Difference Between ECDSA (secp256k1) and EdDSA (Ed25519) Session Types in mpcium

ECDSA sessions leverage the secp256k1 curve with mandatory pre-parameters for Bitcoin and Ethereum compatibility, while EdDSA sessions utilize the edwards25519 curve without pre-parameters for faster, deterministic signatures in modern cryptographic workflows.

The mpcium library implements both ECDSA (secp256k1) and EdDSA (Ed25519) session types to support diverse multi-party computation (MPC) requirements. A session represents the complete lifecycle of an MPC operation—including key generation, signing, and resharing—with the session type determining the specific cryptographic primitives and curve parameters used throughout the protocol.

Core Cryptographic Differences

Curve Specifications

The fundamental distinction lies in the underlying elliptic curves. ECDSA sessions operate on secp256k1 (referenced internally as KeyTypeSecp256k1 in pkg/mpc/key_type.go lines 6‑8), the standardized curve used by Bitcoin and Ethereum. EdDSA sessions instead use edwards25519 (referenced as KeyTypeEd25519 in the same file), which provides faster, deterministic signature generation with built-in protection against side-channel attacks.

Session Identifiers

According to the source code in pkg/mpc/session.go lines 28‑30, the library defines explicit string identifiers for each type. The system assigns "session_ecdsa" to ECDSA flows and "session_eddsa" to EdDSA flows. These constants drive the factory methods in pkg/mpc/node.go to instantiate the correct session implementation based on the requested cryptographic scheme.

Implementation Architecture

Key Generation Sessions

The initialization logic diverges significantly between the two session types. In pkg/mpc/ecdsa_keygen_session.go, the newECDSAKeygenSession constructor requires pre-parameters (LocalPreParams) to accelerate the distributed key generation process. These pre-computed parameters must be generated before session startup, adding a setup phase but improving performance during the actual MPC ceremony.

Conversely, pkg/mpc/eddsa_keygen_session.go implements newEDDSAKeygenSession without any pre-parameter requirements. The EdDSA keygen session initializes immediately using the tss-lib EdDSA implementation, resulting in a lighter-weight setup suitable for environments where pre-computation is impractical.

Message Round Handling

Each session type maintains its own message routing logic. The ECDSA implementation uses GetEcdsaMsgRound (defined in pkg/mpc/ecdsa_rounds.go) to decode and validate protocol messages across the multi-round signing or resharing process. The EdDSA counterpart relies on GetEddsaMsgRound from pkg/mpc/eddsa_rounds.go, reflecting the different round structures inherent to the EdDSA signature algorithm.

Storage Prefixes and Key Encoding

When persisting key material, the system differentiates storage keys via distinct prefixes. The Node.getKeyInfo method (in pkg/mpc/node.go) applies "ecdsa:<walletID>" for secp256k1 keys and "eddsa:<walletID>" for edwards25519 keys. Public key encoding also differs: ECDSA public keys undergo DER-encoded serialization via encoding.EncodeS256PubKey, while EdDSA public keys use compressed Edwards point representation through SerializeCompressed.

Resharing Support

Both session types support key resharing, but with different initialization requirements. NewECDSAReshareSession must handle pre-parameter versioning and compatibility checks, while NewEDDSAReshareSession operates without these constraints. This distinction ensures that ECDSA resharing maintains the security guarantees of the original pre-parameters, whereas EdDSA resharing proceeds with minimal overhead.

Practical Usage Examples

Creating an ECDSA Key Generation Session

The following example demonstrates initiating a secp256k1 session with pre-parameter requirements:

walletID := "my-ecdsa-wallet"
threshold := 2 // t+1 participants required

ecdsaSession, err := node.CreateKeyGenSession(
    mpc.SessionTypeECDSA, // selects secp256k1/ECDSA
    walletID,
    threshold,
    resultQueue, // messaging.MessageQueue implementation
)
if err != nil {
    logger.Error("failed to create ECDSA session", err)
    return
}
ecdsaSession.Init()
ecdsaSession.GenerateKey(func() {
    logger.Info("ECDSA key generated", "walletID", walletID)
})

This invokes the logic in pkg/mpc/ecdsa_keygen_session.go lines 32‑74, which validates LocalPreParams before proceeding with the BNB-chain tss-lib ECDSA keygen.

