Why was ECDSA encryption chosen?

[Anonymous Kid]

Is there any reason for choosing this type of encryption? Why is it more secure than others?

[1715398650]

1715398650

[1715398650]

1715398650

[aleksej996]

The choice wasn't just for security, there were other factors as well.

First of all, asymmetric cryptography was needed to fulfill the requirement of using a public blockchain where everyone needs to see proof of your signature and that no one can get the key used for it other then you.

Using RSA, another very popular asymmetric cypher would be quite inefficient as RSA keys are larger than ECDSA keys, even when they offer the same amount of security. They are also more computationally intensive to verify which is important when you need for every node to verify every transaction.
So blockchain would be a lot bigger for no reason if we used RSA, there would be a bigger bandwith requirement of running a full node and your CPU would have to work harder.

There where some other ECDSA algorithms that Bitcoin could have used that where approved by NIST, but due to very big likelihood of inserted cryptographic backdoors in those algorithms, current implementation was used instead.

[cellard]

I think it's mostly a matter of popularity. In cryptography there seems to be a double edged sword: Often the most popular items are developed by some triple letter agency, like SHA256 itself. Something else could have been used, but it was the most time-tested. So you either use something that was developed by someone as dodgy as NSA or use something else developed by someone else but less time-tested.

[achow101]

First of all, ECDSA is not an encryption algorithm. Nothing is being encrypted with ECDSA. ECDSA is a signature algorithm (it's in the name!).

ECDSA was likely chosen because it is secure with shorter key lengths. An ECDSA private key of 256 bits has the roughly the same security of a RSA key with 3072 bits. This is a massive space saving measure.

[J-N]

Is there any reason for choosing this type of encryption? Why is it more secure than others?

ECDSA digital signature was chosen to sign a transactions of Bitcoin. The keys are not very long and the computing is not much expensive. The secp256k1 curve was chosen, because it is "rigid" and pretty safe.

[Heisenberg_Hunter]

As achow said ECDSA is not a encryption, it's a signature algorithm. ECDSA stand for Elliptic Curve Digital Signature Algorithm. RSA has been used widely in the olden days for the encryption and the decryption of the messages.

 But these RSA algorithm of encryption had larger key length. ECDSA provides the same security similar to RSA but in a short length of keys.
 Having short length of keys helps us in computational activities to be executed at a faster rate and moreover this shorter key lengths helps us in processing power, reducing the storage space and reducing the consumption of power. ECDSA were able to generate keys at a faster rate in a much efficient way when compared to the RSA.

Once I read somewhere that an ECDSA has keys which has length ranging from 20 bytes to 70 bytes whereas a RSA has keys ranging from 0.12 kb to 1.9 kb. These factors are just more than enough for going with this type of algorithm for encryption.