"타원곡선 secp256k1"의 두 판 사이의 차이
		
		
		
		
		
		둘러보기로 가기
		검색하러 가기
		
				
		
		
	
| Pythagoras0 (토론 | 기여) | Pythagoras0 (토론 | 기여)  | ||
| (같은 사용자의 중간 판 하나는 보이지 않습니다) | |||
| 51번째 줄: | 51번째 줄: | ||
| # For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).<ref name="ref_1f8c5ee5">[https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages ECDSA: Elliptic Curve Signatures]</ref> | # For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).<ref name="ref_1f8c5ee5">[https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages ECDSA: Elliptic Curve Signatures]</ref> | ||
| # Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?<ref name="ref_53a5b547">[https://www.reddit.com/r/ethereum/comments/30k4ry/elliptic_curve_choices_in_ethereum_secp256k1_vs/ Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum]</ref> | # Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?<ref name="ref_53a5b547">[https://www.reddit.com/r/ethereum/comments/30k4ry/elliptic_curve_choices_in_ethereum_secp256k1_vs/ Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum]</ref> | ||
| + | # For secp256k1 specifically, a = 0 and b = 7, yielding the equation y^2 = x^3 + 7.<ref name="ref_2b2e0e60">[https://river.com/learn/terms/s/secp256k1/#:~:text=Secp256k1%20is%20the%20name%20of,are%20valid%20Bitcoin%20public%20keys. River Financial]</ref> | ||
| + | # In summary, 74 coins use ECDSA and the secp256k1 curve, including Bitcoin, Ethereum, and 48 ERC20 tokens.<ref name="ref_527e9845">[http://ethanfast.com/top-crypto.html Cryptography behind the top 100 cryptocurrencies]</ref> | ||
| + | # 8 coins use multiple signing algorithms and curves (often both ECDSA/secp256k1 and EdDSA/curve25519), such as Polkadot and Tezos.<ref name="ref_527e9845" /> | ||
| + | # Therefore, the selection of secp256k1 is likely an artefact of computer history and not a compelling reason to select secp256k1 in new designs.<ref name="ref_48244a02">[https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022]</ref> | ||
| + | # generate ( curve = SECP256k1 ) public_key = secret_key .<ref name="ref_a13a2154">[https://cryptography.io/en/3.4.4/development/custom-vectors/secp256k1.html SECP256K1 vector creation — Cryptography 3.4.4 documentation]</ref> | ||
| + | # We are working on some detailed estimates for the time required for a quantum computer to break ECC, and are using secp256k1 as an example.<ref name="ref_bb7462fb">[https://stackoverflow.com/questions/71963136/rough-probability-that-a-random-point-on-secp256k1-could-be-a-valid-public-key Rough probability that a random point on secp256k1 could be a valid public key]</ref> | ||
| + | # If the answer depends on the curve, assume secp256k1.<ref name="ref_bb7462fb" /> | ||
| + | # The most widely adopted elliptic curve in the DLT space by far is secp256k1 and the hash function keccak-256.<ref name="ref_4d50f3f5">[https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/draft/documents/sp800-186-draft-comments-received.pdf Public comments received on draft nist sp 800-186:]</ref> | ||
| + | # Unfortunately, neither secp256k1 nor keccak-256, are endorsed in SP 800-186 and FIPS 186-5.<ref name="ref_4d50f3f5" /> | ||
| + | # This is despite the fact that there are no significant security differences between for example the NIST endorsed secp256r1 and secp256k1 or the sha3-256 hash versus keccak-256.<ref name="ref_4d50f3f5" /> | ||
| + | # Generally speaking, secp256k1 is very popular in the decentralized identity community for authentication purposes.<ref name="ref_4d50f3f5" /> | ||
| + | # Most software packages which interact with these systems require Secp256k1 support.<ref name="ref_800387b9">[https://blog.bitjson.com/just-released-webassembly-version-of-secp256k1-10x-faster-than-javascript/ Just released: WebAssembly version of Secp256k1 (10x faster than Javascript)]</ref> | ||
| + | # The program defaults to the secp256k1 base point.<ref name="ref_254b52c9">[https://www.mathworks.com/matlabcentral/fileexchange/73364-secp256k1-elliptic-curve-shared-key-generation-gui secp256k1 Elliptic Curve Shared-Key Generation GUI]</ref> | ||
| + | # They mounted an attack on a small multiplicative subgroup of a group that is mapped to the group of points of Bitcoins elliptic curve secp256k1.<ref name="ref_ba6c1c68">[https://arxiv.org/pdf/2206.14107 SPECIAL SUBSETS OF ADDRESSES FOR BLOCKCHAINS USING THE SECP256K1 CURVE]</ref> | ||
| + | # Denition 5 (The secp256k1 curve).<ref name="ref_ba6c1c68" /> | ||
| + | # Secp256k1 was almost never used before Bitcoin became pop- ular, but it is now gaining in popularity due to several beneficial properties.<ref name="ref_1f5e5efe">[https://arxiv.org/pdf/1808.02988 A Secure Multiple Elliptic Curves Digital Signature  Algorithm for Blockchain]</ref> | ||
| + | # Most com- monly-used curves have random structure, but secp256k1 was constructed in a unique, non-random way which allows for especially efficient computation.<ref name="ref_1f5e5efe" /> | ||
| + | # In this section, we propose a secure multiple elliptic curves digital signature algorithm (MECDSA), which can avoid any backdoors in the curve used by secp256k1.<ref name="ref_1f5e5efe" /> | ||
| + | # 4.3.1 4.3.2 4.3.3 secp256k1 not quite a Barreto-Naerhig curve 5 Evaluation 5.1 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<ref name="ref_84e7c2ea">[https://arxiv.org/pdf/1612.01188 Privacy on the Blockchain: Unique Ring Signatures.]</ref> | ||
| + | |||
| ===소스=== | ===소스=== | ||
|   <references /> |   <references /> | ||
| − | |||
| − | |||
| ===Spacy 패턴 목록=== | ===Spacy 패턴 목록=== | ||
| * [{'LOWER': 'secp256k1'}] | * [{'LOWER': 'secp256k1'}] | ||
2022년 9월 16일 (금) 03:07 기준 최신판
메모
노트
말뭉치
- Note that because secp256k1 is actually defined over the field Z p , its graph will in reality look like random scattered points, not anything like this.[1]
- Note that because secp256k1 is actually defined over the field Z, its graph will in reality look like random scattered points, not anything like this.[1]
- Currently Bitcoin uses secp256k1 with the ECDSA algorithm, though the same curve with the same public/private keys can be used in some other algorithms such as Schnorr.[1]
- secp256k1 was almost never used before Bitcoin became popular, but it is now gaining in popularity due to its several nice properties.[1]
- The main difference between secp256k1 and secp256r1 is that secp256k1 is a Koblitz curve which is defined in a characteristic 2 finite field, while secp256r1 is a prime field curve.[2]
- Secp256k1 curves are non-random while secp256r1 is pseudo-randomly structured.[2]
- Secp256k1 is a pure SECG curve, while secp256r1 is a so-called NIST curve.[2]
- Secp256k1 is the name of the elliptic curve used by Bitcoin to implement its public key cryptography.[3]
- When a user wishes to generate a public key using their private key, they multiply their private key, a large number, by the Generator Point, a defined point on the secp256k1 curve.[3]
- Because the y component of the equation is squared, secp256k1 is symmetric across the x-axis, and for each value of x, there are two values of y, one of which is odd while the other is even.[3]
- If it wasn’t for Satoshi Nakamoto, you probably would never have heard of the secp256k1 Elliptic Curve Cryptography (ECC) method.[4]
- Rust bindings for Pieter Wuille’s secp256k1 library, which is used for fast and accurate manipulation of ECDSA signatures on the secp256k1 curve.[5]
- In rust-secp256k1 , this is caught at compile-time; in fact, it is impossible to compile code that will trigger any assertion failures in the upstream library.[5]
