ECDSA (Elliptic Curve Digital Signature Algorithm) is a public key algorithm for creating a digital signature, similar in structure to DSA, but defined, unlike it, not over a finite numerical field, but in a group of points on an elliptic curve.
Peculiarities
The strength of the encryption algorithm is based on the problem of the discrete logarithm in a group of points on an elliptic curve. Unlike the simple discrete logarithm problem and the integer factorization problem, there is no subexponential algorithm for the discrete logarithm problem on the group of points of an elliptic curve. For this reason, the "power per key bit" is significantly higher in an algorithm that uses elliptic curves.
D. Brown (Daniel R. L. Brown) proved that the ECDSA algorithm is not more secure than DSA. He formulated a security constraint for ECDSA which led to the following conclusion:
“If an elliptic curve group can be modeled by the main group and its hash function satisfies a certain educated guess, then ECDSA is resistant to a matched-plaintext attack with forgery in place.
The ECDSA algorithm was adopted as an ANSI standard in 1999, and as an IEEE and NIST standard in 2000. Also in 1998, the algorithm was adopted by the ISO standard. Despite the fact that EDS standards have been created quite recently and are being improved, one of the most promising of them today is ANSI X9.62 ECDSA from 1999 - DSA for elliptic curves
Advantages of ECDSA over DSA
ECDSA is a very attractive algorithm for implementing EDS. The most important advantage of ECDSA is its ability to work on much smaller fields {\displaystyle F_{p}}F_{p}. As with elliptic curve cryptography in general, the bit size of the public key that will be needed for ECDSA is assumed to be twice the size of the private key in bits. In comparison, with a security level of 80 bits (meaning an attacker needs approximately {\displaystyle 2^{80}}2^{80} signature versions to find the private key), the DSA public key size is at least 1024 bits, while the ECDSA public key is 160 bits. On the other hand, the signature size is the same for both DSA and ECDSA: {\displaystyle 4t}4t bits, where {\displaystyle t}t is the security level measured in bits, i.e. approximately 320 bits for a security level of 80 bits.
