Technical details of secp256k1

Bitcoin uses a specific elliptical curve, and the domain parameters used in the curve are defined in the secp256k1 standard. This curve is represented by the following cubic equation in a finite field of prime order p:

y2 mod (p) = x3 + 7 mod (p)

As the name suggests, secp256k1 can have a key size of up to 256 bits. The details of the domain parameters used by secp256k1 are represented in hexadecimal strings and are as follows:

• Large prime numbers are used in the finite field.
  • p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

The preceding hexadecimal representation of p will have the following decimal value:

p = 2256 - 232 - 29 - 28 - 27 - 26 - 24 - 1

• Constants of the curve y2 = x3 + 7 are as follows:
  • a = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
  • b = 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000007
• The original representation of base point G has a lengthier hexadecimal string, but it can be represented in a compressed form as follows:
  • G = 02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798

• The order n of G and the cofactor are as follows:
  • n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141
  • h = 01

All these values remain the same for any computation in secp256k1. And this specification is strong enough to withstand brute-force attempts to compute the private key from the public key.