Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 09:46:14 AM Last edit: January 16, 2021, 10:12:30 AM by Kostelooscoin |
|
how calcul K = k * g
K = pubkey k = privatekey g = uncompressed "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8" or g = compressed "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
for this : sha256 privatekey : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 pubkey uncompressed : 04a34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd5b8dec5235a0f a8722476c7709c02559e3aa73aa03918ba2d492eea75abea235
04a34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd5b8dec5235a0f a8722476c7709c02559e3aa73aa03918ba2d492eea75abea235= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 * 0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
result is not pubkey : 3fb0af628e51b8829961382845c2a8eb3aa6c8b10508233437cf0013b766fabd7f193124f605fe7 3bafebd6da6fa3b4b64aa666fb96c543d0710d067be1f1194e940df5641b4a8c05ce334b64f02e0 8c71f846884f696d187068e72c4d86ae118
Why ??
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8336
Fiatheist
|
|
January 16, 2021, 10:20:52 AM |
|
sha256 privatekey : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
You just need a 256-bit value here. Not a SHA256 result. But, yes, you can get a sha256 hash result and enter it as private key, they're both 256-bit. 04a34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd5b8dec5235a0f a8722476c7709c02559e3aa73aa03918ba2d492eea75abea235= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 * 0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 Why are you multiplying the public key with the private key? You should multiply private key with G to get your public key: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 * g = 04A34B99F22C790C4E36B2B3C2C35A36DB06226E41C692FC82B8B56AC1C540C5BD5B8DEC5235A0F A8722476C7709C02559E3AA73AA03918BA2D492EEA75ABEA235See this link: https://gobittest.appspot.com/Address
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
Your private key is not a valid point. A point is supposed to start with "02" or "03" but yours starts with "e3". This private key you have (e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) is an arbitrary number (as it should be). This implies that private keys have no uncompressed or compressed form because they are not points. My guess is that you just converted your private key and G into numbers and did arithmetic multiplication. That's not how it works. You have to find a tool that takes the uncompressed (or compressed) G and converts it into a point representation, and then multiply that type by the private key number. This is how you do it in python: # pip install fastecdsa from fastecdsa.curve import secp256k1 from fastecdsa.point import Point
def pow_mod(x, y, z): # Credits: https://bitcointalk.org/index.php?topic=644919.msg7205689#msg7205689 "Calculate (x ** y) % z efficiently." number = 1 while y: if y & 1: number = number * x % z y >>= 1 x = x * x % z return number
# Converting from (un)compressed form to coordinates
def uncompressed2pair(key): x = int(key[2:66], 16) y = int(key[66:130], 16) return (x, y)
def compressed2pair(key): # Credits: https://bitcointalk.org/index.php?topic=644919.msg7205689#msg7205689 p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f y_parity = int(key[:2]) - 2 x = int(key[2:66], 16) a = (pow_mod(x, 3, p) + 7) % p y = pow_mod(a, (p+1)//4, p) if y % 2 != y_parity: y = -y % p return (x, y)
# This is the part that actually multiplies G with the private key.
G_uncompresssed = "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"
G_compressed = "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
gx, gy = compressed2pair(G_compressed) # Or: # gx, gy = uncompressed2pair(G_uncompressed) k = 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 G = Point(gx, gy, curve=secp256k1)
K = k*G print(K) This prints: X: 0xa34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd Y: 0x5b8dec5235a0fa8722476c7709c02559e3aa73aa03918ba2d492eea75abea235 (On curve <secp256k1>)
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8336
Fiatheist
|
|
January 16, 2021, 11:23:05 AM |
|
Your private key is not a valid point. A point is supposed to start with "02" or "03" but yours starts with "e3". Wait. Why should a private key start with "02" or "03"? A public key start with these prefixes to define if y is odd or even. A private key is any number between 1 and 2 256 - 2 32 - 2 9 - 2 8 - 2 7 - 2 6 - 2 4 - 1. No?
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
January 16, 2021, 11:24:44 AM |
|
Your private key is not a valid point. A point is supposed to start with "02" or "03" but yours starts with "e3". Wait. Why should a private key start with "02" or "03"? A public key start with these prefixes to define if y is odd or even. A private key is any number between 1 and 2 256 - 2 32 - 2 9 - 2 8 - 2 7 - 2 6 - 2 4 - 1. No? Correct. A private key is not even supposed to be a point in the first place. As I wrote earlier, it's just an arbitrary large number.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
January 16, 2021, 12:18:37 PM |
|
result is not pubkey Elliptic curve multiplication is very different to standard multiplication. You can not just take your private key and the generator point, assume both are just basic numbers, and apply arithmetic multiplication to them. Elliptic curve multiplication involves plotting the generator point (G) on the secp256k1 curve, drawing a line tangent to that point, finding the other point where this line intersects the curve, and reflecting that point across the x axis to find 2G. You then do the same process with 2G to find 4G. And then repeat with 4G to find 8G. And so on. You can then add individual points together, such as 4G and 8G by drawing a line between these points, finding the third point where this line intersects the curve, and reflecting that point across the x axis to find 12G. By a combination of these doubling and adding functions, you can calculate kG, where k is your private key. That point will be K, your public key. To see how this works algebraically, have a read of my post here: https://bitcointalk.org/index.php?topic=5299242.msg55829844#msg55829844
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 12:26:04 PM |
|
Your private key is not a valid point. A point is supposed to start with "02" or "03" but yours starts with "e3". This private key you have (e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) is an arbitrary number (as it should be). This implies that private keys have no uncompressed or compressed form because they are not points. My guess is that you just converted your private key and G into numbers and did arithmetic multiplication. That's not how it works. You have to find a tool that takes the uncompressed (or compressed) G and converts it into a point representation, and then multiply that type by the private key number. This is how you do it in python: # pip install fastecdsa from fastecdsa.curve import secp256k1 from fastecdsa.point import Point
def pow_mod(x, y, z): # Credits: https://bitcointalk.org/index.php?topic=644919.msg7205689#msg7205689 "Calculate (x ** y) % z efficiently." number = 1 while y: if y & 1: number = number * x % z y >>= 1 x = x * x % z return number
# Converting from (un)compressed form to coordinates
def uncompressed2pair(key): x = int(key[2:66], 16) y = int(key[66:130], 16) return (x, y)
def compressed2pair(key): # Credits: https://bitcointalk.org/index.php?topic=644919.msg7205689#msg7205689 p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f y_parity = int(key[:2]) - 2 x = int(key[2:66], 16) a = (pow_mod(x, 3, p) + 7) % p y = pow_mod(a, (p+1)//4, p) if y % 2 != y_parity: y = -y % p return (x, y)
# This is the part that actually multiplies G with the private key.
G_uncompresssed = "0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"
G_compressed = "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
gx, gy = compressed2pair(G_compressed) # Or: # gx, gy = uncompressed2pair(G_uncompressed) k = 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 G = Point(gx, gy, curve=secp256k1)
K = k*G print(K) This prints: X: 0xa34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd Y: 0x5b8dec5235a0fa8722476c7709c02559e3aa73aa03918ba2d492eea75abea235 (On curve <secp256k1>)
k = K/G
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
January 16, 2021, 12:54:43 PM |
|
k = K/G ? Yes, your private key would be equal to your public key divided by the generator point. But again, this is not standard division, but rather division on the curve secp256k1. There is essentially no easy way to perform division on an elliptic curve. Indeed, the only way to do so (and therefore the reason that elliptic curve cryptography is secure in the first place), is to brute force every possible value of k until you find that correct one. Consider this (simplified) graphically. If I give you a single point, and ask you to draw a straight line which passes through that point, then there are infinite possible lines you could draw.
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
January 16, 2021, 03:02:54 PM |
|
k = K/G In addition to what o_e_l_e_o wrote, here's an explanation of point multiplication and division from a graphical point of view: - we have point multiplication of a point G by a scalar number k, and this is accomplished by finding the point "2G" on the curve that is on the line tangent to G, then we find the point "3G" which is on the same line as both "2G" and "G", then we find the point "4G" that's in the same line as 3G and G, and so on for 4G,5G,... up to kG. (It's just repeated point addition.) The algorithm for this is done using exponents (modulus the order of the curve of course) and some of them are listed at https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication , these can be computed in a reasonable amount of time. - then we have point division, which is the equation that I quoted from your reply, and we take that point kG that we got from point multiplication, the point G that was added to itself so many times, however there is no such thing as "take kG and draw the line between kG and (k-1)G and then draw the line between (k-1)G and (k-2)G ... etc". Point multiplication is not reversible without knowing k. Even the points (k-1)G, (k-2)G, ... are unknown since we can't compute them backwards, only in the order 2G, 3G, ... like that. Naturally since point multiplication is done with exponents you'd have to use logarithms to do point division, but there is no known efficient algorithm for computing the logarithm of two points. You have to search through all the points on the curve to find the lines that connect G to 2G to 3G to ... to kG. This actually started a whole field of research around the discrete logarithm problem which you can learn more by searching that phrase on Google.
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 03:58:12 PM |
|
Traceback (most recent call last): File "1.py", line 1, in <module> from fastecdsa.curve import secp256k1 File "/home/thor/.local/lib/python2.7/site-packages/fastecdsa/curve.py", line 18 def __init__(self, name: str, p: int, a: int, b: int, q: int, gx: int, gy: int, oid: bytes = None): ^ SyntaxError: invalid syntax
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
January 16, 2021, 04:08:29 PM |
|
Traceback (most recent call last): File "1.py", line 1, in <module> from fastecdsa.curve import secp256k1 File "/home/thor/.local/lib/python2.7/site-packages/fastecdsa/curve.py", line 18 def __init__(self, name: str, p: int, a: int, b: int, q: int, gx: int, gy: int, oid: bytes = None): ^ SyntaxError: invalid syntax
The module fastecdsa only works on Python 3.5 and later. You need to install it from your package manager or build Python 3 from source. It won't work on Python 2.7. As of release 1.2.1+ python3 is supported as well. Due to python2's EOL on January 1st 2020 release 2.x of this package only supports python3.5+. It also only works on Linux and MacOS and may not work on Windows. Even though it looks like you're already using Linux (from looking at your home folder), it's useful to point out.
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 04:13:34 PM |
|
work thanks
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 04:30:16 PM Last edit: January 16, 2021, 04:48:29 PM by Kostelooscoin |
|
k = 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 G = Point(gx, gy, curve=secp256k1) 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c 4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
K = k * g but
K = 0x6c47e51e812b17d72a23af61f66baa230bb3837ebe13e610ea999ccd9524ca83f193124f605fe 73bafebd6da6fa3b4b64aa666fb96c543d0710d067be1f1194e940df5641b4a8c05ce334b64f02e 08c71f846884f696d187068e72c4d86ae118
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
January 16, 2021, 04:55:28 PM |
|
curve=secp256k1 what manualy calcul ? As you might have already figured out, gx and gy are variables that represent the x- and y- coordinates of G, the generator point. secp256k1 is a python object that represents the secp256k1 curve, the elliptic curve that Bitcoin uses to get private and public keys from. As you can see on the graph on that page, each and every point on that curve represents a public key, and one of these points is where the "generator point" G is located on. It is so called that because when this point is added to itself, you can generate all of the points that lie on this curve (that are within a certain very large range defined by the group of people who created the secp256k1 curve). The private keys, then, are the number of times this G is added to itself. You cannot directly visualize it on the graph unless you draw "k" number of lines between the sequence of points G,2G,...kG.
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 05:17:27 PM |
|
so from a public key to a private key I have to take this public key and divide it by kG?
G+G or G*G
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
January 16, 2021, 05:30:51 PM |
|
so from a public key to a private key I have to take this public key and divide it by kG? You cannot reverse elliptic curve multiplication and and calculate a private key from a public key. If you have a public key and you want to find the associated private key with no additional information, then pick one of these algorithms ( https://en.wikipedia.org/wiki/Discrete_logarithm#Algorithms) and set it running forever. G+G or G*G G+G would give you 2G, and is the first step to calculating any public key from any private key. G*G is meaningless as far as bitcoin is concerned.
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 05:37:32 PM |
|
reverse is G-G
but From the private key can we know how many times G has been added?
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
January 16, 2021, 05:57:43 PM |
|
reverse is G-G Ok, sure. You can take your public key K and you can subtract G by reflecting K across the x axis, drawing a line between -K and G, and marking the 3rd point on that lines as K-G. That doesn't get you any closer to figuring out the private key, though. You would have to keep subtracting G over and over and over and over until you hit the point G itself, and then tally up all the times you subtracted G. This is no better than just adding G to itself endlessly until you find K, i.e. trying to brute force a (almost) 2 256 bit number. but From the private key can we know how many times G has been added? The private key is the number of times G has been added. If you mean "How can we calculate the number of times G has been added from the public key?", the answer is, "You can't". This is the entire basis behind bitcoin's security.
|
|
|
|
Kostelooscoin (OP)
Member
Offline
Activity: 206
Merit: 16
|
|
January 16, 2021, 06:24:34 PM |
|
reverse is G-G Ok, sure. You can take your public key K and you can subtract G by reflecting K across the x axis, drawing a line between -K and G, and marking the 3rd point on that lines as K-G. That doesn't get you any closer to figuring out the private key, though. You would have to keep subtracting G over and over and over and over until you hit the point G itself, and then tally up all the times you subtracted G. This is no better than just adding G to itself endlessly until you find K, i.e. trying to brute force a (almost) 2 256 bit number. but From the private key can we know how many times G has been added? The private key is the number of times G has been added. If you mean "How can we calculate the number of times G has been added from the public key?", the answer is, "You can't". This is the entire basis behind bitcoin's security. pubkey :04a34b99f22c790c4e36b2b3c2c35a36db06226e41c692fc82b8b56ac1c540c5bd5b8dec5235a0f a8722476c7709c02559e3aa73aa03918ba2d492eea75abea235 - g :79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c46 55da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
|
|
|
|
|
|