# Alice, Bob & Eve: Digital signatures using ECDSA

DSA and ECDSA are both digital‑signature algorithms built on the hardness of discrete logarithms, but they operate in different mathematical worlds. Classic DSA uses arithmetic in large finite fields, while ECDSA uses elliptic curves, which provide the same security with far smaller keys and faster operations. 

Both algorithms are strictly for signatures; they cannot encrypt data (like RSA) or perform key transport (like DHM). They also rely on high‑quality randomness for each signature, because reusing or predicting the per‑signature nonce can reveal the private key. But modern cryptographic libraries and computers can supply the required entrophy.

RSA signatures are deterministic at their core, although randomness can be added through padding schemes such as PSS. Because its security grows more slowly with key size, RSA requires much larger keys than ECDSA to achieve comparable strength, and its signatures are correspondingly larger. In practice, RSA tends to be slower for signing but faster for verification, while ECDSA offers compact keys and signatures with excellent performance, especially on constrained devices.

In .NET, the corresponding class is `System.Security.Cryptography.ECDsa`. The API is exactly the same as for RSA. Actually, both these classes are inheriting from the `AsymmetricAlgorithm` abstract class, which provides the methods we are using.

## Alice

As usual, Alice will generate her key pair. Notice that the keys are significantly shorter than RSA keys, thanks to the elliptic curves.

In [1]:
using System.Security.Cryptography;

var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
var publicKeyPem = ecdsa.ExportSubjectPublicKeyInfoPem();
var privateKeyPem = ecdsa.ExportPkcs8PrivateKeyPem();

// Display the keys
Console.WriteLine("Alice's Private Key:");
Console.WriteLine(privateKeyPem);

Alice's Private Key:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgkw1ybmUDPl7HGmNs
KsaZ6HgswXt6TV/APHS+XIUAkYyhRANCAARPrwdrjfkmBhP2ETvLiU9SZ5FWU9+0
S9/oVYzLa8LRCS/tKEkDW2S3rHP40j9BKzhr+8vpp+1pi1lDjuhWXP6d
-----END PRIVATE KEY-----


In [2]:
Console.WriteLine("Alice's Public Key:");
Console.WriteLine(publicKeyPem);

Alice's Public Key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET68Ha435JgYT9hE7y4lPUmeRVlPf
tEvf6FWMy2vC0Qkv7ShJA1tkt6xz+NI/QSs4a/vL6aftaYtZQ47oVlz+nQ==
-----END PUBLIC KEY-----


Alice will then generate signature of her message. Notice that the signature itself is also smaller, than in case of RSA:

In [3]:
var messageText = "Bob, I love you!";
var messageBytes = System.Text.Encoding.UTF8.GetBytes(messageText);
Console.WriteLine($"Original Message: {messageText}");
Console.WriteLine();

// Sign the message
var signatureBytes = ecdsa.SignData(messageBytes, HashAlgorithmName.SHA256);
var signatureText = Convert.ToBase64String(signatureBytes, Base64FormattingOptions.InsertLineBreaks);
Console.WriteLine($"Signature:");
Console.WriteLine(signatureText);

Original Message: Bob, I love you!

Signature:
RzHBBoDD9a1gPnJ0Ux9xJoRNOIYo/azY8TczyX/Jg3p/CmdItAH2Rg4/Cbu57zFRMRTP6MhDH0ff
Hz5vkBFaOA==


## Bob

In [4]:
// Function to verify signature
bool VerifySignature(string publicKeyPem, string message, byte[] signature) {
    // Create ECDsa instance for verification
    using var ecdsaVerify = ECDsa.Create();
    ecdsaVerify.ImportFromPem(publicKeyPem);

    // Convert message to bytes
    var messageBytesVerify = System.Text.Encoding.UTF8.GetBytes(message);

    // Verify the signature
    return ecdsaVerify.VerifyData(messageBytesVerify, signature, HashAlgorithmName.SHA256);
}

Console.WriteLine($"Is 'Bob, I love you!' valid? {VerifySignature(publicKeyPem, "Bob, I love you!", signatureBytes)}");
Console.WriteLine($"Is 'Bob, I hate you!' valid? {VerifySignature(publicKeyPem, "Bob, I hate you!", signatureBytes)}");

Is 'Bob, I love you!' valid? True
Is 'Bob, I hate you!' valid? False
