Public Keys: Elliptic Curve Cryptography

While a private key is a secret integer scalar, its corresponding public key is a mathematical coordinate point on a specific elliptic curve.

Bitcoin uses Elliptic Curve Cryptography (ECC) to derive public keys from private keys in a mathematically secure, one-way fashion.

---

📈 The secp256k1 Elliptic Curve Specification

Bitcoin utilizes an elliptic curve standard named secp256k1, established by Certicom.

The curve is defined by the following algebraic equation:

$$y^2 = x^3 + 7 \pmod p$$

The operation $\pmod p$ means this equation is evaluated over a finite field of prime order $p$, where:

$$p = 2^{256} - 2^{32} - 977$$

Because the math is performed over a finite field (using clock-like modular arithmetic), the "curve" does not look like a smooth continuous line. Instead, it is a scatter plot containing a vast, discrete set of coordinate points $(x, y)$ whose coordinates are integers between $0$ and $p - 1$.

         secp256k1 FINITE SCATTER FIELD (VISUAL CONCEPT)
┌────────────────────────────────────────────────────────┐
│   .           *                      .            *    │
│         .           .      *                           │
│   *           Point K(x, y)          .      *          │
│         .           │                .                 │
│                     ▼                                  │
│   .           (Coordinate integers)        *           │
│         *                            .           .     │
└────────────────────────────────────────────────────────┘

---

🧮 Calculating the Public Key

To generate a public key from a private key, Bitcoin performs scalar multiplication:

$$K = k \cdot G$$

Where: * $K$: The resulting Public Key (a coordinate point $(x, y)$ on the curve). * $k$: The Private Key (the secret 256-bit scalar integer). * $G$: The Generator Point, a fixed, standard starting coordinate point on the curve shared by all Bitcoin software.

⚙️ What "Multiplication" Means on a Curve

In elliptic curve math, multiplication is defined as repeated point addition:

$$k \cdot G = G + G + G + \dots \quad \text{(k times)}$$

Adding two points together on an elliptic curve is not a simple addition of coordinates; it is an algebraic operation that involves drawing a line through the two points, finding where it intersects the curve a third time, and reflecting that intersection across the x-axis.

---

🔒 The One-Way Trapdoor: ECDLP

Scalar multiplication is a trapdoor function—it is easy to compute in one direction, but impossible to reverse.

• Forward Direction (Easy): Computing $K = k \cdot G$ is extremely fast. Even though $k$ is an astronomically large number, computers use the Double-and-Add algorithm to perform this multiplication in only a fraction of a millisecond.
• Reverse Direction (Impossible): If an attacker knows your public key $K$ and the standard generator point $G$, they cannot divide $K$ by $G$ to find your private key $k$:

$$k \neq \frac{K}{G}$$

Finding $k$ requires solving the Elliptic Curve Discrete Logarithm Problem (ECDLP). The fastest classical algorithms available today would take billions of years to compute $k$ from $K$, keeping your funds completely secure.