"타원곡선 secp256k1"의 두 판 사이의 차이

수학노트
둘러보기로 가기 검색하러 가기
(→‎노트: 새 문단)
 
 
(같은 사용자의 중간 판 3개는 보이지 않습니다)
1번째 줄: 1번째 줄:
 +
==메모==
 +
* https://www.lmfdb.org/EllipticCurve/Q/21168/ce/2
 +
 +
 
== 노트 ==
 
== 노트 ==
  
47번째 줄: 51번째 줄:
 
# For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).<ref name="ref_1f8c5ee5">[https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages ECDSA: Elliptic Curve Signatures]</ref>
 
# For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).<ref name="ref_1f8c5ee5">[https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages ECDSA: Elliptic Curve Signatures]</ref>
 
# Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?<ref name="ref_53a5b547">[https://www.reddit.com/r/ethereum/comments/30k4ry/elliptic_curve_choices_in_ethereum_secp256k1_vs/ Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum]</ref>
 
# Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?<ref name="ref_53a5b547">[https://www.reddit.com/r/ethereum/comments/30k4ry/elliptic_curve_choices_in_ethereum_secp256k1_vs/ Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum]</ref>
 +
# For secp256k1 specifically, a = 0 and b = 7, yielding the equation y^2 = x^3 + 7.<ref name="ref_2b2e0e60">[https://river.com/learn/terms/s/secp256k1/#:~:text=Secp256k1%20is%20the%20name%20of,are%20valid%20Bitcoin%20public%20keys. River Financial]</ref>
 +
# In summary, 74 coins use ECDSA and the secp256k1 curve, including Bitcoin, Ethereum, and 48 ERC20 tokens.<ref name="ref_527e9845">[http://ethanfast.com/top-crypto.html Cryptography behind the top 100 cryptocurrencies]</ref>
 +
# 8 coins use multiple signing algorithms and curves (often both ECDSA/secp256k1 and EdDSA/curve25519), such as Polkadot and Tezos.<ref name="ref_527e9845" />
 +
# Therefore, the selection of secp256k1 is likely an artefact of computer history and not a compelling reason to select secp256k1 in new designs.<ref name="ref_48244a02">[https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022]</ref>
 +
# generate ( curve = SECP256k1 ) public_key = secret_key .<ref name="ref_a13a2154">[https://cryptography.io/en/3.4.4/development/custom-vectors/secp256k1.html SECP256K1 vector creation — Cryptography 3.4.4 documentation]</ref>
 +
# We are working on some detailed estimates for the time required for a quantum computer to break ECC, and are using secp256k1 as an example.<ref name="ref_bb7462fb">[https://stackoverflow.com/questions/71963136/rough-probability-that-a-random-point-on-secp256k1-could-be-a-valid-public-key Rough probability that a random point on secp256k1 could be a valid public key]</ref>
 +
# If the answer depends on the curve, assume secp256k1.<ref name="ref_bb7462fb" />
 +
# The most widely adopted elliptic curve in the DLT space by far is secp256k1 and the hash function keccak-256.<ref name="ref_4d50f3f5">[https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/draft/documents/sp800-186-draft-comments-received.pdf Public comments received on draft nist sp 800-186:]</ref>
 +
# Unfortunately, neither secp256k1 nor keccak-256, are endorsed in SP 800-186 and FIPS 186-5.<ref name="ref_4d50f3f5" />
 +
# This is despite the fact that there are no significant security differences between for example the NIST endorsed secp256r1 and secp256k1 or the sha3-256 hash versus keccak-256.<ref name="ref_4d50f3f5" />
 +
# Generally speaking, secp256k1 is very popular in the decentralized identity community for authentication purposes.<ref name="ref_4d50f3f5" />
 +
# Most software packages which interact with these systems require Secp256k1 support.<ref name="ref_800387b9">[https://blog.bitjson.com/just-released-webassembly-version-of-secp256k1-10x-faster-than-javascript/ Just released: WebAssembly version of Secp256k1 (10x faster than Javascript)]</ref>
 +
# The program defaults to the secp256k1 base point.<ref name="ref_254b52c9">[https://www.mathworks.com/matlabcentral/fileexchange/73364-secp256k1-elliptic-curve-shared-key-generation-gui secp256k1 Elliptic Curve Shared-Key Generation GUI]</ref>
 +
# They mounted an attack on a small multiplicative subgroup of a group that is mapped to the group of points of Bitcoins elliptic curve secp256k1.<ref name="ref_ba6c1c68">[https://arxiv.org/pdf/2206.14107 SPECIAL SUBSETS OF ADDRESSES FOR BLOCKCHAINS USING THE SECP256K1 CURVE]</ref>
 +
# Denition 5 (The secp256k1 curve).<ref name="ref_ba6c1c68" />
 +
# Secp256k1 was almost never used before Bitcoin became pop- ular, but it is now gaining in popularity due to several beneficial properties.<ref name="ref_1f5e5efe">[https://arxiv.org/pdf/1808.02988 A Secure Multiple Elliptic Curves Digital Signature  Algorithm for Blockchain]</ref>
 +
# Most com- monly-used curves have random structure, but secp256k1 was constructed in a unique, non-random way which allows for especially efficient computation.<ref name="ref_1f5e5efe" />
 +
# In this section, we propose a secure multiple elliptic curves digital signature algorithm (MECDSA), which can avoid any backdoors in the curve used by secp256k1.<ref name="ref_1f5e5efe" />
 +
# 4.3.1 4.3.2 4.3.3 secp256k1 not quite a Barreto-Naerhig curve 5 Evaluation 5.1 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<ref name="ref_84e7c2ea">[https://arxiv.org/pdf/1612.01188 Privacy on the Blockchain: Unique Ring Signatures.]</ref>
 +
 
