Bitcoin gives you the ability to generate a key pair, a public key and a private key. You generate a signature with your private key, and that signature is what you attach to a transaction. It proves to any third party that the transaction was authorized by you, the rightful owner, without you ever having to reveal the key itself.
But what is actually happening underneath that process?
ECDSA — Elliptic Curve Digital Signature Algorithm
The mechanism behind all of it is ECDSA — a digital signature system built on elliptic curve cryptography.
An elliptic curve is defined by the equation y² = x³ + ax + b. Bitcoin fixes the constants at a = 0 and b = 7, which reduces the equation to the one introduced in the last article:
y² = x³ + 7
This is called the secp256k1 curve. Every key, every signature, every verification happens through operations on points that lie on this curve, inside the finite field.
ECDSA handles three things: key creation, signature generation, and signature verification. Each one builds on the last.
Key Creation
A private key is a randomly generated large integer d — chosen from the range 1 to n − 1, where n is the order of the secp256k1 curve. It's a 256-bit number, meaning it's chosen from a space of roughly 2²⁵⁶ possibilities. No one chooses it for you, no server stores it, no institution knows it. It exists only where you keep it.
The public key Q is then derived from it:
Q = d · G
G here is the generator point — a fixed, agreed-upon point on the secp256k1 curve that the Bitcoin network uses. The operation d · G is point multiplication, a one-way operation: the point G is added to itself d times using elliptic curve addition rules, all within the finite field.
Think of your public key as your account details — the address people send funds to. Your private key is your transfer authorization, except unlike a bank PIN, it isn't held by anyone else. Only you.
One-Way Operations — Why You Can't Go Backwards
To understand why reversing Q = d · G is impossible, it helps to start with something more familiar: prime factorization.
It is believed that prime numbers are the fundamental building blocks of all natural numbers — that every positive integer greater than 1 is a product of primes. Take 504 as an example:
504 = 2 · 2 · 2 · 3 · 3 · 7
Multiplying those factors together to get 504 is trivial. But hand someone 504 and ask them to recover the prime factors, and the only known approach is to repeatedly divide by every prime smaller than the number. As the numbers scale up to hundreds of digits, this becomes computationally infeasible. No shortcut is known to exist aside this naive way.
Point multiplication on an elliptic curve works on the same principle, and this amongst other reasons guarantees security. Computing Q = d · G given d is fast. But given only Q and G — recovering d — is the elliptic curve discrete logarithm problem. There is no known efficient algorithm to reverse it.
This one-way property is the entire basis of Bitcoin's security. But what does this actually mean for the signature that ECDSA produces?
Digital signature, like handwritten signature allows a receiver to convince a third party that a document came from a specific sender. But unlike a handwritten signature, a digital one cannot be forged, copied, or lifted from one document and placed on another.
More critically, a handwritten signature at the bottom of a document doesn't guarantee the contents above it weren't altered after signing. The signature and the message are separate things.
A digital signature fixes both problems. It cannot be forged - producing a valid signature requires the private key, which only the owner holds. And it is bound to the exact content of the message, if a single character in the transaction changes after signing, the signature becomes invalid. It doesn't just sign a document. It signs every bit of it.
Top comments (0)