Skip to main content

Try it Live

Run Secp256k1 examples in the interactive playground
This page is a placeholder. All examples on this page are currently AI-generated and are not correct. This documentation will be completed in the future with accurate, tested examples.

Examples

Secp256k1 Point Operations

Low-level elliptic curve point arithmetic operations underlying ECDSA signatures.

Curve Definition

Secp256k1 uses the Weierstrass curve equation:
Parameters:
  • Prime field: p = 2²⁵⁶ - 2³² - 977 (SECP256K1_P)
  • Curve order: n = 2²⁵⁶ - ~2³² (SECP256K1_N)
  • Coefficients: a = 0, b = 7
  • Generator: G = (Gx, Gy) where:
    • Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
    • Gy = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8

Affine Coordinates

Points represented as (x, y) satisfying the curve equation.

Point Representation

Point Validation

Check if point lies on curve:

Point Addition

Add two different points: R = P + Q

Algorithm

Given P = (x₁, y₁) and Q = (x₂, y₂) where x₁ ≠ x₂:
  1. Calculate slope: λ = (y₂ - y₁) / (x₂ - x₁) mod p
  2. Compute x-coordinate: x₃ = λ² - x₁ - x₂ mod p
  3. Compute y-coordinate: y₃ = λ(x₁ - x₃) - y₁ mod p
Result: R = (x₃, y₃)

Implementation

Example

Point Doubling

Double a point: R = 2P

Algorithm

Given P = (x₁, y₁):
  1. Calculate slope: λ = (3x₁²) / (2y₁) mod p (tangent line slope)
  2. Compute x-coordinate: x₃ = λ² - 2x₁ mod p
  3. Compute y-coordinate: y₃ = λ(x₁ - x₃) - y₁ mod p
Result: R = (x₃, y₃)

Implementation

Example

Point Negation

Negate a point: R = -P

Algorithm

Given P = (x, y):
Negation reflects the point across the x-axis.

Implementation

Example

Scalar Multiplication

Multiply point by scalar: R = k * P

Double-and-Add Algorithm

Compute k * P for scalar k:

Implementation

Example

Optimizations

Window Method (wNAF)

Precompute multiples of P for faster scalar multiplication:

Fixed-Base Multiplication

When multiplying by generator G repeatedly, precompute multiples:

Projective Coordinates

Avoid expensive modular inversions by using projective coordinates (X, Y, Z):
Point addition (projective):
  • No modular inversions required
  • ~12 multiplications + 4 squarings
Point doubling (projective):
  • No modular inversions required
  • ~7 multiplications + 5 squarings
Trade-off: More multiplications, but faster overall (inversions very expensive).

Coordinate Conversions

Affine to Compressed

Compressed to Affine

Security Considerations

⚠️ Constant-time operations required: All point operations must execute in constant time to prevent timing attacks: Vulnerable:
Secure:
Our implementations:
  • TypeScript (@noble/curves): ✅ Constant-time
  • Zig (custom): ⚠️ NOT constant-time