Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [secp256k1]

This tag should be used for anything related to the secp256k1 algorithm used for Bitcoin's public key cryptography.

secp256k1 refers to the parameters of the elliptic curve used in Bitcoin's public-key cryptography and is defined in Standards for Efficient Cryptography (SEC) (Certicom Research, http://www.secg.org/sec2-v2.pdf).

Secp256k1 is a Koblitz Curve

116 questions
8
votes
2 answers

Is the elliptic-curve cryptography library libsecp256k1 not susceptible to the Hertzbleed attack?

I was reading up on the recently disclosed Hertzbleed side channel attack(s). It was speculated on Twitter that the elliptic-curve cryptography library libsecp256k1 is not susceptible to these attacks. Firstly, is this true and why? Secondly, if it…
Michael Folkson
  • 207
  • 1
  • 8
6
votes
2 answers

Are curve secp256k1 ECDSA signatures distinguishable from random data?

Are the 64-byte curve secp256k1 ECDSA signatures distinguishable from random data? I.e. Given a random private key and random data, will there be patterns? Is there a proof or reasoning for this?
fadedbee
  • 968
  • 1
  • 11
  • 31
6
votes
2 answers

Method to break a baby Elliptic Curve analog to secp256k1

What would be the method of choice to compute the private key from the public key on a baby analog of secp256k1, say with $p$ and $n$ 144-bit? What would be the pros and cons of Pollard's rho and Pollard's kangaroo ? How can the special properties…
shy-student
  • 61
  • 3
5
votes
1 answer

In Bitcoin, given half the 52-character private key in WIF format, is it possible to reconstruct the whole private key?

Given the following two preconditions: It is almost impossible to reconstruct a bitcoin private key if an attacker only has one half of the private key as well as the public key. It is almost impossible to reconstruct a bitcoin private key if an…
Ohumeronen
  • 151
  • 1
  • 5
4
votes
2 answers

Modulo p in Elliptic Curve Cryptography

To carry out Elliptic Curve Cryptography between parties, are all elliptic curve equations considered to be in the form $\bmod p$? For example, the $secp256k1$ Bitcoin curve of the equation $y^2=x^3+7$ uses $\bmod p$, where $p=2^{256}-2^{32}-977$.
EKahyaoglu
  • 43
  • 6
4
votes
3 answers

secp256k1: is it theoretically possible to generate same signature with different key, message hash and k?

For a given private key $d$, random $k$ and message hash $h$ is it possible that there exists a different set of $d$, $k$ and $h$ which produces the same signature using $\text{secp256k1}$ curve?
Yaroslav
  • 43
  • 6
4
votes
0 answers

secp256k1 scalar decomposing and prime field arithmetic

I'm currently studying the elliptic curve secp256k1 implementation. In my understanding, it has efficiently computable endomorphisms: We can find out a pair of number $\lambda$ and $\beta$ from the curve such that for any point $P_1=(x,y)$ on the…
luke
  • 61
  • 4
4
votes
1 answer

Is it true that Public keys with even y coordinate correspond to private key that are less than n/2 and vice versa? (Secp256k1)

The question is somewhat complex and directed to clearing things out. Suppose that $n$ is the order of the cyclic group. It $n - 1$ is the number of all private keys possible n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 We…
Emma Lincoln
  • 43
  • 3
3
votes
1 answer

The better algorithm for Modular Exponentiation on secp256k1/r1

I know Modular Exponentiation ($r = b^e \bmod m$) is important for RSA, and I can find some algorithm that if e is expressed in binary form (for exp: )--in such way for a n-bit long e, one can expect ~1.5n rounds multiply modular operation. I am…
LeonMSH
  • 121
  • 7
3
votes
1 answer

Problem with point addition about [n-1]+[2]G and [n-1]+G on on Secp256k1

I apologize in advance for my question. I am trying to make my own simple Secp256k1 calculator, just addition and subtraction, and one thing keeps confusing me. When I add 2 points, and I know what result of addition should be a bigger number than…
Franko
  • 31
  • 4
3
votes
1 answer

How to choose secp256k1 private key?

The private key is any random 256 bit (but smaller than prime p) number or must be prime or other condition? For selected $x$ can be found $y$ - decompressing key: #! /usr/bin/env python3 import binascii import math p =…
Andrzej
  • 59
  • 3
3
votes
2 answers

If it were possible to perform point doubling using only y-coordinate on secp256k1, would that compromise the curve?

I'm exploring a hypothetical scenario for educational and cryptographic understanding. This question assumes an impossible or currently unknown shortcut, and I'm not suggesting this is actually feasible. My goal is to understand whether such a…
Mr.
  • 59
  • 4
3
votes
1 answer

When incrementing a private key by 1, by how much is the public key Incremented?

If you have a secp256k1 keypair and you increment the private key by 1, then a faster way to compute the new public key is to perform an addition on the previous public key. But by how much? Some software like Profanity on Ethereum used this.
user2284570
  • 324
  • 4
  • 19
3
votes
0 answers

EC public key with leading zeros

Let us take example of secp256k1 curve. The current known public key with most leading zero (in x cordinate) is: pubKey = (0x00000000000000000000003b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, …
madhurkant
  • 830
  • 3
  • 18
3
votes
1 answer

Does ECDH on secp256k produce a defined shared secret for two key pairs, or is it implementation defined?

Rust and NodeJS implementations of ECDH on secp256k1 produce different shared secrets, when using identical keypairs: NodeJS: sk1 pk1…
fadedbee
  • 968
  • 1
  • 11
  • 31
1
2 3 4 5 6 7 8