Bitcoin curve is secure. The values [0,7] are extremely well chosen. There is a weakness in some curves that was not known when the parameters were chosen, but I guess bitcoin got lucky (yet again).

While researching how can it be possible that they succeeded in choosing so good parameters, (when they could not have known) I was reading how the parameters for bitcoin curve were selected from this old thread:

https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975And it seems that the curve equation y

^{2}=x

^{3}+ax+b (a=0 and b=7) was selected, by first selecting an "easy" value for P, which will make some calculations faster.

P=2

^{256}-2

^{32}-2

^{9}-2

^{8}-2

^{7}-2

^{6}-2

^{4}-1 or

P=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F

And then searching for the smallest value for b, (while keeping a=0), that would make the resulting curve have a prime order.

So the value

**b=7** was not even consciously chosen, as it was a result of just choosing an "easy" value for P. They could have selected another "easy" value for P and then

**b** could have been something else.

And that is where bitcoin got lucky, because if

**b** would have been 5 or 9 (or one of several possibilities) there would have been a weakness in the curve that would have made it a lot easier to break the encryption. I do not know if it would be possible to actually break it even then, but it would be 1/1000 times easier nevertheless.

This just shows that we always need a bit of luck, whatever we do.

PS: can you guess what is the weakness if b=5 or 9 or one of several other values? My lips are sealed