ECDSA

ECDSA was the only signature scheme in Bitcoin until 2021. Every legacy or SegWit input is unlocked with an ECDSA signature: prove that you know the private key corresponding to a public key, without revealing the key.

The signing process picks a random nonce k, computes a point on the curve, then derives (r, s) values from k and the private key. The nonce must be unique per signature — Sony's PS3 firmware famously leaked its keys because the same k was reused, and a Bitcoin wallet using a broken RNG suffered the same fate in 2013. Modern wallets use deterministic nonces (RFC 6979) to eliminate the risk.

ECDSA's main flaws are non-malleability (the same private key can produce multiple valid signatures for the same message) and the difficulty of constructing multisignatures. Schnorr addresses both, which is why Taproot replaced ECDSA for native segwit v1 outputs.