Bitcoin uses Elliptic Curve Cryptography (ECC) as a cryptographic technique.

ECC is based on a discrete logarithm problem, which is expressed by means of additions and multiplications on the points of an elliptic curve.

ECC methods have been increasingly used since 2004 and can therefore be described as a young method among cryptography methods. Compared to predecessors such as RSA, the advantages are above all comparable safety standards with significantly shorter key lengths.

Instead of factorization-based integer schemas, digital signatures in Bitcoin are based on ECC. Although integer factorization works well in principle, faster computers and better algorithms for factorizing integers have, over time, increasingly required the use of increasingly large prime factors to ensure reasonable security.

The recommended size of the encryption keys used for RSA encryption is between 1024 and 4096 bits. In contrast, elliptic curves offer the same functionality but are not affected by progress in integer factorization; therefore, shorter keys can be used (a 256-bit ECC key is supposed to provide security comparable to a 1024-bit key in an RSA-type scheme).

In short, ECC is considered to be stronger than integer factorization methods for the same key length.

Bitcoin uses elliptic curves to create digital signatures, in particular using a protocol called Elliptic Curve Digital Signature Algorithm (ECDSA).

An elliptic curve is a two-dimensional Bitcoin curve used as a secp256k1 elliptic curve, specified by the US patent.

National Institute of Standards and Technology (NIST). This elliptic curve is a two-dimensional curve which is expressed as follows:

𝑦2 = 𝑥3 + 𝑎𝑥 + 𝑏 (mod p)

These curves are characterized by the fact that they are always symmetrical horizontally with respect to the x axis and a non-vertical line cutting two non-tangent points on the curve will always cut a third point on the curve. Another property is that a non-vertical line tangent to the curve at one point precisely intersects another point on the curve.


To generate public and private keys, the curve properties will define two operations:

  1. Adding points and
  2. Doubling points.

Points addition (G≠Q)

The addition of points, G + Q = R, is defined as the reflection across the x-axis of the third intersection point R’ on a line that includes P and Q. It is easier to understand this using a graph:

Point doubling (G=Q)

If the values of G and Q are equal, then a point doubling occurs, G + G = R, is defined by finding the line tangent to the point to be doubled, G, and taking the reflection across the x-axis of the intersection point R’ on the curve to get R. Here is an example of what it would look like :

A public key can now be generated on the basis of a private key by repeating the functions described ‘adding points’ and ‘doubling points’ on the basis of the (generally known) G-point and the randomly selected ‘private key’ (see formula (3)).

A public key can now be generated on the basis of a private key by repeating the functions described ‘adding points’ and’ doubling points’ on the basis of the (usually known) G-point and the randomly selected ‘private key’.

In the graph above, the point R is our public key and we needed a tangent and an inverse from the point G to get to the point R. Now, the purpose of the operation is to repeat several tangents/inverse from the point G.


nG = E

  • G Point generation
  • E Public key
  • n.Number of combinations from generation point

To create our public key (here E), it took us 3 tangents/inverse to get to point E

The public key (here E) describes the final result of these operations – but the number and order of the tangents/inverse from point G to this point (E) are not known.

Therefore, a reconstruction to the private key(G) from the public key(E) is not possible.

Together, these two operations are used to make a scalar multiplication on the curve. For example, let us imagine that this action was repeated 7 times. We get E=nG So E=7G

E= G + (G + (G + (G + (G + (G + (G + G)))))

The scalar multiplication process is normally simplified by using a combination of point addition and point doubling operations. For example :

E = 7G

E = G + 6G

E = G + 2 (3G)

E = G + 2 (G + 2G)

Here, 7G has been broken down into two point doubling steps and two point addition steps.


Delimited fields

In the context of the ECDSA, a delimited field can be considered as a predefined range of positive numbers within which each calculation must lie. Any number outside this range is recalculated to be within the range.

The easiest way to do this is to calculate the remains, as represented by the modulo (mod) operator. For example, 9/7 gives 1 with a remainder of 2:

9 mod 7 = 2

Here, our delimited field is modulo 7, and all mod operations on this field give a result between 0 and 6 (7 being =0).

The assembly of the whole

The ECDSA uses elliptic curves in the context of a delimited field, which greatly modifies their appearance, the appearance of the curve is removed but not their underlying equations or special properties. The same equation drawn above, in a bounded field of modulo 67, looks like this:

It is now a set of points, in which all x and y values are integers between 0 and 66. Note that the “curve” (represented as a graph) maintains its horizontal symmetry.

The addition of points and doubling are now slightly different visually. The lines drawn on this graph will wrap around the horizontal and vertical directions, like a set of asteroids, maintaining the same slope. Thus, the sum of points (2, 22) and (6, 25) looks like this:

The line passes through point G (2.22) and point Q (6.25). The right continues its path until it reaches the value 67. Once this value is reached, it starts again at 0 since we are in modulo 67. It is important to note that in this example, 67=0

So the right continues in (61,67), it then continues in (61,0) until the coordinate (67,4). It then starts a third loop starting at (0,4) and finally crosses the point (47,39) which is our point R1`. One thus takes its point of reflection with respect to the middle of the graph which is the point (47,28) which corresponds to the point R1.

You will have understood, from the coordinate (0.33), the points repeated sound with a mirror effect, as on the elliptic curve seen previously.

This step is repeated n times before reaching the public key (E). It will therefore be impossible to know the reverse path to return to the private key.

It is important to note that the private key is not set by the user as a password for example. In bitcoin, the private key is generated randomly for a new user on a block string (for example on

The number of possible random private keys is so high that the probability that two users receive the same private key of about 1/2^256 or 1.16+10^77

Comparison: Planet Earth has ~ 10^50 atoms, the Galaxy ~ 10^68 atoms.

It is therefore almost impossible for two users to have the same private key.

As a result, the generation and security of a Bitcoin wallet is the best in terms of security and has so far never identified any security problems or even been hacked in the past. We must not forget that the very value of Bitcoin, the confidence we place in it, lies in this elliptical curve cryptography system.