Author

Topic: Curve point divided by integer - is it possible? (Read 714 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
How you calculated the second key?

I calculated it with MixMAx123's program called “Secp256k1 Calculator”. See it yourself: https://github.com/MrMaxweII/Secp256k1-Calculator

You're right, I just did a childish mistake. Instead of:
Code:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413F

I wrote:
Code:
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364139

(40 -> 39 instead of 40 -> 3F)




So, sorry for my idiotic interruption and thanks for your time calculating this.
full member
Activity: 161
Merit: 168
Here I have a program with TestVectors for you:

https://bitcointalksearch.org/topic/test-vectors-from-ecc-secp256k1-multiplication-5363860

Here is an example:

Code:
{
 "88": {
  "p": "88d3ad1293d7ce5ed68dafebc0d14da58bee5e5670a16df7b489211854deab49",
  "x": "57c628c86c520d069b49efc06f91ccb303c89f73f4a5f914600ba81573f55af7",
  "y": "1281a83ac4de684ad5e5ba22d965c9424baa32705631bdd9bc37dfbee77fc988"
 },
 "89": {
  "p": "06d0db075b51c8314dce54230139ea1333dd38709fc7098fd7b35a7f0c0ef48f",
  "x": "78e2f762741b828fee2a63dbb62eabe80c141e84d7523137bc8de9c46b751779",
  "y": "2fc85c1b089afde6653e70c60bf84b8222fb1cb66492520bea65b51b4261f4d7"
 },
 "90": {
  "p": "5836a959cd2863cb9a73cb956955f3968dda107d7b321856ddd08e85351034b4",
  "x": "4fd730f63464a99b0e1cd8071c5df6e1bf27ce9a9829328db9f2f1c0eb8019e8",
  "y": "55b3b061d8d68c41e05ab2f0a48849ceb8edbb8291418b5b5eef2db5034abf81"
 },
 "91": {
  "p": "b07122c634bd0799a28bc8f41e36d58609a7413190f5dbc6d37c983be50e3b6b",
  "x": "c000a6555ceca19e2212e5792799d9fc3be8f6b434518927ec1f6fe11f995b9c",
  "y": "7ec6c1bbaa3aa31e9aa913b5b519fb2fddaac8fb2bf9a690bc024dcd3f63be83"
 },
 "92": {
  "p": "ba50f4040d50fd063d0c5f1231e559c76f1b114c67566500d5f9670673834622",
  "x": "a9233f427367a5001c3b3693c8424b64c4dd081b6d566e607b81af0b0cb8b803",
  "y": "bb898545d6483b0814b0ea3304bcf09e66fa3a60c2a10bfa8a40f6a4ee8fef6e"
 },
 "93": {
  "p": "b9b5c65b3fa260d6e1ebe6ef676ad4d0538f9f6e3c3cf6511a7ecaa6c9f74bee",
  "x": "37e0374418c3887b317b3ad0a4e471811c9e318c3bef113a1694ce002616331c",
  "y": "5fd2d3ffb7754e042381c9dfde694044c5c8e96c4ea8bc6c6c2b20d0bd291385"
 },
 "94": {
  "p": "f5e4a7e5ad0b3d2bb56712999f71c008f05f88cb43a1f6c156c0b1e5bba5eb64",
  "x": "f70b2b601ea34fff5ba9f0379ed80db5b31e7b7161a84e3160c652ff10f1da4c",
  "y": "b513958d11804caeee9bc9672371624f27bdd8eb02a48c7ca12fbe18f83774a3"
 },
 "95": {
  "p": "25ce7e13abae2e617ac0d3c9617b1681b2e04458ae942f0f13dc5a223da837b8",
  "x": "84bbcc9fc1917deacadde7e8c6ecbd36fca356925137bbd914431ddfa4543d3e",
  "y": "e891a7be911c7e84f2a7657c9b60ef98b9d224e1157fe4ead4d44128499b2a8d"
 },
 "96": {
  "p": "b21f24ad291a1a9e51b6fc21bfa83c5db4d96fbb96aa589320ba62f5c47cb674",
  "x": "3636400c28c7968528baba38bb7d8a2c6b142a87d63099cc333980c6169bf42c",
  "y": "d4e99af45629e46c90576ccb3ebb650f4d758fa9ef3f5bcd13951a3f5b988906"
 },
 "97": {
  "p": "791051af290b4954065dbe3b9289a4fb2e55f132f986941651acddfdc4517a96",
  "x": "59542726f9ea941fd055828314389d55eb8e9f4602a01b2d204b0ddf0da04631",
  "y": "5be58364ea5ddda5046800cd1e46aedecbfbb7c1bd3cbf961b555ce44a522a32"
 },
 "10": {
  "p": "92f27b3c63c7ae067d44c180fa3cc0902cef2f572310a63601d0bf6647bb6d4b",
  "x": "3f7bbe59fec46efb341296712c8d5cbc43cc46a5228200e64698ce3ed29938cf",
  "y": "e74d189369e0bd20c8fde9490f8b9114a57b133d40ef3388f743d6061afbc010"
 },
 "98": {
  "p": "c594c3c089918ccba583403606a137b5e074f6d055bfcf9a9c2f5ce327f1f39e",
  "x": "97f25d6149cc9f29e06a3073e8861b43a1e8f0646f611d8007e352accf5d5939",
  "y": "8733a77c651c36fd148eceb29c010e2d4646b0a4a78462e213f75cd9e6c7e948"
 },
 "11": {
  "p": "1aadb613eec0b1b2665fe70fdd5438a010b7b90bc99f7dca8d94462e5d0b9b1a",
  "x": "2bbc9bcef471f35ec47d94f1aed6b7ae38af86409263c480088c72ea08a41b3a",
  "y": "53b39c9d4db0c7aa50cfff4ac4b9867258febebcdc24f8bf9ed3a0181f7a4eab"
 },
 "99": {
  "p": "6a0bad07715f9b7130b6561d16644a3ce2eac7f63023bb1870d4c7e9dd6da428",
  "x": "dca01a18ef657c3a4b98327ce932a8f2e451bc4679cf5241f5fe2bfa1233f983",
  "y": "d3327fd6d82fed7821244a0e9fa61ee6f92595c1e03ca9e85e1000abef59fcd0"
 },
 "12": {
  "p": "0bcf7530baaa2028ff251bce43b4241e84cf72af63a588baa4c60397562e4241",
  "x": "7686c6ca99138b876c8f7cedc781b654e6ac9104aea681106bbaec85e1b0fa6d",
  "y": "0e09e016c1297c32a1f785acc7a3e00200517656c2e9425dbd64521739e5f9de"
 },
 "13": {
  "p": "a0dea83b2c23efbb79b3f2fce778a91d6a5236259f04e1a6bcf3b84f349fd0b1",
  "x": "a7457a11789c0f1233e0eacf80a9e1015cb72b8e305acf42e8d4fb675cb8bc78",
  "y": "119dc7c5e8d66d6203bede5cf11af18309d2dc84b19c0fbb736b31f6dd94c294"
 },
 "14": {
  "p": "db9fb6404ddd981a3ee720381c1539fd268e7d92ba1dd127f24e0867a27e36dc",
  "x": "e47ecfaebcf713fe7dd80c8953d5954f0fe0b2e7c0206d09cb765d587b612c5e",
  "y": "75fdd1ab65f38a001819be0fdb3490e329e668ce7aff5165d5645e1737de2634"
 },
 "15": {
  "p": "2be401c87ea73e169b88f76822800aa5117b6ec9cf68a4f750eab97e636d0bf1",
  "x": "928b8081b5811e70c60a9647a732ad92ad18b8eda4de28c7aa18333183a30ba3",
  "y": "3022c6953926aea83478bb93a60929310b9255a548b9b57c429faed4370b06db"
 },
 "16": {
  "p": "fe0e641366253e93bbe90de4f358c3c69ba9fe072fb927f8111deabe53d31c77",
  "x": "4ba526a6f12bdbdfc8dac0ee4c9d693998ea2fb8ffe729ff834cf5a87f253f28",
  "y": "cf6672bfd32fb194631eadf05c9efa0508655e80d196c2d174ae4b65328341ea"
 },
 "17": {
  "p": "618042111fbf2019f27c8f9796bc85c0f0215004854196e76176ce957e353baf",
  "x": "e520a425b922874388187ddcec82f364e4440fc7bed0425d0d0051ffa382c9f3",
  "y": "708a82a4f7e7041a9e36d1d7fed029fd77995383cc7af87ce2d130970584db65"
 },
 "18": {
  "p": "de176e801ca7b80214da1795dc9d9a3325c19e4a857b3d914520fb0b38ef228b",
  "x": "f287106a45562a841cd331fb1672f09c99f95d9250ee667aa839ada51ce826f7",
  "y": "60267179e640d8c41ad4589b0b397c2d22ff075f1e79f843036f206bb4bda7f9"
 },
 "19": {
  "p": "d500096548198775bdcd36d43bba81edbc24b8ff9bf05dc003ab131e4bd81f48",
  "x": "d86050de01e082e4239798ca4f5cf65fdb6985828e49cf04707d7e4dba64f4a2",
  "y": "66f0507d6bb0ea8ebfbe6675aa1ebc1e07725ad6944a527c96092c2250cb3630"
 },
 "0": {
  "p": "1741391819726679fd0f1c65ec26d4937c523467e6bbc88c3268a67257208cf9",
  "x": "c9fb7018b54a91062e118507025afc63d26f38da32a29958ce5b64e248afa750",
  "y": "b5336f117fd14b94347530b67b0db473f5a911a417f43a46c1df767b6a6f991b"
 },
 "1": {
  "p": "9f586268cada3d4483fdee6f2c1fc04286e7024a3e929fbb3491bda73d83ba72",
  "x": "72ad086ea36d6cc863e55ae706bdc64ac371c7d80d511e56d6efed7be83b09da",
  "y": "4160cd523d8a504cf63c5369d0b512d60d1cb5607dd6ce42a6dc7b0287ed4cdb"
 },
 "2": {
  "p": "2d9d2bdc08693ee5f4f664ae2493c1c3041f2fcec4f7e1fed8ee413b188d2740",
  "x": "34ce9e779a2afb9e69a0bb054e8303ee3bbd7dfdd0f5f5d3065667e554b1cef0",
  "y": "a175061553f73ab3387650a554f607d3a66a640899320089cead4b980acebdd2"
 },
 "3": {
  "p": "2f3d73854ca631e3efc486c3cf13b6a297b40d2f367ddda2951d785d417b2cee",
  "x": "49061fad6c4d45c57015dfd87329f1ff7c9adb90c54ab03116d928418daaeb8d",
  "y": "8583dbc2bd2dc9a29d1da1994a80941efa6191dc180d819e5cc74e044c20b987"
 },
 "4": {
  "p": "1e016eeaa435762ee101944a2eac3f5c9d2e63e8fff2597dd5355c523784034e",
  "x": "58681e0ac6783225dd2828f5a205d337d7d130a5c72663dba8efc11a215abf59",
  "y": "ba3dcd97c4d37a1eeac95d200129caa5f56a5f342eb5582abe953ddd729df551"
 },
 "5": {
  "p": "17765486afc1be645fbdeca615a313f59bb748863c0c5b9350e2c31fb6d6d1ac",
  "x": "4ab6ad105defbc2d450ba6cd609ae191afc16a56561dfd2cc0c57558200f9c10",
  "y": "c2908347ace3763d2211d35780678d2abe7be8a6f718347e0b0f14404f81d0e0"
 },
 "6": {
  "p": "130b83c90ad8ef65ecc616ba1032bd4d48f1512ac01f5b18857c5026c0bacbd1",
  "x": "47acf165e2370b5a72ec84abce9202cee07f4e4a33f4bf0736b0541586e62ae9",
  "y": "152ed91c1c00922f98f9dbe910e1a57966a9553655bf22be64604c04e94d234c"
 },
 "7": {
  "p": "6e3ad9da3c645a9140c96e0dd6cebb206511da7c4c8d4b1b5c25eb072b1bd5a6",
  "x": "262226abb807282eec07839b84bfb11e9748503db473b7e682d7cc83b12ff19e",
  "y": "955af5105f7760e1fbdfec5765c57e20f9018502228111ce0a69f9d5d3a23a8e"
 },
 "8": {
  "p": "be4007e9bbc146324b3eb043a2cce9d69acbe4dfb528c8a95525d0cdc01e29e4",
  "x": "52306003560b6c6722f083e80a2f6e8ea4d9dc935eea9a48eac86affb07e739e",
  "y": "ca3b75f5a8c9fbebed1d00b04f3714dca0a5165b3e442ad97a03a1ee93583661"
 },
 "9": {
  "p": "e09666cec36b866c0211c5c0ae4cd80940ac6dac5997e08daf94f8a671657865",
  "x": "14ad499d0d956bb3e79fee889f73e3000a870535f5a95c488cf73c923dc1748b",
  "y": "4ace4c92abc03257d988ad32b4a0fbe51e8ca10b54b4b531869608d9c6c777b6"
 },
 "20": {
  "p": "804c5b19b17907c68286f3e26e79eb53c7f760252864377414a66c51523b8a92",
  "x": "8f93c00a2c14d4b57a7788d8e8738cf8acc63eb684da098cf2110e65e6ca5852",
  "y": "78b7951ef547b2e300bfb8c49590cedb69af877b9887a82e9a60af3ec46cc881"
 },
 "21": {
  "p": "caa57641ad91e9541b81dc4c2a7b78c96fea63d75d10c238d1c1e7c1a0610307",
  "x": "ddd5ff82e20849aaf9b2838cd1a4a224ef6b5120f77253124b3b0a592c9b37ad",
  "y": "944ccb7647c81dfe84c7fc13399ee69e2df86cafff69e7c6c6f205f2b927ffb8"
 },
 "22": {
  "p": "34a8e5f67788f8d8e1975f2a32c1cf09171ad5889cffef04542c73b0470fa433",
  "x": "1803fa18016be3fcf9d1482aff08cf094dbed3eb0dfe402f77ade1a4cab0b27d",
  "y": "260537ad2db5c5a8fe166690614470c8c8f254c11faa1c372d5f401c2de166c5"
 },
 "23": {
  "p": "3aff839e5998ce04db3fe5fa6b38f2526aa80438e535ec9339b128bd3bacae19",
  "x": "9b606ff40f94450fb4076c59c4a398e80c02cf77ea01bd00ea21e3888e97363a",
  "y": "3339fa6066a72a348974fc26ebcaca5db260bb66e9d86c702e2c8a419297c184"
 },
 "24": {
  "p": "18a85809af7b0fbfc6b6fd5c0053b6022a891b3756d829c061429c6ae1bd9654",
  "x": "8f0e82a51e3e47c01fbe658803d76f1dfc6e24c71eb7de7fe2c2712a8e5fb045",
  "y": "d25ed9a3f8d82de5484ddf8d2aaa07cfe1cc9fb3bc456a78bfec00e4f3672ac2"
 },
 "25": {
  "p": "be6686fe61203f3d9937d97ee71b234887c851261d433b2990e0ed6055820350",
  "x": "8c1e8ac03aa2e1aaaf3bf42714d5a54e716392e7ea3dc9b7aa5013cbb28db1dc",
  "y": "eb4ee94e0263a4194acab02e391ea0a3c18645d0294abbdd68edeea697c82ba9"
 },
 "26": {
  "p": "fed495e3165b8690d3843a9ca9ff5d9e032d211de1f94c21b04cc97c8086c7a2",
  "x": "dd449d23864bf16637cf0a5672582465323dd5dce121dbd7979791477878c262",
  "y": "d6e0937b3558fbf18055a7d132f461ac23e9b2acab532ec1136bdf32c612e067"
 },
 "27": {
  "p": "c1546e0c82fda0859e2a5764c31c7c92d52f04283eef690e690e448a4ae51cd1",
  "x": "719e69163e3b26d6bd70e750caed29f659c22bc24fa34224c0e70b9be633a3f8",
  "y": "dbe8c3a4a69ddc74ee086a6cd734a241b18f373f33dac981377d4224b32bf330"
 },
 "28": {
  "p": "305b5ce41ea30732dddda0554ca3b3e00613ca2deaf93dd29d62954c64282c30",
  "x": "cc0b5b23c870a2578fbb661efec7743c4163fc8b3d98cde93da59616eb8e62f7",
  "y": "ab3fad9b825231702bc8c1d765cafc8124cdbfd95c21b80cfdd36c2eeb880429"
 },
 "29": {
  "p": "0a1a182f9d3aff7adc69c5767f05b7b0715d702c3b3e8d50ea49b7628fc1de53",
  "x": "c4845482ceca5658060c345ae968ae8c238b3d309cfdf4faf3352ad76df29f31",
  "y": "0e4af2ebdc5952660d6eb540206fbc792518f9ff4f45b29991ae780b7036e922"
 },
 "30": {
  "p": "fffbde0b484d8c46c0429a1297b1c7343f9b81a8d907c098c13146c8ff1f78bd",
  "x": "5f26b096c5ed35f4e5157ca768ef4aee9a67397b9eb472f904489eac34f91579",
  "y": "ea4ff53487c5cde91325cc5c5250d6d1c232f7bfb689094453fc0b84537fdb77"
 },
 "31": {
  "p": "b6d5bda7bb4a121a762d48251bdff8822ef7151c6175d741d34c3ec65ad8bc92",
  "x": "7cd9ca5f15d2f9c603721abe55f3169a77e0630389cd4b20563b115747ebb6e4",
  "y": "af6deeace0c8b232c43f9577abd5211b8a9db562297184058024c5741cf628c5"
 },
 "32": {
  "p": "396a66f06d7bc7d9a33b5572b60e0191213c44d8c7c093627340de1d4437825a",
  "x": "9fb96dec1e95b6b5762c0254d57c9bd4f3d1eb7db99fdd82c7a243731f407f4b",
  "y": "6fba59009a4ee73e356a9abd5e07625a25c0f88d7c1f99a615169bd3ecc3e2c3"
 },
 "33": {
  "p": "bd7f7605077ce15c726948ca328267341e2bacd833e04f79e34561f73f91d444",
  "x": "5faf82db722401a8fe9ad157cafadaea243801e6340fa7ef3befd4c9f6015e3a",
  "y": "87309151f6563337da8a134989b02fafe7c29071ca6a9a5a2287cb07346dcfb2"
 },
 "34": {
  "p": "b2ea519dd494d380098e184b0f77f335eaffd0dcd1fc544ee6f72817b90c836c",
  "x": "95550b32328506a404641966dd3da628085e53ac47bc507cf2dd1160c182cbcc",
  "y": "b97d050b301aa4be03fbcd2b28f2d451587d53d7881730f721f015a106765d6e"
 },
 "35": {
  "p": "5a5634b93f1409b11b0dce43f221f42d0f10357e60ca3729756d90b8e5f92a24",
  "x": "cf39b072087a117895ef374469dba762fead930f288e440b8bc1f0f21c18a59e",
  "y": "581d6f9ac89bf3f48943414391f13c8126ee3a6904d4a88fb7ec6ada2c082f4c"
 },
 "36": {
  "p": "41b7141abc14a797ac0f709dcfdae8a768038ff49a2c2caacb0c6a649283b721",
  "x": "bf586a43825067bfe9c530664a52f29d50cafa011298d69e01c05a40060a9b78",
  "y": "96296d7fd2d8bea90e3cb69f6b5ba7ce92bec0ae5df5b0e2036c1fee3fa2d9b2"
 },
 "37": {
  "p": "f0a556f40728c5be69061a90efe6b6c638be61234538ab93d984c30800721cd6",
  "x": "27a1b8cb35231b85149ca8cdd6351e62c0e5f7a9b1d6ad4c8aef9ecbf4a8fa00",
  "y": "1aa0ec916b996e8280b35231d5b56649355bc6b9ddc745fc149a524c2d53621b"
 },
 "38": {
  "p": "83877564065cbc5d94983bc9e1181ed85281ec254ef03d5ba3ca67b7a3c9268e",
  "x": "292717527a73cfef39e1426265c9fd2b21243219980ad5bddb06c5788d1b50ac",
  "y": "7e91a3639905316cb54aeb9fb702d5e072579c0940cef3d07ae68a107f9aed31"
 },
 "39": {
  "p": "771dbc8e8b5859569bc41e2e7893af19ebcbcaa155fa35b5f0bea4efcc07c50f",
  "x": "b33ad0295130a3ae2f5cbae183f28da40fbfd5b22659e2c08c5b8f59a4fab70b",
  "y": "12f8929158aba3595d437d26cafb196918ccf6812f9a77db186bccd9ba9d9a56"
 },
 "40": {
  "p": "2d4b6549e60875540cf52ea14cdb386d82fbfc8745452c53511b8499df218b1b",
  "x": "04cd9a8fbda750242553063e8aa48737ec641d899e5dac0be3672d181f6a9939",
  "y": "449dd52c15fbd3e1d8e83fd2eb991ea43f94d77010735851a9eadbe8b2360600"
 },
 "41": {
  "p": "600313a35d3da1370e96272a0c74f8e047ccbcd98063a1756458beab004bfadd",
  "x": "b30daa78b100151b728fd1ca6cbeb5c0f417b3f21e1d217614f3d0259b54f214",
  "y": "b53f51737f5ddeda613241ce0dea1d7fa33a42237fb8693c449a7022f6570a02"
 },
 "42": {
  "p": "c29e3356aa2a9be016887963aa8bf4334ddf57e68f4243b874d2f718dd3638ba",
  "x": "927bfd05c4021768c7b8eb3ceddf4311e151916597263dacabc71a0448a5af6e",
  "y": "b80c6a322f268bbc595b6baf9f8cafcec517a16130ef044f076ff6bebfce58c1"
 },
 "43": {
  "p": "bf7bde869233177c77d631c3e51157babaccc9aeadcd8091d27de5a9a03006f0",
  "x": "ec735ae1c1a58861d404305a9f2868ef08a9fdb3b6b825b3fcd78df960846931",
  "y": "86572637343c4ce0cb73f93440b456a58993aa459b440fd5f677be92a89528ce"
 },
 "44": {
  "p": "f1cc34fde203b84b74c0068b4db6536c77fb8594fb4a54c2f3e2c2b57715bb24",
  "x": "4e6992e30447be944777a32469dc4b557ffc8c9eb88b054ae76641099a17daad",
  "y": "1d519bf456715778989463fc36690e7dd6c4110c69625974d6d7ff1a6115a021"
 },
 "45": {
  "p": "4671a9101e28cf545fc540dbcb67c109453dbde4a48984b678a5e55fb0bbf777",
  "x": "9fab193fc850725e0db5b2eddf184565bd76d992d23080bac39357546427beb4",
  "y": "94ec59c256f67a9fb65649f8f2447d00a750ec4979406947ee58f6433ba40caf"
 },
 "46": {
  "p": "cd62bdf3b4a91023fe3e029f676364b15c588ccd0306f489bc618fe385657449",
  "x": "c87c2a3bbecac670a7855f1802151397b8f717f0cabd505cd825ec99df7b3718",
  "y": "5a9d070c1820194812711c787a286a8b882b2d072a75003321157892c0c63f89"
 },
 "47": {
  "p": "58a0610447bc58a67c199326b7a2c09a172d5763b546e0830639f403527758a9",
  "x": "f02651a555c32af3d83bf18df831082366889727959f58717c39bed60990631a",
  "y": "e3122624d2185b6237bad7e50210bc9149c7002f698bace7015431d2ecffe44b"
 },
 "48": {
  "p": "58939b1bae0f4f2ed477379d594893e6a75eb0b77fda732856ad5911e28e3efb",
  "x": "f93bf843b5d9b11d0179af50340006d9529059461364bde544a3bdf6d833b341",
  "y": "2162a9e8d8fb75eb20f4d04ba75d8b283c353f145c08304cfb80dfdd275deed0"
 },
 "49": {
  "p": "e331b8169855325d5b37e054642de59a0a28aaf2cf61b9b85e4d22a365b2ee02",
  "x": "4f26652e88f0cb9f4e9bba9148e29cfbcf5258a0a504c98f1dffa8f75b62d241",
  "y": "c1f368a4a02b9f234f8cb1229aeac5efe4dfad8f13bda019d90a0b79ef56e200"
 },
 "50": {
  "p": "0baa7635cfca2ec942ae70c0044b8235133bae26792dc37b86b8daaec57a5180",
  "x": "b771948c898db2308b3185e71a27830d083c2486c94a852842072b6dc1bf0691",
  "y": "8cb09f69077be427bb6f837e3206373aed3175462eef95ad74ce38e88b2553d9"
 },
 "51": {
  "p": "ad3f0c3283a19628e84c170eb756a79ab83eae6182f996449ea2c7be3c5fd0f1",
  "x": "f9c912b8c822320e6c48ef6c259af02a16c2cde838291c080e98405d98b75965",
  "y": "250a336fbf1036c2acad8045720797da2b775ab36100da3415359ab15e6951eb"
 },
 "52": {
  "p": "d6ba49c44e86cbbcf5da9ad590a8892e0d598537d618add1b3f4c814d7d0c0ca",
  "x": "267845e209327a15f7ea89298c2bf1849f5aab638a59ee75aeb811c3e5bb1ea2",
  "y": "ee1f2cfdcef2c1979a0de7b981c91ba64e6c7c9c10acdd9d73620b62a341f092"
 },
 "53": {
  "p": "2f2b4743707ef3549854ec10d57c816d2896ca9ab4e77cc988af8a355efa9a85",
  "x": "b9a31fe612cae4944676467f50fed8e8ad4032f47620858abb1fdd448a4a4fa3",
  "y": "882af3f425aad38ede8b3f6517921ea0aa3f653dacc90d589526ec9e9cb540b1"
 },
 "54": {
  "p": "91287122c7a3677094bbf5221f2941b2bf523028eb3be745b199ea8091926538",
  "x": "343e3e2ff47a348626e9dbe5483d87d2369b22b05c712617ce98f557e64b2e62",
  "y": "cd3993a1a8ff43281ab39316dd459ad9dcec9441e9cac65c1ece4aadf1f09118"
 },
 "55": {
  "p": "e0fdb5db55470ad2fe5e5a574af50df673fb2a36dd80155ddd6411756a803fff",
  "x": "56fc66e6fb00839e2de835cf7717d805e837ea29dec086d986a72d3b807b1cce",
  "y": "5c2dcf9ad9a507f6dcecd3346361bb7f3b4b24ef238693b5194529e266761e65"
 },
 "56": {
  "p": "5b01aaa1792f9314efac1be9f83dfa6ae84e6b6c51f909715dc5e40402e70d0e",
  "x": "86c273604e45ac9216f780360ea72cada5166a7ed82f0e82db586490629065d8",
  "y": "265ffe83b4aaf1933f6fbe4fca877dfa09edccf8991ab481a19d696581754ce2"
 },
 "57": {
  "p": "ee41371b0671800bf50cee0396a77f18250a3b7411f44da340908ffa39558ac8",
  "x": "daac0a96251549a6c6099e082b433246e0f3c0d66b52bee1302294f763b359d2",
  "y": "7d85ccd784d6a16785aab8911de0bade7ab6f1ff6011e37eddc58f12407d2684"
 },
 "58": {
  "p": "7348704b21e8593896ab14962a1a79980d2d908295c2fa92b1c827b55ff9c41e",
  "x": "1d173b23cb7200869ce9765cf97cc95dd43d70f51f6469560c58233e1caea9aa",
  "y": "43c96b04fe1b168328a5a34889257ac66877d588a695e87d44d8ad9c84154af9"
 },
 "59": {
  "p": "844c8d96739da9922b5ed67a4216f15af42232cd9381de89047f3ac1d71d4960",
  "x": "67a6eb16cc20f76c9092ff9de05d9c799e3cdced2165c210d03dea0080cf707d",
  "y": "826cebc5d14c8a57574fec787225e89d49beded555a357c5e96c424bd258eb8d"
 },
 "60": {
  "p": "d0cdf47669aab385a7b0b72b01aed6895664e72a095e3189b175dbf0a47df0ed",
  "x": "4e4b9c17060f0452c9cbd6c0c39a58b434670465dbbab17214c7f8e65cfaabd2",
  "y": "d3b32e7ed95523345dd79795d12d2b5b8df45186564635be1de7fec3ea83ae34"
 },
 "61": {
  "p": "e6821ffe685c6cf4d8426bb0c3cce547ed48e0557bc87f268e8ec1d1b54ade52",
  "x": "d79a7780c308b3b2491bcbf2a5ec02aa1263463f9e3e0b656b6d910e30ea19f1",
  "y": "dde883f88c43d3921812e9f9593626ee6e76756d8a636276ae71dd0938fe1a56"
 },
 "62": {
  "p": "434913e98dfb4f789e17f349964a85fcce27f6cd76c7d6e0afac093cb263ca01",
  "x": "b7d935268fd7e79e58c8e2dd408333dc21fb1c339b42bc99e539ea6c847364c1",
  "y": "db74e209b3f0ed79e51ec6cc6decad5af4d8ba1b32d7e9313079628fe7a5b576"
 },
 "63": {
  "p": "a9c6581f272072924ccd8f14229e46fed383c70ad793334fc14b372582dcb9d1",
  "x": "e256dfb7f23da753b1ca9d779aeb19914efec656a35cd98e433d07cb4605c821",
  "y": "9f38ff3597768d0078dfd9d363e74158a39c200fc5e71f9fba327640f7ea9bfd"
 },
 "64": {
  "p": "6b4954edab1e9f4a898536192746b5abbfd6ffbe0858b3121e7b42b61ac772a2",
  "x": "2f83f168994e4cd6a3afef8476712876468a10a340b181001d04c48e91bb3168",
  "y": "9cbf886776740b8d031e37d29ad55d0b1d37947a160ca5a37d45ee2aad612da4"
 },
 "65": {
  "p": "066e96de08bcfa045bb79b51db50efc9ae67cfbd97efd8ee122446c71807993b",
  "x": "5f35cee558cce37bd146fd3b85a559e1e493e1f9df29ed999ccfc05454a4b49d",
  "y": "001735714d6e61317ef1777f26fba13a9b17da1599c425fe998cef58634b73d4"
 },
 "66": {
  "p": "bd5f6d6046f7a3c2ee61ae99bc8705bac4e4e4a0d7509c0a889c4176ec34589a",
  "x": "7765a6e84db0271a9760b2acbe01dd43735b81dc2fc4ac9533baf8d58608b9be",
  "y": "17338889d7cbaeac98734e6640c34ca22eafc6698b85aac2eb95f2e5df489e87"
 },
 "67": {
  "p": "1030eaae2fa9c36bb165fa99965dcddd7f208b9fe39f8ec470040cd2f80c1bd3",
  "x": "96f285a1abd6bde9e63859a616071d6fe4d8b7f22f59f96d4692c2d3f70a4506",
  "y": "d62adf21842b512132e26f5d6c816ce2e2e07490834001ccdbbe9f71810b96c0"
 },
 "68": {
  "p": "ce8a36223532ea9f5989f89376811dd0b4328cd9360acc8c98bc4e83cacf9919",
  "x": "c4e072e4a855ce1f62792ce6c6df7c90666b844a189a77735523431a574cf164",
  "y": "f0a351efe8d597311dcbbf2c4b0935f1fe9e20b5b88287f80014d85040c72d48"
 },
 "69": {
  "p": "ce1eae9eb6566073f49e0d64dfe616ecb07dc1a470b32ad17b5f94a1aed022d6",
  "x": "43703a427f36dccc6c75640e420596f6d9b5eed74516b0c3312efeddf1669b75",
  "y": "ece617a54eaf9bb2ef96f2777acac9a0d8d522dad718a3d1e7ff8ac51b3d6825"
 },
 "70": {
  "p": "3d721fd21934b7c749a85900e1e258caffac0f67a3fa11b62616f4b2be592aae",
  "x": "604c48b65967177f6f70ecce554f30512c02f736d30cd1641dc050cd47651274",
  "y": "50a99e816648359c7f2a7f2d30399023346b2a08b7c0b734bd7223541a674157"
 },
 "71": {
  "p": "16d54c630dd0e73895bd5d92f4f7d79ef98779af43bd79e0fc73af0a2a2fe190",
  "x": "4e23bb6da3fe9af5161d77fdb877ff99d6321ff348ddd86ca4ad1477cdea6d2f",
  "y": "05626b1b24131a869ac2a3686dc625ffde0e88e2b223d12c0f553c520279dce4"
 },
 "72": {
  "p": "dad98c1313307d7d87d067f879ba397e0c4920c9a293d5af8af337ce7290ab25",
  "x": "b70d6146058247f3a9c1e9f94a140f7543047192eb56d6ae0e790a3193ec7bfb",
  "y": "a974552cb63d4e7b4478899bc902c6fb49eede1d158987a0c5d604f3b6c502ac"
 },
 "73": {
  "p": "8a0cb463a70c3c3b66b383ff04574ab6de23bfa309b3cf718ad54df83cff2046",
  "x": "a7e1e3713b0a097845d5e4dc0d7e5ed6f7d1589e46d79af8df76d3ce9299dc4f",
  "y": "64ae2845707a667eb0529b1a8ceec0c2b0ba15639177d6a263e47566b1c74163"
 },
 "74": {
  "p": "b60cca1b4fc51f17882b5a4906bd5c8c898f5d8b24bd731c7ace58c4a1f45ec0",
  "x": "3796f964bd68eafcd441c9b87232bc06ac9cfe8140c0a009dfbef547380f2d68",
  "y": "c2903e6247e8017685fe7e5a9dca3cc79f71f1e5e48610ad38e4000097db366e"
 },
 "75": {
  "p": "1ff9ce604a7c46e317522ad1c8c060574aabc222b57f4c7af1f0682c3e74664f",
  "x": "a20fad464d83f5ffc866d34761e1185228689f92dcb2997cbc0c830a857a7fe8",
  "y": "d10c77672fd3bcb329af63a1ba0a1a7c16df60cee95d0edf3cac3e27a479b53b"
 },
 "76": {
  "p": "f655b5a7b0ff65ec97c997d7a0ed9cd21fc29b8fe533ae2647a0f7b4e98fd651",
  "x": "5fe600bce15be3dedf442560ca2b841e6b93c8854456049f5e52760b25b27d75",
  "y": "091b26426056e290542661dcff2683e93ea2f10f4df0ee7b207f59cfa54f3e0f"
 },
 "77": {
  "p": "a34e6bf30ff9bd0c5ab83e46a36da07140143da0445bb28f340ccb1a080f50ac",
  "x": "000ed83f4770584e11e4de34469fd39cf83e228db4e2f738aa98a1dadf8d9a79",
  "y": "d40f278e48c9d96c50435782979c265f17051623830650acb2c10ea247c2427a"
 },
 "78": {
  "p": "f146b54b021f1e697c11f1bdb0242cea310e6722ad3ec384b9c73254ab59441e",
  "x": "fbdbe968517624e7afb6984e206d5a81c64e1cd55bbc08a6f72a69baa5c71754",
  "y": "8a4f0aea37cb5e552706488d196d9587fa12ad66b93c0ae8cc45a1385c4a19bf"
 },
 "79": {
  "p": "7b3bc284b49e329de6951b31b054043377677f01b3f58d83f4da35ec0bf4d136",
  "x": "e93039d69e0b50225c9ab001bbf82b8e104b2ccbba70a168617e3ad97b7c94a3",
  "y": "3b8fd107fa22bfa9c24b79515cab5b9980889afd6965f786c669a3cd84cc4888"
 },
 "80": {
  "p": "ff1fa3f6ade93c4561631080a9f3ddcda0ecafa526eb5aa1a344a6943d4fbdb6",
  "x": "00d781ba41b795db8e6fb01a620e637c323ba7b744b54c43a459012f71b280f7",
  "y": "1e8cf4c3959f12bd7e46f788a1cfd65ce5b6ebfbf69ab4f925da92582e454f81"
 },
 "81": {
  "p": "d640a015ca6a02c8eeba76774768070347fe5f1557c777e2c0dc56733f975dab",
  "x": "bdb0c614ce737c2d98b79629f59289d738bbf1dbd82d7ea49f7176d376ffc27e",
  "y": "573ebc00966b8a14e3bb6a496aa980a243debeca51f6b22dd97116d70fe6e941"
 },
 "82": {
  "p": "4bc01d29a8b4715fded112c3367493a5540bcc74077cd13c72f4b8b2c5d419de",
  "x": "c5b702bb02a36019ba545d4c066c3579314bfa1ba244c6917b15d232c54c6042",
  "y": "d7da639ff679a2bfd0fcd18c5760dce825de7b2f7cc90091b08eb0a50be74959"
 },
 "83": {
  "p": "777bbfa764b890794aaa746f7ab5180075ab795a802465beb002f21e84a8db9e",
  "x": "b24c8767fb979ce04f34e178098a9ca84078f3fbbb40f23a2622d07c7df7a671",
  "y": "6499cd6c285efbfadb0d80e28b55d5560f37fd53eb97ae4ccf7a74d89c5c1e57"
 },
 "84": {
  "p": "6f414509b0e95cc934da1a024a5325d9e68ef39bbcefda4b3e7fd1d024f1e205",
  "x": "a8f813f910c25c3fa95d409c3ae52c72d251db97be13be842b08bd2b7028c5fe",
  "y": "3809c1e3f261c850ce0f23f31c6653b39d07b95476c4826aa4093b51c685c956"
 },
 "85": {
  "p": "4864e96d33d3fdd9a925eee68898661789277c8db29fca121061e0043c5e829d",
  "x": "7651c7a50ea4a27a974c72c46359c4085ddca4ff889db4ac075a71f11e9be4d4",
  "y": "4109fb32982de3ec42b84c207e4d5a66e588ab376f7665afc77ce7f34e5e8dc2"
 },
 "86": {
  "p": "cff2d926911366d4a7bd115d8101c102acaa62b2fe85120f77f4f7ae62d50988",
  "x": "0b4d018769711f4e140a17e4b3619e3fc8242f9fffc579c7a7d0fbe4914e9fa3",
  "y": "0672e26bb149eb7ebe0abf827a53d9bbcbc6c77b1570afd5519f23ea0ae149ce"
 },
 "87": {
  "p": "4b70fbe78d79338afa18a2e8e658d1bddb4a9111a6bff8b1f8e7cd875fdb6a1f",
  "x": "3a9df449a3e9214b74c9473d6545974bf9030a933b1fe0e8149c3035a19b2d8f",
  "y": "e5f31eb7c05d3b499f2efde3b0420b6aa5a9b8d02a9162081f29fad8cef0891b"
 }
}
copper member
Activity: 821
Merit: 1992
Quote
Code:
Private key: 2
x: c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
y: 1ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a

Private key: 115792089237316195423570985008687907852837564279074904382605163141518161494335
x: 2f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01
y: a3b25758beac66b6d6c2f7d5ecd2ec4b3d1dec2945a489e84a25d3479342132b
How you calculated the second key? For example, after doubling "-1" key you can get this:
Code:
modulo=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
c=3*x*x/2*y
c=3*(79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)^2/2*b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777
c=3*8550e7d238fcf3086ba9adcf0fb52a9de3652194d06cb5bb38d50229b854fc49/6f8a4b11b2b8773544b60807e3ddeeae05d0976eb2f557ccc7705edf09de52bf
c=8ff2b776aaf6d91942fd096d2f1f7fd9aa2f64be71462131aa7f067e28fef8ac/6f8a4b11b2b8773544b60807e3ddeeae05d0976eb2f557ccc7705edf09de52bf
c=8ff2b776aaf6d91942fd096d2f1f7fd9aa2f64be71462131aa7f067e28fef8ac*481ce5f9b128b2ceb2186fee3a0f5b953eaa9fdcac23c2cbf041511268985589
c=34ca4d7bd7efe5cfc1462edca66d539c0a77a83d09ce1196c92c514312232a7e
rx=c*c-2*x
rx=34ca4d7bd7efe5cfc1462edca66d539c0a77a83d09ce1196c92c514312232a7e^2-2*79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
rx=b9814c9235a6f4c5db86059a32ce92e661af8801e88b8e5a5f910c708a60d1e6-f37cccfdf3b97758ab40c52b9d0e160e0537f9b65b9c51b2b3e502b62df02f30
rx=c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
ry=c*(x-rx)-y
ry=34ca4d7bd7efe5cfc1462edca66d539c0a77a83d09ce1196c92c514312232a7e*(79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798-c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5)-b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777
ry=34ca4d7bd7efe5cfc1462edca66d539c0a77a83d09ce1196c92c514312232a7e*b3b9e6eab7ef3e3f255b222738c68e2ea6246e8fa0deec31ae4677a0ba8774e2-b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777
ry=9ce3bc8a331e7860fe957feaab820c680af219522713db054053fdc5b41f424d-b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777
ry=e51e970159c23cc65c3a7be6b99315110809cd9acd992f1edc9bce55af301705
So it should look like this:
Code:
Private key: 115792089237316195423570985008687907852837564279074904382605163141518161494335
x: C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5
y: E51E970159C23CC65C3A7BE6B99315110809CD9ACD992F1EDC9BCE55AF301705
full member
Activity: 161
Merit: 168
Here is a tool of mine with which you can generate as many test vectors as you want.
You can create and test signatures.
And you can carry out all the important operations for the Secp256k1 curve and test your code with it.

