o_e_l_e_o
In memoriam
Legendary
 Offline
Activity: 2268
Merit: 18504
|
 |
April 28, 2021, 07:56:14 AM |
|
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
result
valid curve x=0 and y=8f53.....
Your result is wrong. Consider graphically what is happening. The two points you have given above are the same point reflected over the x axis. To add these points you draw a line between them and mark the third point where it intersects the curve. The line you are drawing is vertical and therefore there is no y coordinate. As an example, look at this picture:  And now consider the equations I gave above. If the two x coordinates are the same, then Bx - Ax gives zero, meaning you must divide by zero to obtain the slope of the line. |
|
|
|
|
|
|
|
|
|
|
|
|
|
Bitcoin addresses contain a checksum, so it is very unlikely that mistyping an address will cause you to lose money.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
ymgve2
|
|
April 28, 2021, 02:51:50 PM |
|
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
result
valid curve x=0 and y=8f53.....
base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),
That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key. Also you still haven't explained what this "concatenation" is supposed to accomplish. point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ? Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid. Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless. |
|
|
|
|
brainless (OP)
Member
Offline
Activity: 313
Merit: 34
|
|
April 28, 2021, 03:29:39 PM |
|
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
result
valid curve x=0 and y=8f53.....
base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),
That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key. Also you still haven't explained what this "concatenation" is supposed to accomplish. point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ? Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid. Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless. person a have prvkey = abc person b have prvkey = def both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word... both dont know each other prvkeys, only pubkeys known each other ... its all next level of works, first level work is point concatenate formula, consider on it to make point concatenate with it |
13sXkWqtivcMtNGQpskD78iqsgVy9hcHLF
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18504
|
|
April 28, 2021, 03:46:20 PM |
|
person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word... And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address. both dont know each other prvkeys, only pubkeys known each other ... If this is what you want to achieve, then why not just use multi-sig? Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access. |
|
|
|
|
brainless (OP)
Member
Offline
Activity: 313
Merit: 34
|
|
April 28, 2021, 04:19:25 PM |
|
person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word... And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address. both dont know each other prvkeys, only pubkeys known each other ... If this is what you want to achieve, then why not just use multi-sig? Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access. multisig requird both person sign/verify, in my new system, address and pubkey multi control, but could sign fro both and/or single, etc, anyway debate on every new system is always long, but first we need point con tests,  |
13sXkWqtivcMtNGQpskD78iqsgVy9hcHLF
|
|
|
|
ymgve2
|
|
April 28, 2021, 04:33:30 PM |
|
Multisig does not require all participants to sign, you can generate any N-of-M schemes, like 1-of-2 where only a single participant needs to sign to spend. Or 2-of-3 where a majority needs to sign, but not everyone.
|
|
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6671
bitcoincleanup.com / bitmixlist.org
|
|
April 29, 2021, 09:38:04 AM |
|
-snip- You need to use the multiplicative inverse, which every number will have since p is prime. ~ l=(By-Ay) * libnum.invmod(Bx-Ax,p) D'oh!  Yeah something felt wrong about using that division operator but I totally forgot it was doing numerical division. I have some code somewhere for performing a mod-inverse since apparently libnum's PyPI page says it should not be used in crypto implementations. #credits: https://gist.github.com/nlitsme/c9031c7b9bf6bb009e5a
def inverse(x, p):
"""
Calculate the modular inverse of x ( mod p )
the modular inverse is a number such that:
(inverse(x, p) * x) % p == 1
you could think of this as: 1/x
"""
inv1 = 1
inv2 = 0
while p != 1 and p!=0:
inv1, inv2 = inv2, inv1 - inv2 * (x / p)
x, p = p, x % p
return inv2 Some more functions for convenience: def add(x, y, p):
return (x + y) % p
def sub(x, y, p):
return (x - y) % p
def mul(x, y, p):
return (x * y) % p
def div(x, y, p):
return (x * inverse(y, p)) % p
def exp(x, y, p):
z = 1
for i in range(1, y+1):
z = mul(z, x, p)
return z
p = 2**256 - 2**32 - 977
#TODO edge cases
def point_add(Ax, Ay, Bx, By):
"""Point addition of points (Ax, Ay) and (Bx, By)"""
l = div(sub(By, Ay,p), sub(Bx, Ax, p), p)
Cx = sub(sub(exp(l, 2, p), Ax, p), Bx, p)
Cy = sub(mul(l, sub(Ax, Cx, p), p), Ay, p)
return Cx, Cy # Point (Cx, Cy) = (Ax, Ay) + (Bx, By)
I'll just assume that all ops have to be done mod p instead of line-by-line. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18504
|
|
April 29, 2021, 12:45:10 PM Merited by NotATether (1) |
|
I'll just assume that all ops have to be done mod p instead of line-by-line.
