Skip to content
Switch branches/tags
Go to file

Latest commit

Added Curve448 to CurveDB and added a few simple tests. Used source data

Git stats


Failed to load latest commit information.
Latest commit message
Commit time


joeecc is a playground for Elliptic Curve Cryptography in FP. It is written in pure Python and aims to explain ECC in easy terms. It is neither written to be performant, nor side-channel resistant nor in any way suited for productive use at all. Please use it for its intended purpose and for it only.

The rationale behind joeecc is to show a clear and mathematically clean presentation of the underlying mathematical problems. Most code that is written arund ECC -- especially code that revolves around Ed25519 and/or Curve25519 is heavily optimized and in many cases hard to understand. joeecc tries to present the problems with a high level of abstraction in order to serve as yet another (different) reference to compare implementations against and in order to aid understanding of heavily optimized code. All curve arithmetic is therefore performed in affine space; performance in affine space is lowest, but having values that directly can be checked against the curve equation makes understanding everything extremely easy.


There's a ECC tutorial that I've written which accompanies the pure code. It can be found at


  • ECDSA demonstration
  • ECIES demonstration
  • ECDH demonstration
  • Elgamal demonstration
  • Demonstration how a private key can be recovered from two ECDSA signatures which reused the same nonce (ECDSA nonce exploit)
  • Support for short-formed Weierstrass curves, Montgomery curves and twisted Edwards curves
  • Conversion of domain parameters of twisted Edwards to Montgomery form and back, conversion of points between Montgomery representation and its birationally equivalent twisted Edwards counterpart
  • Ed25519 and Curve25519 support and support to convert keys between each other (Curve25519 and Ed25519 are birationally equivalent curves)
  • Many testcases to try out your own implementation
  • Example of OpenBSD's signify application (generates and verifies Ed25519 signatures, but doesn't support key encryption)
  • Clean, well-documented Python3 code