Elliptic Curve Cryptography For Those Who Hate Maths

Charlie Rogers
Jun 14, 2020 · 6 min read

Elliptic curve cryptography is one of the most powerful but sadly least understood types of cryptography that is in wide use today. For those just looking for a quick answer:

TL:DR : Elliptic Curve Cryptography is the next generation of public key cryptography and based on the current understanding of maths, provides a significantly more secure foundation than the first generation of public key cryptographic systems such as RSA and Diffe-Hellman.

An Elliptic curve is a set of points to satisfies a specific math equation. The equation for an elliptic curve looks like this (This is the only math i promise).

Y² = X³ + ax + b

The curve above has many interesting points. One of then is the horizontal symmetry. Any point on the curve can be reflected over the X axis and remain the same curve. A more interesting property is that any-non vertical line will intersect the curve in at most three places.

Breaking this down into a super simple metaphor, lets imagine this curve as a very crazy game of pool. Take any two points on the curve and draw a line through them, it will intersect the curve at exactly 1 more place. In this game of pool, if you take a ball at point A and shoot it towards point B. When it hits the curve, the ball bounced either straight up (if it was below the x axis) or straight down (f it was above the x axis) to the other side of the curve as can be seen in this image below.

Calling this pool move on two points “dot”. Any two points on the curve can in fact be dotted together.

A dot B = C
A dot A = B
A dot C = D

Now if you have two points, an initial point “dotted” with itself n times to arrive at the final point, finding out n when you only know the final point and the first point is hard. Furthering on the metaphor, imagine one person is playing pool alone in a room for a random period of time. It is easy for them to hit the ball over and over again following the rules described above, if someone is then to walk into the room and sees where the ball has ended up, even if they know the rules of the game and where the ball started, they cannot determine the number of times the ball was actually hit. They would have to run through the entire game again until they returned to the same place. This is easy to do but very very hard to undo, which is the basis for a great backdoor.

The curve we have been looking at currently is a simplified curve it is great to explain the general concept of how elliptic curves work, but it doesn't greatly represent what the curves used in cryptography look like.

This curve above is an example of a cryptographic elliptic curve for all numbers.

For this it needed to be restricted into a fixed range, like in RSA rather than allow any value for the points on the curve, we stick to whole numbers in a fixed range. When computing the formula for elliptic curve, the same trick is used of rolling over numbers when they hit the maximum. If we pick a maximum to be a prime number, the elliptic curve is now called a prime curve and has incredible cryptographic properties.

Whilst this doesn't look like a curve in the boring traditional sense, it is in fact a curve, it’s very much like the original curve was wrapped around at the edges and only the parts of the curve that hit whole number coordinates coloured in. You can even still see the horizontal symmetry.

Returning back to our imaginary game of pool, it still applies on this curve and dot points. The equation for the line on the curve still have the same properties. More excitingly the dot operation can be efficiently computed.You can visualise the lines between the two points are a line that wraps around the borders until a point is hit. It’s as if in our game of pool, when a ball is hit the cushion on the edge of table it is magically transported to the opposite side of the table and continues in its path until reaching its point.

With this new crazy and cool curve representation you can take messages and represent them as points on the curve. Now imagine taking a message and setting it as the x coordinate, and solving for y to get a point on the curve, whilst in practise it is more complicated than this, that is the general idea.

So the output is : (71, 6), “-”, (78, 44), (80, 4), 64, 24)

An elliptic curve cryptosystem can be defined by picking a prime number as a maximum, a curve equation and a public point on the curve. A private key is a number priv, and a public key is the public point dotted with itself priv times. Computing the private key from the public key in this kind of cryptosystem is called the elliptic curve discrete logarithm function. This turns out to be the Trapdoor Function we were looking for.

So what does this all mean

The elliptic curve discrete logarithm is the hard problem underpinning elliptic curve cryptography. Despite having three decades worth of research behind it mathematicians still have not been able to find an algorithm to solve this problem that improves upon a naive approach. Unlike with factoring, based on currently understood maths there isn’t a shortcut that is narrowing the gap in a trapdoor function based around this problem. This means that for number of the same size, solving the elliptic curve discrete logarithms is significantly harder than factoring. Since its a more computationally intensive hard problem thus a stronger cryptographic system, it means that elliptic curve cryptosystems are harder to break than RSA or Diffe-Hellman.

With elliptic curve cryptography, you can use smaller keys to get the same levels of security. Small keys are becoming increasingly more important, especially in a world where more and more cryptography is done on less powerful devices such as mobile phones and IOT devices.

A great way to visualise how much harder it is to break, Lenstra introduced a concept of “Global Security”. In this paper you can compute how much energy is needed to break a cryptographic algorithm, and compare that with how much water that energy could boil. Using this measure, breaking a 228-bit RSA key requires less energy than it takes to boil a teaspoon of water. In a drastic comparison breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth.


Now whilst this is a super light introduction into Elliptic curve cryptography is is something that you can now build upon. If you’re interested you can look further into the math or Elliptic Curve parings which is very interesting. But it is your decision if you want to dance with the devil like that.

The Startup

Get smarter at building your thing. Join The Startup’s +788K followers.

Sign up for Top 10 Stories

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Charlie Rogers

Written by

Tech enthusiast — Blockchain focused — 5 articles a week

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

Charlie Rogers

Written by

Tech enthusiast — Blockchain focused — 5 articles a week

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store