



According to NIST and ECRYPT II, the cryptographic algorithms used in
Bitcoin are expected to be strong until at least 2030. (After that, it
will not be too difficult to transition to different algorithms.)



Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.



markm
Legendary
Offline
Activity: 2072
Merit: 1000


March 23, 2013, 11:04:17 AM 

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.
MarkM




prezbo


March 23, 2013, 11:12:10 AM 

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.
MarkM
There really is no reason why they coulnd't be used. Yes, the group order is less than 2^256, but even a larger number would work  it just wouldn't be very efficient.




remotemass
Legendary
Offline
Activity: 937
Merit: 1001


March 23, 2013, 11:17:14 AM 

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.
I don't know enough about elliptic curves to make you more clear on that. But note that the public key is made of 65 bytes. The first byte is always 0x04, I think, and the next pair of 32 bytes correspond to the (x,y) coordinates of a point in the curve. So the reason must be that because not all points (x,y) can be used, so that not all public keys can be used and therefore not all private keys. Just my thoughts about it. I actually have not much clues about Elliptic Curves stuff. This is as much as I get of it.

Would be great there was a torrent file of all referenced materials of the paper: "How to Build TimeLock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!



prezbo


March 23, 2013, 11:24:45 AM 

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.
I don't know enough about elliptic curves to make you more clear on that. But note that the public key is made of 65 bytes. The first byte is always 0x04, I think, and the next pair of 32 bytes correspond to the (x,y) coordinates of a point in the curve. So the reason must be that because not all points (x,y) can be used, so that not all public keys can be used and therefore not all private keys. Just my thoughts about it. I actually have not much clues about Elliptic Curves stuff. This is as much as I get of it. Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator. Having said that, even though every number *can* be used as a private key, the set of numbers {n, n+R, n+2R, ...} will have the same corresponding public keys, where R is the order of the base element G (and usually also the order of the group itself).




remotemass
Legendary
Offline
Activity: 937
Merit: 1001


March 23, 2013, 11:42:42 AM 

Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator.
Can the G that you mention, the "base" point, be expressed with (X,Y) coordinates? I barely understand Elliptic Curves with real numbers, but I suppose ECDSA uses Elliptic Curves over Finite Fileds (or is it over Prime Field?!). I'm still trying to figure if we use a curve or a set of curves. Can you, give me an idea of how secp256k1 curve and its relevant points look like in a cartesian way? Or it does not work like that at all?!

Would be great there was a torrent file of all referenced materials of the paper: "How to Build TimeLock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!



kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!


March 23, 2013, 11:50:04 AM 

I didn't know there were any that cannot be used. Hmm now you have me wondering why some cannot be used.
MarkM
its because the prime number chosen for secp256k1 is just a little less then 2^256 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141 is that prime number in hexadecimal.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." Bertrand Russell



prezbo


March 23, 2013, 11:51:41 AM 

Elliptic curves form a group under addition. The private key is an integer, while the public key is a point on the group, so if n is a private key, and G is the "base" point, then n*G = G+G+...+G would be the public key corresponding to n. There is no bound on how large n can be, since a group is closed under it's operator.
Can the G that you mention, the "base" point, be expressed with (X,Y) coordinates? I barely understand Elliptic Curves with real numbers, but I suppose ECDSA uses Elliptic Curves over Finite Fileds (or is it over Prime Field?!). I'm still trying to figure if we use a curve or a set of curves. Can you, give me an idea of how secp256k1 curve and its relevant points look like in a cartesian way? Or it does not work like that at all?! Certainly. secp256k1 is defined over one, predefined elliptic curve. The base point is also predetermined, usually a group generator. The group operator (+) is defined in a purely geometric way as shown in this picture , here P1+P2 = P3. You can find some more information on secp256k1 in this pdf. Note that the order of base point G is exactly the number you specified in your OP.




remotemass
Legendary
Offline
Activity: 937
Merit: 1001


March 23, 2013, 11:57:26 AM 

what is u and v, in that image? I am so glad I am learning this stuff

Would be great there was a torrent file of all referenced materials of the paper: "How to Build TimeLock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!



prezbo


March 23, 2013, 12:09:41 PM 

what is u and v, in that image? I am so glad I am learning this stuff Probably just line identifiers. This was the best picture I could find quickly




remotemass
Legendary
Offline
Activity: 937
Merit: 1001


March 23, 2013, 12:17:24 PM 

How many points does secp256k1 curve actually have? And what is this (+), as defined, used for? (regarding them) The image you provide is very good to understand the (+) operation but still gives me with no clue of how secp256k1 curve and its points look like

Would be great there was a torrent file of all referenced materials of the paper: "How to Build TimeLock Encryption" by Tibor Jager. And having its magnet link published on bitcoin blockchain!



