So far, the best single-page elliptic curve primer for generalist programmers I know of is Adam Langley's:<p><a href="https://www.imperialviolet.org/2010/12/04/ecc.html" rel="nofollow">https://www.imperialviolet.org/2010/12/04/ecc.html</a><p>I understand the urge to try to get a high-level grok of curves without much math, but I spent years bouncing off the outermost surface of curve understanding by trying to start with the curve picture and the intuitive geometry of curve shape, and what finally made curves click for me (and quickly) was to simply take the curve equation --- which is itself high school math! --- and play with it a bit.<p>So if you're a programmer and you want a baseline understanding how curves work, do what you'd do with any other subject you're trying to understand: pop open an editor, take the Weierstrass curve equation, pick a y, solve for x; then do it in a finite field (ie, mod a prime). Then write an "add", then a "scalar mult". It's a couple hours of noodling, tops.<p>As always, but particularly with curves, remember that the basic understanding of what's going on is nowhere nearly enough to ever use them safely!
This is pretty good! The arithmetic of elliptic curves gets very complex, but I like how you arrived at points on an elliptic curve just by defining groups and fields. It might be a slight improvement to give a short, Rudin-style explanation of the difference between a set and a field. You could do this from first principles of set theory without being so terse as to be incomprehensible or diving into the axioms; I think the stated goal of little math is fine for the audience, but at the same time such an audience might not immediately understand what “field = set with addition and multiplication defined on it” means. I think a small expansion of the treatment on <i>why</i> the ECDLP is hard would also be good. It's intuitively easy to follow that hard problems can exist, but maybe continue on in showing why this particular hardness assumption works for cryptography (because there are many that do not).<p>Places to go from here if you enjoyed reading this and want to learn more about elliptic curves and cryptography related to them:<p>1. <a href="http://blog.bjrn.se/2015/07/lets-construct-elliptic-curve.html?m=1" rel="nofollow">http://blog.bjrn.se/2015/07/lets-construct-elliptic-curve.ht...</a><p>More on an elliptic curve and constructing a hypothetical one.<p>2. <a href="https://medium.com/@VitalikButerin/exploring-elliptic-curve-pairings-c73c1864e627" rel="nofollow">https://medium.com/@VitalikButerin/exploring-elliptic-curve-...</a><p>Elliptic curve pairings.<p>3. <a href="https://www.lvh.io/posts/supersingular-isogeny-diffie-hellman-101.html" rel="nofollow">https://www.lvh.io/posts/supersingular-isogeny-diffie-hellma...</a><p>An intro to supersingular isogeny cryptography, which has a basis in elliptic curves as a mathematical structure, but is fundamentally different from elliptic curve cryptography.
If you want to see a "from scratch" implementation using existing algorithms, here's short working snippet of elliptic curve cryptography (specifically Bitcoin's) without 3rd party libraries:<p><a href="https://github.com/wyc/haschain/blob/master/Secp256K1.hs" rel="nofollow">https://github.com/wyc/haschain/blob/master/Secp256K1.hs</a><p>The implementation doesn't concern itself with groups or fields, but they're still very useful to make sense of the code at all. Actually, I should add some types and implement an instance of Data.Group when I have more time.<p>Of course, it's for fun and not production use. I didn't give the slightest thought to timing attacks, optimized performance, etc.
As nice as it is, integers are not a field (i.e. most of them don't have multiplicative inverses, or 1/n usually isn't integral).<p>Another good writeup:
<a href="http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/" rel="nofollow">http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryp...</a>
more in depth and just as gentle: <a href="https://jeremykun.com/2014/02/08/introducing-elliptic-curves/" rel="nofollow">https://jeremykun.com/2014/02/08/introducing-elliptic-curves...</a>
In case anyone here is interested in Cryptography as it pertains to Cryptocurrency specifically, here's a talk I gave recently that might be interesting to you: <a href="https://www.youtube.com/watch?v=Fyqtl7eGQZY&t=1062s" rel="nofollow">https://www.youtube.com/watch?v=Fyqtl7eGQZY&t=1062s</a>
In the image for A+A=C (multiply by 2) I see the intersection point C, but what if you wanted to multiply by 3? That would be A+C=D and I don't see any point on the curve that the line through A and C intersects. In fact it looks like for any A you choose, adding A+A gives a C which has that property (in other words A*3=0 for any A). This is just by visual inspection. What am I missing?
The article gives a nice intuition about how encryption works using elliptic curves without going too deep into the math.<p>I'm curious for a similar explanation for how decryption would work though; a trapdoor function is nice and all, but it's only half of the story if there is no 'way out'.
I always get a bit annoyed when someone tries to explain ECC with an image of an elliptic curve over the reals. The whole point of ECs over finite fields in cryptography is that they don't have any regular structure like that!
Well done, loved the use of interactive graphics. Curious if you will continue this approach, but for more advanced cryptography, or move on to other things. Would love a more in depth guide to cryptography in this format.