Elliptic Curve Cryptography in Blockchain Technology

Elif Hilal Umucu

February 14,2022

Abstract

Blockchain technology has a significant impact in many areas. With the emergence of
Bitcoin, cryptography is an important concept for blockchain technology, which has made a
name for itself in the world. Cryptography is the core of blockchain technology. All transaction
information is encoded in blocks that are interconnected and form the structure of the
blockchain.

In this study, the mathematical and cryptographic foundations on which cryptocurrencies are
built are examined in detail in terms of cryptography. For detailed information on the
cryptographic technique used in the detailed money section, such as the kalanh, whose
information is hidden and tied to exact values, in particular about the Elliptic Curve
Cryptography.

The general purpose of this article is to give an overview of the elliptic programming method and
to analyze the cryptographic programming methods used by Blockchain, to design elliptic curve
keying using Python.

I. Introduction

It is known that there was a "value record" even in the times when there was no money going
back to ancient times. Transactions and swaps have always been recorded in history. However, a
publicly accessible registry/registry mechanism is always a major problem in itself. How to
secure a publicly accessible registry? While these data sometimes consist of economic, material
and financial data, sometimes they consist of sensitive and personal data. This situation brings
with it a trust problem about what to do if the recorded books are passed to unreliable third
parties.

The process of listing and describing the assets and transactions in finance is called single-entry
bookkeeping. In case of any distinction between liabilities and assets, if the sums of both parties

Electronic copy available at: https://ssrn.com/abstract=4033934

are equal, this book is called double-entry bookkeeping. The issue of three-entry bookkeeping,
brought with it by double-entry bookkeeping, has become a tradition that has been going on for
years.

As you know, developing technology has replaced traditional recording systems with great
innovations and offered better solutions. Instead of using slow and risky systems based on trust,
systems in which control and trust are given to technology are becoming widespread. Normal
notebooks have started to be replaced by computer networks and nodes, and the use of paper has
decreased automatically over time.

When these features are mentioned, the first technology that comes to mind will be Blockchain
technology. This technology, in which digital media and data transfer are shared over the
network and encrypted all over the world, has changed the concept of trust.

Network participants in the blockchain ecosystem contribute to the blockchain system and all
changes are recorded throughout the ledger network. The security is cryptographically protected
by miners who decipher complex hash sequences. These contributions make distributed ledgers
preferable for reliable payment networks without any middleman or center. During the use of
blockchain technology, users will have access to public and private keys, and then they will need
to have crypto wallets to keep these private keys safe and process transactions. The private key is
the owner's identity, nickname and private password, similar to a personal signature in a
distributed network. When sending money during any transfer, the record of the transaction is
signed by private keys to maintain authenticity, integrity and non-repudiation verification. The
receiver will use his/her private key to decrypt the message encrypted by the sender with the
receiver's public key.1 Cryptocurrency wallets enable these transactions and provide secure tools
for private keys.

Cryptography, in its simplest terms, is the definition of different methods and technologies used
to ensure that the communication between two parties over any communication medium is
secure, especially in the presence of a third party. This technology is achieved by using different
methods such as encryption, decryption, signing, pseudo-random numbers generation.
Cryptography encrypts or uses a key or a code to decrypt a message that must be kept secret.

1
FINRA. Distributed Ledger Technology: Implications of Blockchain for the Securities Industry. Report, FINRA,
Jan. 2017

Electronic copy available at: https://ssrn.com/abstract=4033934

 II. Blockchain Technology

Blockchain is a digital ledger that keeps track of transfers and transactions using a
peer-to-peer network as described above. Blockchains can be public blockchains or closed
blockchains depending on whether being a node in the network is restricted.

The first blockchain-based protocol emerged as the cryptocurrency Bitcoin. Since its emergence,
multiple uses of blockchain technology have been proposed and implemented. Understanding the
working mechanism of the Bitcoin protocol greatly simplifies understanding the various
alternatives that have been developed since then. Bitcoin can be defined as a digital ledger
maintained via the blockchain in a decentralized peer-to-peer network, where nodes (networked
devices) update the ledger and acquire block mining rights through a Proof of Work (PoW)
mechanism.

Therefore, it is essential to understand the concepts mentioned above in order to properly

understand Bitcoin and most blockchain applications in general. So, what does Bitcoin mean as a
ledger, what a decentralized peer-to-peer network means, how cryptography is implemented in
the protocol, and what Proof-of-Work (PoW) means is the answer to the question of what
industries and for what industries Blockchain technology will be used in the future. In the
process of explaining these concepts, besides how blockchains work, their cryptographic
operations will be pointed out.

Electronic copy available at: https://ssrn.com/abstract=4033934

To briefly express the transactions,

● The transactions in the blockchain data register are copied and sent to all nodes in the
distributed network.
● The posted ledger is the same at every node and cannot be changed retrospectively.
● A transaction created by a node in the blockchain is signed using a digital signing
algorithm.
● It is then sent to all nodes for validation.
● At the same time, these unconfirmed transactions are held in a pool.
● In the blockchain network, nodes that both verify and create blocks are called miners.
● Mining nodes take transactions from this pool and verify them and add them to the block
to be created.
● By using consensus methods, it is determined which node will broadcast the block to be
added to the chain.
● The identified miner sends the block to other nodes for verification.
● The verified block is added to the end of the blockchain.

A. Peer-to-Peer network

“The term peer-to-peer is a generic label assigned to network architectures

where all the nodes offer the same services and follow the same behavior”
(Cornelli et al. 2002).

Peer-to-peer (P2P) networks are basically interconnected node systems in which each node in the
network acts as a server and all nodes share a set of rules and maintain a common service.

P2P services include file sharing, bandwidth sharing, streaming and application sharing with
other peers2. Generally, nodes in a peer-to-peer network operate as both service providers and
clients. Because of this server-client duality, the nodes of a P2P network are also called servers.

Most blockchains use open P2P networks that record and verify transactions in a decentralized
manner. In this way, protocols will be able to keep track of property rights without a central third
party. When we examine Bitcoin, we can see that the P2P network consists of two types of
nodes: full nodes that store a copy of the entire blockchain, and Simple Payment Verification
(SPV) nodes that store only the block headers. To join the network, a client connects to some
fairly randomly chosen nodes and asks them to send the missing data to it. In the case of a new
full node this will be the entire blockchain.

2
FINRA. Distributed Ledger Technology: Implications of Blockchain for the Securities Industry. Report, FINRA,
Jan. 20

Electronic copy available at: https://ssrn.com/abstract=4033934

 B. Blocks

A blockchain is a collection of data blocks containing transactions and transfers. Each block
is linked to the previous block, so changing one block will separate it from all subsequent blocks.
This feature actually indicates that in order to make changes to any block, all subsequent blocks
must be re-mined. Mining is time consuming and costly3. Therefore, as the number of subsequent
blocks increases, it will become exponentially more expensive to replace one block and
subsequent blocks.

Blocks consist of three main elements:

1. the reference number of the previous block,

2. a list of transactions,
3. a nonce number generated for that block.

These three elements are used togeher as inputs in a function that outputs the reference number
of the block.

As explained above, the blocks are chained together as this reference number will then be used
as the first element of the next block. The reference number of each block is called the hash
number of the block as it is the output of a hash function.

C. Transactions

We can say that Transactions is the framework of the payment system in Bitcoin because
transactions are the system itself. A bitcoin itself is nothing more than a chain of transactions that
can be traced back to the coin transaction that created that value. In this technology, each
transaction made consists of inputs that refer to previous transactions and outputs that indicate
where this value goes4. Each transaction must spend all its inputs. The differences between the
input values ​and the output values ​are given as a transaction fee to the miner who blocked the
transaction5.

3
D. Appelbaum and R. A. Nehmer. Designing and Auditing Accounting Systems Based on Blockchain and
Distributed Ledger Principles. Presented at 40th World Continuous Auditing & Reporting Symposium - Newark, NJ,
2017.
4
Cryptocurrency Wallet Guide: A Step-By-Step Tutorial, 2017. URL https://
blockgeeks.com/guides/cryptocurrency-wallet-guide/.
5
C. Allen et al., “Decentralized public key infrastructure - a white paper from rebooting the web of trust,”
www.weboftrust.info/downloads/dpki.pdf

Electronic copy available at: https://ssrn.com/abstract=4033934

Output operations specify a value and a script. This script must be validated before the value can
be spent. This means that the input processes also include a script of values, which will validate
the output script of the process they reference. Among them are several widely accepted output
scripts: P2PKH or slightly more complex (P2SH) scripts. Simpler P2PKH scripts essentially
specify a public key that is verified by its digital signature in the transaction. P2SH scripts point
to another script that can be used to enforce additional conditions to spend this value, such as
confirmation by multiple parties (Narayanan et al., 2016).

D. Private Key

When you want to make a transaction, you set up a wallet and the first step you need to do
when you set up a wallet is to generate your private key. Your private key is a very large random
number 256 bits long. This number is so large that you can assign a unique private key to almost
every atom in the observable universe. Your private key should be as random and complex as
possible. Generating random numbers may be more difficult than it may seem, but this step is
essential for the security of your funds and transactions.

In cryptography, only the party exchanging secret messages knows the private or secret key, i.e.
the encryption/decryption key. The biggest disadvantage of this system is actually its biggest
security. In the event that someone loses or steals the key, disruption of the system entails a
personal responsibility.

For example, (A) wants to send a message to (B) where both (A) and (B) share the same key for
an encrypted message. If )A) has shared XORs her message with the secret key, then (B) also
needs the XOR message with the (same) secret key to decrypt the message.

E. Public Key

The next step is public keys. Your public key is derived from the large random number you
generate as your private key. (This is the most important part in elliptical axis cryptography, this
is where we have to multiply the points on the curve)

The public key allows to receive cryptocurrency transactions and transfers. A public key is an
encryption code paired with a private key. While anyone can send transactions to the public key,
you need the private key to "unlock" them and prove that you are the owner of the
cryptocurrency received in the transaction. The public key that can receive transactions is usually
an address, which is the abbreviation of your public key. It is possible to compare this situation
to e-mail addresses and local bank account number (iban) information. There should be no
worries when sharing public keys. In a cryptocurrency transfer in the blockchain ecosystem,
accounts communicate with public keys.

Electronic copy available at: https://ssrn.com/abstract=4033934

 F. Hash Functions

A true cryptographic multi-tool, hash functions are widely used in computer science and
cryptography in a wide variety of different contexts. They can be used to check the integrity of
the content of some files and also as an ID for some pieces of data. The basic idea in the concept
of hash is that the function takes some long string of data and produces a short fixed-length hash
or message digest corresponding to the input string. Kriptografi bağlamında, Gauravaram ve
Knudsen'de (2010) ana hatlarıyla belirtildiği gibi, hash fonksiyonlarının bazı başka özellikleri
karşılamasını istemek yaygındır:

1.preimage resistance (also known as obfuscation property or unidirectionality) means that if we

are given the output of a hash function, we will not be able to find the input value that produced
it.

2. second preimage resistance means that once we know an input value m, we cannot find
another input m0 such that H(m) = H(m0).

3. collision resistance is a stronger requirement than the previous. It is asked that it is not
possible to find any m and m0 with the same value.

It's enough if the hash computation is such that it takes an excessive amount of computation to
find one. Similarly, for the front display resistor (feature 1), one could theoretically iterate over
all possible input values ​to find the right one. To process arbitrary-length inputs into a fixed-size
output, hash functions use a system known as compression functions. One way that this result is
achieved is by means of the so-called Merkle-Damg˚ard construction.

This involves splitting the initial message into fixed length blocks, padding (adding, for instance,
zeroes to achieve desired length) as necessary, and passing the message through the compression
function one block at a time along with the hash of the previous block. The figure below presents
the compression function that is used in the SHA-256 algorithm (Secure Hash Algorithm)6
specified in FIPS 180-4 .7 Here, solid boxes represent 32-bit variables used in the calculation (a −
h, Wt and Kt) and dashed boxes operations on those variables. Arrows depict the movement of
values between variables (assignments), sometimes involving changing the variables through
some operations. Variables a − h hold intermediate values, Kt is a constant, one of sixty-four that
are defined in a somewhat arbitrary manner, and Wt is a value that is derived from the message
block being processed via some bit operations. This compression function is run sixty-four times
on each 512-bit block of the message, with a different value of Kt and Wt each round. Additions

6
R. McMillan. Want Cheaper Bitcoins? Hit Someone With a DDoS Attack, December 26, 2013. URL
https://www.wired.com/2013/11/ddos-bitcoin/.
7
Full Drive Encryption international Technical Community. collaborative Protection Profile for Full Drive
Encryption Authorization Acquisition, February 1, 2019.

Electronic copy available at: https://ssrn.com/abstract=4033934

are performed modulo 2³², the ⊕-symbol denotes the bitwise exclusive-or (XOR) operation and
≫ bitwise right rotation.

III. Cryptology

The subject of communication that describes the design and use of encryption, which
includes the methods and principles that transform any message into an incomprehensible form
and convert the incomprehensible encrypted message back into an understandable message, is
called cryptology. Cryptology is divided into two parts:

● Cryptography
● Cryptanalysis

Cryptography8 is a science that studies information security. Studies on mathematical methods

dealing with information security issues such as reliability, data integrity, and authentication are
the most important subjects of cryptography. These methods also include problems that may be
encountered during the transmission of information. Therefore, cryptography aims to protect the
information and, together with this information, the sender and receiver of the information. The
purpose of cryptanalysis is to obtain the content of an encrypted message (finding the
unencrypted message). Therefore, secret keys are always used to control the encryption process.

8
San Pedro. Details about the Side-Channel Attacks on Trezor One Hardware Wallet, March 14, 2019. URL https://
medium.com/ledger-on-security-and-blockchain/details-about-\
the-side-channel-attacks-on-trezor-one-hardware-wallet-62e2d278e803.

Electronic copy available at: https://ssrn.com/abstract=4033934

There are some security concepts that can be expected from the communication systems used in
order to be able to say that an information will be transmitted securely or that the information
obtained has been obtained securely:

● Confidentiality (privacy): It is to keep the information confidential from everyone

except those who are authorized to see it.
● Authentication: It is the guarantee that the sender of a transmitted message is really the
sender.
● Data Integrity: Integrity is the guarantee that the entire connection or a single piece of
data is as it was sent, and that no changes, additions or rearrangements have been made
on it.
● Non-Repudation: The receiver or sender cannot deny the transmitted message. Thus,
when a message is sent, the receiver can prove that the sender sent the message, and
similarly, the sender can prove that the receiver received the message.
● Access Control: It is the guarantee that unauthorized people or applications will not be
able to access the resources they should not access. In the context of network security,
access control is the ability to control and limit access to host systems.

A. Cryptographic Algorithms

All modern algorithms use a key to control encryption and decryption; a message can be
decrypted only when the key used matches the encryption key. During encryption, two different
methods can be used, keyed and keyless. Hash functions9, compression functions are examples
of keyless methods. Keyed cryptosystems can be listed under two main headings:

● Symmetric-key encryption (or secret-key encryption)

● Asymmetric encryption (or public-key encryption)

1. Symmetric-key Encryption

In symmetric encryption algorithms, a single secret key is used to encrypt and decrypt the
message. After performing the encryption operations, while sending the ciphertext to the
receiver, it must securely send the secret key along with the ciphertext to the receiver. Symmetric
encryption algorithms are widely used today because they can perform very fast encryption and
decryption operations.

These are symmetric encryption algorithms :

9
Knuth, Donald, ‘The Art of Computer Programming’, Volume 3, Sorting and Searching, pp. 506–542, 1973

Electronic copy available at: https://ssrn.com/abstract=4033934

 ● Blok-cipher Algorithms (AES, DES, IDEA, Skipjack, RC5 …)
● Stream Encryption Algorithms(RC2, RC4…)

2. Asymmetric-key encryption

In public-key cryptosystems, or in other words, asymmetric encryption, each party uses a key
pair called public (A) and secret (B). The a used as the encryption key need not be secret. The
basic idea behind public-key cryptography is that the public key (A) is hard to find, even though
the decryption key (B) is given. Public key systems are used in applications such as digital
signature and key exchange protocols10. These are asymmetric encryption algorithms:

● RSA
● El Gamal
● Elliptic Curve Systems
● Diffie-Hellman Key Determination
● Code-based Cryptosystems

10
Stinson, D.R., Cryptography: Theory and Practice, Crc Press, Boca Raton, 1995

Electronic copy available at: https://ssrn.com/abstract=4033934

 IV. Elliptic Curve Cryptography

Elliptic curve ciphers were first proposed independently by Victor Miller and Neal Koblitz in
the mid-1980s. At a high level, they are analogues of existing public-key cryptosystems in which
modular arithmetic is replaced by operations defined on elliptic curves. As with all public-key
cryptosystems, the security of elliptic curve cryptosystems relies on difficult mathematical
problems at the core11. Given two points G and Y on an elliptic curve such that Y = kG (ie, Y is
G added to it k times), find the integer k. This problem is often called the elliptic curve discrete
logarithm problem. Currently, general methods of calculating discrete logarithms of elliptic
curves are much less efficient than traditional methods of factoring or calculating discrete
logarithms12.

Elliptic curves are not ellipses. They are named that way because they are represented by
expressions similar to the cubic equations used to calculate the circle of an ellipse. If we consider
a K field, it can be K, R Real numbers, Q Rational numbers, C- Complex numbers, or if we
assume that p is a prime number, it can be Fq -finite field consisting of q=pr elements. The
characteristic of the finite field GF(2) is 2, and the characteristic of real and complex numbers is
infinity13.

As a result, shorter key sizes can be used to achieve the same security of traditional public key
cryptosystems, which can lead to better memory requirements and improved performance. In
general, the best attacks on elliptic curve discrete logarithm problems have been general brute
force methods. The lack of more specific attacks means that shorter key sizes for elliptical

11
Husemöller, D., Elliptic Curves, Springer – Verlag, New York, 2004
12
Koblitz, N., Introduction To Elliptic Curves and Modular Forms, Springer – Verlag, New York, 1993.
13
Kendirli, B., Number Theory with Cryptographic Applications, Fatih University, Istanbul, 2005

Electronic copy available at: https://ssrn.com/abstract=4033934

cryptosystems appear to provide similar security as much larger keys that can be used in
cryptosystems based on the discrete logarithm problem 5 random special values ​a and Bob
generating a random special value b. Both a and b are integer factorizations. There are more
effective attacks for certain elliptic curve options.

Uses of elliptic curve cryptography14:

● To generate the keys used,

● To sign messages,
● To verify the signature on a message.

Let's add itself to the number 1 in an object. If 1+1 = 0, then the characteristic of this object is 2.
If 1+1+1 = 0, then the characteristic of this object is 3. In general, if 1+1+1+…………+1 = 0,
then the characteristic of the object is n.

n If the number 1 itself can be added infinitely in the object, then the characteristic of the object
is 0. For any body K, the general equation of the elliptic curve is:

y² +axy+by= x³ +cx² +dx+e

If the characteristic of object K is , Char(K) = 2, the result:

y² +ay= x³ +bx+c veya y² +xy= x³ +ax² +b

If the characteristic of object K is Char(K) = 3, the result:

y² = x³ +ax² +bx+c

If the characteristic of the object K is Char(K) ≠2 or 3, then y² = x³ +ax+b. We use Affine

Transforms for each equation, and the x,y,a,b,c,d and e values in this equation are also located
above the K object.15 We can call the equation E elliptic curve equation, which satisfies any of
the conditions mentioned above, is located in the K field and consists of the set of (x,y) points16.

y² = x³ +ax+b the numbers a and b in this equation are real numbers and 4a³ +27b² ≠0 must be so
that x³ +ax+b does not have multiple roots. If it satisfies these conditions, we say that y² = x³
+ax+b is an elliptic curve. There is also an O notation in the definition of the elliptic curve,
called infinity or the zero point, which we will explore in more detail later. Equations of this type
are called cubic because the largest degree exponent is 3.

14
Cassels, J.W.S., Lectures on Elliptic Curves, Cambridge University Press, New York, 1995.
15
Washington, L. C., Elliptic Curves Number Theory and Cryptography, Chapman & Hall/CRC, Boca Raton, 2003.
16
Husemöller, D., Elliptic Curves, Springer – Verlag, New York, 2004.

Electronic copy available at: https://ssrn.com/abstract=4033934

Let K be a field of characteristic ≠ 2,3, and let x + ax + b 3 (where a,b ∈ K ) be a cubic
polynomial with no multiple roots. An elliptic curve over K is the set of points (x,y) with x,
which satisfy the equation :

y² = x³ +ax+b

Together with a single element denoted ∞ and called the “ point at infinity” ;

If K is a field of characteristic 2, then an elliptic curve over K is the set of points satisfying an
equation of the type either

y² + cy = x³ +ax+b

Or else

y² + xy = x³ +ax²+b

( here we do not care whether or not the cubic on the right has multiple roots) together with a
“point at infinity” ∞17 .

If K is a field of characteristic 3, then an elliptic curve over K is the set of points satisfying the
equation

y² = x³+ ax² + bx + c

The graph of the elliptic curve equation given as a=-4 and b=0.67 :

17
Enge, A., Elliptic Curves and Their Applications to Cryptography An Introduction, Kluwer Academic Publishers,
Boston, 1999

Electronic copy available at: https://ssrn.com/abstract=4033934

This graph is the elliptic curve of y² = x³ -4x+0.67

If the 3 points of an elliptic curve lie on a straight line, they are summed up as the O infinity
notation. Starting from this explanation, we can define the following rules for an elliptic curve:

1. For any point P on the elliptic curve, P+O=P.

2. If a vertical line intersects the elliptic curve at two points P1=(x,y) and P2=(x, −y) for the
same value of x, that line is also intersecting the elliptic curve at the point of infinity. So
P1+P2+O =O and P1=−P2. So the negative of a point is a point on the x-axis with the
same value, and the value of that point on the y-axis is the negative of the first point.

Electronic copy available at: https://ssrn.com/abstract=4033934

 3. When we select points Q and R with different x coordinates and draw a straight line
through these two points, we find the third point of the intersection, P1. There is only one
point P1 (if the line we have drawn is tangent to one of the points Q or R, then we get
P1=Q or P2=Q). In this case, Q+R+P1=O and hence Q+R = − P1.

For example, when P is Q ∈ EF(a,b) and k<p, let Q=kP. While it is relatively easy to calculate
the value of Q given k and P, it is indeed very difficult to calculate the value of k given Q and P,
and this problem summarizes the elliptic curve problem.

V. Elliptic Curve Cryptography in Python Programming Language

The ECDH protocol can be implemented in the Python programming language, for this case the
Python programming language has the Elliptic Curve Library.

The tinyec library will be used for ECC in Python.

pip install tinyec

from tinyec import

import secrets

def compress(publicKey):

return hex(publicKey.x) + hex(publicKey.y % 2)[2:]

curve = registry.get_curve(’brainpoolP256r1’)

Ka = secrets.randbelow(curve.field.n)

X = Ka * curve.g print("X:", compress(X))

Kb = secrets.randbelow(curve.field.n)

Y = Kb * curve.g print("Y:", compress(Y))

print("Currently exchange the publickey (e.g. through Internet)")

(A) : represents person A

(B) : represents person B

Electronic copy available at: https://ssrn.com/abstract=4033934

(A)SharedKey = Ka * Y

print("A shared key :",compress((A)SharedKey))

(B)SharedKey = Kb * X

print("(B) shared key :",compress((B)SharedKey))

print("Equal shared keys:", (A)SharedKey == (B)SharedKey)

VI. Example

We consider here that the secret keys KA and KB are generated randomly by sender (A) and
receiver (B) using the code explained in the previous section. Therefore, the randomly generated
keys KA and KB are given by

KA = 1b66c808e6b5be6d6620934bc6ffa2b8b47f 9786c00 2bfb06d53a0c27535641a5d1

KB= 1c7d15195432d1ac7f38aeb054d07d9b2e1faa913b7

D08a4d5efdd4a1ee8d9a31916d53a0c27535641a5d0d1

Let us assume that (A) and (B) pre-agreed with the point Q given by

Q = (0xd458e7d127ae671b0c330266d246769353a012073e97acf8,

0x3259305sfgr211f 446bddc050cf 7fb11b 5673a1645086df 3b)

When (A) send the point X = KAQ to (B) and (B) shared the point Y = KBQ with (A) then the
generated secret key is shared between (A) and (B) . This secret key is common for both the
users and is given by

KS=0x94f5a1cf2ed1dbb4322178df6bb4dd742c541884618b2989a3e5e66319 667a640

The elliptic curve which is being used for the ECDH calculations is 256-bit named curve
brainpoolP256r1(uses Diophantine equation for the generation of points). The private keys are
randomly 256-bit (64 hexadecimal digits) . The public keys and shared keys are 257 bits (65
hexadecimal digits , 256 bit due to key compression). Due to randomization the secret keys KA
and KB are different but the calculated shared secret key between (A) and (B) will always be
same.

Electronic copy available at: https://ssrn.com/abstract=4033934

VII. Conclusion

Encryption is defined in academic literature as the process of converting a plain text into
randomly generated nonsense text called ciphertext. Decryption is defined as the conversion of
ciphertext to its original form. The purpose of every encryption and decryption algorithm is to
secure data and protect it from attacks.

Mathematics and cryptography appear in all areas of life, even if we do not realize it. Even when
we share data on social media, use an end-to-end secure application or enter the Blockchain
ecosystem by making crypto money transactions, we are actually within the domain of
cryptography.

In this study, we examined elliptic curves over a finite field with cryptographic applications. We
implemented the elliptic curve cryptography and key sharing algorithm in python by explaining
it with computer code. The algorithm in the elliptic curve of a key shared between (A) and (B)
can be explained and coded with the python programming language. We see that defining an
elliptic curve over a finite area gives us more security. So, let's define an elliptic curve on Zp
(where p is a prime number). When you choose p as a large prime number, it means that the
ciphertext is very difficult to crack.

Electronic copy available at: https://ssrn.com/abstract=4033934