The Maths Behind the Bitcoin Blockchain
WARNING — may contain maths!
There’s lots of interesting maths going on beneath the hood of bitcoin, much of which unfortunately doesn’t enter the mainstream airtime because it’s considered too complex for the average person to understand. However it’s critical to the security and accessibility of the bitcoin protocol and so in this article I am going to outline some of the key mathematical concepts which allow you to send, spend and keep your bitcoins safe.
Elliptical Curve Cryptography
Elliptic Curve Cryptography (ECC) is the use of elliptic curves to generate public and private key pairs over a finite field. An elliptic curve, as see in the diagram below, is of the form:
And within ECC it is derived over a finite field, therefore both the x and y axis will have a limit.
The use of the properties associated with these curves allow the generation of two connected points on the curve which are relatively computationally light to plot one way but practically computationally impossible to compute the other. This is referred to as asymmetric cryptography and allows one point to be made publicly known (the public key) without fear that someone could compute the associated point (the private key).
Bitcoin’s elliptic curve is of the form:
Here the constant d is being defined as 7 mod 1.158 x10⁷⁷ (for an understanding of modular arithmetic read this , however it can be understood as similar to a clock, which is mod 12. As such after the hour hand crosses 12 noon the time become 1.00pm, thus (on a 12 hour clock) the numbers shown can only be 1,2,3,4,5,6,7,8,9,10,11 and 12, before it cycles round to 1 again.
Therefore, in mod 12:
8 = 8 mod 12( as 8 is less than 12)
14 = 2 mod 12 ( as when we reach 12 we ‘max out’ and must start counting from 1 again)
It is also important to note that the finite field over which the curve is defined is which is the prime integers (whole numbers which are prime).
This curve is referred to as secp256k1 and known as a Kobiltz curve as unlike standard elliptical curves which have a random structure, secp256k1 was constructed in a non-random way to aid efficient computing. As such it is c.30% faster to compute with and as the constants (the a, b, c and d in our above example) were selected in a predictable way it is less likely that there is a back door in the curve which could be used to ‘hack’ the maths.
So now let’s dig into how this curve is used within the bitcoin protocol…
Public-Private Key Generation
Secp256k1 is used to generate public and private key pairs which allow users within the bitcoin network to receive and spend bitcoins.
The public key is translated into a slightly more readable format which is referred to as a bitcoin address and can be made public for anyone to send bitcoins to you. However your private key must be kept secret, as knowing a private key entitles you to have control over any bitcoins associated with the corresponding public key.
In order to generate the public/private key pair you must first choose a generator point, g, on the curve (the green dot labelled ‘g’). Then draw a tangent from this point (a straight line — in blue), and this will touch the curve at exactly one other point. This is reflected in the x axis and becomes point ‘2g’.
Next connect ‘g’ and ‘2g’ (orange line) and this will touch the curve at only one other point, which reflected back up through the x axis will provide point ‘3g’. This process continues of connecting the original generator point g and the new multiple of g, by mirroring through the x axis. The correct term for this is point addition.
As such, given the initial generator point (where you start) and a point ‘k’ on the curve (where you finish), it would be very difficult to know how many times you had completed point addition without re-running the whole process again. Even if your computer could do one trillion point addition operations per second and you had been running your computer since the beginning of the universe, you would’ve only done ²⁹⁸ point addition operations by now.
The number of times you have completed point addition is referred to as your private key ‘x’, and the public key is ‘k’. The generator point is also publicly known as this does not compromise the security in the network owing to the extreme difficulty of computing x from k and g alone.
An added complexity within this process is that the curve shown above is over an infinite field e.g there is no maximum x or y axis value. However, secp256k1 is over a finite field of integer primes and as such graphically it looks more similar to the chart above.
It is also worth noting that the size of the keys are 256 bit integers, so 64 hexadecimal characters. This provides a large area for the curve to work across and makes computations much more difficult, thus increasing security.
We have therefore explored the type of curve used beneath the bitcoin blockchain, the Elliptic Curve known as secpt256k1, and seen how this combined with modular arithmetic and point addition combines to provide two points on a curve which are related but incredibly difficult to compute backwards. This provides us with a mathematical underpinning of how public and private keys are generated.
In the next part of ‘The Maths Behind the Bitcoin Blockchain’ we will explore the maths which generates bitcoin wallets and see how signatures ensure you can prove your ownership of a private key, without revealing the private key itself.