CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-ecdsa

ECDSA cryptographic signature library (pure python)

Pending
Overview
Eval results
Files

curves.mddocs/

Curves & Mathematical Foundation

Pre-defined elliptic curve parameters and mathematical operations supporting a comprehensive range of standardized curves. The ecdsa library provides curves from NIST Suite B, SECP standards, Brainpool specifications, and Edwards curves for various cryptographic applications and compliance requirements.

Capabilities

NIST Curves

NIST (National Institute of Standards and Technology) Suite B curves, widely adopted for government and commercial cryptographic applications.

NIST192p: Curve  # NIST P-192 (secp192r1, prime192v1) - 192-bit security
NIST224p: Curve  # NIST P-224 (secp224r1) - 224-bit security  
NIST256p: Curve  # NIST P-256 (secp256r1, prime256v1) - 256-bit security
NIST384p: Curve  # NIST P-384 (secp384r1) - 384-bit security
NIST521p: Curve  # NIST P-521 (secp521r1) - 521-bit security (not 512!)

NIST Curve Properties:

  • Recommended by US government standards
  • Widely supported across implementations
  • Well-studied security properties
  • Common in TLS/SSL, government applications

SECP Curves

Standards for Efficient Cryptography Project (SECP) curves, including the famous Bitcoin curve.

SECP112r1: Curve  # secp112r1 - 112-bit security (legacy, weak)
SECP112r2: Curve  # secp112r2 - 112-bit security (legacy, weak)
SECP128r1: Curve  # secp128r1 - 128-bit security (legacy, weak)
SECP160r1: Curve  # secp160r1 - 160-bit security (legacy, weak)
SECP256k1: Curve  # secp256k1 - 256-bit security (Bitcoin, Ethereum)

Notable SECP Curves:

  • SECP256k1: Used by Bitcoin, Ethereum, and other cryptocurrencies
  • Legacy curves (112, 128, 160-bit) provided for compatibility but not recommended
  • Different mathematical properties from NIST curves

Brainpool Curves

European Telecommunications Standards Institute (ETSI) Brainpool curves, providing alternative curve parameters with transparent generation.

Brainpool Random Curves (r1 series)

BRAINPOOLP160r1: Curve  # Brainpool P-160r1 - 160-bit security
BRAINPOOLP192r1: Curve  # Brainpool P-192r1 - 192-bit security
BRAINPOOLP224r1: Curve  # Brainpool P-224r1 - 224-bit security
BRAINPOOLP256r1: Curve  # Brainpool P-256r1 - 256-bit security
BRAINPOOLP320r1: Curve  # Brainpool P-320r1 - 320-bit security
BRAINPOOLP384r1: Curve  # Brainpool P-384r1 - 384-bit security
BRAINPOOLP512r1: Curve  # Brainpool P-512r1 - 512-bit security

Brainpool Twisted Curves (t1 series)

BRAINPOOLP160t1: Curve  # Brainpool P-160t1 - 160-bit security
BRAINPOOLP192t1: Curve  # Brainpool P-192t1 - 192-bit security
BRAINPOOLP224t1: Curve  # Brainpool P-224t1 - 224-bit security
BRAINPOOLP256t1: Curve  # Brainpool P-256t1 - 256-bit security
BRAINPOOLP320t1: Curve  # Brainpool P-320t1 - 320-bit security
BRAINPOOLP384t1: Curve  # Brainpool P-384t1 - 384-bit security
BRAINPOOLP512t1: Curve  # Brainpool P-512t1 - 512-bit security

Brainpool Curve Features:

  • European standard alternative to NIST curves
  • Transparent parameter generation process
  • r1 (random) and t1 (twisted) variants available
  • Used in European government and industry applications

Edwards Curves

Montgomery and Edwards curves optimized for digital signature algorithms (EdDSA).

Ed25519: Curve  # Edwards 25519 - ~128-bit security, optimized for EdDSA
Ed448: Curve    # Edwards 448 - ~224-bit security, optimized for EdDSA

Edwards Curve Features:

  • Designed for EdDSA (Edwards-curve Digital Signature Algorithm)
  • Faster and more secure than traditional ECDSA on these curves
  • Resistance to timing attacks and other side-channel vulnerabilities
  • Ed25519 widely adopted in modern applications (SSH, TLS 1.3, etc.)