It actually makes no difference. In modulo arithmetic, the following all hold true: ( x mod p + y mod p) mod p = ( x + y) mod p( x mod p)( y mod p) mod p = xy mod p( x mod p)( y mod p) -1 mod p = x/ y mod pSo whether you do [(By - Ay) mod p / (Bx - Ax) mod p] mod p or just [(By - Ay) / (Bx - Ax)] mod p, your result will be the same. |
|
|
|
|
pooya87
Legendary
Offline
Activity: 3430
Merit: 10492
|
|
April 30, 2021, 03:28:26 AM |
|
(x mod p)(y mod p)-1 mod p = x/y mod p
This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic. In the following 3 divided by 7 is 0.4 and we can't work with that. However we have modular multiplicative inverse that can't be converted to a division:
3/7 ≡ 6 (mod 13)
7*2 ≡ 1 -> 7-1 ≡ 2 (mod 13)
3/7 ≡ 3 * 7-1 ≡ 3 * 2 ≡ 6 (mod 13)
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
NotATether
Legendary
Offline
Activity: 1582
Merit: 6671
bitcoincleanup.com / bitmixlist.org
|
|
April 30, 2021, 03:56:28 AM |
|
(x mod p)(y mod p)-1 mod p = x/y mod p
This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic. They both look like the same operation since technically every variable has to be mod p, so it's like writing ( x mod p)( y-1 mod p) mod p which would be the same as x * y -1 nonetheless (mod p of course). |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18504
|
|
April 30, 2021, 08:20:31 AM |
|
The problem is that I don't think we have division defined in modular arithmetic. That's correct, but that's kind of my point. When performing point addition on an elliptic curve, you must use division to calculate the slope of the line. Since we can't do that modulo p, we instead convert to multiplying the multiplicative inverse, again modulo p. As NotATether says, perhaps it would have been more accurate to write: ( x mod p)( y-1 mod p) mod p = x * y-1 mod pSo if we take 23/27 mod 17, for example (23 mod 17 / 27 mod 17) mod 17 (6 / 10) mod 17 (6 * 12) mod 17 72 mod 17 4 Or (23 / 27) mod 17 (23 * 12) mod 17 276 mod 17 4 |
|
|
|
|
mausuv
Jr. Member
Offline
Activity: 70
Merit: 1
|
|
December 21, 2021, 06:15:49 AM |
|
iknow r s1s2 value i need z1z2 how to calculate i read this post explain testnet ,i am not understad https://bitcointalk.org/index.php?topic=5327054.msg56686056#msg56686056https://bitcointalk.org/index.php?topic=977070.msg10669517#msg10669517 #read 1,3page please explain stepy by step calulate z1z2 from bitcoin mainet or write code #mybadenglish run this script https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.pyoutput : show r s1s2 z1,z2 but i got error what my mistake https://tbtc.bitaps.com/raw/transaction/ff948290ff332aed8f0e5d767118a02e8671578c6775a333bb4ee4d6ccfcf639i am enter raw tx i got error https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.pyTraceback (most recent call last):
File "RawTX_RSZ.py", line 13, in
s = keyUtils.derSigToHexSig(m[1][:-2])
File "/home/runner/btc-rsz/keyUtils.py", line 32, in derSigToHexSig
x, s = ecdsa.der.remove_integer(s)
File "/usr/local/lib/python2.7/dist-packages/ecdsa/der.py", line 218, in remove_integer
raise UnexpectedDER("Negative integers are not supported")
ecdsa.der.UnexpectedDER: Negative integers are not supported
i know r s1s2 i need z1z2 value please how to get z1z2 #mybadenglish |
|
|
|
|
|
