As with elliptic-curve cryptography in general, the bit size of the public ecdsa bitcoin wikipedia believed to be needed for ECDSA is about twice the size of the security level, in bits. ECDSA public key would be 160 bits, whereas the size of a DSA public key is at least 1024 bits. 320 bits for a security level of 80 bits. Suppose Alice wants to send a signed message to Bob.
HASH is a cryptographic hash function, such as SHA-2. Such a failure in random number generation caused users of Android Bitcoin Wallet to lose their funds in August 2013. If not, the signature is invalid. HASH is the same function used in the signature generation. It is not immediately obvious why verification even functions correctly. This allowed hackers to recover private keys giving them same control over bitcoin transactions as legitimate keys’ owners had, using the same exploit that was used to reveal the PS3 signing key on some Android app implementations, which use Java and rely on ECDSA to authenticate transactions.
Technical concerns: the difficulty to properly implement the standard and the slowness and design flaws which reduce security in insufficiently precautions implementations on the Dual EC DRBG random number generator. Both of those concerns are summarized in libssh curve25519 introduction. NIST FIPS 186-4, July 2013, pp. Hackers Describe PS3 Security As Epic Fail, Gain Unrestricted Access”.