Elliptic Curves Explained — From Mathematics to Bitcoin

Posted on 2026-01-14 Edited on 2026-01-18 In EN , Tech , Blockchain , Bitcoin , Cryptography , Go , Mathematics

An intuitive, and mathematical explanation of elliptic curves for developers, with diagrams, Go code, and Bitcoin applications.

Why Elliptic Curves Matter

Elliptic curves are the mathematical backbone of modern cryptography.
They are used in:

TLS 1.3 (HTTPS)
Secure messaging
SSH
Bitcoin and many blockchains
Digital signatures (ECDSA, EdDSA)
Key exchange (ECDH)

Their power comes from a rare combination:

Simple algebraic equations
A rich group structure (see further for definition)
Extremely hard inverse problems

This article builds elliptic curves from the ground up, adds diagrams, Go code, and finishes with a Bitcoin-specific deep dive.

The Elliptic Curve Equation

An elliptic curve over the real numbers is defined as:

y^2 = x^3 + ax + b

with constants (a, b \in \mathbb{R}).

To ensure smoothness:

4a^3 + 27b^2 \neq 0

This avoids cusps and self-intersections.

Visual Shape (Over the Reals)

Key properties:

Symmetry across the x-axis
Smooth, continuous curve
No corners or breaks

Elliptic Curves Form a Group

Points on an elliptic curve form an abelian group this is what enables cryptography.

Definition of a group

A group is a set $G$ together with a binary operation on $G$ here denoted “ $\cdot{}$ ” that combines any two elements $a$ and $b$ of $G$ to form an element of $G$ denoted ⁠ $a\cdot{}b$ ⁠, such that the following three requirements, known as group axioms, are satisfied:

Associativity
For all ⁠ $a$ ⁠, $b$ , $c$ in $G$ one has $(a\cdot b)\cdot c=a\cdot (b\cdot c)$ .
Identity element
There exists an unique element $e$ in $G$ such that, for every $a$ in $G$ , one has $e\cdot a=a$ and ⁠ $a\cdot e=a$ .
A such element $e$ is unique, it is called the “identity element” or “neutral element” of the group.
Inverse
For each $a$ in $G$ there exists an element $b$ in $G$ such that $a\cdot b=e$ and $b\cdot a=e$ , where $e$ is the identity element.
For each $a$ , the element $b$ is unique; it is called the inverse of $a$ and is commonly denoted $a^{-1}$ .

It’s an abelian group because:

it is an closed group (property of closure), which means that $a \cdot{} b$ is an element of $G$ for every $a$ and $b$ in $G$ .
it is commutative, which means that $a \cdot{} b = b \cdot{} a$ for every $a$ and $b$ in $G$ .

Point Addition (Geometric Intuition)

Elliptic curve “addition” has nothing to do with adding coordinates.
It is a definition of a binary operation on a set of points, chosen so that:

the set of points on the curve (plus one extra point) forms an abelian group.

The word addition is a convention, not a coordinate-wise sum.

Elliptic curve addition is a defined binary operation whose purpose is to turn the set of points on an elliptic curve into an abelian group.

Adding two points (P) and (Q)

Draw the line through two points $P$ and $Q$
It intersects the curve at a third point $R$
Reflecting (R) across the x-axis gives $P+Q$

Reflection is required to preserve group properties.

Algebraic Point Addition on an Elliptic Curve

In this section, we define the addition of two points on an elliptic curve in short Weierstrass form, fixing the curve equation, the field, and the mathematical origin of the formulas.

Elliptic Curve Under Consideration

Let $K$ be a field (for example $K = \mathbb{R}$ or $K = \mathbb{F}_p$ ).

We consider the elliptic curve $E$ as the set of elements $(x,y)$ verifying:

E:\quad y^2 = x^3 + ax + b

with $a, b \in K$ , subject to the non-singularity condition:

4a^3 + 27b^2 \neq 0

This condition guarantees that the curve is smooth (no cusps or self-intersections).

There are some interesting properties of these odd sorts of curves, one of them is that if a (non-vertical) straight line crosses the curve at all, then it will cross it in exactly three places.

Points Considered

Let $P$ and $Q$ be two distinct points on $E(K)$ :

P = (x_1, y_1), \qquad Q = (x_2, y_2)

with $x_1 \neq x_2$ .

The point $R$ is defined by:

R= P+Q = (x_3, y_3)

Line Through $P$ and $Q$

The line passing through $P$ and $Q$ has slope:

\lambda = \begin{cases} \dfrac{y_2 - y_1}{x_2 - x_1} & \text{if } K = \mathbb{R} \\[1em] (y_2 - y_1)\cdot (x_2 - x_1)^{-1} \pmod p & \text{if } K = \mathbb{F}_p \end{cases}

Important remark
Over a finite field, there is no division in the usual sense, $(x_2 - x_1)^{-1}$ denotes the multiplicative inverse in the field $K$ .

The equation of the line is:

y = \lambda(x - x_1) + y_1

Intersection with the Curve

Substitute this expression for $y$ into the curve equation:

(\lambda(x - x_1) + y_1)^2 = x^3 + ax + b

After expansion, this yields a cubic polynomial in $x$ . Its three roots are exactly:

x_1,\quad x_2,\quad x_3

where $x_3$ corresponds to the third intersection point of the line with the curve.

Computing $x_3$ (Viète’s formulas)

By identifying coefficients in the cubic polynomial, Viète’s formulas give:

x_1 + x_2 + x_3 = \lambda^2

Therefore:

\boxed{x_3 = \lambda^2 - x_1 - x_2}

$y$ -Coordinate of the Intersection Point

The $y$ -coordinate of the intersection point $R$ is obtained by substituting $x_3$ into the line equation:

y_R = \lambda(x_3 - x_1) + y_1

Definition of the Group Law

By definition of the group law on an elliptic curve, the sum $P + Q$ is the reflection of $R$ across the x-axis:

\boxed{y_3 = -y_R = \lambda(x_1 - x_3) - y_1}

Thus:

\boxed{P + Q = (x_3, y_3)}

Summary of the Formulas for $x_1 \neq x_2$

For the curve:

y^2 = x^3 + ax + b

we have:

\lambda = \frac{y_2 - y_1}{x_2 - x_1}

x_3 = \lambda^2 - x_1 - x_2

y_3 = \lambda(x_1 - x_3) - y_1

with all operations performed in the field $K$ .

Bitcoin Case (Concrete)

Bitcoin uses the secp256k1 curve:

y^2 \equiv x^3 + 7 \pmod p

where:

$a = 0$
$b = 7$
$p = 2^{256} - 2^{32} - 977$

The formulas above apply unchanged, with all operations carried out modulo $p$ .

The secp256k1 curve has a very large value for $p$ , so it resembles to the graph above, except there are about as many points on it as there are atoms in the universe!

Algebraic Point Addition

Let:

P = (x_1, y_1), \quad Q = (x_2, y_2)

If $x_1 \neq x_2$ :

\lambda = \frac{y_2 - y_1}{x_2 - x_1}

x_3 = \lambda^2 - x_1 - x_2

y_3 = \lambda(x_1 - x_3) - y_1

So:

P + Q = (x_3, y_3)

Point Doubling

When (P = Q), we use the tangent line.

Slope:

\lambda = \frac{3x_1^2 + a}{2y_1}

Same formulas apply afterward.

The Point at Infinity

Elliptic curves include a special element:

\mathcal{O}

Called the point at infinity, it acts as the identity:

P + \mathcal{O} = P

In diagrams, vertical lines meet the curve at (\mathcal{O}).

Scalar Multiplication

Scalar multiplication is repeated addition:

kP = P + P + \cdots + P

This is efficient even for huge (k) using double-and-add.

Finite Fields (Cryptography Reality)

Cryptography does not use real numbers.

Instead, elliptic curves are defined over finite fields:

\mathbb{F}_p = {0, 1, 2, \dots, p-1}

Equation:

y^2 \equiv x^3 + ax + b \pmod p

No smooth curve anymore — but the group structure remains intact.

Discrete Logarithm Problem (ECDLP)

Given:

Q = kG

Find (k).

Easy → forward direction
Infeasible → reverse direction

This asymmetry is the foundation of elliptic-curve cryptography.

Go Example: Scalar Multiplication

Using Go’s modern standard library:

package main

import (
	"crypto/ecdh"
	"crypto/rand"
	"fmt"
)

func main() {
	curve := ecdh.X25519()

	priv, _ := curve.GenerateKey(rand.Reader)
	pub := priv.PublicKey()

	fmt.Println("Private key:", priv.Bytes())
	fmt.Println("Public key :", pub.Bytes())
}

Run in the Go playground

Conceptually $\text{Public} = k \cdot G$ where $k$ is hiden in the private key.

Base Point (G)

Every curve defines a public base point (G):

Fixed
Known to everyone
Large prime order (n)

Properties:

nG = \mathcal{O}

All keys derive from (G).

Bitcoin and Elliptic Curves

Curve used by Bitcoin

Bitcoin uses secp256k1 which has for equation:

y^2 \equiv x^3 + 7 \pmod p

Where:

p = 2^{256} - 2^{32} - 977

Notable properties:

No (a) term
Simple structure
High performance

Bitcoin Private & Public Keys

Private key

A random integer:

k \in [1, n-1]

Public key

K = kG

Where (G) is the secp256k1 base point with $G(G_{x},G_{y})$ , where (hexadecimal base):

G_{x}=79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798

G_{y}=483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8

Bitcoin Diagram

flowchart LR
    Priv[Private key k] -->|k × G| Pub[Public key K]
    Pub --> Addr[Bitcoin address]

One-way only.

Bitcoin Signature (ECDSA)

Bitcoin uses ECDSA:

Private key signs a transaction hash
Public key verifies the signature
No private key disclosure

Security relies entirely on ECDLP.

Why Bitcoin Chose secp256k1

No unexplained constants
Faster arithmetic
Simple equation
Transparent design

Modern alternatives (Schnorr / Taproot) still rely on elliptic curves.

Go Example: Bitcoin-Style Key Generation

package main

import (
	"crypto/elliptic"
	"crypto/rand"
	"fmt"
	_ "math/big"
)

func main() {
	curve := elliptic.P256() // secp256k1 uses similar API
	priv, x, y, _ := elliptic.GenerateKey(curve, rand.Reader)

	fmt.Println("Private key:", priv)
	fmt.Println("Public key X:", x)
	fmt.Println("Public key Y:", y)
}