# Understanding ECDSA

The **Elliptic Curve Digital Signature Algorithm (ECDSA)** is a protocol that allows two parties—commonly called **Alice** (the signer) and **Bob** (the verifier)—to securely exchange and verify signed messages.

***

### Step 1 – Generating Keys

Alice starts by creating her **key pair**:

1. She chooses a random integer **d** (where 0 < d < q). This becomes her **private key**.
2. She computes **Kₚᵤᵦ = d × G**, where **G** is the generator point of the elliptic curve.
   * The result is her **public key**, which is a point on the elliptic curve with **x** and **y** coordinates.
3. Alice shares her public key **Kₚᵤᵦ** with Bob, but keeps her private key **d** secret.

<figure><img src="/files/2u18u2b4ofd9PEw8W5FI" alt=""><figcaption></figcaption></figure>

### Step 2 – Signing

When Alice wants to sign a message **m**:

1. She chooses a random **ephemeral key k** (0 < k < q).
2. She computes **R = k × G**, and then sets **r = Rₓ mod q** (the x-coordinate of R).
   * If **r = 0**, she starts over with a new k.
3. Alice computes the **hash of the message h(m)**.
   * Hashing makes signing more efficient and prevents certain attacks.
4. She calculates **s ≡ (h(m) + d × r) × k⁻¹ mod q**.
5. The signature is the pair **(r, s)**.

Important: Both **r** and **s** must be in the range **1 ≤ r, s < q**.u

<figure><img src="/files/ILY09eLTCK4cVWpZDtu9" alt=""><figcaption></figcaption></figure>

### Step 3 – Verification

Bob receives Alice’s message **m** and signature **(r, s)**. To verify:

1. Compute **u₁ ≡ h(m) × s⁻¹ mod q**.
2. Compute **u₂ ≡ r × s⁻¹ mod q**.
3. Calculate **P = u₁ × G + u₂ × Kₚᵤᵦ**.
4. Let **P = (xₚ, yₚ)**. If **xₚ mod q = r**, the signature is **valid**; otherwise, it is **invalid**.

<figure><img src="/files/GMhswrpritVPOjNjqAZm" alt=""><figcaption></figcaption></figure>

### Key Takeaways

* **Private Key (d):** Secret, chosen randomly by Alice.
* **Public Key (Kₚᵤᵦ):** Derived from d × G, shared openly.
* **Signature (r, s):** Generated using a one-time ephemeral key and the message hash.
* **Verification:** Bob confirms validity using only the public key, without ever knowing Alice’s private key.
* **Security:** ECDSA ensures authenticity, integrity, and non-repudiation of digital messages.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hub.bsvblockchain.org/higher-learning/bsv-academy/bitcoin-primitives-digital-signatures/elliptic-curve-digital-signature-algorithm-ecdsa/understanding-ecdsa.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.