Cryptographic Specification

Curve Usage Matrix

Component	Curve	Standard	Usage
ELA Main Chain	NIST P-256 (secp256r1)	FIPS 186-4	Transaction signing, multi-sig, coinbase
DID System	NIST P-256 (secp256r1)	FIPS 186-4	DID key pairs, credential signing
Schnorr (Arbiter)	NIST P-256 (secp256r1)	Custom impl	Aggregated cross-chain signatures
ESC (EVM)	secp256k1	SEC 2	Standard Ethereum transaction signing
EID (EVM)	secp256k1	SEC 2	Standard Ethereum transaction signing
Carrier v2	Ed25519	RFC 8032	Node identity
Carrier v2	X25519	RFC 7748	Key agreement for encryption
Carrier v1	Curve25519	NaCl	Friend keys, session encryption

warning

The ELA main chain uses P-256 (secp256r1), not Bitcoin's secp256k1. Standard Bitcoin/Ethereum wallet libraries (bitcoinjs-lib, ethers.js, web3.js) cannot sign ELA main chain transactions without P-256 curve support.

Both curves coexist in the system: P-256 for main chain + DID operations, secp256k1 for EVM sidechain operations. Essentials wallet derives keys on both curves from the same BIP-39 seed.

Hash Functions

Usage	Algorithm	Output Size
Block hashing	Double SHA-256	32 bytes
Address derivation	SHA-256 + RIPEMD-160	20 bytes
Merkle trees	Double SHA-256	32 bytes
Bloom filters	MurmurHash3 (32-bit)	4 bytes
AuxPoW validation	SHA-256 (Bitcoin compat)	32 bytes
Carrier anti-spam tokens	SHA-256 with time windows	32 bytes
Schnorr challenge	SHA-256	32 bytes
DID document hashing	SHA-256	32 bytes

HD Key Derivation

All components use BIP-32/BIP-39/BIP-44 standard derivation from a single mnemonic seed.

Chain	HD Path	Curve	Coin Type
ELA Main Chain	m/44'/0'/0'/0/<index>	secp256r1 (P-256)	0 (Bitcoin)
DID	m/44'/0'/0'/0/<index>	secp256r1 (P-256)	0 (same as ELA)
ESC/EID	m/44'/60'/0'/0/<index>	secp256k1	60 (Ethereum)
Bitcoin	m/44'/0'/0'/0/<index>	secp256k1	0 (Bitcoin)

info

ELA main chain and DID share the same derivation path (m/44'/0'/0'/0/0) but use P-256 instead of secp256k1. The same seed generates both P-256 and secp256k1 key trees; the curve selection happens at the key generation step, not at the path level.

Address Encoding

All Elastos addresses use Base58Check encoding with version byte prefixes:

Version Byte	Hex	Address Prefix	Purpose
Standard	0x21	8	Standard single-sig ELA addresses
Multi-sig	0x12	Varies	Multi-signature addresses
Cross-chain	0x4B	X	Cross-chain deposit addresses
Deposit	0x1F	D	BPoS node registration deposit
DPoSV2	0x3F	Varies	BPoS staking addresses
DID	0x67	i	Decentralized Identity (CRDID)

Address construction:

1. Public key → redeem script (depends on type)
2. Redeem script → SHA-256 → RIPEMD-160 → program hash (20 bytes)
3. Prepend version byte → 21 bytes (Uint168)
4. Double SHA-256 of versioned bytes → first 4 bytes = checksum
5. Append checksum → 25 bytes
6. Base58 encode → address string

Signature Formats

ECDSA P-256 (Main Chain / DID)

Standard ECDSA signature over SHA-256 hash, using the NIST P-256 curve. Signature is DER-encoded (r, s) values.

ECDSA secp256k1 (ESC / EID)

Standard Ethereum signature: (v, r, s) where v is the recovery ID (27 or 28). Compatible with ecrecover precompile.

Schnorr Aggregate (Arbiter)

64-byte signature: [R_x (32 bytes) || s (32 bytes)]

Where:

• R_x = x-coordinate of aggregate nonce point R = Σ(R_i)
• s = Σ(k_i + e * privKey_i) mod N
• e = SHA-256(R_x || P || message)
• P = Σ(P_i) = aggregate public key

Ed25519 (Carrier v2)

Standard Ed25519 signature: 64 bytes. Used for node identity and message authentication.

Special Addresses

Address	Purpose
8VYXVxKKSAxkmRrfmGpQR2Kc66XhG6m3ta	Foundation (30% pre-DPoS)
8ZZLWQUDSbjWUn8sEdxEFJsZiRFpzg53rJ	Legacy CRC consensus reward (30% post-DPoS, pre-committee)
ELANULLXXXXXXXXXXXXXXXXXXXXXYvs3rr	Burn address (destroyed ELA)
CRASSETSXXXXXXXXXXXXXXXXXXXX2qDX5J	CR Assets (treasury)
CREXPENSESXXXXXXXXXXXXXXXXXX4UdT6b	CR Expenses (operational)
STAKEPooLXXXXXXXXXXXXXXXXXXXpP1PQ2	BPoS Stake Pool
STAKEREWARDXXXXXXXXXXXXXXXXXFD5SHU	BPoS Reward Accumulation
XKUh4GLhFJiqAMTF6HyWQrV9pK9HcGUdfJ	DID Sidechain Address