Ever wanted to understand how Grin works, but the math scared you off? I felt the same. In this 3 part series I’ll take you step-by-step through the process of understanding Mimblewimble once and for all *(hint: it’s not as scary as it seems).*

This is the 1_{st} part of *Introduction to Mimblewimble* (It currently sits idly in the new docs, read by almost no-one).

Let’s go. Start fucking reading.

# Elliptic Curve Cryptography

Mimblewimble relies entirely on Elliptic-curve cryptography (ECC), an approach to public-key cryptography. Put simply, given an algebraic curve of the form `y^2 = x^3 + ax + b`

, pairs of private and public keys can be derived. Picking a private key and computing its correspnding public key is trivial, but the reverse operation `public key -> private key`

is called the *discrete logarithm problem*, and is considered to be computationally infeasible.

Let’s review the basics.

## Operations

These are the relevant mathematical operations we can do on Elliptic-curve points.

- Addition - Given two points, we can add them to one another (or subtract) and the result would be a new point on the curve.
- Multiplication - Given a point, we can multiply it any number of times.

#### Addition

Given three aligned points **P**, **Q** and **R**, their sum is always 0. We treat this as an inherent property of elliptic curves.

```
P + Q + R = 0
```

We can then write it as:

```
P + Q = -R
```

So that adding the two points P and Q results in -R, the inverse of R.

If we draw a line passing through P and Q, this line will cross a third point on the curve, R (so that P, Q and R are aligned). If we take the inverse of this point, which is simply the one symmetric to it about the x-axis, we have found the result of adding two curve points, P + Q. Let’s illustrate:

In other words, addition of points is basically hopping around on the curve to a different, *seemingly* random point; It looks random unless you know the exact operation performed to reach it.

#### Multiplication

We can’t multiply a point by another point, but we can multiply a point by a number (scalar). Multiplying point **P** by scalar `k`

would simply require adding point **P** onto it self `k`

times. This operation is easily demonstrated by assigning `k=2`

so that `k*P = P+P`

. To illustrate how it would look like on the curve, we draw a tangent line. You can imagine that the line intersects three points, whereas two of them are **P**, such that:

```
P + P = -R
```

*To calculate 8*P for e.g. wouldn’t take 8 operations, but only 3; you can find 2*P, then add it onto itself, and then add 4*P onto itself, for the final result of 8*P.*

## Key Pairs

An ECC system defines a publicly known constant curve point called the generator point, **G**. The generator point is used to compute any public key. A key pair consists of:

- Private key
**k**– A randomly chosen 256-bit integer (scalar). - Public key
**P**– An Elliptic-curve point derived by multiplying generator point G by the private key.

And more clearly, a public key (of private key `k`

) is as follows:

```
P = k*G
```

This is easy to compute.

But, if everybody knows points P and G, can they find out what `k`

is? The answer is no; The difficulty of getting from one point to another is precisely the definition of the Elliptic curve discrete logarithm problem.

*Note: The specific Elliptic curve that Grin employs is rust-secp256k1 (y^2^ = x^3^ + 7) using Schnorr signature scheme.*

**Feel free to ask any stupid question, this is a no judgement zone. 2 _{nd} part soon.**