Creating an EdDSA Key Generation Session

For modern, deterministic signatures using edwards25519:

walletID := "my-ed25519-wallet"
threshold := 2

eddsaSession, err := node.CreateKeyGenSession(
    mpc.SessionTypeEDDSA, // selects edwards25519/EdDSA
    walletID,
    threshold,
    resultQueue,
)
if err != nil {
    logger.Error("failed to create EdDSA session", err)
    return
}
eddsaSession.Init()
eddsaSession.GenerateKey(func() {
    logger.Info("EdDSA key generated", "walletID", walletID)
})

This uses the constructor defined in pkg/mpc/eddsa_keygen_session.go lines 23‑65, which bypasses pre-parameter generation entirely.

Runtime Session Type Inspection

To determine the cryptographic scheme of an existing session:

func printSessionInfo(s *mpc.session) {
    switch s.sessionType {
    case mpc.SessionTypeECDSA:
        fmt.Println("This is an ECDSA (secp256k1) session")
    case mpc.SessionTypeEDDSA:
        fmt.Println("This is an EdDSA (edwards25519) session")
    }
}

The session struct stores the sessionType field as defined in pkg/mpc/session.go lines 75‑82, enabling runtime polymorphism across the MPC infrastructure.

Summary

• ECDSA (secp256k1) sessions require pre-parameters (LocalPreParams) for key generation and use DER-encoded public keys with "ecdsa:" storage prefixes, targeting Bitcoin and Ethereum compatibility.
• EdDSA (Ed25519) sessions operate without pre-parameters, use compressed Edwards point encoding, and employ "eddsa:" storage prefixes for modern, high-performance cryptographic workflows.
• Both session types share common infrastructure for message routing and error handling but implement distinct round-handling functions (GetEcdsaMsgRound vs GetEddsaMsgRound) and storage logic.

Frequently Asked Questions

What determines whether I should use ECDSA or EdDSA session types in mpcium?

Choose ECDSA (secp256k1) when you require compatibility with existing blockchain ecosystems like Bitcoin or Ethereum that mandate this specific curve. Select EdDSA (Ed25519) for new cryptographic implementations requiring faster, deterministic signatures with lower bandwidth overhead and resistance to side-channel attacks, as implemented in the edwards25519 curve.

Why do ECDSA sessions require pre-parameters while EdDSA sessions do not?

The newECDSAKeygenSession function requires LocalPreParams to optimize the distributed key generation protocol using the BNB-chain tss-lib implementation. These pre-computed values reduce latency during the live MPC ceremony. The newEDDSAKeygenSession constructor operates without pre-parameters because the EdDSA algorithm in tss-lib uses a different mathematical structure that does not benefit from pre-computation in the same way, simplifying the initialization process.

How does mpcium differentiate storage between ECDSA and EdDSA keys?

The system uses distinct key prefixes defined in pkg/mpc/node.go within the Node.getKeyInfo method. ECDSA keys are stored with the prefix "ecdsa:<walletID>" and utilize DER-encoded secp256k1 public keys. EdDSA keys use "eddsa:<walletID>" with compressed Edwards point serialization (SerializeCompressed), ensuring cryptographic material remains correctly partitioned by algorithm type.

Can I convert an existing ECDSA session to an EdDSA session or vice versa?

No, the session types are cryptographically incompatible and cannot be converted. Each session type generates keys specific to its underlying curve—secp256k1 for ECDSA and edwards25519 for EdDSA—and uses different round-handling logic (GetEcdsaMsgRound vs GetEddsaMsgRound). To switch algorithms, you must create a new session of the target type and generate fresh keys through the respective CreateKeyGenSession factory method.

{
  "mcpServers": {
    "instagit": {
      "command": "npx",
      "args": ["-y", "instagit@latest"]
    }
  }
}