Author

Topic: Bitcoin key size and elliptic curve in 2009 and now (Read 198 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
So, 2 questions:
1) Did bitcoin really used other curves than secp256k1 in the past years?
No.

What was the reason to put the comments about secp160k1, secp192k1 and secp224k1?
Presumably because those are the other secp curves that could have been used.

2) Why is the PRIVATE_KEY_SIZE for secp256k1 equals to 279? The private key is 256bit, so what for is the additional 279-256 = 23 bits?
It is not the bit length of the private key. It is a byte length of a DER encoded private key as denoted in ASN.1 in the SEC standard: http://www.secg.org/sec1-v2.pdf.

This private key contains the private key itself as well as all of the curve parameters and the public key which makes it much larger than just the private key itself. So that it means it has the private key, the public key, the parameters for the curve equation, the finite field for the curve, the generator curve point, and the order of the generator. There are several 32 byte values, along with several bytes of overhead due to DER, and some more bytes for version numbers. This makes the total size of a private key encoded in this way to be 279 bytes.

The reason this encoding was used is because that is how openssl encoded private keys. This encoding is still being used for private keys in the wallet storage in order to maintain backwards compatibility. When compatibility was not necessary such as in the introduction of encrypted wallets, the private key was encoded just as itself thus significantly saving space.
sr. member
Activity: 443
Merit: 350
Sorry for the question, may be it was already discussed earlier.
I understand that the curve selected for bitcoin was the same (secp256k1) since the start in 2009, however in the first code of bitcoin application (dated 2009 year) i found the following comments:

Code:
key.h

// secp160k1
// const unsigned int PRIVATE_KEY_SIZE = 192;
// const unsigned int PUBLIC_KEY_SIZE  = 41;
// const unsigned int SIGNATURE_SIZE   = 48;
//
// secp192k1
// const unsigned int PRIVATE_KEY_SIZE = 222;
// const unsigned int PUBLIC_KEY_SIZE  = 49;
// const unsigned int SIGNATURE_SIZE   = 57;
//
// secp224k1
// const unsigned int PRIVATE_KEY_SIZE = 250;
// const unsigned int PUBLIC_KEY_SIZE  = 57;
// const unsigned int SIGNATURE_SIZE   = 66;
//
// secp256k1:
// const unsigned int PRIVATE_KEY_SIZE = 279;
// const unsigned int PUBLIC_KEY_SIZE  = 65;
// const unsigned int SIGNATURE_SIZE   = 72;
//
// see www.keylength.com
// script supports up to 75 for single byte push

So, 2 questions:
1) Did bitcoin really used other curves than secp256k1 in the past years? What was the reason to put the comments about secp160k1, secp192k1 and secp224k1?
2) Why is the PRIVATE_KEY_SIZE for secp256k1 equals to 279? The private key is 256bit, so what for is the additional 279-256 = 23 bits?
Jump to: