Which curve produces a digital signature decides its security, speed and pitfalls — and why ALD uses one rather than the other.
Every digital signature computes on an elliptic curve. Two names keep coming up: secp256k1 and Ed25519. They solve the same problem — very differently.
Foundation
A digital signature proves two things: that a message comes from a particular key — and that it wasn't altered in transit. A secret private key derives a public key that cannot be reversed.
The "curve" is the mathematical space where this happens. Different curves differ in speed, security and the traps of real-world implementation.
The Bitcoin curve
secp256k1 is the curve of Bitcoin and Ethereum, used with ECDSA. Its strength: years of real-world use, broad tooling support.
Its weaknesses are practical: ECDSA needs a fresh random number (nonce) for every signature. If that nonce is weak or repeats, the private key can be reconstructed — a real past attack vector. A side-channel-safe, constant-time implementation is also demanding.
The modern choice
Ed25519 was designed by Daniel J. Bernstein and team. Three properties make it attractive:
Side by side
| Property | secp256k1 · ECDSA | Ed25519 · EdDSA |
|---|---|---|
| Random nonce | required per signature (risk) | deterministically derived |
| Side channels | careful implementation needed | constant-time by design |
| Key / signature | 32 B / ~71–72 B | 32 B / 64 B |
| Typical use | Bitcoin, Ethereum | SSH, Signal, TLS 1.3 |
No curve is "better" at everything — secp256k1 is deeply embedded in the financial ecosystem. For a system where ordinary devices participate as equals, Ed25519's practical properties weigh heavily.
Why ALD uses Ed25519
ALD derives every address from an Ed25519 key pair — the private key stays in your browser. We deliberately chose against Bitcoin's secp256k1: the deterministic, side-channel-hardened signature fits a system without special hardware, where a phone counts as much as a data centre.
See How ALD works for the full picture. The mechanics are open — you can verify a signed manifest yourself or inspect the reference implementation on GitHub.
Clarification
Keys and signatures are a technical means here — not a financial product. ALD units have no monetary value, are not sold and not traded. This is about access, identity without a central account, and verifiability — not investment or returns.