===소스===
 
===소스===
 
  <references />
 
  <references />
 +
 +
===Spacy 패턴 목록===
 +
* [{'LOWER': 'secp256k1'}]

2022년 9월 16일 (금) 03:07 기준 최신판

메모


노트

말뭉치

  1. Note that because secp256k1 is actually defined over the field Z p , its graph will in reality look like random scattered points, not anything like this.[1]
  2. Note that because secp256k1 is actually defined over the field Z, its graph will in reality look like random scattered points, not anything like this.[1]
  3. Currently Bitcoin uses secp256k1 with the ECDSA algorithm, though the same curve with the same public/private keys can be used in some other algorithms such as Schnorr.[1]
  4. secp256k1 was almost never used before Bitcoin became popular, but it is now gaining in popularity due to its several nice properties.[1]
  5. The main difference between secp256k1 and secp256r1 is that secp256k1 is a Koblitz curve which is defined in a characteristic 2 finite field, while secp256r1 is a prime field curve.[2]
  6. Secp256k1 curves are non-random while secp256r1 is pseudo-randomly structured.[2]
  7. Secp256k1 is a pure SECG curve, while secp256r1 is a so-called NIST curve.[2]
  8. Secp256k1 is the name of the elliptic curve used by Bitcoin to implement its public key cryptography.[3]
  9. When a user wishes to generate a public key using their private key, they multiply their private key, a large number, by the Generator Point, a defined point on the secp256k1 curve.[3]
  10. Because the y component of the equation is squared, secp256k1 is symmetric across the x-axis, and for each value of x, there are two values of y, one of which is odd while the other is even.[3]
  11. If it wasn’t for Satoshi Nakamoto, you probably would never have heard of the secp256k1 Elliptic Curve Cryptography (ECC) method.[4]
  12. Rust bindings for Pieter Wuille’s secp256k1 library, which is used for fast and accurate manipulation of ECDSA signatures on the secp256k1 curve.[5]
  13. In rust-secp256k1 , this is caught at compile-time; in fact, it is impossible to compile code that will trigger any assertion failures in the upstream library.[5]
  14. This library is intended to be the highest quality publicly available library for cryptography on the secp256k1 curve.[6]
  15. Use secp256k1's efficiently-computable endomorphism to split the P multiplicand into 2 half-sized ones.[6]
  16. The secp256k1 elliptic curve is specified in Standards for Efficient Cryptography 1 (SEC 1) and Standards for Efficient Cryptography 2 (SEC 2).[7]
  17. Bitcoin uses a specic Koblitz curve secp256k1 dened by the Standards for Efcient Cryptography Group (SECG).[8]
  18. I want to explore the different dened Koblitz curves from SECG and see why the specic curve secp256k1 was chosen by the creator of Bitcoin.[8]
  19. It is believed that because of security reasons the creator of Bitcoin preferred the non-random secp256k1 over the pseudo-randomly structured secp256r1.[8]
  20. This module provides native bindings to bitcoin-core/secp256k1.[9]
  21. randomBytes ( 32 ) let privKey do { privKey = randomBytes ( 32 ) } while ( ! secp256k1 .[9]
  22. privateKeyVerify ( privKey ) ) const pubKey = secp256k1 .[9]
  23. privateKeyVerify ( privKey ) ) return privKey } } const privKey = getPrivateKey ( ) const pubKey = secp256k1 .[9]
  24. This section describes the elliptic curve, E(0,7), also named as secp256k1, and the subgroup parameters, which are used in Bitcoin, Ethereum, and many other cryptocurrency apps.[10]
  25. By the way, the named curve, secp256k1, refers to the elliptic curve, E(0,7), and those subgroup parameters together as EC domain parameters.[10]
  26. This library provides secp256k1 bindings for Swift with Cocoapods, Carthage and Swift Package Manager on macOS and Linux.[11]
  27. After that you can use all secp256k1 functions as described in the official headers.[11]
  28. How to generate an EC key pair on the secp256k1 curve?[12]
  29. *; // Generate EC key pair on the secp256k1 curve ECKey ecJWK = new ECKeyGenerator(Curve.[12]
  30. SECP256k1 ) public_key = secret_key .[13]
  31. This project contains Haskell bindings for the secp256k1 library.[14]
  32. This procedure explains how to generate a pair of ECDSA keys with the P-256 (secp256k1) curve that you can use to sign and verify your JWTs.[15]
  33. This library wrap the secp256k1 EC(DSA) library into an OCaml library.[16]
  34. Bitcoin uses elliptic curve cryptography for its keys and signatures, but the specific secp256k1 curve used is rather unusual.[17]
  35. @staticmethod def new_random (): return Secp256k1PrivateKey ( secp256k1 .[18]
  36. catch_warnings (): # squelch secp256k1 warning warnings .[18]
  37. This paper develops an approach for arithmetic (point addition and doubling) on secp256k1 Koblitz curve over finite fields using one variable polynomial based on Euclidean division.[19]
  38. The resulting algorithm is tested on realistic secp256k1 Koblitz curve and is shown to be scalable to perform the computations.[19]
  39. Generate public keys from private keys for ed25519, secp256k1 and bls12-381.[20]
  40. The elliptic curve C is the secp256k1 curve.[21]
  41. For your information, Bitcoin Core developers are slowly moving away from OpenSSL towards their own implementation of secp256k1 crypto.[21]
  42. Create a point in the secp256k1 curve.[22]
  43. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve.[23]
  44. For the secp256k1 curve, the private key is 256-bit integer (32 bytes) and the compressed public key is 257-bit integer (~ 33 bytes).[24]
  45. Was secp256k1 chosen to have better interop with bitcoin and for reuse of bitcoin libraries (like pybitcointools)?[25]
  46. For secp256k1 specifically, a = 0 and b = 7, yielding the equation y^2 = x^3 + 7.[26]
  47. In summary, 74 coins use ECDSA and the secp256k1 curve, including Bitcoin, Ethereum, and 48 ERC20 tokens.[27]
  48. 8 coins use multiple signing algorithms and curves (often both ECDSA/secp256k1 and EdDSA/curve25519), such as Polkadot and Tezos.[27]
  49. Therefore, the selection of secp256k1 is likely an artefact of computer history and not a compelling reason to select secp256k1 in new designs.[28]
  50. generate ( curve = SECP256k1 ) public_key = secret_key .[29]
  51. We are working on some detailed estimates for the time required for a quantum computer to break ECC, and are using secp256k1 as an example.[30]
  52. If the answer depends on the curve, assume secp256k1.[30]
  53. The most widely adopted elliptic curve in the DLT space by far is secp256k1 and the hash function keccak-256.[31]
  54. Unfortunately, neither secp256k1 nor keccak-256, are endorsed in SP 800-186 and FIPS 186-5.[31]
  55. This is despite the fact that there are no significant security differences between for example the NIST endorsed secp256r1 and secp256k1 or the sha3-256 hash versus keccak-256.[31]
  56. Generally speaking, secp256k1 is very popular in the decentralized identity community for authentication purposes.[31]
  57. Most software packages which interact with these systems require Secp256k1 support.[32]
  58. The program defaults to the secp256k1 base point.[33]
  59. They mounted an attack on a small multiplicative subgroup of a group that is mapped to the group of points of Bitcoins elliptic curve secp256k1.[34]
  60. Denition 5 (The secp256k1 curve).[34]
  61. Secp256k1 was almost never used before Bitcoin became pop- ular, but it is now gaining in popularity due to several beneficial properties.[35]
  62. Most com- monly-used curves have random structure, but secp256k1 was constructed in a unique, non-random way which allows for especially efficient computation.[35]
  63. In this section, we propose a secure multiple elliptic curves digital signature algorithm (MECDSA), which can avoid any backdoors in the curve used by secp256k1.[35]
  64. 4.3.1 4.3.2 4.3.3 secp256k1 not quite a Barreto-Naerhig curve 5 Evaluation 5.1 Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[36]

