The smallest asymmetric signatures come from elliptical curce cryptosystems like ECDSA. ECDSA signature schemes require that signatures be approximately four times the length of a symmetric equivalent security encryption key. Thus, a circuit comparable in security to a 128-bit AES would have 512-bit signatures. The fact that the state of affairs right now - schemes with smaller signatures, but with equal or greater security, is unknown.
If you do not need such security, you can use a 192-bit curve, which will lead to 384-bit signatures. You can switch to 320-bit signatures (160-bit curves) and still have security comparable to 80-bit symmetric ciphers. If you really donβt really care about security, you can use 112-bit curves that provide 224-bit signatures that are as hard to break as DES.
The following curves are listed for each security level:
SecP112R1 : 224-bit signatures, 56-bit security
SecP128R1 : 256-bit signatures, 64-bit security
SecP160K1 : 320-bit signatures, 80-bit security
SecP192K1 : 386-bit signatures, 96-bit security
SecP224K1 : 448-bit signatures, 112-bit security
SecP256K1 : 512-bit signatures, 128-bit security
For each curve, the private key is the same size as the curve. Public keys (in compressed form) are one bit larger than the size of the curve. Signatures are twice the size of the curve. So with SecP256K1, private keys are 256 bits, public keys are 257 bits, and signatures are 512 bits. These are the minimum sizes for the original binary values.
Caution I would consider 160-bit curves at least for any purpose where safety is a factor. Smaller curves may be appropriate if keys are generated, used, and then thrown away in a short amount of time. For long-term protection, 256-bit curves should be used. The system as a whole must be evaluated by competent specialists before it is supported.