Skip to content
Alver edited this page May 25, 2018 · 4 revisions

ECDSA is a digital signature algorithm based on DSA and use elliptic curve groups. Currently only 4 NIST curves are supported:

Curve ID
P-224 1
P-256 2
P-384 3
P-512 4

Each curve has a specified bit length L, which limited the range of integers used in the algorithm.

Public Key

ECDSA public key is a curve point with affine coordinate (x, y)。

Encoding

There are two encoding mode: compressed and non-compressed.

Assign X and Y to the L bits (⌈L/8⌉ bytes) sequence converted from x and y in little endian.

  • compressed: FLAG || X

    FLAG is 1 byte flag which is 0x02 if Y is even or 0x03 if Y is odd.

  • non-compressed: 0x04 || X || Y

Serialization

The serialized byte sequence of ECDSA public key has 2 leading bytes indicate ECDSA algorithm and the curve and follows by the encoded key data:

ECDSA_ID || CURVE_ID || ENCODED_PUBLIC_KEY

While curve P-256 is a special case, which uses the encoded key as the serialized data, starts with 0x02 or 0x03 (compression mode), without the IDs ahead.

Private Key

ECDSA private key is a integer d.

For serialization, it is specified that the public key is serialized together:

ECDSA_ID || CURVE_ID || D || ENCODED_PUBLIC_KEY

where D is the L bits (⌈L/8⌉ bytes) sequence converted from d in little endian.

Signature

A ECDSA signature consists of 2 integers (r, s).

When serializing, first convert r and s to L bits byte sequences R, S. The result sequence is in following format:

SIGNATURE_SCHEME || R || S
Clone this wiki locally