There are actually 6 combinations so only 2^42.666666...7 unique combos.
You have just discovered an endomorphism, where two different Y's will solve the curve equation: y^2 = x^3 + 7
i.e. these two privkeys make two different but opposite Y's (because 115792089237316195423570985008687907852837564279074904382605163141518161494336 is just n-1 or, equivalently [mod n: the cyclic group 0..n, n-1...2n, etc.], it is -1).
And -1^2 = 1^2 = 1.
Now the other 3 combinations - and why only 3? see the next section - come from the X term.
Notice how the X is cubed which means it has three different roots if you consider it as a polynomial. There's obviously X, but there's also 0+Xi and 0-Xi (complex numbers). It follows the pattern [X + Yi], where the Y coord is an imaginary number.
This goes to say that if e.g. (7,0) was a valid point, then that, (0,7) and (0,n-7) would all reference similar points.
And (x,y), (y,x) and (y, n-x) would similarly reference similar points as well.
Now multiply 2*3 combos (endomorphisms) and you get a total of 6 endomorphisms: (x,y), (y,x) (y, n-x) and (x,n-y), (n-y, x), (n-y, n-x).
It isn't something like they'd all have the same Y-point, but these points are accessible from the same X-coordinate as well. (See e.g.
Roots of x^3+7 example)
So although the unique combos are drastically reduced, there is still the heavy operation of EC multiplication to do for all of them to get all the public keys, which
severely slows down the number of combos you can generate per second (a few hundred thousand? I don't remember
)
