What the hell is an elliptic curve?
32 comments
·April 20, 2025Retr0id
The "enter text to sign" demo is pure nonsense. If I enter "AAAAA", it's "encrypted" to "4242424242". What's that supposed to mean? Was this vibe-coded?
Edit: The article has since been edited to disclaim "values are not encrypted realistically" - sure, use small numbers for demonstration purposes etc., but what is being demonstrated here? You've added scare-quotes to "encrypted" but what is the actual intended meaning?
nneonneo
Looking at elliptic curves over the reals makes for pretty pictures, but really fails to convey why ECC should be secure at all.
As an example, the function m => m^65537 is a completely useless encryption function over the reals because it's trivial to take 65537-th roots over R (even if the numbers are unwieldy in size), but it's a surprisingly strong encryption function when computed over certain finite groups (i.e. RSA).
Similarly, any ECC scheme defined over real numbers is pretty useless. It only gets interesting when you use a finite field. Unfortunately, the math is less simple that way.
Retr0id
Agreed. I have a draft article (far from finished) with my own attempt to explain ECC, and the opening diagram is the classic "pretty pictures" with a big red cross through them. They have surprisingly little relevance in the overall picture of ECC.
punpunia
For me this article was not nearly deep enough for me to understand elliptical curve cryptography. What I learned was the equation of an elliptical curve and that it is used in cryptography, the rest was inscrutable.
lelanthran
> What I learned was the equation of an elliptical curve and that it is used in cryptography, the rest was inscrutable.
It's not inscrutable, it's missing.
nxpnsv
I feel this is what came out of the author’s llm chat of choice…
hug
The entire problem of the article is summed up this paragraph:
> The ECDLP involves finding the integer k such that P=k⋅G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
So uh. What is P? Why do I want to work it out? What’s G? Why do I know it, or not know it? Also k. I assume I know maybe one of these values, but maybe I know none.
Why does any of this make anything secure? I get, in general, that knowing numbers that someone else doesn’t know is good for me to be good at security with someone else, but is it?
… just not good.
smallmancontrov
For those who are interested, the xargs.org intro article goes deeper and discusses point addition, continuous -> modular+discrete, and how it is used for key exchange.
tveita
For a more substantial explanation see e.g. "A gentle introduction to elliptic-curve cryptography"
https://media.ccc.de/v/31c3_-_6369_-_en_-_saal_1_-_201412272...
zkmon
Unfortunately the article itself doesn't provide any insights or even the reason why it is called "elliptic" curve or why it makes a good candidate for cryptographic use. The author has no clue about the topic other than putting a catchy title.
tempodox
The article doesn't answer the titular question, it's just an ad for vaporware.
mr_mitm
> This is especially important for devices with limited resources, like smartphones and IoT devices. This efficiency is one of the reasons why ellipti
I doubt there has been a smartphone in history that had even the slightest issue with RSA. When thinking of devices with limited resources, we should probably think of smart cards and such.
SilverSlash
What a non-article. How did this get to the top of hn? I feel like I learned close to nothing.
Retr0id
As someone who already understands how ECC works, I learned a negative amount.
lelanthran
This is an unusually poor explanation. There is no indication or example (using small numbers) of how ECC works, there's just a function and a picture of the curve it generates.
llm_nerd
I guess people are upvoting based purely on the title, as yeah this is just a horrible stump of a page. There is a much better (but still only an absolute intro) CloudFlare explanation at
https://blog.cloudflare.com/a-relatively-easy-to-understand-...
incogitomode
Article seems to have vanished, and the content was eerily similar to what I got from Gemini 2.5 Pro. Seems like spam for this service.
The form y^2 = x^3 + bx + c prohibits intuition and probably follows from the general form for an algebraic expression: ax^n + bx^(n-1) + ...
The whole idea of an algebraic expression is to relate x and y (for 2D). What's the simplest relation?
y/x = r => we have a straight line with slope r. Let's add a bit more detail.
(y-b)/(x-a) = r => we shift the origin to (a,b) and check how the line looks.
These relations can also get "self-aware". This is similar to how a rate of change can be self-aware (ex: d/dx f(x) = x). The rate of water drain out from a tap at the bottom of the water tank would depend on the water height which itself affected by the drain out. Something like that.
(y-b)/(x-a) = x => That is a "self-aware" relation, because we replaced r (a constant) with the variable x. So we have a parabola now.
Let's change gears a bit. we will use higher degree for variables
y^2/x^2 = r => For positive values of r, we have a pair of straight lines.
Now, ((y-a)(y-b))/((x-c)(x-d)) = r => What happened? we get a conic.
Let's make it self-aware
((y-a)(y-b))/((x-c)(x-d)) = x => There it is. A cubic equation
Digging deeper, we see that the self-awareness makes the curve to bring the left-side parts to join at finite distance rather than at negative infinity. To understand this, consider the pair of straight lines (y^2/x^2 = r). You might see that it is a pair of straight lines crossing each other. But you can also look at two sharply bent lines touching each other at a point. a conic has a bit smoother turn.