- This library is intended to be the highest quality publicly available library for cryptography on the secp256k1 curve.[6]
- Use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones.[6]
- The secp256k1 elliptic curve is specified in Standards for Efficient Cryptography 1 (SEC 1) and Standards for Efficient Cryptography 2 (SEC 2).[7]
- Bitcoin uses a specic Koblitz curve secp256k1 dened by the Standards for Efcient Cryptography Group (SECG).[8]
- I want to explore the different dened Koblitz curves from SECG and see why the specic curve secp256k1 was chosen by the creator of Bitcoin.[8]
- It is believed that because of security reasons the creator of Bitcoin preferred the non-random secp256k1 over the pseudo-randomly structured secp256r1.[8]
- This module provides native bindings to bitcoin-core/secp256k1.[9]
- randomBytes ( 32 ) let privKey do { privKey = randomBytes ( 32 ) } while ( ! secp256k1 .[9]
- privateKeyVerify ( privKey ) ) const pubKey = secp256k1 .[9]
- privateKeyVerify ( privKey ) ) return privKey } } const privKey = getPrivateKey ( ) const pubKey = secp256k1 .[9]
- This section describes the elliptic curve, E(0,7), also named as secp256k1, and the subgroup parameters, which are used in Bitcoin, Ethereum, and many other cryptocurrency apps.[10]
- By the way, the named curve, secp256k1, refers to the elliptic curve, E(0,7), and those subgroup parameters together as EC domain parameters.[10]
- This library provides secp256k1 bindings for Swift with Cocoapods, Carthage and Swift Package Manager on macOS and Linux.[11]
- After that you can use all secp256k1 functions as described in the official headers.[11]
- How to generate an EC key pair on the secp256k1 curve?[12]
- *; // Generate EC key pair on the secp256k1 curve ECKey ecJWK = new ECKeyGenerator(Curve.[12]
- SECP256k1 ) public_key = secret_key .[13]
- This project contains Haskell bindings for the secp256k1 library.[14]
- This procedure explains how to generate a pair of ECDSA keys with the P-256 (secp256k1) curve that you can use to sign and verify your JWTs.[15]
- This library wrap the secp256k1 EC(DSA) library into an OCaml library.[16]
- Bitcoin uses elliptic curve cryptography for its keys and signatures, but the specific secp256k1 curve used is rather unusual.[17]
- @staticmethod def new_random (): return Secp256k1PrivateKey ( secp256k1 .[18]
- catch_warnings (): # squelch secp256k1 warning warnings .[18]
- This paper develops an approach for arithmetic (point addition and doubling) on secp256k1 Koblitz curve over finite fields using one variable polynomial based on Euclidean division.[19]
- The resulting algorithm is tested on realistic secp256k1 Koblitz curve and is shown to be scalable to perform the computations.[19]
- Generate public keys from private keys for ed25519, secp256k1 and bls12-381.[20]
- The elliptic curve C is the secp256k1 curve.[21]
- For your information, Bitcoin Core developers are slowly moving away from OpenSSL towards their own implementation of secp256k1 crypto.[21]
- Create a point in the secp256k1 curve.[22]
- There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve.[23]
- For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).[24]
- Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?[25]
- For secp256k1 specifically, a = 0 and b = 7, yielding the equation y^2 = x^3 + 7.[26]
- In summary, 74 coins use ECDSA and the secp256k1 curve, including Bitcoin, Ethereum, and 48 ERC20 tokens.[27]
- 8 coins use multiple signing algorithms and curves (often both ECDSA/secp256k1 and EdDSA/curve25519), such as Polkadot and Tezos.[27]
- Therefore, the selection of secp256k1 is likely an artefact of computer history and not a compelling reason to select secp256k1 in new designs.[28]
