Elliptic Curve Multiplication: The Anchor Guide to Public Key Derivation
Elliptic Curve Multiplication: The Anchor Guide to Public Key Derivation
Executive Summary: Elliptic Curve Cryptography (ECC) is the foundation of Bitcoin's asymmetric security. A public key is derived by performing Scalar Multiplication—multiplying a secret private key ($k$) by a standardized generator point ($G$) on the secp256k1 curve. This process is a "One-Way Trapdoor Function": while it is computationally easy to derive a public key from a private key, it is mathematically impossible to reverse the process to find the private key from the public key.
🔍 Why This Module Matters
Elliptic Curve math is the "Glue" that binds your secret keys to your public identity. Without these specific coordinate operations, there would be no way to prove ownership of coins without revealing your private secrets. In this module, we will deconstruct the algebraic laws of Point Addition, Point Doubling, and the Double-and-Add algorithm. You will learn exactly how a computer converts a massive 256-bit random number into a unique $(x, y)$ coordinate on the curve.
🏛️ The secp256k1 Curve: Bitcoin's Mathematical Playground
Bitcoin uses a specific elliptic curve called secp256k1. The equation is elegantly simple: $$y^2 = x^3 + 7$$ This equation is computed over a Finite Field of prime order $p$. This means all results are "wrapped" around a massive prime number, ensuring they stay within the 256-bit range.
The Generator Point (G)
To ensure everyone is on the same page, the protocol defines a fixed "Starting Point" called $G$.
-
Role: Every public key in Bitcoin is just $G$ added to itself $k$ times.
-
The Trapdoor: Even though everyone knows $G$ and your Public Key ($K$), nobody can calculate how many times $G$ was added to get to $K$. This is the Elliptic Curve Discrete Logarithm Problem (ECDLP).
⚙️ Geometric Arithmetic: Addition and Doubling
Adding points on a curve is not like adding numbers. It follows a specific geometric rule: "Three points on a line sum to zero."
1. Point Addition (P + Q = R)
To add two different points $P$ and $Q$:
-
Draw a straight line through $P$ and $Q$.
-
The line will hit the curve at a third point.
-
Reflect that third point across the x-axis to find $R$.
2. Point Doubling (P + P = 2P)
To add a point to itself:
-
Draw a tangent line at point $P$.
-
The line will hit the curve at a second point.
-
Reflect that point to find $2P$.
graph LR subgraph Geometric_Rule A[Start at G] --> B[Double to 2G] B --> C[Double to 4G] C --> D[Add G to 4G = 5G] end
🛠️ The "Double-and-Add" Algorithm: $O(\log n)$ Speed
If your private key is $2^{256}$, a computer cannot manually perform $G + G + G \dots$ trillions of times. It would take longer than the life of the universe. Instead, computers use Binary Multiplication.
The Process
-
Binary Expansion: Break your private key into binary bits (e.g.,
1101...). -
Doubling: At every step, double the current point.
-
Adding: Only add the current doubled point to your result if the binary bit is
1.
The result: A 256-bit multiplication is finished in exactly 256 doublings and at most 256 additions. This takes a modern processor less than 1 millisecond.
| Private Key (Scalar) | Coordinate Result (Public Key) |
|---|---|
| 1 | The Generator Point ($G$) |
| 2 | $2G$ (Tangent at $G$) |
| $n-1$ | $-G$ (Reflection of $G$) |
| A Random 256-bit integer | A seemingly random $(x, y)$ coordinate. |
🛡️ The Trapdoor: Why You Are Secure
The security of Bitcoin relies on the Irreversibility of this multiplication.
-
Forward: $k \times G = K$ (Very Easy)
-
Backward: $K \div G = k$ (Impossible)
There is no "division" in elliptic curve math. To find $k$, an attacker must use a "Brute Force" or a "Baby-step Giant-step" algorithm, both of which are computationally ruinous for a 256-bit space.
🎯 Learning Objectives for this Module
By the end of this module, you will be able to:
-
Define the secp256k1 curve equation used by Bitcoin.
-
Describe the geometric process of Point Addition and Point Doubling.
-
Explain the function of the Generator Point ($G$).
-
Trace the logic of the Double-and-Add algorithm for scalar multiplication.
-
Understand why the Discrete Logarithm Problem prevents reversing a public key.
🗺️ Module Roadmap: What's Next?
Now that we've derived the raw $(x, y)$ coordinate, we must format it for the network:
-
Compressed Public Keys: How to represent a key in 33 bytes instead of 65.
-
Pure Python Derivation: Building a coordinate calculator from scratch.
-
Hash160 Hashing: Creating the "Address" from the public key.
-
Schnorr Public Keys: Exploring the new x-only coordinate standard.
🎓 Summary
Elliptic Curve multiplication is the "One-Way Street" of Bitcoin security. It allows you to transform a private secret into a public identity with absolute certainty and total irreversibility. By mastering the arithmetic of secp256k1, you are looking directly at the cryptographic engine that powers every transaction on the ledger.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: