The "enter text to sign" demo is pure nonsense. If I enter "AAAAA", it's "encrypted" to "4242424242". What's that supposed to mean? Was this vibe-coded?
Edit: The article has since been edited to disclaim "values are not encrypted realistically" - sure, use small numbers for demonstration purposes etc., but what is being demonstrated here? You've added scare-quotes to "encrypted" but what is the actual intended meaning?
The form y^2 = x^3 + bx + c prohibits intuition and probably follows from the general form for an algebraic expression: ax^n + bx^(n-1) + ...
The whole idea of an algebraic expression is to relate x and y (for 2D). What's the simplest relation?
y/x = r => we have a straight line with slope r. Let's add a bit more detail.
(y-b)/(x-a) = r => we shift the origin to (a,b) and check how the line looks.
These relations can also get "self-aware". This is similar to how a rate of change can be self-aware (ex: d/dx f(x) = x). The rate of water drain out from a tap at the bottom of the water tank would depend on the water height which itself affected by the drain out. Something like that.
(y-b)/(x-a) = x => That is a "self-aware" relation, because we replaced r (a constant) with the variable x. So we have a parabola now.
Let's change gears a bit. we will use higher degree for variables
y^2/x^2 = r => For positive values of r, we have a pair of straight lines.
Now, ((y-a)(y-b))/((x-c)(x-d)) = r => What happened? we get a conic.
Let's make it self-aware
((y-a)(y-b))/((x-c)(x-d)) = x => There it is. A cubic equation
Digging deeper, we see that the self-awareness makes the curve to bring the left-side parts to join at finite distance rather than at negative infinity. To understand this, consider the pair of straight lines (y^2/x^2 = r). You might see that it is a pair of straight lines crossing each other. But you can also look at two sharply bent lines touching each other at a point. a conic has a bit smoother turn.
For me this article was not nearly deep enough for me to understand elliptical curve cryptography. What I learned was the equation of an elliptical curve and that it is used in cryptography, the rest was inscrutable.
The entire problem of the article is summed up this paragraph:
> The ECDLP involves finding the integer k such that P=k⋅G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
So uh. What is P? Why do I want to work it out? What’s G? Why do I know it, or not know it? Also k. I assume I know maybe one of these values, but maybe I know none.
Why does any of this make anything secure? I get, in general, that knowing numbers that someone else doesn’t know is good for me to be good at security with someone else, but is it?
Looking at elliptic curves over the reals makes for pretty pictures, but really fails to convey why ECC should be secure at all.
As an example, the function m => m^65537 is a completely useless encryption function over the reals because it's trivial to take 65537-th roots over R (even if the numbers are unwieldy in size), but it's a surprisingly strong encryption function when computed over certain finite groups (i.e. RSA).
Similarly, any ECC scheme defined over real numbers is pretty useless. It only gets interesting when you use a finite field. Unfortunately, the math is less simple that way.
Agreed. I have a draft article (far from finished) with my own attempt to explain ECC, and the opening diagram is the classic "pretty pictures" with a big red cross through them. They have surprisingly little relevance in the overall picture of ECC.
For those who are interested, the xargs.org intro article goes deeper and discusses point addition, continuous -> modular+discrete, and how it is used for key exchange.
Unfortunately the article itself doesn't provide any insights or even the reason why it is called "elliptic" curve or why it makes a good candidate for cryptographic use. The author has no clue about the topic other than putting a catchy title.
> This is especially important for devices with limited resources, like smartphones and IoT devices. This efficiency is one of the reasons why ellipti
I doubt there has been a smartphone in history that had even the slightest issue with RSA. When thinking of devices with limited resources, we should probably think of smart cards and such.
This is an unusually poor explanation. There is no indication or example (using small numbers) of how ECC works, there's just a function and a picture of the curve it generates.
I guess people are upvoting based purely on the title, as yeah this is just a horrible stump of a page. There is a much better (but still only an absolute intro) CloudFlare explanation at
> The ECDLP involves finding the integer k such that P = k * G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
I feel like I'm missing something in the example below this statement. I can type in 'hello world' and there is no P on the curve in the graph if I zoom it out, just a bunch of points that seem disconnected from the curve itself.
Yes. This is partly why this article is crap. k*G is never defined, and is the core operation in ECC (also: the article insist on using an elliptic curve in R, but you need to do it on a finite field, because on a smooth curve you can just use a smooth interpolation to solve the logarithm — and obviously once you go on a finite field the curve no longer looks nice, it’s just a seemingly random cloud of points).
Very roughly speaking, putting the complication of "point at infinity" problem under the rug, a characteristic feature of a EC is that a straight line passing through two points on the curve will pass through a third point on the curve (yes, unless you take a vertical line, point at infinity). So you can define an "addition of points on the curve" : take two points A and B, draw a straight line passing through them, name the third intersection point between the line and the curve C, declare A + B = C (actually there’s a symmetry around the x axis involved for the usual properties of addition to hold, another complication, let's sweep it under the rug too).
(for A = B, take the tangent of the curve at A ; in R you can see that it works because you can take the limit as B goes arbitrarily close to A : that gives you the tangent ; in a finite field that’s less obvious but the algebraic proof is the same)
So k*G is just G + G + ... + G, k times.
If you want more details, your favorite reasoning LLM can do a better job explaining what I’ve swept under the rug.
ECDH is an amazing example of layers of abstraction (and not just indirection) -- you have an algorithm working on points on the curve, which have their own math, but the curve is definef over GF which have their own math. Having to deal with that was interesting experience.
> The ECDLP involves finding the integer k such that P=k⋅G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
I am trying to match up the statement above with the visualization directly below it where they show the generator point, G, on the curve. The plot shows k, the ephemeral key, as another point-- but it's NOT an integer, k is a point! And then there's a Q, which is the public key, and that's not described in the paragraph above at all. Nor is P shown in the plot.
Superficial description of what an elliptic curve is, even less than superficial description of what a discrete logarithm is (including absolutely no mention of what it being discrete means) or how that applies to elliptic curves, and there is no mention of finite fields either.
This is a simple explanation of an interesting and useful mathematical application my 12-15 yo students can conceptually grab onto. Good to have, they’ll enjoy it.
Terrible. I stopped reading after this nonsense: “The graph of this equation looks like a smooth, looping curve, which is where the name "elliptic" comes from.”
> The ECDLP involves finding the integer
P is a point on the curve,
G is a known point (the generator point), and
k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
But P on the image isn't on the curve it's at the origin.
The "enter text to sign" demo is pure nonsense. If I enter "AAAAA", it's "encrypted" to "4242424242". What's that supposed to mean? Was this vibe-coded?
Edit: The article has since been edited to disclaim "values are not encrypted realistically" - sure, use small numbers for demonstration purposes etc., but what is being demonstrated here? You've added scare-quotes to "encrypted" but what is the actual intended meaning?
The form y^2 = x^3 + bx + c prohibits intuition and probably follows from the general form for an algebraic expression: ax^n + bx^(n-1) + ...
The whole idea of an algebraic expression is to relate x and y (for 2D). What's the simplest relation?
y/x = r => we have a straight line with slope r. Let's add a bit more detail.
(y-b)/(x-a) = r => we shift the origin to (a,b) and check how the line looks.
These relations can also get "self-aware". This is similar to how a rate of change can be self-aware (ex: d/dx f(x) = x). The rate of water drain out from a tap at the bottom of the water tank would depend on the water height which itself affected by the drain out. Something like that.
(y-b)/(x-a) = x => That is a "self-aware" relation, because we replaced r (a constant) with the variable x. So we have a parabola now.
Let's change gears a bit. we will use higher degree for variables
y^2/x^2 = r => For positive values of r, we have a pair of straight lines.
Now, ((y-a)(y-b))/((x-c)(x-d)) = r => What happened? we get a conic.
Let's make it self-aware
((y-a)(y-b))/((x-c)(x-d)) = x => There it is. A cubic equation
Digging deeper, we see that the self-awareness makes the curve to bring the left-side parts to join at finite distance rather than at negative infinity. To understand this, consider the pair of straight lines (y^2/x^2 = r). You might see that it is a pair of straight lines crossing each other. But you can also look at two sharply bent lines touching each other at a point. a conic has a bit smoother turn.
This is a very cool way of presenting this, thanks
For me this article was not nearly deep enough for me to understand elliptical curve cryptography. What I learned was the equation of an elliptical curve and that it is used in cryptography, the rest was inscrutable.
I feel this is what came out of the author’s llm chat of choice…
> What I learned was the equation of an elliptical curve and that it is used in cryptography, the rest was inscrutable.
It's not inscrutable, it's missing.
The entire problem of the article is summed up this paragraph:
> The ECDLP involves finding the integer k such that P=k⋅G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
So uh. What is P? Why do I want to work it out? What’s G? Why do I know it, or not know it? Also k. I assume I know maybe one of these values, but maybe I know none.
Why does any of this make anything secure? I get, in general, that knowing numbers that someone else doesn’t know is good for me to be good at security with someone else, but is it?
… just not good.
Looking at elliptic curves over the reals makes for pretty pictures, but really fails to convey why ECC should be secure at all.
As an example, the function m => m^65537 is a completely useless encryption function over the reals because it's trivial to take 65537-th roots over R (even if the numbers are unwieldy in size), but it's a surprisingly strong encryption function when computed over certain finite groups (i.e. RSA).
Similarly, any ECC scheme defined over real numbers is pretty useless. It only gets interesting when you use a finite field. Unfortunately, the math is less simple that way.
Agreed. I have a draft article (far from finished) with my own attempt to explain ECC, and the opening diagram is the classic "pretty pictures" with a big red cross through them. They have surprisingly little relevance in the overall picture of ECC.
