@jalcine no, 521 is right! NIST elliptic curve keys come in three fixed sizes, and one of them _isn't_ the obvious power of 2.
In fact, the difference between 521 and 512 is exactly the cause of the problem – those 9 extra bits are the amount of information that PuTTY was accidentally leaking about the private key per signature.