ECDSA as a shared secret key generator

sobiepany (OP)

Newbie

Offline

Activity: 1
Merit: 4

ECDSA as a shared secret key generator

February 06, 2020, 08:45:02 PM

Merited by LoyceV (2), joniboini (2)

#1

Assume Alice and Bob have their public keys revealed on blockchain. If Alice wants to send some message to Bob, she can multiply her private key by Bob's public key and calculate their "shared public key". She can send symmetrically-encrypted message to Bob and attach her public key at the beginning. Bob can receive it, multiply her public key by his private key and calculate the same "shared public key" to decrypt received message.

(AlicePrivateKey*BobPrivateKey)*BasePoint=(BobPrivateKey*AlicePrivateKey)*BasePoint
AlicePrivateKey*(BobPrivateKey*BasePoint)=BobPrivateKey*(AlicePrivateKey*BasePoint)
AlicePrivateKey*BobPublicKey=BobPrivateKey*AlicePublicKey

It is not possible for anyone else to calculate this shared point, because there is no such operation over ECDSA. Adding and subtracting points is possible. Multiplying and dividing given point by given number is possible. But it is impossible to multiply or divide two points.

Exchanging some basic messages over mempool after OP_RETURN should be enough to start communication. Later, both parties can communicate using any protocol, because sending big messages on blockchain is too expensive. Revealing public keys is necessary to create valid transaction. Some bytes after OP_RETURN are encrypted and can contain IP addresses, hostnames, IRC channels, emails or anything meaningful for all parties having this shared key and it should be enough to send next messages off-chain.

HeRetiK

Legendary

Offline

Activity: 2926
Merit: 2091

Cashback 15%

Re: ECDSA as a shared secret key generator

February 06, 2020, 10:46:48 PM

Merited by LoyceV (2), joniboini (2), ABCbits (1)

#2

Sooo... an Elliptic-curve Diffie-Hellman key exchange over the Bitcoin blockchain?

I think this paper describes pretty much what you are suggesting, maybe it's of interest for you:
https://eprint.iacr.org/2015/308.pdf

I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:
https://en.bitcoin.it/wiki/ECDH_address
https://github.com/bitcoin/bips/blob/master/bip-0047.mediawiki

.
.^HUGE.

█▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█

FAST PAYMENTS
....NO KYC....

bob123

Legendary

Offline

Activity: 1624
Merit: 2481

Re: ECDSA as a shared secret key generator

February 19, 2020, 12:50:47 PM

Merited by HeRetiK (1), ABCbits (1)

#3

Quote from: HeRetiK on February 06, 2020, 10:46:48 PM

I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:

Actually that is being used.
That's how the PayNym feature of the mobile wallet Samourai works.

1. Bob publishes a "watching address"
2. Alice creates a notificatin message (transaction) to the watching address of Bob containing 80 byte of Data which is the basis for the ECDH key exchange.
3. The shared secret between both of them is used to derive new addresses for single use.

That's useful if you for example want to provide a (publicly available) donation address without anyone being able to see how much donations you already received.

.ChipMixer.{ MIXING REINVENTED FOR YOUR PRIVACY #.ChipMixer.