Curve Class

The Curve class encapsulates all parameters and operations for a specific elliptic curve.

class Curve:
    def __init__(self, name, curve, generator, oid, openssl_name=None):
        """
        Initialize curve with parameters.

        Parameters:
        - name: str, human-readable curve name
        - curve: mathematical curve object (CurveFp or CurveEdTw)
        - generator: Point object, generator point
        - oid: tuple, ASN.1 Object Identifier
        - openssl_name: str or None, OpenSSL curve name
        """

    def to_der(self, encoding=None, point_encoding="uncompressed"):
        """
        Export curve parameters in DER format.

        Parameters:
        - encoding: str or None, parameter encoding method
        - point_encoding: str, point encoding format

        Returns:
        bytes, DER-encoded curve parameters
        """

    def to_pem(self, encoding=None, point_encoding="uncompressed"):
        """
        Export curve parameters in PEM format.

        Parameters:
        - encoding: str or None, parameter encoding method
        - point_encoding: str, point encoding format

        Returns:
        str, PEM-encoded curve parameters
        """

    @staticmethod
    def from_der(data, valid_encodings=None):
        """
        Load curve from DER-encoded parameters.

        Parameters:
        - data: bytes, DER-encoded curve parameters
        - valid_encodings: list or None, acceptable encodings

        Returns:
        Curve object
        """

    @classmethod
    def from_pem(cls, string, valid_encodings=None):
        """
        Load curve from PEM-encoded parameters.

        Parameters:
        - string: str, PEM-encoded curve parameters
        - valid_encodings: list or None, acceptable encodings

        Returns:
        Curve object
        """

Curve Attributes

name: str                    # Human-readable curve name
    curve: object               # Mathematical curve object
    generator: Point            # Generator point on the curve
    order: int                  # Order of the curve (number of points)
    baselen: int               # Base length in bytes for keys
    verifying_key_length: int  # Public key length in bytes
    signature_length: int      # Signature length in bytes
    oid: tuple                 # ASN.1 Object Identifier
    openssl_name: str          # OpenSSL curve name (if available)

Curve Utility Functions

Functions for finding and working with curves by name or identifier.

def find_curve(oid_curve):
    """
    Find curve by ASN.1 Object Identifier.

    Parameters:
    - oid_curve: tuple, ASN.1 OID tuple

    Returns:
    Curve object

    Raises:
    UnknownCurveError: if curve not found
    """

def curve_by_name(name):
    """
    Find curve by name string.

    Parameters:
    - name: str, curve name (e.g., "NIST256p", "secp256k1")

    Returns:
    Curve object

    Raises:
    UnknownCurveError: if curve not found
    """

curves: list  # List of all supported Curve objects

Mathematical Foundation Classes

Low-level mathematical classes that implement elliptic curve arithmetic (primarily for internal use).

class CurveFp:
    """Elliptic curve over finite field (Weierstrass form: y² = x³ + ax + b)."""

class CurveEdTw:
    """Twisted Edwards curve (ax² + y² = 1 + dx²y²)."""

class Point:
    """Point on elliptic curve in affine coordinates."""

class PointJacobi:
    """Point on elliptic curve in Jacobian coordinates (for efficiency)."""

class PointEdwards:
    """Point on Edwards curve."""

Exception Classes

class UnknownCurveError(Exception):
    """Raised when referencing an unknown or unsupported curve."""

Usage Examples

Working with Different Curve Types

from ecdsa import SigningKey, NIST256p, SECP256k1, Ed25519, BRAINPOOLP384r1

# NIST curve (government standard)
nist_key = SigningKey.generate(curve=NIST256p)
print(f"NIST P-256 key length: {nist_key.baselen} bytes")

# Bitcoin curve
bitcoin_key = SigningKey.generate(curve=SECP256k1)
print(f"Bitcoin secp256k1 key length: {bitcoin_key.baselen} bytes")

# Edwards curve (for EdDSA)
edwards_key = SigningKey.generate(curve=Ed25519)
print(f"Ed25519 key length: {edwards_key.baselen} bytes")

# European Brainpool curve
brainpool_key = SigningKey.generate(curve=BRAINPOOLP384r1)
print(f"Brainpool P-384r1 key length: {brainpool_key.baselen} bytes")

Curve Information and Properties

from ecdsa import NIST256p, SECP256k1, Ed25519
from ecdsa.curves import curves, curve_by_name

# Examine curve properties
for curve in [NIST256p, SECP256k1, Ed25519]:
    print(f"Curve: {curve.name}")
    print(f"  Key length: {curve.baselen} bytes")
    print(f"  Public key length: {curve.verifying_key_length} bytes")
    print(f"  Signature length: {curve.signature_length} bytes")
    print(f"  Order: {curve.order}")
    print(f"  OID: {curve.oid}")
    print()

# Find curve by name
try:
    secp_curve = curve_by_name("secp256k1")
    print(f"Found curve: {secp_curve.name}")
except UnknownCurveError:
    print("Curve not found")

# List all available curves
print(f"Total supported curves: {len(curves)}")
for curve in curves[:5]:  # Show first 5
    print(f"  {curve.name}")

Curve Selection Guidelines

from ecdsa import SigningKey, NIST256p, SECP256k1, Ed25519, BRAINPOOLP256r1

# For general applications - NIST P-256 (widely supported)
general_key = SigningKey.generate(curve=NIST256p)

# For blockchain/cryptocurrency - secp256k1
crypto_key = SigningKey.generate(curve=SECP256k1)

# For modern high-security applications - Ed25519
modern_key = SigningKey.generate(curve=Ed25519)

# For European compliance - Brainpool curves
eu_key = SigningKey.generate(curve=BRAINPOOLP256r1)

print("Generated keys for different use cases:")
print(f"General purpose (NIST P-256): {general_key.curve.name}")
print(f"Cryptocurrency (secp256k1): {crypto_key.curve.name}")
print(f"Modern security (Ed25519): {modern_key.curve.name}")
print(f"European standard (Brainpool): {eu_key.curve.name}")

Curve Compatibility and Interoperability

from ecdsa import SigningKey, VerifyingKey, NIST256p

# Generate key pair
sk = SigningKey.generate(curve=NIST256p)
vk = sk.verifying_key

# Export curve parameters
curve_der = sk.curve.to_der()
curve_pem = sk.curve.to_pem()

print(f"Curve DER parameters: {len(curve_der)} bytes")
print(f"Curve PEM parameters: {len(curve_pem)} characters")

# Curve metadata
print(f"Curve name: {sk.curve.name}")
print(f"OpenSSL name: {getattr(sk.curve, 'openssl_name', 'N/A')}")
print(f"OID: {sk.curve.oid}")

Security Considerations by Curve Type

from ecdsa import curves

# Analyze security levels of different curves
security_levels = {
    # Approximate security levels in bits
    112: ["SECP112r1", "SECP112r2"],
    128: ["SECP128r1"],
    160: ["SECP160r1", "BRAINPOOLP160r1", "BRAINPOOLP160t1"],
    192: ["NIST192p", "BRAINPOOLP192r1", "BRAINPOOLP192t1"],
    224: ["NIST224p", "BRAINPOOLP224r1", "BRAINPOOLP224t1"],
    256: ["NIST256p", "SECP256k1", "BRAINPOOLP256r1", "BRAINPOOLP256t1"],
    320: ["BRAINPOOLP320r1", "BRAINPOOLP320t1"],
    384: ["NIST384p", "BRAINPOOLP384r1", "BRAINPOOLP384t1"],
    512: ["BRAINPOOLP512r1", "BRAINPOOLP512t1"],
    521: ["NIST521p"],
}

print("Curve security levels:")
for bits, curve_names in security_levels.items():
    if bits < 160:
        status = "(WEAK - not recommended)"
    elif bits < 256:
        status = "(legacy)"
    else:
        status = "(strong)"
    print(f"{bits}-bit {status}: {', '.join(curve_names)}")

# Special cases
print("\nSpecial curves:")
print("Ed25519: ~128-bit security, optimized for EdDSA")
print("Ed448: ~224-bit security, optimized for EdDSA")

Install with Tessl CLI

npx tessl i tessl/pypi-ecdsa

docs

curves.md

ecdh.md

eddsa.md

encoding.md

index.md

keys-signatures.md

mathematical-functions.md

tile.json