[Back] Bitcoins use Elliptic Curve cryptography with 32 byte private keys (which is a random number) and 64 byte public keys, and use the secp256k1 curve. A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In the following we create a random number on an elliptic curve and then generate the public key:

## Elliptic Curve Key Generation |

## Outline

Bitcoins use Elliptic Curve cryptography with 32 byte private keys (which is a random number) and 64 byte public keys, and use the secp256k1 curve. A private key is a 32-byte number chosen at random, and you know that 32 bytes make for a very large number. In OpenSSL, we can create a random number with:

C \ > openssl ecparam -name secp256k1 -genkey -out priv.pem C \ > type ec-priv.pem -----BEGIN EC PARAMETERS----- BgUrgQQACg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHQCAQEEIEa56GG2PTUJyIt4FydaMNItYsjNj6ZIbd7jXvDY4ElfoAcGBSuBBAAK oUQDQgAEJQDn8/vd8oQpA/VE3ch0lM6VAprOTiV9VLp38rwfOog3qUYcTxxX/sxJ l1M4HncqEopYIKkkovoFFi62Yph6nw== -----END EC PRIVATE KEY-----

Next we can generate the public key based on the private key:

C \> openssl ec -in priv.pem -text -noout read EC key Private-Key (256 bit) priv 46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30 d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0 49 5f pub 04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8 74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc 1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53 38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e b6 62 98 7a 9f ASN1 OID secp256k1

The public key has 64 bytes, and is made up of two 32 byte values (x,y) and is a point on the secp256k1 elliptic curve function of:

\(y^2 = x^3 + 7\)

and relates to an (x,y) point in relation to the private key (n) and a generator (G). With the private key (32 bytes - 256 bits), we have a random number. In this case it is in the form of:

46 b9 e8 61 b6 3d 35 09 c8 8b 78 17 27 5a 30 d2 2d 62 c8 cd 8f a6 48 6d de e3 5e f0 d8 e0 49 5f

With Bitcoins, the private key defines our identity and we use it to sign for transactions, and prove our identity to others with the public key. For the public key we have an (x,y) point and is defined in a raw form starting with a 0x04 and then followed by the x co-ordinate and then the y-co-ordinate:

04 25 00 e7 f3 fb dd f2 84 29 03 f5 44 dd c8 74 94 ce 95 02 9a ce 4e 25 7d 54 ba 77 f2 bc 1f 3a 88 37 a9 46 1c 4f 1c 57 fe cc 49 97 53 38 1e 77 2a 12 8a 58 20 a9 24 a2 fa 05 16 2e b6 62 98 7a 9f

We can also use OpenSSL to view the details of the curve:

C:> openssl ecparam -in priv.pem -text -param_enc explicit -noout Field Type: prime-field Prime: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff: ff:fc:2f A: 0 B: 7 (0x7) Generator (uncompressed): 04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87: 0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16: f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc: 0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0: 8f:fb:10:d4:b8 Order: 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff: ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0: 36:41:41 Cofactor: 1 (0x1)

Overall we have a prime number (p), and fixed point G (the generator), which on the curve. We then multiply the generator (G) by the scalar private key n. This operation is extremely difficult to reverse in modular arithmetic. The result is the public key P which is:

\(P= n \times G\)

It should not be computationally possible, with a reasonable time period, to determine the scalar (the private key value) between the generator and the public key value. Within Bitcoins, we use the private key to sign a transaction, and then which is proven by the public key (Elliptic Curve Digital Signature Algorithm). More details on elliptic curve ciphers here:

An article which explains elliptic curve ciphers is [here]

## Presentation

The following is an outline of the process: