Elliptic Curve Cryptography for noobs
In this blog post, I will try to give a very gentle introduction to how elliptic curve cryptography works. The purpose of this blog post is to test my understanding on the subject, please kindly let me know if anything is wrong. Credits to the book “Mastering Bitcoin”.
Let’s go!
Elliptic curve cryptography belongs to the asymmetric cryptography family based on discrete logarithm algorithm.

This curve is defined by
y² mod p = (x³ + 7) mod p
where p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1
Elliptic curve cryptography is done by multiplying the private key, which is in reality a very large number, by a predetermined point on the curve. First, let me give a brief overview on how elliptic curve arithmetic works.
1. P3 = P1 + P2
For any point P1 and P2 on the curve, there exists a point P3 where P3 = P1 + P2. It can be produced by
- Draw a line between P1 and P2
- There is now an additional point on the line that intersects the curve, we will call it P3' with the coordinates (x, y).
- Get a reflection of P3' in the x-axis and we will get P3 at (x, -y).
2. If P1 and P2 are the same point, the line between P1 and P2 should be tangential to P1. This line will intersect the curve in exactly one new point.
How Bitcoin uses elliptic curve arithmetic to generate a public key
Let’s say you have a randomly generated private key k, there exists a predetermined generator point called G on the curve that is used to multiply the private key to get the public key.
Public Key = Private Key (k) * G
What this really means is
Public Key = Add point G to itself k times
To generate a public key, all we have to do is to draw a tangential line from the point to find the point of intersection, find the reflection along the x-axis, and repeat. Since every bitcoin public key generation algorithm uses the same G, you can always derive the same public key given a private key. This calculation is not reversible and you cannot derive the private key given a public key.
