$. *

ECDH (Key Exchange):

  • Public parameters: Curve $E$ and base point $G$ (generator) of order $n$
  • Alice: secret $a$, publishes $A = a \cdot G$
  • Bob: secret $b$, publishes $B = b \cdot G$
  • Shared secret: $K = a \cdot B = b \cdot A = ab \cdot G$
  • Identical to classical DH, but with point multiplication replacing modular exponentiation

ECDSA (Signing):

  1. Hash the message: $h = H(m)$
  2. Choose random $k$, compute $R = k \cdot G$, let $r = x_R \mod n$
  3. Compute $s = k^{-1}(h + r \cdot d) \mod n$ where $d$ is the private key
  4. Signature is $(r, s)$

ECDSA (Verification):

  1. Compute $h = H(m)$
  2. Compute $u_1 = h \cdot s^{-1} \mod n$ and $u_2 = r \cdot s^{-1} \mod n$
  3. Compute $R' = u_1 \cdot G + u_2 \cdot Q$ (where $Q$ is the public key)
  4. Valid if $x_{R'} \equiv r \mod n$

Key advantage: ECDSA is inherently probabilistic (random $k$) and doesn't have RSA's homomorphic weakness. Used in Bitcoin, TLS 1.3, and most modern protocols.

Go deeper:

From Quiz: KRYPTOG / Elliptic Curve Cryptography | Updated: Jul 14, 2026