ECDSA verify signature

The algorithm to verify a ECDSA signature takes as input the signed message msg + the signature {r, s} produced from the signing algorithm + the public key pubKey, corresponding to the signer's private key. The output is boolean value: valid or invalid signature. The ECDSA signature verify algorithm works as follows (with minor simplifications):

  1. Calculate the message hash, with the same cryptographic hash function used during the signing: h = hash(msg)

  2. Calculate the modular inverse of the signature proof: s1 = sāˆ’1(modn)s^{-1} \pmod n

  3. Recover the random point used during the signing: R' = (h * s1) * G + (r * s1) * pubKey

  4. Take from R' its x-coordinate: r' = R'.x

  5. Calculate the signature validation result by comparing whether r' == r

The general idea of the signature verification is to recover the point R' using the public key and check whether it is same point R, generated randomly during the signing process.


Last updated