Elliptic curve cryptography as a backbone of Bitcoin and other cryptocurrencies

Elliptic Curve Cryptography, ECC is a public-key cryptosystem . ECC’s fundamentals are based on the algebraic structure of elliptic curves over finite fields. The Elliptic Curve Digital Signature Algorithm, or ECDSA, is a cryptographic algorithm used in Bitcoin to ensure that funds can only be spent by their rightful owners.

On a quick note, I want to define the public-key cryptosystem. A public-key cryptosystem or asymmetric encryption is a form of cryptosystem in which encryption and decryption are performed using different keys—a public key and a private key. The public key is made public and is to be used in conjunction with a corresponding private key which is only known to its creator.

Beforehand, RSA was the most common and popular public-key crypto-system among most products and standards. However, the key length for secure RSA has increased over recent times. That has a direct effect on heavy-load processing applications which uses RSA. It shifts popularity to ECC as the latter offers equal security for a far smaller key size. Therefore, the processing overhead has been reduced too.

The elliptic curve in Mathematics

Before we go into ECC, we must understand what an elliptic curve in Mathematics is. An elliptic curve is a type of cubic curve whose solutions are confined to a region of space that is topologically equivalent to a torus, as shown in Figure 1.
Figure 1: Torus

One misconception must be cleared here. Elliptic curves are not ellipses. They are so named because they are described by cubic equations, like those used for calculating the circumference of an ellipse.

In general, cubic equations for elliptic curves take the following form, known as a Weierstrass equation:

a, b, c, d, e are real numbers

x and y are two variables, f (x, y) = 0

For ECC, it is sufficient to limit the equations of the form:
This Equation is called cubic, or of degree 3 because the highest exponent is 3. Also included in the definition of an elliptic curve is a single element denoted O and called the point at infinity or the zero point . To plot an elliptic curve, we need to compute the following:
For given values of a and b, the plot consists of positive and negative values of y for each value of x. Thus, each curve is symmetric about y=0.

Consider the set of points E (a, b) consisting of all of the points (x, y) that satisfy Equation (2) together with the element O. O serves as the additive identity. Using a different value of the pair (a, b) results in a different set E (a, b).
Figure 2: Elliptic Curve for F5form4
Figure 2 demonstrates an Elliptic Curve for F5form4 . For any point P and Q on the elliptic curve, P≠O, Q≠O, P+O=P, and Q+O=Q.

The elliptic curve in ECC

Developing a practical successful public-key scheme depends on a suitable trapdoor one-way function to win over cryptanalytic attacks.

Trapdoor One-way Function

A one-way trapdoor function is easy to calculate in one direction and infeasible to calculate in the other direction unless certain additional information is known. With the additional information the
the inverse can be calculated in polynomial time.
A one-way trapdoor function is easy to calculate in one direction and infeasible to calculate in the other direction unless certain additional information is known. With the additional information the
the inverse can be calculated in polynomial time.

Suppose ft is a trapdoor function defined as:
The scalar multiplication on an elliptic curve is a trapdoor function. An operation over elliptic curves, called addition, is used for ECC. Multiplication is defined by repeated addition.
For example,
Where the addition is performed over an elliptic curve, cryptanalysis determines k given a and (a x k). This repeated addition is called scalar multiplication . The elliptic curve scalar multiplication is a trapdoor function .

A line can be drawn passing through elliptic curve points, mathematically called a tangent. In that case, it will intersect another point on the curve, and the inverse of this intersection point is the result of point addition.

Figure 3(Gif): ECC demonstrated - Given an elliptic curve E, a point on elliptic curve G, called the generator, and a private key k, we can calculate the public key P where P = k * G where k is an integer and P is an EC point.

The idea behind elliptic curves cryptography is that point addition (multiplication) is a trapdoor function. Given G and P points, it is infeasible to find the private key k.

ECC Algorithms

Elliptic-curve cryptography (ECC) provides several groups of algorithms based on the mathematics of the elliptic curves over finite fields like:

  • ECC digital signature- for example, ECDSA (Elliptic Curve Digital Signature Algorithm)
  • ECC encryption- for example, EC-ElGamal
  • ECC key agreement- for example, EC- Diffie–Hellman

ECC in Blockchain

Bitcoin, Ethereum, and many other cryptocurrencies are the Koblitz curve secp256k1 curve , with an Equation of F5form7
Figure 4: This is a graph of secp256k1’s elliptic curve F5form7 over the real numbers

The secp256k1 refers to the Standards for Efficient Cryptography Parameter (SECP) with the ECDSA algorithm. Koblitz curves have internal endomorphisms that are used to give a boost to performance. The secp256k1 was not in use before Bitcoin became popular. Now it is gaining popularity due to its several good properties like:

  • It is constructed in a special non-random way, allowing for especially efficient computation. As a result, it is often more than 30% faster than other curves if the implementation is sufficiently optimized.
  • Also, unlike the popular NIST curves, secp256k1’s constants were selected in a predictable way, which reduces the possibility that the curve’s creator inserted any backdoor into the curve.

When blockchains use ECC, they almost exclusively use it with ECDSA for signatures. On the Bitcoin blockchain, all bitcoins’ balances are marked with an ECC public key belonging to the owner of the bitcoins. If the owner wishes to spend some bitcoins, he creates a transaction declaring which bitcoins he wishes to spend and the recipient’s public key. He signs this transaction with his private key and publishes the transaction and signature. All participants in the Bitcoin network verify that the signature is valid and corresponds to the public key which owned the bitcoins being spent. They update their records to indicate that the bitcoins belonging to the recipient’s public key. This process is largely automated, but it can be seen when spending bitcoins: the recipient must provide an “address,” which is a textual representation of his public key, and the sender directs his Bitcoin wallet to send bitcoins to that address.

ECC is used in Ethereum and other Blockchains in this same way to make the transactions more secure. The reduced key size and high-speed processing capability made ECC an easy choice for all systems with limited resources. Therefore, ECC has an interesting future still ahead in the Blockchain domain.


The elliptic curve visualization tool is available here; to learn How they look, go to: https://www.desmos.com/calculator/ialhd71we3


[1] William Stallings, “Cryptography and Network Security Principles and Practice”, 5th Edition

[2] https://mathworld.wolfram.com

[3] http://iuliancostan.com (Courtesy: Gif)

[4] SEC 2, ver. 2.0 (secg.org)

[5] https://en.bitcoin.it/wiki/Secp256k1

1 Like