And So Satoshi Selected secp256k1 for Bitcoin, But There Are Better Curves for Smart Contracts
Meet the BN256 Curve
Satoshi Nakamoto selected the secp256k1 curve for Bitcoin, and which was then adopted for Ethereum. The basis of this is the ECDSA signature. But, it is not that scalable for processing. For this, there are more scalable curves around, such as BN128. So, here’s DLEQ (Discrete Log Equality) using the BN256 curve and Keccak-256. These methods make it easy to implement within an Ethereum smart contract.
To implement, Peggy (the ‘Prover’) is able to prove that she still knows her secret — such as knowledge of her private key. Initially, Peggy produces where own challenge (c) and response (r) — these prove the proof of knowledge. Victor (the ‘Verifier’) can then prove this against two public key values that she has already sent to Victor. Peggy has a secret value (x) and then she creates two values xG and xH, and can check that logG(xG)==logH(xH).
Thus, Peggy has her secret (x) and then calculates xG and xH, and where G and H are two random points on an elliptic curve [1]. These are then sent to Victor. For each proof challenge, Peggy generates a random value (w) and computes wG and wH. Next, she creates a challenge (c) and which is a hash of wG,wH,xG,xH:
