Link to this headingShort Weierstrass Curves

Curve Formula:

y^2 = x^3 + a*x + b
Link to this headingBrainpool Curves
Link to this headingbrainpoolP160r1
Link to this headingbrainpoolP160t1
Link to this headingbrainpoolP192r1
Link to this headingbrainpoolP192t1
Link to this headingbrainpoolP224r1
Link to this headingbrainpoolP224t1
Link to this headingbrainpoolP256r1
Link to this headingbrainpoolP256t1
Link to this headingbrainpoolP320r1
Link to this headingbrainpoolP320t1
Link to this headingbrainpoolP384r1
Link to this headingbrainpoolP384t1
Link to this headingbrainpoolP512r1
Link to this headingbrainpoolP512t1
Link to this headingAnomalous
Link to this headingBN Curves
Link to this headingANSSI Curves
Link to this headingNIST Curves
B Stands for binary Curve

P Stands for Prime Curve

K Stands for Koblitz curve
B and K don’t use the normal Weierstrass curve formula
Link to this headingB-163 (sect163r2) (ansit163r2)
Link to this headingK-163 (sect163k1)
Link to this headingP-192 (secp192r1) (prime192v1)

192-bit

Link to this headingP-224 (secp224r1) (wap-wsg-idm-ecid-wtls12) (ansip224r1)

224-bit
Is not safe to use

Link to this headingK-233 (sect233k1) (wap-wsg-idm-ecid-wtls10) (ansit233k1)

233-bit

Link to this headingP-233 (sect233p1)

233-bit

Link to this headingB-233 (sect233r1) (wap-wsg-idm-ecid-wtls11) (ansit233r1)

233-bit

Link to this headingP-256 (secp256r1) (prime256v1)

256-bit key
Bruteforce as strong as 128bit [AES](/Crypto/Symmetric Encryption/AES)
Can be vulnerable to attack if when choosing a random x value you don’t check that it is on the curve before using it
Curve is y^2 = x^3 − 3x + 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b

Link to this headingsecp256k1

Is not safe to use
Curve is y^2 ≡ x^3 + 7 \pmod{17}

Example:

Lets choose the mod N = 17 this means that y^2 \equiv x^3 + 7 \pmod{17}
Lets Plot some points:
x = 1, y = 5;  (1^3 + 7 - 5^2 ) % 17 = 0 -> (1 + 7 - 25 ) % 17 = 0 -> -17 % 17 = 0

x = 2, y = 7;  (2^3 + 7 - 7^2 ) % 17 = 0 -> (8 + 7 - 49 ) % 17 = 0 -> -34 % 17 = 0

x = 3, y = 0;  (3^3 + 7 - 0^2 ) % 17 = 0 -> (27 + 7 - 0 ) % 17 = 0 ->  34 % 17 = 0

x = 4, y = ?;  DNE in \pmod{17}

x = 5, y = 8;  (5^3 + 7 - 8^2 ) % 17 = 0 -> (216 + 7 - 36 ) % 17 = 0 -> 68 % 17 = 0

x = 6, y = 6;  (6^3 + 7 - 6^2 ) % 17 = 0 -> (125 + 7 - 64 ) % 17 = 0 -> 187 % 17 = 0

x = 7, y = ?;  DNE in \pmod{17}

x = 8, y = 3;  (8^3 + 7 - 3^2 ) % 17 = 0 -> (512 + 7 - 9 ) % 17 = 0 -> 510 % 17 = 0

x = 9, y = ?;  DNE in \pmod{17}

x = 10, y = 2; (10^3 + 7 - 2^2 ) % 17 = 0 -> (1000 + 7 - 4 ) % 17 = 0 -> 1003 % 17 = 0

x = 11, y = ?; DNE in \pmod{17}

x = 12, y = 1; (12^3 + 7 - 1^2 ) % 17 = 0 -> (1728 + 7 - 2 ) % 17 = 0 -> 1734 % 17 = 0

x = 13, y = ?; DNE in \pmod{17}

x = 14, y = ?; DNE in \pmod{17}

x = 15, y = 4; (15^3 + 7 - 4^2 ) % 17 = 0 -> (3375 + 7 - 16 ) % 17 = 0 -> 3366 % 17 = 0

x = 16, y = ?; DNE in \pmod{17}

x = 17, y = ?; DNE in \pmod{17}
Integer Adding:
y^2 \equiv x^3 + 7 \pmod{17}

A = (15,13)

B = (1, 12)

slope = ((12-13) * mod_inv(1-15)) % 17 = (-1 * mod_inv(-14)) % 17 = (-6) mod 17 = 11


x = ((11 ** 2 ) - 15 -1 ) mod 17 = (105) mod 17 = 3


y = 11 * 3 + (13 - 11 * 15) mod 17 = -119 mod 17 = 0 


A + B = (15,13) + (1, 12) = (3,0)
Integer Doubling:
y^2 ≡ x^3 + 7 (mod 17)
G = (15,13)

slope = ((3 * (15 ^ 2) + 0 / mod_inv(2 * 13))) % mod 17 = 1350 % mod 17 = 7


x = ((7 ** 2) - (2 * 15)) % 17 = (1822470) % 17 = 2


y = (slope * 15 + (13 - slope * 15)) % 17 = (13) % 17 = 13


2 * G = (2,13)
Integer Multiplication:
2 * (15,13) = 2 * (15,13) = (2,10) \\
3 * (15,13) = 2 * (15,13) + (15,13) = (8,3) \\
4 * (15,13) = 2 * (2 * (15,13)) = (12,1) \\
5 * (15,13) = 2 * (2 * (15,13)) + (15,13) = (6,6) \\
6 * (15,13) = 2 * (2 * (15,13)) + 2 * (15,13) = (5,8) \\
Link to this headingK-283 (sect283k1) (ansit283k1)
Link to this headingB-283 (sect283r1) (ansit283r1)
Link to this headingP-384 (secp384r1) (ansip384r1)

384-bit
Is not safe to use

Link to this headingK-409 (sect409k1) (ansit409k1)
Link to this headingB-409 (sect409r1) (ansit409r1)
Link to this headingP-521 (secp521r1) (ansip521r1)

521-bit
Bruteforce as strong as 256bit [AES](/Crypto/Symmetric Encryption/AES)

Link to this headingK-571 (sect571k1) (ansit571k1)
Link to this headingB-571 (sect571r1) (ansit571r1)