Home

P256

P-256, also known as secp256r1 or prime256v1, is an elliptic curve defined over a 256-bit prime field. It is one of the NIST recommended curves and is widely used for digital signatures and key exchange. P-256 provides approximately 128-bit security and is designed to offer a favorable balance between cryptographic strength and computational efficiency.

The curve is defined by the short Weierstrass form y^2 = x^3 - 3x + b over the finite

Standardization and naming: P-256 is defined in FIPS 186-4 as part of the Digital Signature Standard and

Applications and usage: The curve supports ECDSA for digital signatures and ECDH for key agreement. It is

Security considerations: As a 256-bit curve, P-256 targets about 128-bit security. Implementations should use constant-time arithmetic,

field
with
p
=
2^256
-
2^224
+
2^192
+
2^96
-
1.
The
coefficient
a
is
-3,
and
the
constant
b
is
0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B.
The
base
point
G
has
coordinates
Gx
=
0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
and
Gy
=
0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5.
The
order
of
the
group
generated
by
G
is
n
=
0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551,
and
the
cofactor
h
=
1.
corresponds
to
the
SEC2
standard
as
secp256r1.
The
curve
is
commonly
referred
to
as
prime256v1
in
various
software
libraries.
It
is
among
the
recommended
curves
in
NIST
documents
for
elliptic-curve
cryptography.
widely
implemented
in
TLS,
SSH,
PGP,
and
many
cryptographic
libraries
and
protocols,
often
serving
as
the
default
curve
due
to
its
established
security
properties
and
performance
profile.
proper
nonce
generation
in
signatures,
and
secure
parameter
handling.
Some
deployments
may
opt
for
larger
curves
to
meet
higher
future
security
requirements.