소스

  1. 1.0 1.1 1.2 1.3 Bitcoin Wiki
  2. 2.0 2.1 2.2 Why did Satoshi decide to use secp256k1 instead of secp256r1?
  3. 3.0 3.1 3.2 River Financial
  4. A Bluffer’s Guide to secp256k1
  5. 5.0 5.1 secp256k1
  6. 6.0 6.1 bitcoin-core/secp256k1: Optimized C library for EC operations on curve secp256k1
  7. Secp256k1-domain-parameters
  8. 8.0 8.1 8.2 Koblitz curves and its practical uses in bitcoin
  9. 9.0 9.1 9.2 9.3 secp256k1
  10. 10.0 10.1 EC Private Key Example
  11. 11.0 11.1 secp256k1.swift
  12. 12.0 12.1 JSON Web Token (JWT) with ES256K (secp256k1) signature
  13. SECP256K1 vector creation — Cryptography 3.4.7 documentation
  14. secp256k1-haskell
  15. Generate ECDSA keys with the P-256 (secp256k1) curve
  16. secp256k1
  17. A comparison between the secp256r1 and the koblitz secp256k1 bitcoin curves
  18. 18.0 18.1 signing.secp256k1 — Sawtooth latest documentation
  19. 19.0 19.1 Arithmetic of Koblitz Curve Secp256k1 Used in Bitcoin Cryptocurrency Based on One Variable Polynomial Division by Santoshi Pote, Virendra Sule, B.K. Lande :: SSRN
  20. Paul Miller — Elliptic curve calculator
  21. 21.0 21.1 Elliptic-curve keys
  22. Caustic.Secp256k1 – Caustic v0.1.13
  23. CVE-2020-28498
  24. ECDSA: Elliptic Curve Signatures
  25. Elliptic curve choices in Ethereum: secp256k1 vs Curve25519 : ethereum
  26. River Financial
  27. 27.0 27.1 Cryptography behind the top 100 cryptocurrencies
  28. Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022
  29. SECP256K1 vector creation — Cryptography 3.4.4 documentation
  30. 30.0 30.1 Rough probability that a random point on secp256k1 could be a valid public key
  31. 31.0 31.1 31.2 31.3 Public comments received on draft nist sp 800-186:
  32. Just released: WebAssembly version of Secp256k1 (10x faster than Javascript)
  33. secp256k1 Elliptic Curve Shared-Key Generation GUI
  34. 34.0 34.1 SPECIAL SUBSETS OF ADDRESSES FOR BLOCKCHAINS USING THE SECP256K1 CURVE
  35. 35.0 35.1 35.2 A Secure Multiple Elliptic Curves Digital Signature Algorithm for Blockchain
  36. Privacy on the Blockchain: Unique Ring Signatures.

Spacy 패턴 목록

  • [{'LOWER': 'secp256k1'}]
원본 주소 "https://wiki.mathnt.net/index.php?title=타원곡선_secp256k1&oldid=53101"