TERM_DEF // KEYS_CRYPTOGRAPHY / DER_SIGNATURE
DER
SIGNATURE
SIGNATURE
signature/">DER Signature. Distinguished Encoding Rules format for ECDSA signatures, starting with 0x30 and a length byte.
This page sits in the Keys & Cryptography section — Elliptic curves, hashes, and signatures — the math that lets a 32-byte secret control billions of dollars. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
This page sits in the Keys & Cryptography section — Elliptic curves, hashes, and signatures — the math that lets a 32-byte secret control billions of dollars. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_DER_SIGNATURE_IS
DER Signature — at a glance
KEYS
DER Signature is a cryptographic component of Bitcoin. Distinguished Encoding Rules format for ECDSA signatures, starting with 0x30 and a length byte. Like every cryptographic building block in Bitcoin, it is fundamentally a piece of math — not a feature provided by a server, not a permission granted by an authority, but a deterministic function that any machine can compute and any other machine can verify.
Why it exists
DESIGN
Bitcoin has no central authority to vouch for ownership, prove identity, or guarantee that a message has not been tampered with. Cryptography fills all three roles. DER Signature exists because the alternative — trusting a third party with custody, signatures, or random number generation — would re-introduce exactly the single points of failure Bitcoin was designed to eliminate. The security of every coin in existence depends on these primitives behaving as advertised.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
The mechanism rests on a one-way function: easy to compute forward, computationally infeasible to reverse. For signature schemes that asymmetry comes from the elliptic-curve discrete logarithm problem on the secp256k1 curve; for hash functions like SHA-256 it comes from collision-resistance. DER Signature is built on top of these primitives and inherits their security: every node/">full node can independently verify a result in microseconds, but no attacker can fabricate a fake one in any realistic amount of time, even with all the computers on Earth working together.
1. Generate or receive the input bytes (a private key, a message, a public key, a signature — depending on the operation).
2. Apply the cryptographic primitive — typically built on SHA-256, RIPEMD-160, secp256k1, or Schnorr/ECDSA.
3. Encode the result in the expected form: 32-byte hash, 33-byte compressed pubkey, 64-byte Schnorr signature, ~71-byte DER ECDSA signature, etc.
4. Verifiers worldwide re-run the same computation against the public inputs to confirm authenticity — no shared secret required.
WORKED_EXAMPLE
DER Signature — example values
EXAMPLE
inputs : private_key (32 bytes, secret)
message_hash (32 bytes, sighash of the tx)
nonce k (32 bytes, must be unique per signature)
signature (Schnorr, 64 bytes): R || s
signature (ECDSA, ~71 bytes): DER(r, s)
verifier re-runs the math with the public key — passes iff signer holds the private key.
KEY_PROPERTIES
ONE-WAY
Easy to compute forward in microseconds; infeasible to reverse even with planetary compute resources.
COLLISION-RESISTANT
Finding two distinct inputs that produce the same output requires more work than has ever been done on Earth.
PUBLIC-VERIFIABLE
Anyone can check a signature/hash against public data — no shared secret needed for verification.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- Never reuse a signing nonce — a single nonce reuse leaks the private key permanently and irretrievably.
- Never generate keys with weak randomness (timestamps, user input, Math.random) — predictable seeds have drained millions in past incidents.
- Never paste secrets into a web form, screenshot, or cloud note — anywhere they leave your control they may be copied silently.
- Treat DER Signature like nuclear material: handle it, store it, and dispose of it deliberately.
RELATED_CONCEPTS
Other terms from Keys & Cryptography — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
DER Signature
Distinguished Encoding Rules format for ECDSA signatures, starting with 0x30 and a length byte.
Private Key
A random 256-bit number that gives full spending authority over the coins locked to its derived public key.
Public Key
A point on the secp256k1 curve, derived from a private key, that others use to verify signatures you produce.
Key Pair
A private key paired with its mathematically-linked public key; one signs, the other verifies.
Elliptic Curve
A curve defined by y² = x³ + ax + b; "adding" two points produces a third, and that operation is easy forward but practically impossible to reverse.
secp256k1
The specific elliptic curve Bitcoin uses, chosen for its lack of suspicious constants and high-performance arithmetic.
Generator Point (G)
A fixed agreed-upon point on secp256k1; multiplying G by your private key gives your public key.
Curve Order (n)
The number of distinct points on secp256k1 reachable from G; private keys are integers modulo n.