Friday, October 22, 2021

Questions America Wants Answered: "Why did Satoshi decide to use secp256k1 instead of secp256r1?" (plus: searching for Satoshi)

And Peter Thiel on Searching For Satoshi

From Dappworks:

Elliptic Curve Cryptography is the foundation of a series of public-key cryptographic schemes, for example, signature schemes, encryption and key transport schemes, and key agreement schemes. In general, these schemes involve arithmetic operations on an elliptic curve over a finite field. Secp256k1 and secp256r1 are two commonly used curves. Hyperledger / Fabric developed by IBM is using secp256r1 while Bitcoin is using secp256k1. What is the difference between these two and why did Satoshi decide to use secp256k1 which is considered as a surprising choice at the time?

The difference between secp256k1 and secp256r1

The main difference between secp256k1 and secp256r1 is that secp256k1 is a Koblitz curve which is defined in a characteristic 2 finite field, while secp256r1 is a prime field curve. Please note, the prime field and the characteristic 2 finite field are only two types of finite fields used by the Standards for Efficient Cryptography Group. Secp256k1 curves are non-random while secp256r1 is pseudo-randomly structured. Although Koblitz curves are  generally known to be a few bits weaker than prime field curves, when talking about 256-bit curves, it has little impact. 

Secp256k1 is a pure SECG curve, while secp256r1 is a so-called NIST curve. NIST curves are more widely used and have received more scrutiny than other SECG curves. Ironically, this is generally believed as the reason why Satoshi did not use secp256r1. In particular, the leaked documents by the National Security Agency contractor and whistleblower Edward Showden suggested that the NSA had used its influence over NIST to insert a backdoor into a random number generator used in elliptic curve cryptography standards. Without knowing this, Satoshi would have wanted to reduce the risk of there being a backdoor in the curve he would implement, and since NIST and NSA are very close, a pure SECG curve might have been preferred....

....MORE

From ZeroHedge, October 21:

Peter Thiel: Here's Where I Would Look For Bitcoin-Creator Satoshi
Guessing at where, and most importantly who, is bitcoin's pseudonymous founder Satoshi Nakamoto has become a cottage industry full of myths and rabbit holes (and even a few actual claimants of the crown).
*****
However, perhaps the most viable 'origin' story for bitcoin and the identity of Satoshi came from billionaire VC Peter Thiel yesterday as he addressed a conference in Miami. 

As Bloomberg reports, the self-described libertarian said Wednesday, recounting an early meeting with the founders of E-Gold Ltd., a now defunct digital currency, that "my sort of theory on Satoshi’s identity was that Satoshi was on that beach in Anguilla.”

“I met them on the beach in Anguilla in February of 2000. We were beginning the revolution against the central banks on the beach in Anguilla. We were going to make PayPal interoperable with E-Gold and blow up all the central banks.”

While E-Gold did not end well - amid allegations of fraud, libel, and a legal settlement - Thiel believes that that Satoshi may have been one of around 200 people at that initial meeting and probably learned from E-Gold’s failures.

“Bitcoin was the answer to E-Gold, and Satoshi learned that you had to be anonymous and you had to not have a company,” Thiel said.

“Even a company, even a corporate form was too governmentally linked.”

Thiel said he hasn’t gone back and tried to figure out exactly who that one person at the beach might have been, and he cautioned against too much speculation, which he said would take the “anti-crypto” side.

“If we knew who it was, the government would arrest him,” Thiel warned.

While we do not have video of his latest appearance, he laid out similar thoughts about the origin of bitcoin (and Satoshi) in 2001...