- generate ( curve = SECP256k1 ) public_key = secret_key .[29]
- We are working on some detailed estimates for the time required for a quantum computer to break ECC, and are using secp256k1 as an example.[30]
- If the answer depends on the curve, assume secp256k1.[30]
- The most widely adopted elliptic curve in the DLT space by far is secp256k1 and the hash function keccak-256.[31]
- Unfortunately, neither secp256k1 nor keccak-256, are endorsed in SP 800-186 and FIPS 186-5.[31]
- This is despite the fact that there are no significant security differences between for example the NIST endorsed secp256r1 and secp256k1 or the sha3-256 hash versus keccak-256.[31]
- Generally speaking, secp256k1 is very popular in the decentralized identity community for authentication purposes.[31]
- Most software packages which interact with these systems require Secp256k1 support.[32]
- The program defaults to the secp256k1 base point.[33]
- They mounted an attack on a small multiplicative subgroup of a group that is mapped to the group of points of Bitcoins elliptic curve secp256k1.[34]
- Denition 5 (The secp256k1 curve).[34]
- Secp256k1 was almost never used before Bitcoin became pop- ular, but it is now gaining in popularity due to several beneficial properties.[35]
- Most com- monly-used curves have random structure, but secp256k1 was constructed in a unique, non-random way which allows for especially efficient computation.[35]
- In this section, we propose a secure multiple elliptic curves digital signature algorithm (MECDSA), which can avoid any backdoors in the curve used by secp256k1.[35]
- 4.3.1 4.3.2 4.3.3 secp256k1 not quite a Barreto-Naerhig curve 5 Evaluation 5.1 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[36]
소스
- ↑ 1.0 1.1 1.2 1.3 Bitcoin Wiki
- ↑ 2.0 2.1 2.2 Why did Satoshi decide to use secp256k1 instead of secp256r1?
- ↑ 3.0 3.1 3.2 River Financial
- ↑ A Bluffer’s Guide to secp256k1
- ↑ 5.0 5.1 secp256k1
- ↑ 6.0 6.1 bitcoin-core/secp256k1: Optimized C library for EC operations on curve secp256k1
- ↑ Secp256k1-domain-parameters
- ↑ 8.0 8.1 8.2 Koblitz curves and its practical uses in bitcoin
- ↑ 9.0 9.1 9.2 9.3 secp256k1
- ↑ 10.0 10.1 EC Private Key Example
- ↑ 11.0 11.1 secp256k1.swift
- ↑ 12.0 12.1 JSON Web Token (JWT) with ES256K (secp256k1) signature
- ↑ SECP256K1 vector creation — Cryptography 3.4.7 documentation
- ↑ secp256k1-haskell
- ↑ Generate ECDSA keys with the P-256 (secp256k1) curve
- ↑ secp256k1
- ↑ A comparison between the secp256r1 and the koblitz secp256k1 bitcoin curves
- ↑ 18.0 18.1 signing.secp256k1 — Sawtooth latest documentation
- ↑ 19.0 19.1 Arithmetic of Koblitz Curve Secp256k1 Used in Bitcoin Cryptocurrency Based on One Variable Polynomial Division by Santoshi Pote, Virendra Sule, B.K. Lande :: SSRN
- ↑ Paul Miller — Elliptic curve calculator
- ↑ 21.0 21.1 Elliptic-curve keys
- ↑ Caustic.Secp256k1 – Caustic v0.1.13
- ↑ CVE-2020-28498
- ↑ ECDSA: Elliptic Curve Signatures
- ↑ Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum
- ↑ River Financial
- ↑ 27.0 27.1 Cryptography behind the top 100 cryptocurrencies
- ↑ Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022
- ↑ SECP256K1 vector creation — Cryptography 3.4.4 documentation
- ↑ 30.0 30.1 Rough probability that a random point on secp256k1 could be a valid public key
- ↑ 31.0 31.1 31.2 31.3 Public comments received on draft nist sp 800-186:
- ↑ Just released: WebAssembly version of Secp256k1 (10x faster than Javascript)
- ↑ secp256k1 Elliptic Curve Shared-Key Generation GUI
- ↑ 34.0 34.1 SPECIAL SUBSETS OF ADDRESSES FOR BLOCKCHAINS USING THE SECP256K1 CURVE
- ↑ 35.0 35.1 35.2 A Secure Multiple Elliptic Curves Digital Signature Algorithm for Blockchain
- ↑ Privacy on the Blockchain: Unique Ring Signatures.
Spacy 패턴 목록
- [{'LOWER': 'secp256k1'}]