~snip

If you want to create test vectors, set "multiplication" and multiply "G" by whatever you want.

It is nice, but, what do those other curve operations you've just shown in the screenshot do? (I'm talking about ':', 'sig', and 'ver' in the dropdown menu).

 +  You can add points                       https://i.ibb.co/5KfnfZ5/Unbenannt.png
 - You can subtract points                   https://i.ibb.co/bFWRCKX/Unbenannt.png
 * You can multiply points by a factor   https://i.ibb.co/RQn3SGz/Unbenannt.png
 : You can divide points by a factor.       https://i.ibb.co/m5dPQ5K/Unbenannt.png
sig: Sign https://i.ibb.co/w0hcCbC/Unbenannt.png
ver: Verify https://i.ibb.co/RzPKHTk/Unbenannt.png
verify:
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Here is a tool of mine with which you can generate as many test vectors as you want.
You can create and test signatures.
And you can carry out all the important operations for the Secp256k1 curve and test your code with it.

~snip

If you want to create test vectors, set "multiplication" and multiply "G" by whatever you want.

It is nice, but, what do those other curve operations you've just shown in the screenshot do? (I'm talking about ':', 'sig', and 'ver' in the dropdown menu).
full member
Activity: 161
Merit: 168

It is difficult to find another calculator to test my results against. Can someone verify if these are actually wrong (or correct, but the test vectors are wrong)?

Here is a tool of mine with which you can generate as many test vectors as you want.
- You can create and test signatures
- You can add points
- You can subtract points
- You can multiply points by a factor
- You can divide points by a factor
And you can carry out all the important operations for the Secp256k1 curve and test your code with it.


https://github.com/MrMaxweII/Secp256k1-Calculator

Download: https://github.com/MrMaxweII/Secp256k1-Calculator/releases/tag/V1.0.14



If you want to create test vectors, set "multiplication" and multiply "G" by whatever you want.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
And when I was doing some calculations, I realized that something goes wrong.

I noticed this from my testing, it looks like that k and n-k have the same X coordinate but inverted (curve order - y) Y coordinate.
This is false or it's true only if k = 1.

Code:
Private key: 1
x: 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
y: 483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8

Private key: 115792089237316195423570985008687907852837564279074904382605163141518161494336
x: 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
y: b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777

But, let's take another number. (k = 2)

Code:
Private key: 2
x: c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
y: 1ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a

Private key: 115792089237316195423570985008687907852837564279074904382605163141518161494335
x: 2f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01
y: a3b25758beac66b6d6c2f7d5ecd2ec4b3d1dec2945a489e84a25d3479342132b

Am I doing anything wrong or is the k and (n-k) rule incorrect for any k∈[2, n-2]?
legendary
Activity: 3472
Merit: 10611
Wouldn't it be the same if we simply subtracted the number from n? (number = n - number)
It depends on where the negative number was produced, if you are sure that the equation is giving a negative number between -n and 0 exclusive then yes but it is not always like that. For example if you have -17 (mod 7) and add the prime (7) to it you'll still get a negative number (-10) and have to repeat it again (-3) and again (4) to finally get a positive number. But if you first compute the remainder then add the prime it will always be positive.
-17 ≡ -3 ≡ 4 (mod 7)
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
The correct notation is this:
y1 + y2 ≡ 0 (mod p)
Why does y1 + y2 give us p and not n? (when y1 = -y2)

Y and X are point coordinates and not a multiplier and as such it has to be in the prime group (p) and not the curve order group (n).
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Under the hood if any number is not positive the method should make it positive by computing its mod and then adding the prime so that is is always between 0 and the prime.
So, essentially, if the number is negative, we define it as following: number = (number mod n) + n. Correct? Wouldn't it be the same if we simply subtracted the number from n? (number = n - number)

The correct notation is this:
y1 + y2 ≡ 0 (mod p)
Why does y1 + y2 give us p and not n? (when y1 = -y2)
legendary
Activity: 3472
Merit: 10611
Excuse me if that's a dumb question, but how do you recognize if a hexadecimal number is negative? For example, take a look in the y coordinates of those two points:
All numbers that come out of any Elliptic Curve related method (such as the point multiplication that you are probably using) are positive because by contract we only report positive numbers. Under the hood if any number is not positive the method should make it positive by computing its mod and then adding the prime so that is is always between 0 and the prime.

I assume that this equation should always be true for k1 + k2 = n: y1 + y2 = 0
That's right, when y1=-y2 the sum should be 0 as I explained above. The correct notation is this:
y1 + y2 ≡ 0 (mod p)

Here is an example:
Code:
k1 = 12233456
k2 = n -k1 = 115792089237316195423570985008687907852837564279074904382605163141518149260881

Q1.x = Q2.x = 114232938462135891686500124810364184602379329612856280684251352758526248132659
Q1.y = 17861562014024620061259601058584332743358430500525147265305253422039778750471
Q2.y = 97930527223291575362311383950103575109911554165115416774152330585869055921192

Q1.y + Q2.y = 115792089237316195423570985008687907853269984665640564039457584007908834671663 ≡ 0 (mod 115792089237316195423570985008687907853269984665640564039457584007908834671663)
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Hence 1 and n-1 or x and n-x have the same x coordinate while having different y coordinates that is negative of one another.

Excuse me if that's a dumb question, but how do you recognize if a hexadecimal number is negative? For example, take a look in the y coordinates of those two points:
Code:
483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8 (for k = 1)
b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777 (for k = n-1)

When I convert them to decimal they both get huge, but with no sign.

Code:
32670510020758816978083085130507043184471273380659243275938904335757337482424
83121579216557378445487899878180864668798711284981320763518679672151497189239

I assume that this equation should always be true for k1 + k2 = n: y1 + y2 = 0
legendary
Activity: 3472
Merit: 10611
By the way, I noticed that both 1 and n-1 give you the same x coordinate, but not the same y. What's the reasoning behind this?
When you negate a point on an elliptic curve (Q -> -Q) you change the y coordinate with -y and -y≡p-y (mod p).
If Q=k*G then -Q=-k*G and since -k≡n-k (mod n) => -P=(n-k)*G
Hence 1 and n-1 or x and n-x have the same x coordinate while having different y coordinates that is negative of one another.

P.S. Be careful that when negative a point the operations are mod p where p is the curve prime but when negating a private key (k) the operations are mod n where n is curve order.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
So my output (the ones on the curve anyway) is correct? And not the test case output?
Yes, they're correct (the first five). Which one is the test case output? Every k value you've written except those that are outside the secp256k1 return correct results.

As for those last three; how did you manage to find their x and y coordinates since they don't belong there? Are they from another curve?

All the k's are input and they output the X and Y values in the test.

The last three were in the StackExchange answer that had the test cases I used  Roll Eyes I actually duplicated the very last test case three times by accident and skipped a bunch of k's that looked similar to that one, that's why their output looks all the same.
staff
Activity: 4326
Merit: 8951
it is only in ECC that we only return numbers that are positive and between 0 and prime. ie. -1 ≡ 2 (mod 3).
Finite fields exist far beyond ECC. Smiley
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
So my output (the ones on the curve anyway) is correct? And not the test case output?
Yes, they're correct (the first five). Which one is the test case output? Every k value you've written except those that are outside the secp256k1 return correct results.

As for those last three; how did you manage to find their x and y coordinates since they don't belong there? Are they from another curve?

I noticed this from my testing, it looks like that k and n-k have the same X coordinate but inverted (curve order - y) Y coordinate.
Yep. Just learnt something new today.

