0x51897b64e85c3f714bba707e867914295a1377a7463a9dae8ea6a8b914246319
.02
or 03
) is: 0x02f54ba86dc1ccb5bed0224d23f01ed87e4a443c47fc690d7797a13d41d2340e1a
. In this format the public key actually takes 33 bytes (66 hex digits), which can be optimized to exactly 257 bits.secp256k1
or Curve25519
), field size (which defines the key length, e.g. 256-bit), security strength (usually the field size / 2 or less), performance (operations/sec) and many other parameters.secp192r1
), 233-bit (curve sect233k1
), 224-bit (curve secp224k1
), 256-bit (curves secp256k1
and Curve25519
), 283-bit (curve sect283k1
), 384-bit (curves p384
and secp384r1
), 409-bit (curve sect409r1
), 414-bit (curve Curve41417
), 448-bit (curve Curve448-Goldilocks
), 511-bit (curve M-511
), 521-bit (curve P-521
), 571-bit (curve sect571k1
) and many others.secp256k1
, curve25519
or p521
) for the calculations and rely of the difficulty of the ECDLP (elliptic curve discrete logarithm problem). All these algorithms use public / private key pairs, where the private key is an integer and the public key is a point on the elliptic curve (EC point). Let's get into details about the elliptic curves over finite fields.secp256k1
takes the form:(5**3 + 7 - 8**2) % 17 == 0
. The point {9, 15} does not belong to the curve, because (9**3 + 7 - 15**2) % 17 != 0
. These calculations are in Python style. The above mentioned elliptic curve and the points {5, 8} and {9, 15} are visualized below:secp256k1
.Curve25519
.Curve448
.secp256k1
(p = 256) curve provides ~ 128-bit security (127.8 bits to be precise) and the Curve448
(p = 448) provides ~ 224-bit security (222.8 bits to be precise).tinyec
, which provides ECC primitives, such as cyclic groups (the SubGroup
class), elliptic curves over finite fields (the Curve
class) and EC points (the Point
class). First, install the package tinyec
:p1707
.p1707
(4-5-bit curve, p = 17), we shall use the 192-bit cryptographic curve secp192r1
(192-bit, p = 6277101735386680763835789423207666416083908700390324961279). The below example is similar to the previous:secp192r1
uses a cyclic group of very large order n = 6277101735386680763835789423176059013767194773182842284081 (prime number) with cofactor h = 1, and as we can expect, n * G = infinity, just like at the previous example with our educational curve.privKey
(integer in the range [0...n-1]) and its corresponding public key pubKey = privKey * G
:nummaster
for the "modular square root" function, which is unavailable in Python. First install the nummaster
package:secp256k1
, P-521
and brainpoolP512t1
. The elliptic curves over finite fields, described in these crypto standards are well researched and analysed by cryptographers and are considered to have certain security strength, also described in these standards.secp256k1
(the Bitcoin curve) are defined as follows:0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
0x0000000000000000000000000000000000000000000000000000000000000000
0x0000000000000000000000000000000000000000000000000000000000000007
0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
)secp256k1
has 128-bit strength.secp256k1
curve. Let's define the EC and calculate the public key for certain private key:secp256k1
curve through its domain parameters and calculates a public key by given private key. This is done by multiplying the curve generator G by the private key. The result is correct, like it is visible from the program output:02
or 03
).secp256k1
, which has the form y2 = x3 + 7Curve25519
, which has the form y2 = x3 + _486662_x2 + xCurve448
, which has the form x2 + y2 = 1 - _39081_x2y2Curve25519
is the Edwards curve, defined by the following elliptic curve equation in Montgomery form:pynacl
crypto library for Python: