Author

Topic: secp256k1 parameters: when to use what as a modulus? (Read 572 times)

legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
Since nobody has answered you yet, I'll give it a try.

Let me start by saying that P as in Fp is a prime that is defining your finite field or the finite set of elements in your group in which you are doing all your calculations. So when we talk about point addition your modulus is P since you are working in that group which has P elements.

N is the order of the subgroup of the main group that you had and is generated by the generator G. That is also why N is smaller than P. And it is mainly used in signature schemes. For example when you calculate `s` you are using mod(N). And that is because now you are working in that subgroup instead.

More information: http://www.secg.org/sec1-v2.pdf
newbie
Activity: 2
Merit: 0
bumb % juicwy
newbie
Activity: 10
Merit: 1
I've been studying Bitcoin's ECDSA, and I'm a bit confused at the moment about when to use mod(p) vs. mod(n). 

For example, when doing a EC point multiplication (i.e., to compute Q=d*G), are the point coordinates modulo p?  Is anything ever modulo n?

And while on that topic, could someone explain the purpose of p (as in Fp) and n (as in the "order n of the generator point G", but this description is a little lost on me...)?
Jump to: