# Difference Between ECDSA (secp256k1) and EdDSA (Ed25519) Session Types in mpcium

> Discover the key differences between ECDSA secp256k1 and EdDSA Ed25519 session types in mpcium. Learn about their curves, parameters, and performance for secure applications.

- Repository: [Fystack Labs/mpcium](https://github.com/fystack/mpcium)
- Tags: deep-dive
- Published: 2026-03-02

---

**ECDSA sessions leverage the secp256k1 curve with mandatory pre-parameters for Bitcoin and Ethereum compatibility, while EdDSA sessions utilize the edwards25519 curve without pre-parameters for faster, deterministic signatures in modern cryptographic workflows.**

The mpcium library implements both **ECDSA (secp256k1)** and **EdDSA (Ed25519)** session types to support diverse multi-party computation (MPC) requirements. A *session* represents the complete lifecycle of an MPC operation—including key generation, signing, and resharing—with the session type determining the specific cryptographic primitives and curve parameters used throughout the protocol.

## Core Cryptographic Differences

### Curve Specifications

The fundamental distinction lies in the underlying elliptic curves. **ECDSA sessions** operate on `secp256k1` (referenced internally as `KeyTypeSecp256k1` in [`pkg/mpc/key_type.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/key_type.go) lines 6‑8), the standardized curve used by Bitcoin and Ethereum. **EdDSA sessions** instead use `edwards25519` (referenced as `KeyTypeEd25519` in the same file), which provides faster, deterministic signature generation with built-in protection against side-channel attacks.

### Session Identifiers

According to the source code in [`pkg/mpc/session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/session.go) lines 28‑30, the library defines explicit string identifiers for each type. The system assigns `"session_ecdsa"` to ECDSA flows and `"session_eddsa"` to EdDSA flows. These constants drive the factory methods in [`pkg/mpc/node.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/node.go) to instantiate the correct session implementation based on the requested cryptographic scheme.

## Implementation Architecture

### Key Generation Sessions

The initialization logic diverges significantly between the two session types. In [`pkg/mpc/ecdsa_keygen_session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/ecdsa_keygen_session.go), the `newECDSAKeygenSession` constructor requires **pre-parameters** (`LocalPreParams`) to accelerate the distributed key generation process. These pre-computed parameters must be generated before session startup, adding a setup phase but improving performance during the actual MPC ceremony.

Conversely, [`pkg/mpc/eddsa_keygen_session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/eddsa_keygen_session.go) implements `newEDDSAKeygenSession` without any pre-parameter requirements. The EdDSA keygen session initializes immediately using the *tss-lib* EdDSA implementation, resulting in a lighter-weight setup suitable for environments where pre-computation is impractical.

### Message Round Handling

Each session type maintains its own message routing logic. The ECDSA implementation uses `GetEcdsaMsgRound` (defined in [`pkg/mpc/ecdsa_rounds.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/ecdsa_rounds.go)) to decode and validate protocol messages across the multi-round signing or resharing process. The EdDSA counterpart relies on `GetEddsaMsgRound` from [`pkg/mpc/eddsa_rounds.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/eddsa_rounds.go), reflecting the different round structures inherent to the EdDSA signature algorithm.

### Storage Prefixes and Key Encoding

When persisting key material, the system differentiates storage keys via distinct prefixes. The `Node.getKeyInfo` method (in [`pkg/mpc/node.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/node.go)) applies `"ecdsa:<walletID>"` for secp256k1 keys and `"eddsa:<walletID>"` for edwards25519 keys. Public key encoding also differs: ECDSA public keys undergo DER-encoded serialization via `encoding.EncodeS256PubKey`, while EdDSA public keys use compressed Edwards point representation through `SerializeCompressed`.

## Resharing Support

Both session types support key resharing, but with different initialization requirements. `NewECDSAReshareSession` must handle pre-parameter versioning and compatibility checks, while `NewEDDSAReshareSession` operates without these constraints. This distinction ensures that ECDSA resharing maintains the security guarantees of the original pre-parameters, whereas EdDSA resharing proceeds with minimal overhead.

## Practical Usage Examples

### Creating an ECDSA Key Generation Session

The following example demonstrates initiating a secp256k1 session with pre-parameter requirements:

```go
walletID := "my-ecdsa-wallet"
threshold := 2 // t+1 participants required

ecdsaSession, err := node.CreateKeyGenSession(
    mpc.SessionTypeECDSA, // selects secp256k1/ECDSA
    walletID,
    threshold,
    resultQueue, // messaging.MessageQueue implementation
)
if err != nil {
    logger.Error("failed to create ECDSA session", err)
    return
}
ecdsaSession.Init()
ecdsaSession.GenerateKey(func() {
    logger.Info("ECDSA key generated", "walletID", walletID)
})

```

This invokes the logic in [`pkg/mpc/ecdsa_keygen_session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/ecdsa_keygen_session.go) lines 32‑74, which validates `LocalPreParams` before proceeding with the BNB-chain *tss-lib* ECDSA keygen.

### Creating an EdDSA Key Generation Session

For modern, deterministic signatures using edwards25519:

```go
walletID := "my-ed25519-wallet"
threshold := 2

eddsaSession, err := node.CreateKeyGenSession(
    mpc.SessionTypeEDDSA, // selects edwards25519/EdDSA
    walletID,
    threshold,
    resultQueue,
)
if err != nil {
    logger.Error("failed to create EdDSA session", err)
    return
}
eddsaSession.Init()
eddsaSession.GenerateKey(func() {
    logger.Info("EdDSA key generated", "walletID", walletID)
})

```

This uses the constructor defined in [`pkg/mpc/eddsa_keygen_session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/eddsa_keygen_session.go) lines 23‑65, which bypasses pre-parameter generation entirely.

### Runtime Session Type Inspection

To determine the cryptographic scheme of an existing session:

```go
func printSessionInfo(s *mpc.session) {
    switch s.sessionType {
    case mpc.SessionTypeECDSA:
        fmt.Println("This is an ECDSA (secp256k1) session")
    case mpc.SessionTypeEDDSA:
        fmt.Println("This is an EdDSA (edwards25519) session")
    }
}

```

The `session` struct stores the `sessionType` field as defined in [`pkg/mpc/session.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/session.go) lines 75‑82, enabling runtime polymorphism across the MPC infrastructure.

## Summary

- **ECDSA (secp256k1)** sessions require pre-parameters (`LocalPreParams`) for key generation and use DER-encoded public keys with `"ecdsa:"` storage prefixes, targeting Bitcoin and Ethereum compatibility.
- **EdDSA (Ed25519)** sessions operate without pre-parameters, use compressed Edwards point encoding, and employ `"eddsa:"` storage prefixes for modern, high-performance cryptographic workflows.
- Both session types share common infrastructure for message routing and error handling but implement distinct round-handling functions (`GetEcdsaMsgRound` vs `GetEddsaMsgRound`) and storage logic.

## Frequently Asked Questions

### What determines whether I should use ECDSA or EdDSA session types in mpcium?

**Choose ECDSA (secp256k1) when you require compatibility with existing blockchain ecosystems like Bitcoin or Ethereum that mandate this specific curve.** Select EdDSA (Ed25519) for new cryptographic implementations requiring faster, deterministic signatures with lower bandwidth overhead and resistance to side-channel attacks, as implemented in the edwards25519 curve.

### Why do ECDSA sessions require pre-parameters while EdDSA sessions do not?

**The `newECDSAKeygenSession` function requires `LocalPreParams` to optimize the distributed key generation protocol using the BNB-chain *tss-lib* implementation.** These pre-computed values reduce latency during the live MPC ceremony. The `newEDDSAKeygenSession` constructor operates without pre-parameters because the EdDSA algorithm in *tss-lib* uses a different mathematical structure that does not benefit from pre-computation in the same way, simplifying the initialization process.

### How does mpcium differentiate storage between ECDSA and EdDSA keys?

**The system uses distinct key prefixes defined in [`pkg/mpc/node.go`](https://github.com/fystack/mpcium/blob/main/pkg/mpc/node.go) within the `Node.getKeyInfo` method.** ECDSA keys are stored with the prefix `"ecdsa:<walletID>"` and utilize DER-encoded secp256k1 public keys. EdDSA keys use `"eddsa:<walletID>"` with compressed Edwards point serialization (`SerializeCompressed`), ensuring cryptographic material remains correctly partitioned by algorithm type.

### Can I convert an existing ECDSA session to an EdDSA session or vice versa?

**No, the session types are cryptographically incompatible and cannot be converted.** Each session type generates keys specific to its underlying curve—secp256k1 for ECDSA and edwards25519 for EdDSA—and uses different round-handling logic (`GetEcdsaMsgRound` vs `GetEddsaMsgRound`). To switch algorithms, you must create a new session of the target type and generate fresh keys through the respective `CreateKeyGenSession` factory method.