What’s The Order in ECC?
Published in
5 min readDec 12, 2020
I love using elliptic curve cryptography (ECC), but there’s one little parameter of the curve that’s not so easy to explain … the order (n). Let me first give you a bluffers guide to ECC …
- We have a curve y²=x³+ax+b (mod p), and where a and b define the curve and p is a prime number. An example is where a=0 and b=7, and which gives y²=x³+7 (mod p).
- We select a base point of the curve (G) and then make all the operations in relation to this.
- First, we generate a random number for our private key (a), and then we calculate xG (mod p), and which is the point G, added x times (with the mod p operation). The value of a is the private key, and xG (mod p) is the public key.
All fine up to now? And so we have p, a, b, and G:
EllipticCurve = collections.namedtuple('EllipticCurve', 'name p a b g n h')
curve = EllipticCurve(
'secp256k1',
# Field characteristic.
p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f,
# Curve coefficients.
a=0,
b=7,
# Base point.
g=(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8),
# Subgroup order.
n=0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141,
# Subgroup cofactor.
h=1,
)
