So when we regenerate curves like secp160k1, secp192k1, secp224k1, and secp256k1, we start with "2^n-2^32" and work our way down to find a prime number that forms a curve. For secp192k1, secp224k1, and secp256k1, we just took the first valid value we found. But with secp160k1, turns out the p-value is actually the fifth one down from 2^160-2^32. Why did we skip four p-values? They all had a matching b-value with a prime n-value.
Here's what it looks like for secp192k1:
secp224k1:
secp256k1:
Also, I'm curious why they went with b=5 for secp224k1 when b=2 would do the trick too and still give the same n-value. Are there some hidden rules we gotta think about when choosing the b-value?
The field and curve have to admit a primitive root of unity in order to make the efficient endomorphism work, so that's going to be part of the selection criteria for any of the K curves.
primitive root ?
source
https://github.com/cysecud/ecc_weak_keys/issues/2#issuecomment-2508282587
primitive root generate vulnerable subgroups what provide way to breack 256 bit key in seconds.On github more info about it.
You're spouting nonsense, stop linking to fake 'weak key' bullshit. These are posts of scammers tricking people into running malware.
Secp256k1 is prime ordered, there are no subgroups and all keys are equivalent.