Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [secp256k1]

This tag should be used for anything related to the secp256k1 algorithm used for Bitcoin's public key cryptography.

secp256k1 refers to the parameters of the elliptic curve used in Bitcoin's public-key cryptography, and is defined in Standards for Efficient Cryptography (SEC) (Certicom Research, http://www.secg.org/sec2-v2.pdf).

143 questions
9
votes
2 answers

Why doesn't basepoint G of Secp256K1 seem to be on the Elliptic Curve?

From what I understood are these the coordinates of basepoint G of Secp256K1 on the Elliptic Curve, in hexadecimal and decimal format. Hexadecimal Gx = (79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798) Gy = (483ADA77…
Harald1970
  • 99
  • 3
6
votes
2 answers

order of group of points of secp256k1

points on curve secp256k1 form a group E(Fp) over field Fp. p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1 is prime. n is the order of group E, n=115792089237316195423570985008687907852837564279074904382605163141518161494337 Is n prime too? Is…
arulbero
  • 85
  • 1
  • 5
5
votes
1 answer

What are the co-ordinates of generator G in his uncompressed form on secp256k1?

I was looking at BitcoinWiki and it says that G, in it's uncompressed form, has a value of: G = 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 Since…
ddavi031
  • 479
  • 2
  • 9
2
votes
1 answer

How many elements does Bitcoin's secp256k1 have?

I'm wondering whether it is known how many elements does Bitcoin's elliptic curve have? Have not been able to find an answer to this, only for specific subgroups.
kuco 23
  • 255
  • 1
  • 8
2
votes
1 answer

Is there a subgroup of order 2^n (for large n) of the prime field that secp256k1 is defined over?

the curve secp256k1 is defined over the prime finite field F_p with p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1. Is there any known cyclic subgroup of order 2^n of F_p?
jet
  • 35
  • 3
2
votes
0 answers

Why are coefficients a=0 and b=7 used to define the Weierstrass equation in SECp256k1?

Most of the private to public key implementations I've come across do not make use of the equation y^2=x^3+7 (the weierstrass equation defining SECp256k1). One that i often use is in the link below and does not use any external…
Moussa Al-Basheer
  • 31
  • 5
2
votes
1 answer

Can secp256k1 have different parameters and still be called secp256k1?

The secp256k1 standard (as defined in https://www.secg.org/sec2-v2.pdf, section 2.4.1) has a set of recommended parameters. Is there a particular reason why these parameters are just 'recommended', and not 'required'? Are we still talking about…
drogos86
  • 147
  • 3
1
vote
0 answers

C secp256k1: creating bindings in another language with FFI

I am attempting to create bindings from the C library libsecp256k1 into Scheme (the guile implementation) but I am guessing my question applies to other target languages. Say I want to export the function secp256k1_context_create: this function…
Sven Williamson
  • 1,524
  • 10
  • 24
1
vote
2 answers

C secp256k1: What is the purpose of the idiom '(void)data;'?

The following code is contained in the file secp256k1.c: static void default_illegal_callback_fn( const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); abort(); } Could someone…
Sven Williamson
  • 1,524
  • 10
  • 24
1
vote
1 answer

What result of this sagemath script?

My sagemath cannot compute the result of the following code for such a large number N. Can someone provide the result for the first 10 points ? n=115792089237316195423570985008687907852837564279074904382605163141518161494337 K = GF(n) E =…
Donald
  • 21
  • 2
1
vote
1 answer

why int128 in secp256k1?

Why do they write an int128 type in secp256k1, when there's already arbitrary length rational numbers? Is that fancy? Boredom? Isn't secp256k1 just for key pairs, and key pair arithmetic is seldom used, so to justify pasting together native smaller…
Mercedes
  • 802
  • 6
  • 25
1
vote
1 answer

Is there a way to determine whether a specific point on the secp256k1 curve is a valid Bitcoin public key?

Let's first define a valid Bitcoin private key as a number in the range of [1, 115792089237316195423570985008687907852837564279074904382605163141518161494336], and a valid Bitcoin public key as a public key derived from a valid Bitcoin private…
drogos86
  • 147
  • 3
0
votes
1 answer

What is the context in libsecp256k1?

I am experimenting with making a wallet for educational purposes, and would like to use libsecp256k1 directly. Aside from creating a context, and using it in calls, all I have perhaps learned so far is that you should generally only create one…
user31364
0
votes
0 answers

C secp256k1 : Segmentation Fault when passing NULL context to secp256k1_ecdsa_verify

Passing a NULL context to secp256k1_ecdsa_verify results in a segmentation fault (see attached code). I have the feeling this behavior is unintended as the secp256k1 library appears to be systematic in testing for NULL pointers. However, I am not…
Sven Williamson
  • 1,524
  • 10
  • 24
0
votes
1 answer

What are the risks of using a non-randomized context with signing contexts?

I am designing an API which will utilize libsecp256k1. I am trying to hide most of the low-level stuff, and context is one of the things I want to handle for a consumer of my API. It would be difficult to have the user mess with contexts when they…
user3074620
  • 218
  • 2
  • 6
1
2