secp256k1
What is secp256k1?
secp256k1A Koblitz elliptic curve defined by SEC 2, providing ~128-bit security and used by Bitcoin, Ethereum, and many other blockchains for ECDSA and Schnorr signatures.
secp256k1 is the elliptic curve y^2 = x^3 + 7 over the prime field 2^256 - 2^32 - 977, specified in SEC 2 (Standards for Efficient Cryptography). It is a Koblitz curve with a special j-invariant of 0, which enables endomorphism-based scalar multiplication and very fast software implementations. It offers roughly 128 bits of security with 32-byte keys and 64-byte ECDSA signatures (or 64-byte BIP-340 Schnorr signatures). Although NIST prefers secp256r1 (P-256), secp256k1 became the de facto standard for cryptocurrencies after Bitcoin adopted it in 2009, and is used by Ethereum, Bitcoin Cash, Litecoin, and most EVM chains for transaction signing and address derivation.
● Examples
- 01
Bitcoin uses ECDSA over secp256k1 (and Schnorr via BIP-340 since Taproot).
- 02
Ethereum addresses are derived from the Keccak-256 hash of the secp256k1 public key.
● Frequently asked questions
What is secp256k1?
A Koblitz elliptic curve defined by SEC 2, providing ~128-bit security and used by Bitcoin, Ethereum, and many other blockchains for ECDSA and Schnorr signatures. It belongs to the Cryptography category of cybersecurity.
What does secp256k1 mean?
A Koblitz elliptic curve defined by SEC 2, providing ~128-bit security and used by Bitcoin, Ethereum, and many other blockchains for ECDSA and Schnorr signatures.
How does secp256k1 work?
secp256k1 is the elliptic curve y^2 = x^3 + 7 over the prime field 2^256 - 2^32 - 977, specified in SEC 2 (Standards for Efficient Cryptography). It is a Koblitz curve with a special j-invariant of 0, which enables endomorphism-based scalar multiplication and very fast software implementations. It offers roughly 128 bits of security with 32-byte keys and 64-byte ECDSA signatures (or 64-byte BIP-340 Schnorr signatures). Although NIST prefers secp256r1 (P-256), secp256k1 became the de facto standard for cryptocurrencies after Bitcoin adopted it in 2009, and is used by Ethereum, Bitcoin Cash, Litecoin, and most EVM chains for transaction signing and address derivation.
How do you defend against secp256k1?
Defences for secp256k1 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for secp256k1?
Common alternative names include: SEC2 secp256k1, Bitcoin curve.
● Related terms
- cryptography№ 369
ECDSA
The elliptic-curve variant of the Digital Signature Algorithm, standardized in FIPS 186, producing compact signatures whose security relies on the elliptic-curve discrete logarithm problem.
- cryptography№ 374
Elliptic Curve Cryptography (ECC)
A family of public-key algorithms based on the algebraic structure of elliptic curves over finite fields, offering equivalent security to RSA with much smaller keys.
- cryptography№ 321
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
- cryptography№ 370
Ed25519
An EdDSA signature scheme over the twisted Edwards curve edwards25519, offering ~128-bit security with deterministic, fast, side-channel-resistant signing as defined in RFC 8032.
- cryptography№ 879
Public-Key Cryptography
A branch of cryptography that uses paired public and private keys to enable encryption, key exchange, digital signatures, and authentication without a pre-shared secret.