top of page

Elliptic Curve Cryptography in Blockchain Technology

By Elif Hilal Umucu


Blockchain technology has a significant impact in many areas. With the emergence of Bitcoin, cryptography is an important concept for blockchain technology, which has made a name for itself in the world. Cryptography is the core of blockchain technology. All transaction information is encoded in blocks that are interconnected and form the structure of the blockchain.

In this study, the mathematical and cryptographic foundations on which cryptocurrencies are built are examined in detail in terms of cryptography. Especially about Elliptic Curve Cryptography, Blockchain Technology has been discussed and the encryption method of this cryptography has been examined in detail.

The general purpose of this article is to give an overview of the elliptic programming method and to analyze the cryptographic programming methods used by Blockchain, to design elliptic curve keying using Python.

I. Introduction

It is known that there was a "value record" even in the times when there was no money going back to ancient times. Transactions and swaps have always been recorded in history. However, a publicly accessible registry/registry mechanism is always a major problem in itself. How to secure a publicly accessible registry? While these data sometimes consist of economic, material and financial data, sometimes they consist of sensitive and personal data. This situation brings with it a trust problem about what to do if the recorded books are passed to unreliable third parties.

The process of listing and describing the assets and transactions in finance is called single-entry bookkeeping. In case of any distinction between liabilities and assets, if the sums of both parties are equal, this book is called double-entry bookkeeping. The issue of three-entry bookkeeping, brought with it by double-entry bookkeeping, has become a tradition that has been going on for years.

As you know, developing technology has replaced traditional recording systems with great innovations and offered better solutions. Instead of using slow and risky systems based on trust, systems in which control and trust are given to technology are becoming widespread. Normal notebooks have started to be replaced by computer networks and nodes, and the use of paper has decreased automatically over time.

When these features are mentioned, the first technology that comes to mind will be Blockchain technology. This technology, in which digital media and data transfer are shared over the network and encrypted all over the world, has changed the concept of trust.

Network participants in the blockchain ecosystem contribute to the blockchain system and all changes are recorded throughout the ledger network. The security is cryptographically protected by miners who decipher complex hash sequences. These contributions make distributed ledgers preferable for reliable payment networks without any middleman or center. During the use of blockchain technology, users will have access to public and private keys, and then they will need to have crypto wallets to keep these private keys safe and process transactions. The private key is the owner's identity, nickname and private password, similar to a personal signature in a distributed network. When sending money during any transfer, the record of the transaction is signed by private keys to maintain authenticity, integrity and non-repudiation verification. The receiver will use his/her private key to decrypt the message encrypted by the sender with the receiver's public key.[1] Cryptocurrency wallets enable these transactions and provide secure tools for private keys.

Cryptography, in its simplest terms, is the definition of different methods and technologies used to ensure that the communication between two parties over any communication medium is secure, especially in the presence of a third party. This technology is achieved by using different methods such as encryption, decryption, signing, pseudo-random numbers generation. Cryptography encrypts or uses a key or a code to decrypt a message that must be kept secret.

II. Blockchain Technology

Blockchain is a digital ledger that keeps track of transfers and transactions using a peer-to-peer network as described above. Blockchains can be public blockchains or closed blockchains depending on whether being a node in the network is restricted.

The first blockchain-based protocol emerged as the cryptocurrency Bitcoin. Since its emergence, multiple uses of blockchain technology have been proposed and implemented. Understanding the working mechanism of the Bitcoin protocol greatly simplifies understanding the various alternatives that have been developed since then. Bitcoin can be defined as a digital ledger maintained via the blockchain in a decentralized peer-to-peer network, where nodes (networked devices) update the ledger and acquire block mining rights through a Proof of Work (PoW) mechanism.

Therefore, it is essential to understand the concepts mentioned above in order to properly understand Bitcoin and most blockchain applications in general. So, what does Bitcoin mean as a ledger, what a decentralized peer-to-peer network means, how cryptography is implemented in the protocol, and what Proof-of-Work (PoW) means is the answer to the question of what industries and for what industries Blockchain technology will be used in the future. In the process of explaining these concepts, besides how blockchains work, their cryptographic operations will be pointed out.

To briefly express the transactions,

  • The transactions in the blockchain data register are copied and sent to all nodes in the distributed network.

  • The posted ledger is the same at every node and cannot be changed retrospectively.

  • A transaction created by a node in the blockchain is signed using a digital signing algorithm.

  • It is then sent to all nodes for validation.

  • At the same time, these unconfirmed transactions are held in a pool.

  • In the blockchain network, nodes that both verify and create blocks are called miners. Mining nodes take transactions from this pool and verify them and add them to the block to be created.

  • By using consensus methods, it is determined which node will broadcast the block to be added to the chain.

  • The identified miner sends the block to other nodes for verification.

  • The verified block is added to the end of the blockchain.

A. Peer-to-Peer network

“The term peer-to-peer is a generic label assigned to network architectures where all the nodes offer the same services and follow the same behavior” (Cornelli et al. 2002).

Peer-to-peer (P2P) networks are basically interconnected node systems in which each node in the network acts as a server and all nodes share a set of rules and maintain a common service.

P2P services include file sharing, bandwidth sharing, streaming and application sharin with other peers. [2] Generally, nodes in a peer-to-peer network operate as both service providers and clients. Because of this server-client duality, the nodes of a P2P network are also called servers.

Most blockchains use open P2P networks that record and verify transactions in a decentralized manner. In this way, protocols will be able to keep track of property rights without a central third party. When we examine Bitcoin, we can see that the P2P network consists of two types of nodes: full nodes that store a copy of the entire blockchain, and Simple Payment Verification (SPV) nodes that store only the block headers. To join the network, a client connects to some fairly randomly chosen nodes and asks them to send the missing data to it. In the case of a new full node this will be the entire blockchain.

B. Blocks

A blockchain is a collection of data blocks containing transactions and transfers. Each block is linked to the previous block, so changing one block will separate it from all subsequent blocks. This feature actually indicates that in order to make changes to any block, all subsequent blocks must be re-mined. Mining is time consuming and costly. [3] Therefore, as the number of subsequent blocks increases, it will become exponentially more expensive to replace one block and subsequent blocks.

Blocks consist of three main elements:

  1. the reference number of the previous block,

  2. a list of transactions,

  3. a nonce number generated for that block.

These three elements are used together as inputs in a function that outputs the reference number of the block.

As explained above, the blocks are chained together as this reference number will then be used as the first element of the next block. The reference number of each block is called the hash number of the block as it is the output of a hash function.

C. Transactions

We can say that Transactions is the framework of the payment system in Bitcoin because transactions are the system itself. A bitcoin itself is nothing more than a chain of transactions that can be traced back to the coin transaction that created that value. In this technology, each transaction made consists of inputs that refer to previous transactions and outputs that indicate where this value goes. [4] Each transaction must spend all its inputs. The differences between the input values and the output values are given as a transaction fee to the miner who blocked the transaction. [5]

Output operations specify a value and a script. This script must be validated before the value can be spent. This means that the input processes also include a script of values, which will validate the output script of the process they reference. Among them are several widely accepted output scripts: P2PKH or slightly more complex (P2SH) scripts. Simpler P2PKH scripts. Simpler P2PKH scripts essentially.

D. Private Key

When you want to make a transaction, you set up a wallet and the first step you need to do when you set up a wallet is to generate your private key. Your private key is a very large random number 256 bits long. This number is so large that you can assign a unique private key to almost every atom in the observable universe. Your private key should be as random and complex as possible. Generating random numbers may be more difficult than it may seem, but this step is essential for the security of your funds and transactions.

In cryptography, only the party exchanging secret messages knows the private or secret key, i.e. the encryption/decryption key. The biggest disadvantage of this system is actually its biggest security. In the event that someone loses or steals the key, disruption of the system entails a personal responsibility.

For example, (A) wants to send a message to (B) where both (A) and (B) share the same key for an encrypted message. If )A) has shared XORs her message with the secret key, then (B) also needs the XOR message with the (same) secret key to decrypt the message.

E. Public Key

The next step is public keys. Your public key is derived from the large random number you generate as your private key. (This is the most important part in elliptical axis cryptography, this is where we have to multiply the points on the curve).

The public key allows to receive cryptocurrency transactions and transfers. A public key is an encryption code paired with a private key. While anyone can send transactions to the public key, you need the private key to "unlock" them and prove that you are the owner of the cryptocurrency received in the transaction. The public key that can receive transactions is usually an address, which is the abbreviation of your public key. It is possible to compare this situation to e-mail addresses and local bank account number (IBAN) information. There should be no worries when sharing public keys. In a cryptocurrency transfer in the blockchain ecosystem, accounts communicate with public keys.

F. Hash Functions

A true cryptographic multi-tool, hash functions are widely used in computer science and cryptography in a wide variety of different contexts. They can be used to check the integrity of the content of some files and also as an ID for some pieces of data. The basic idea in the concept of hash is that the function takes some long string of data and produces a short fixed-length hash or message digest corresponding to the input string. In the context of cryptography, it is common to require hash functions to meet some other properties, as outlined by Gauravam and Knudsen (2010):

1. preimage resistance (also known as obfuscation property or unidirectionality) means that if we are given the output of a hash function, we will not be able to find the input value that produced it.

2. second preimage resistance means that once we know an input value m, we cannot find another input m0 such that H(m) = H(m0).

3. collision resistance is a stronger requirement than the previous. It is asked that it is not possible to find any m and m0 with the same value.

It's enough if the hash computation is such that it takes an excessive amount of computation to find one. Similarly, for the front display resistor (feature 1), one could theoretically iterate over all possible input values to find the right one. To process arbitrary-length inputs into a fixed-size output, hash functions use a system known as compression functions. One way that this result is achieved is by means of the so-called Merkle-Damg˚ard construction.

This involves splitting the initial message into fixed length blocks, padding (adding, for instance, zeroes to achieve desired length) as necessary, and passing the message through the compression function one block at a time along with the hash of the previous block. The figure below presents the compression function that is used in the SHA-256 algorithm (Secure Hash Algorithm) [6] specified in FIPS 180-4 .[7] Here, solid boxes represent 32-bit variables used in the calculation (a − h, Wt and Kt) and dashed boxes operations on those variables. Arrows depict the movement of values between variables (assignments), sometimes involving changing the variables through some operations. Variables a − h hold intermediate values, Kt is a constant, one of sixty-four that are defined in a somewhat arbitrary manner, and Wt is a value that is derived from the message block being processed via some bit operations. This compression function is run sixty-four times on each 512-bit block of the message, with a different value of Kt and Wt each round. Additions are performed modulo 2³², the ⊕-symbol denotes the bitwise exclusive-or (XOR) operation and ≫ bitwise right rotation

III. Cryptology

The subject of communication that describes the design and use of encryption, which includes the methods and principles that transform any message into an incomprehensible form and convert the incomprehensible encrypted message back into an understandable message, is called cryptology. Cryptology is divided into two parts:

  • Cryptography

  • Cryptanalysis

Cryptography [8[ is a science that studies information security. Studies on mathematical methods dealing with information security issues such as reliability, data integrity, and authentication are the most important subjects of cryptography. These methods also include problems that may be encountered during the transmission of information. Therefore, cryptography aims to protect the information and, together with this information, the sender and receiver of the information. The purpose of cryptanalysis is to obtain the content of an encrypted message (finding the unencrypted message). Therefore, secret keys are always used to control the encryption process.

There are some security concepts that can be expected from the communication systems used in order to be able to say that an information will be transmitted securely or that the information obtained has been obtained securely:

  • Confidentiality (privacy): It is to keep the information confidential from everyone except those who are authorized to see it.

  • Authentication: It is the guarantee that the sender of a transmitted message is really the sender.

  • Data Integrity: Integrity is the guarantee that the entire connection or a single piece of data is as it was sent, and that no changes, additions or rearrangements have been made on it.

  • Non-Repudation: The receiver or sender cannot deny the transmitted message. Thus, when a message is sent, the receiver can prove that the sender sent the message, and similarly, the sender can prove that the receiver received the message.

  • Access Control: It is the guarantee that unauthorized people or applications will not be able to access the resources they should not access. In the context of network security, access control is the ability to control and limit access to host systems.

A. Cryptographic Algorithms

All modern algorithms use a key to encryption and decryption; a message can be decrypted only when the key used matches the encryption key. During encryption, two different methods can be used, keyed and keyless. Hash functions [9], compression functions are examples of keyless methods. Keyed cryptosystems can be listed under two main headings:

  • Symmetric-key encryption (or secret-key encryption)

  • Asymmetric encryption (or public-key encryption)

1. Symmetric-key Encryption

In symmetric encryption algorithms, a single secret key is used to encrypt and decrypt the message. After performing the encryption operations, while sending the ciphertext to the receiver, it must securely send the secret key along with the ciphertext to the receiver. Symmetric encryption algorithms are widely used today because they can perform very fast encryption and decryption operations.

These are symmetric encryption algorithms :

  • Blok-cipher Algorithms (AES, DES, IDEA, Skipjack, RC5 …)

  • Stream Encryption Algorithms(RC2, RC4…)

2. Asymmetric-key encryption

In public-key cryptosystems, or in other words, asymmetric encryption, each party uses a key pair called public (A) and secret (B). The a used as the encryption key need not be secret. The basic idea behind public-key cryptography is that the public key (A) is hard to find, even though the decryption key (B) is given. Public key systems are used in applications such as digital signature and key exchange protocols[10].

These are asymmetric encryption algorithms:

  • RSA

  • El Gamal

  • Elliptic Curve Systems

  • Diffie-Hellman Key Determination

  • Code-based Cryptosystems

IV. Elliptic Curve Cryptography

Elliptic curve ciphers were first proposed independently by Victor Miller and Neal Koblitz in the mid-1980s. At a high level, they are analogues of existing public-key cryptosystems in which modular arithmetic is replaced by operations defined on elliptic curves. As with all public-key cryptosystems, the security of elliptic curve cryptosystems relies on difficult mathematical problems at the core [11]. Given two points G and Y on an elliptic curve such that Y = kG (ie, Y is G added to it k times), find the integer k. This problem is often called the elliptic curve discrete logarithm problem. Currently, general methods of calculating discrete logarithms of elliptic curves are much less efficient than traditional methods of factoring or calculating discrete logarithms [12].

Elliptic curves are not ellipses. They are named that way because they are represented by expressions similar to the cubic equations used to calculate the circle of an ellipse. If we consider a K field, it can be K, R Real numbers, Q Rational numbers, C- Complex numbers, or if we assume that p is a prime number, it can be Fq -finite field consisting of q=pr elements. The characteristic of the finite field GF(2) is 2, and the characteristic of real and complex numbers is infinity. [13]

As a result, shorter key sizes can be used to achieve the same security of traditional public key cryptosystems, which can lead to better memory requirements and improved performance. In general, the best attacks on elliptic curve discrete logarithm problems have been general brute force methods. The lack of more specific attacks means that shorter key sizes for elliptical cryptosystems appear to provide similar security as much larger keys that can be used in cryptosystems based on the discrete logarithm problem 5 random special values a and Bob generating a random special value b. Both a and b are integer factorizations. There are more effective attacks for certain elliptic curve options.

Uses of elliptic curve cryptography

[14] :

  • To generate the keys used,

  • To sign messages,

  • To verify the signature on a message.

Let's add itself to the number 1 in an object. If 1+1 = 0, then the characteristic of this object is 2. If 1+1+1 = 0, then the characteristic of this object is 3. In general, if 1+1+1+…………+1 = 0, then the characteristic of the object is n.

n If the number 1 itself can be added infinitely in the object, then the characteristic of the object is 0. For any body K, the general equation of the elliptic curve is:

y² +axy+by= x³ +cx² +dx+e

If the characteristic of object K is , Char(K) = 2, the result:

y² +ay= x³ +bx+c veya y² +xy= x³ +ax² +b

If the characteristic of object K is Char(K) = 3, the result:

y² = x³ +ax² +bx+c

If the characteristic of the object K is Char(K) ≠2 or 3, then y² = x³ +ax+b. We use Affine Transforms for each equation, and the x,y,a,b,c,d and e values in this equation are also located above the K object [15]. We can call the equation E elliptic curve equation, which satisfies any of the conditions mentioned above, is located in the K field and consists of the set of (x,y) points [16].

y² = x³ +ax+b the numbers a and b in this equation are real numbers and 4a³ +27b² ≠0 must be so that x³ +ax+b does not have multiple roots. If it satisfies these conditions, we say that y² = x³ +ax+b is an elliptic curve. There is also an O notation in the definition of the elliptic curve, called infinity or the zero point, which we will explore in more detail later. Equations of this type are called cubic because the largest degree exponent is 3.

Let K be a field of characteristic ≠ 2,3, and let x + ax + b 3 (where a,b ∈ K ) be a cubic polynomial with no multiple roots. An elliptic curve over K is the set of points (x,y) with x, which satisfy the equation: y² = x³ +ax+b

Together with a single element denoted ∞ and called the “ point at infinity” ;

If K is a field of characteristic 2, then an elliptic curve over K is the set of points satisfying an equation of the type either y² + cy = x³ +ax+b Or else y² + xy = x³ +ax²+b

(here we do not care whether or not the cubic on the right has multiple roots) together with a “point at infinity” ∞. [17]

If K is a field of characteristic 3, then an elliptic curve over K is the set of points satisfying the equation: y² = x³+ ax² + bx + c

The graph of the elliptic curve equation given as a=-4 and b=0.67 :

This graph is the elliptic curve of y² = x³ -4x+0.67

If the 3 points of an elliptic curve lie on a straight line, they are summed up as the O infinity notation. Starting from this explanation, we can define the following rules for an elliptic curve:

  1. For any point P on the elliptic curve,

  2. P+O=P. If a vertical line intersects the elliptic curve at two points P1=(x,y) and P2=(x, −y) for the same value of x, that line is also intersecting the elliptic curve at the point of infinity. So P1+P2+O =O and P1=−P2. So the negative of a point is a point on the x-axis with the same value, and the value of that point on the y-axis is the negative of the first point.

  3. When we select points Q and R with different x coordinates and draw a straight line through these two points, we find the third point of the intersection, P1. There is only one point P1 (if the line we have drawn is tangent to one of the points Q or R, then we get P1=Q or P2=Q). In this case, Q+R+P1=O and hence Q+R = − P1.

For example, when P is Q ∈ EF(a,b) and k<p, let Q=kP. While it is relatively easy to calculate the value of Q given k and P, it is indeed very difficult to calculate the value of k given Q and P, and this problem summarizes the elliptic curve problem.

V. Elliptic Curve Cryptography in Python Programming Language

The ECDH protocol can be implemented in the the Python programming language, for this case the Python programming language has the Elliptic Curve Library.

The tinyec library will be used for ECC in Python.


pip install tinyec


from tinyec import

import secrets

def compress(publicKey):

return hex(publicKey.x) + hex(publicKey.y % 2)[2:]

curve = registry.get_curve(’brainpoolP256r1’)

Ka = secrets.randbelow(curve.field.n)

X = Ka * curve.g print("X:", compress(X))

Kb = secrets.randbelow(curve.field.n)

Y = Kb * curve.g print("Y:", compress(Y))

print("Currently exchange the publickey (e.g. through Internet)")

#(A): represents person A

#(B): represents person B

A_SharedKey = Ka * Y

print("A shared key :",compress(A_SharedKey))

B_SharedKey = Kb * X

print("(B) shared

key :",compress(B_SharedKey))

print("Equal shared keys:", A_SharedKey ==


VI. Example

We consider here that the secret keys KA and KB are generated randomly by sender (A) and receiver (B) using the code explained in the previous section. Therefore, the randomly generated keys KA and KB are given by

KA = 1b66c808e6b5be6d6620934bc6ffa2b8b47f 9786c00

2bfb06d53a0c27535641a5d1 KB= 1c7d15195432d1ac7f38aeb054d07d9b2e1faa913b7


Let us assume that (A) and (B) pre-agreed with the point Q given by


0x3259305sfgr211f 446bddc050cf 7fb11b 5673a1645086df 3b)

When (A) send the point X = KAQ to (B) and (B) shared the point Y = KBQ with (A) then the generated secret key is shared between (A) and (B) . This secret key is common for both the users and is given by

KS=0x94f5a1cf2ed1dbb4322178df6bb4dd742c541884618b2989a3e5e66319 667a640

The elliptic curve which is being used for the ECDH calculations is 256-bit named curve brainpoolP256r1(uses Diophantine equation for the generation of points). The private keys are randomly 256-bit (64 hexadecimal digits) . The public keys and shared keys are 257 bits (65 hexadecimal digits , 256 bit due to key compression). Due to randomization the secret keys KA and KB are different but the calculated shared secret key between (A) and (B) will always be same.

VII. Conclusion

Encryption is defined in academic literature as the process of converting a plain text into randomly generated nonsense text called ciphertext. Decryption is defined as the conversion of ciphertext to its original form. The purpose of every encryption and decryption algorithm is to secure data and protect it from attacks.

Mathematics and cryptography appear in all areas of life, even if we do not realize it. Even when we share data on social media, use an end-to-end secure application or enter the Blockchain ecosystem by making crypto money transactions, we are actually within the domain of cryptography.

In this study, we examined elliptic curves over a finite field with cryptographic applications. We implemented the elliptic curve cryptography and key sharing algorithm in python by explaining it with computer code. The algorithm in the elliptic curve of a key shared between (A) and (B) can be explained and coded with the python programming language. We see that defining an elliptic curve over a finite area gives us more security. So, let's define an elliptic curve on Zp (where p is a prime number). When you choose p as a large prime number, it means that the ciphertext is very difficult to crack.



[1] FINRA. Distributed Ledger Technology: Implications of Blockchain for the Securities Industry. Report, FINRA, Jan. 2017

[2] FINRA. Distributed Ledger Technology: Implications of Blockchain for the Securities Industry. Report, FINRA, Jan. 20

[3] D. Appelbaum and R. A. Nehmer. Designing and Auditing Accounting Systems Based on Blockchain and Distributed Ledger Principles. Presented at 40th World Continuous Auditing & Reporting Symposium - Newark, NJ, 2017.

[4] Cryptocurrency Wallet Guide: A Step-By-Step Tutorial, 2017. URL

[5] C. Allen et al., “Decentralized public key infrastructure - a white paper from rebooting the web of trust,” specify a public key that is verified by its digital signature in the transaction. P2SH scripts point to another script that can be used to enforce additional conditions to spend this value, such as confirmation by multiple parties (Narayanan et al., 2016).

[6] R. McMillan. Want Cheaper Bitcoins? Hit Someone With a DDoS Attack, December 26, 2013. URL

[7] Full Drive Encryption international Technical Community. collaborative Protection Profile for Full Drive Encryption Authorization Acquisition, February 1, 2019. are performed modulo 2³², the ⊕-symbol denotes the bitwise exclusive-or (XOR) operation and ≫ bitwise right rotation.

[8] San Pedro. Details about the Side-Channel Attacks on Trezor One Hardware Wallet, March 14, 2019. URL https://\ the-side-channel-attacks-on-trezor-one hardware-wallet-62e2d278e803.

[9] Knuth, Donald, ‘The Art of Computer Programming’, Volume 3, Sorting and Searching, pp. 506–542, 1973

[10] Stinson, D.R., Cryptography: Theory and Practice, Crc Press, Boca Raton, 1995

[11] Husemöller, D., Elliptic Curves, Springer – Verlag, New York, 2004

[12] Koblitz, N., Introduction To Elliptic Curves and Modular Forms, Springer – Verlag, New York, 1993.

[13] Kendirli, B., Number Theory with Cryptographic Applications, Fatih University, Istanbul, 2005

[14] Cassels, J.W.S., Lectures on Elliptic Curves, Cambridge University Press, New York, 1995.

[15] Washington, L. C., Elliptic Curves Number Theory and Cryptography, Chapman & Hall/CRC, Boca Raton, 2003.

[16] Husemöller, D., Elliptic Curves, Springer – Verlag, New York, 2004.

[17] Enge, A., Elliptic Curves and Their Applications to Cryptography An Introduction, Kluwer Academic Publishers, Boston, 1999


About the Author

Entering her Blockchain and Technology Law career with cryptography, Elif Hilal developed her own encryption method when she was only 10 years old. She then began to learn encryption mechanisms and the science of cryptography. She found the way to communicate with computers by learning to code, she learned to code when she was a freshman at university. While she was a university student, she had the chance to work as a blockchain researcher in the Digital Transformation Office of the Presidency of the Republic of Turkey. In addition, she was elected as the Microsoft Turkey Student Ambassador and represented her country many times in the international arena.

Elif Hilal, who has been working on Blockchain for about 6 years, is currently working on Blockchain at Chainlink Labs.

bottom of page