For those who are interested, the xargs.org intro article goes deeper and discusses point addition, continuous -> modular+discrete, and how it is used for key exchange.
https://curves.xargs.org/
When I clicked the original article, I was hoping for something like this. Thank you!
Unfortunately the article itself doesn't provide any insights or even the reason why it is called "elliptic" curve or why it makes a good candidate for cryptographic use. The author has no clue about the topic other than putting a catchy title.
For a more substantial explanation see e.g. "A gentle introduction to elliptic-curve cryptography"
https://media.ccc.de/v/31c3_-_6369_-_en_-_saal_1_-_201412272...
> This is especially important for devices with limited resources, like smartphones and IoT devices. This efficiency is one of the reasons why ellipti
I doubt there has been a smartphone in history that had even the slightest issue with RSA. When thinking of devices with limited resources, we should probably think of smart cards and such.
What a non-article. How did this get to the top of hn? I feel like I learned close to nothing.
As someone who already understands how ECC works, I learned a negative amount.
The article doesn't answer the titular question, it's just an ad for vaporware.
> The graph of this equation looks like a smooth, looping curve, which is where the name "elliptic" comes from.
This is completely made up. The name comes from "elliptic integral". From the Wikipedia page on Elliptic Curves:
> An elliptic curve is not an ellipse in the sense of a projective conic, which has genus zero: see elliptic integral for the origin of the term.
https://en.wikipedia.org/wiki/Elliptic_curve
This is an unusually poor explanation. There is no indication or example (using small numbers) of how ECC works, there's just a function and a picture of the curve it generates.
I guess people are upvoting based purely on the title, as yeah this is just a horrible stump of a page. There is a much better (but still only an absolute intro) CloudFlare explanation at
https://blog.cloudflare.com/a-relatively-easy-to-understand-...
my favorite application of elliptic curves is this:
https://www.reddit.com/r/puzzles/comments/azf0zo/im_stuck_on...
> The ECDLP involves finding the integer k such that P = k * G, where P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
I feel like I'm missing something in the example below this statement. I can type in 'hello world' and there is no P on the curve in the graph if I zoom it out, just a bunch of points that seem disconnected from the curve itself.
Yes. This is partly why this article is crap. k*G is never defined, and is the core operation in ECC (also: the article insist on using an elliptic curve in R, but you need to do it on a finite field, because on a smooth curve you can just use a smooth interpolation to solve the logarithm — and obviously once you go on a finite field the curve no longer looks nice, it’s just a seemingly random cloud of points).
Very roughly speaking, putting the complication of "point at infinity" problem under the rug, a characteristic feature of a EC is that a straight line passing through two points on the curve will pass through a third point on the curve (yes, unless you take a vertical line, point at infinity). So you can define an "addition of points on the curve" : take two points A and B, draw a straight line passing through them, name the third intersection point between the line and the curve C, declare A + B = C (actually there’s a symmetry around the x axis involved for the usual properties of addition to hold, another complication, let's sweep it under the rug too).
(for A = B, take the tangent of the curve at A ; in R you can see that it works because you can take the limit as B goes arbitrarily close to A : that gives you the tangent ; in a finite field that’s less obvious but the algebraic proof is the same)
So k*G is just G + G + ... + G, k times.
If you want more details, your favorite reasoning LLM can do a better job explaining what I’ve swept under the rug.
ECDH is an amazing example of layers of abstraction (and not just indirection) -- you have an algorithm working on points on the curve, which have their own math, but the curve is definef over GF which have their own math. Having to deal with that was interesting experience.
We have a whole free playlist introducing ECs from a mathematical to practical applications to ECC: https://www.youtube.com/watch?v=sH8ybvIlLvM&list=PL6N_Y7ao_a...
We're working on a certified course that will should be available at https://quantumformalism.academy/courses. It will cover post-quantum cryptography as well.
I don't get it?
The notation is inconsistent because it's an LLM and it's hallucinating notation.
I have similar issues, it's poorly explained.
Article seems to have vanished, and the content was eerily similar to what I got from Gemini 2.5 Pro. Seems like spam for this service.
Pointless article.
Superficial description of what an elliptic curve is, even less than superficial description of what a discrete logarithm is (including absolutely no mention of what it being discrete means) or how that applies to elliptic curves, and there is no mention of finite fields either.
This is a simple explanation of an interesting and useful mathematical application my 12-15 yo students can conceptually grab onto. Good to have, they’ll enjoy it.
Is this an AI slop? Is this an AI slop where the AI wrote and embedded an executable code example? That's a new one to me.
Terrible. I stopped reading after this nonsense: “The graph of this equation looks like a smooth, looping curve, which is where the name "elliptic" comes from.”
> The ECDLP involves finding the integer P is a point on the curve, G is a known point (the generator point), and k is the ephemeral key. The difficulty of this problem is what makes ECC secure.
But P on the image isn't on the curve it's at the origin.