How can I convert a ECDSA curve specification from the SEC2 form into the form needed by Go?

I`m trying to implement ECDSA in the curve secp256k1 in Google Go.

Secp256k1 is defined by the SECG standard (SEC 2, part 2, Recommended Elliptic Curve Domain Parameters over 𝔽_p, page 15) in terms of parameters p, a, b, G compressed, G uncompressed, n and h.

In Go's crypto library, the curves are defined by parameters P, N, B, Gx, Gy and BitSize. How do I convert parameters given by SECG into the ones needed by Go?

In the elliptic package of Go,

> A Curve represents a short-form Weierstrass curve with a=-3.

So, we have curves of the form y² = x³ - 3·x + B (where both x and y take values in 𝔽_P). P and B thus are the parameters to identify a curve, the others are only necessary for the operations on the curve elements which will be used for cryptography.

The SECG standard SEC 2 defines the secp256k1 curve as y² = x³ + a·x + b with a = 0, i.e. effectively y² = x³ + b.

These curves are not the same, independent of which b and B are selected here.

Your conversion is not possible with the elliptic package's Curve class, as it only supports some special class of curves (these with a = -3), while SEC 2 recommends curves from other classes (a = 0 for the ...k1 curves).

On the other hand, the curves with ...r1 in the name seem to have a = -3. And actually, secp256r1 seems to be the same curve which is available in elliptic as p256(). (I didn't prove this, but at least some the hex digits of the uncompressed form of the base point in SEC 2 are the coordinates of the base point in elliptic.)