Can I derive the private key from the public key?

I received an email from someone and was asked how they could find a private key from an elliptic curve public key. On the one hand there would be deep ethical questions to answer, but I didn’t probe the reason why they wanted to do this. My answer was … “You might be lucky and find the key, but even if you used all the computers in the world to try and find the key, it will still take you billions and billions of years with current computing power.

Why? Because we use a 256-bit random number for our elliptic curve private key. The chances of you finding that key with your first guess will be:

1 in 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665, 640,564,039,457,584,007,913,129,639,936 (2²⁵⁶)

That is approximately:

1 in 150,000 billion billion billion billion billion billion billion billion

I thus have a worry that there’s a bit of misunderstanding of the core principles involved in key generation, and the easy of cracking hashed passwords somewhat crosses over into the generation of encryption keys.

Elliptic Curve Crypto

So what protects your privacy and security probably more than anything else on the Internet? That will be Elliptic Curve , and especially: