As someone who really struggled to write a few paragraphs on a blog post, I can get a sense on how much effort you had to put in to write this article. Thank you !

nice article! How do people exchange the parameter of curve? a=−3 and b=5

For those parameters, people will need to agree to use the same set before performing the encryption. There are some well known standards, such as Curve25519

https://en.wikipedia.org/wi...

As you can see, under this standard, what curve to use is pointed out.

... and therein lies a danger: if the curves chosen by the standards organization are constructed to allow a back door, enabling them to determine the private key quickly (only to fight "extremists" and other dangerous people, of course). Wasn't there a scandal where NIST was implicated in this type of scheme?

There was an interesting story about DES (Data Encryption Standard). When the design was proposed, the NSA modified S-Box numbers without explaining why they did it. People suspected there was a backdoor or weakness in it. But years later, security researchers independently published their paper about differential cryptanalysis. Then, people realized that the changes made by the NSA made DES much more resistant to differential cryptanalysis attacks. So, in that particular event, the NSA made encryption more secure. They probably knew about differential cryptanalysis attacks many years ago but cannot disclose it. So that says something about their knowledge regarding cryptography, which could be ahead of the general public, maybe like 20 years.

Does it mean the NSA or the other government agencies are all acting in good faith when they get involved in cryptography standards? Well, that is probably not always the case. There were many cases in which they seemed to try to undermine the standards. But I think, in the end, it's a double-edged sword. When they weaken the encryption standards, unless they can guarantee they are the only ones who know how to break them, adversaries like Russia or China might find the weakness independently.

There's also another problem. Even if they know how to crack the encryption, as long as they use it, the public may know it's breakable. If you ever watched The Imitation Game movie, when Turing broke the Nazi German code, they needed to pretend that they didn't know the critical intel they got and let them bomb the cities or critical infrastrue. They can only use those intel in the most critical situations. Otherwise, Germany would know their code is broken and change their encryption method.

So, I guess a better strategy is to ensure the encryption is strong enough instead of weakening the encryption standard. But you get ahead of the industry and academics by decades with top-notch researchers and super-powerful advanced resources like quantum computers. And you will use the ability to crack the code only when it's an absolutely critical situation.

But anyway, what do I know? I am just a software engineer who happens to know a little bit about cryptography. People from the NSA may read my comment and laugh out loud, haha 😅

This is a truly great and understandable article on ECC!
I had one question which was not 100% clear: how do you compute a tangent on the finite field ?

An algorithm called extended Euclidean will be used

https://andrea.corbellini.n...

This article explains how it works.

Would be nice to learn about Elliptic curve encryption and signatures too. With encryption in this case, I mean the raw encryption like ECIEC and signatures like ECDSA.

The reason its interesting with ECIEC and ECDSA is that they don't require an active partipication by the communication parties, which are impossible if you for example send an email while the other party's computer is off, and you want to secure it end2end.

the point (13, 7) does not appear to be near the elliptic curve for your finite field mod 19 elliptic curve graph. the math holds, but I think you have the wrong graph on the page or more likely I don't understand.

No, you are right. The point is actually (11, 7) not (13, 7). I will fix it. Thanks for pointing out

thank you! that makes more sense, I somehow glossed over 11 replacing 13 in the math text.

I appreciate your effort of spreading the knowledge about such a critical but less-understood topic.

At one point, the post says:

The point A+B is the sum of A and B.

I couldn't understand this. I consider myself good at maths and graphs, but still wasn't able to understand this part, so not able to proceed further. Is the x-coordinate of that point equal to sum of x-coordinates of A and B? Y-coordinate? Distance from origin? Length of the orange line vs distance between A and B points?

Sorry, not trying to be rude or asking for an explanation, but if you could just spell it clearly there, it'll be very helpful.

The point after flipping y value across x axis, we call it “the sum of A and B”, it’s not really adding the two points together. The jump operation, is also called “add” in many articles. Let me know if this makes sense.

And thanks for the feedback, I will definitely update the article to explain this part more clear what’s sum here.

The elliptic curve addition is an invented concept. It could have just as easily been called 'wakka wakka' but rather to stay consistent with the terms of Groups and Fields the operation was named 'addition'.

Do not try to equate this operation with the arithmetic addition you're familiar with.

You just need to know that to 'add' two points in Elliptic Curve means to draw a straight line joining them, and then reflecting the third point the line touches about the x axis.

I consider this statement more to be a definition of a new operation given the particulars of this system, not a principle that maps neatly onto euclidean two-dimensional geometry. For:
A + B = C
...I think it's meant to say:
C is the vertical mirror-point of the third/other place where the A,B line intersects the curve, and isn't A or B.

The longer answer:
Technically, it's the sum because it has the same characteristic as summation in abstract algebra of groups, or rings. It's associative and commutative and results in another value that's on the curve as well.

On the topic of the group operation: Mathematicians also abuse the terminology.

In general, for a group you will call the operation, which forms the group structure, the "group multiplication". If it is a ring, then the terminology more sense since you have "addition" that satisfies 0+a=a and "multiplication" that satisfies 1*a=a. These could have nothing to do with addition and multiplication of integers and is called this by convention and analogue of the ring of integers.

Since it is a finite field, which is a ring, you have two operations here. The one is called addition because 0+a=a for that operation, where "+" is just syntax for f(0,a)=a and f is a function that takes two elements and gives you back the resultant element. If you are wondering what "0" and "1" are, these are special elements that behave like 0 and 1 as numbers, like I just mentioned for instance that 0+a=a.

I am not an elliptic curve expert to tell you what common popular elliptic curve equations are, but the elliptic curve is of the form y^2=x^3+ax+b, as the author states. This means that a and b are fixed elements of a chosen finite field and the curve is drawn by substituting in for x to get y^2 at which point you can get the corresponding y to draw those graphs. Each point of x that you can choose is an integer (as mentioned) and in fact what you are doing is you are taking x as a placeholder for substituting in elements of the finite field (which are integers module p). So all of x, y, a and b are elements of this chosen field, but x and y are placeholders that compute their relation to each other. Since you end up with a value for y^2 you get both a positive and negative root and that is why the graph is symmetrical across the horisontal axis. A negative of c is shorthand for 0-c, so in modular arithmetic this is not a negative integer, rather it is a d such that c+d=p.

Finite fields can be thought of integers modulo some prime p, as you have a finite field for every prime. However, you also get a prime field for each prime power p^n, but I don't know if these are used in ECC.

Loved it. Beautiful really!

Thank you, glad you like it 😁