Elliptic Curve Cryptography for noobs

Dominic Wong
Aug 24, 2017 · 2 min read

In this blog post, I will try to give a very gentle introduction to how elliptic curve cryptography works. The purpose of this blog post is to test my understanding on the subject, please kindly let me know if anything is wrong. Credits to the book “Mastering Bitcoin”.

Let’s go!

Elliptic curve cryptography belongs to the asymmetric cryptography family based on discrete logarithm algorithm.

Created by Sean κ. + 23:33, 27 May 2005 (UTC) — Upload from English Wikipedia. The original description is/was here., CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=268269

This curve is defined by

y² mod p = (x³ + 7) mod p

where p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1

Elliptic curve cryptography is done by multiplying the private key, which is in reality a very large number, by a predetermined point on the curve. First, let me give a brief overview on how elliptic curve arithmetic works.

1. P3 = P1 + P2

For any point P1 and P2 on the curve, there exists a point P3 where P3 = P1 + P2. It can be produced by

  1. Draw a line between P1 and P2
  2. There is now an additional point on the line that intersects the curve, we will call it P3' with the coordinates (x, y).
  3. Get a reflection of P3' in the x-axis and we will get P3 at (x, -y).

2. If P1 and P2 are the same point, the line between P1 and P2 should be tangential to P1. This line will intersect the curve in exactly one new point.

How Bitcoin uses elliptic curve arithmetic to generate a public key

Let’s say you have a randomly generated private key k, there exists a predetermined generator point called G on the curve that is used to multiply the private key to get the public key.

Public Key = Private Key (k) * G

What this really means is

Public Key = Add point G to itself k times

To generate a public key, all we have to do is to draw a tangential line from the point to find the point of intersection, find the reflection along the x-axis, and repeat. Since every bitcoin public key generation algorithm uses the same G, you can always derive the same public key given a private key. This calculation is not reversible and you cannot derive the private key given a public key.

)
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade