Bitcoin Forum
February 29, 2020, 06:53:39 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: ECDSA as a shared secret key generator  (Read 112 times)
sobiepany
Newbie
*
Offline Offline

Activity: 1
Merit: 4


View Profile
February 06, 2020, 08:45:02 PM
Merited by LoyceV (2), joniboini (2)
 #1

Assume Alice and Bob have their public keys revealed on blockchain. If Alice wants to send some message to Bob, she can multiply her private key by Bob's public key and calculate their "shared public key". She can send symmetrically-encrypted message to Bob and attach her public key at the beginning. Bob can receive it, multiply her public key by his private key and calculate the same "shared public key" to decrypt received message.

(AlicePrivateKey*BobPrivateKey)*BasePoint=(BobPrivateKey*AlicePrivateKey)*BasePoint
AlicePrivateKey*(BobPrivateKey*BasePoint)=BobPrivateKey*(AlicePrivateKey*BasePoint)
AlicePrivateKey*BobPublicKey=BobPrivateKey*AlicePublicKey

It is not possible for anyone else to calculate this shared point, because there is no such operation over ECDSA. Adding and subtracting points is possible. Multiplying and dividing given point by given number is possible. But it is impossible to multiply or divide two points.

Exchanging some basic messages over mempool after OP_RETURN should be enough to start communication. Later, both parties can communicate using any protocol, because sending big messages on blockchain is too expensive. Revealing public keys is necessary to create valid transaction. Some bytes after OP_RETURN are encrypted and can contain IP addresses, hostnames, IRC channels, emails or anything meaningful for all parties having this shared key and it should be enough to send next messages off-chain.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582959219
Hero Member
*
Offline Offline

Posts: 1582959219

View Profile Personal Message (Offline)

Ignore
1582959219
Reply with quote  #2

1582959219
Report to moderator
HeRetiK
Legendary
*
Offline Offline

Activity: 1400
Merit: 1239


the forkings will continue until morale improves


View Profile
February 06, 2020, 10:46:48 PM
Merited by LoyceV (2), joniboini (2), ETFbitcoin (1)
 #2

Sooo... an Elliptic-curve Diffie-Hellman key exchange over the Bitcoin blockchain?

I think this paper describes pretty much what you are suggesting, maybe it's of interest for you:
https://eprint.iacr.org/2015/308.pdf

I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:
https://en.bitcoin.it/wiki/ECDH_address
https://github.com/bitcoin/bips/blob/master/bip-0047.mediawiki

bob123
Legendary
*
Offline Offline

Activity: 1148
Merit: 1655



View Profile WWW
February 19, 2020, 12:50:47 PM
Merited by ETFbitcoin (1), HeRetiK (1)
 #3

I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:

Actually that is being used.
That's how the PayNym feature of the mobile wallet Samourai works.

1. Bob publishes a "watching address"
2. Alice creates a notificatin message (transaction) to the watching address of Bob containing 80 byte of Data which is the basis for the ECDH key exchange.
3. The shared secret between both of them is used to derive new addresses for single use.

That's useful if you for example want to provide a (publicly available) donation address without anyone being able to see how much donations you already received.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!