115792089237316195423570985008687907852837564279074904382605163141518161494337 (highest value for k)
115792089237316195423570985008687907853269984665640564039457584007913129639936 (your k)
Actually, that was my mistake. I edited my last post. The highest value for k is this minus one. The k you quoted is n, but the highest k is n-1. So it's:

Code:
115792089237316195423570985008687907852837564279074904382605163141518161494336
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
The first five k values return me the correct x and y coordinates. The remaining three do not belong into the secp256k1 curve.

Specifically, on secp256k1, the number of valid keys denoted as n would be any value between 1 and n-1 where n is equal with “fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141”. The k value, you left the same in the last three results, is bigger than that.

So my output (the ones on the curve anyway) is correct? And not the test case output?

By the way, I noticed that both 1 and n-1 give you the same x coordinate, but not the same y. What's the reasoning behind this?

I noticed this from my testing, it looks like that k and n-k have the same X coordinate but inverted (curve order - y) Y coordinate.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Can someone verify if these are actually wrong (or correct, but the test vectors are wrong)?
The first five k values return me the correct x and y coordinates. The remaining three do not belong into the secp256k1 curve.

Specifically, on secp256k1, the number of valid keys denoted as n would be any value between 1 and n-1 where n is equal with “fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141”. The k value, you left the same in the last three results, is bigger than that.

Decimally:
Code:
115792089237316195423570985008687907852837564279074904382605163141518161494336 (highest value for k)
115792089237316195423570985008687907853269984665640564039457584007913129639936 (your k)




By the way, I noticed that both 1 and n-1 give you the same x coordinate, but not the same y. What's the reasoning behind this?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Alright looks like I got another problem with test cases.

I'm trying to verify if my implementation works correctly with different factors k. I used this list https://crypto.stackexchange.com/questions/784/are-there-any-secp256k1-ecdsa-test-examples-available , and it works properly for numbers 1-20 (those are the only small numbers in the linked test), but it is making different results for the huge factors.

Code:
k: 112233445566778896
x: 1be8dea0c9f0b2e7224c7f8c04b4a61bd886b4c5bf36fea76a2ae187d6db7c7a
y: 948dcc4e2d53c91436e1e4e53469b8331e05b19c2aebae5b026e75bd468b8d38

k: 112233445566778890877738208276250624
x: ecf54f4a4757d5273b3d38b51a6714739a327d89c2a599b7fec860bb523adce8
y: 9fb325c337b783bd6bae40bfe77d957750687e8359f2340108a704c429dd1233

k: 28948022309329048855892746252171976963317496166410141009864396001978282409984
x: 2a9e8dfe3cce6bab3e82d82a5688544c0c7b55dc31978b4de2ccb3b7d466d561
y: 1dfeda5c16e651fbac7b5ad608b96cf5e01eaec17a02182f96ccf5252e76373

k: 57896044618658097711785492504343953926634992332820282019728792003956564819968
x: b23790a42be63e1b251ad6c94fdef07271ec0aada31db6c3e8bd32043f8be384
y: fc6b694919d55edbe8d50f88aa81f94517f004f4149ecb58d10a473deb19880e

k: 86844066927987146567678238756515930889952488499230423029593188005934847229952
x: 71e935c8e1f54f25a6424274ab07e7891873c3b1a27a6c40b805264597a6257f
y: 78d93e59f47c22513ded86ba47ae2a52ef2523540cf70f7a5b217461d1b1e582

k: 115792089237316195423570985008687907853269984665640564039457584007913129639936
x: dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787
y: 7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573

k: 115792089237316195423570985008687907853269984665640564039457584007913129639936
x: dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787
y: 7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573

k: 115792089237316195423570985008687907853269984665640564039457584007913129639936
x: dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787
y: 7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573

It's failing for all these (and I assume for the other huge numbers in the list which I didn't test as well).

It is difficult to find another calculator to test my results against. Can someone verify if these are actually wrong (or correct, but the test vectors are wrong)?
legendary
Activity: 3472
Merit: 10611
It turns out that the modulus function in my bigint dependency library is broken and spits out negative numbers that aren't mod the curve prime.
If you are using a general BigInteger implementation that is not specifically made for Elliptic Curve cryptography and Modular Arithmetic, then returning a negative number is the correct behavior. In other words -4 % 3 = -1 and it is only in a finite field (like in ECC) that we only return numbers that are positive and between 0 and prime. ie. -1 ≡ 2 (mod 3).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I don't know how you get these numbers from your example.

Thank you very much for the demonstration.

It turns out that the modulus function in my bigint dependency library is broken and spits out negative numbers that aren't mod the curve prime. After adding the prime to these negative numbers (and making my addition/multiplication check for points at infinity properly), I get the same results as your example.
copper member
Activity: 821
Merit: 1992
Quote
3*G (G+G+G) should give me this result (mod p):

Hex:
-6cf75fe6da73cefb6cbb07a0762add64ace37ba7c90664f79fe0eeb431fc536
-c77084f09cd217ebf01cc819d5c80ca99aff5666cb3ddce4934602897b4715bd
No, it should be:
Code:
04 79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8   G
04 C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5 1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A   2*G
04 F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9 388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672   3*G
I don't know how you get these numbers from your example. Maybe try implementing it by using smaller numbers and later just increase them? Some related article: https://www.coindesk.com/markets/2014/10/19/the-math-behind-the-bitcoin-protocol/.

We start from base point:
Code:
x=79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
y=483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
Then we double that point:
Code:
modulo=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
c=3*x*x/2*y
c=3*(79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)^2/2*483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
c=3*8550e7d238fcf3086ba9adcf0fb52a9de3652194d06cb5bb38d50229b854fc49/9075b4ee4d4788cabb49f7f81c221151fa2f68914d0aa833388fa11ff621a970
c=8ff2b776aaf6d91942fd096d2f1f7fd9aa2f64be71462131aa7f067e28fef8ac/9075b4ee4d4788cabb49f7f81c221151fa2f68914d0aa833388fa11ff621a970
c=8ff2b776aaf6d91942fd096d2f1f7fd9aa2f64be71462131aa7f067e28fef8ac*b7e31a064ed74d314de79011c5f0a46ac155602353dc3d340fbeaeec9767a6a6
c=cb35b28428101a303eb9d1235992ac63f58857c2f631ee6936d3aebbeddcd1b1
rx=c*c-2*x
rx=cb35b28428101a303eb9d1235992ac63f58857c2f631ee6936d3aebbeddcd1b1^2-2*79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
rx=b9814c9235a6f4c5db86059a32ce92e661af8801e88b8e5a5f910c708a60d1e6-f37cccfdf3b97758ab40c52b9d0e160e0537f9b65b9c51b2b3e502b62df02f30
rx=c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
ry=c*(x-rx)-y
ry=cb35b28428101a303eb9d1235992ac63f58857c2f631ee6936d3aebbeddcd1b1*(79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798-c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5)-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=cb35b28428101a303eb9d1235992ac63f58857c2f631ee6936d3aebbeddcd1b1*b3b9e6eab7ef3e3f255b222738c68e2ea6246e8fa0deec31ae4677a0ba8774e2-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=631c4375cce1879f016a8015547df397f50de6add8ec24fabfac02394be0b9e2-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=1ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a
As you can see, we have:
Code:
rx=c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
ry=1ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a
That matches 2*G:
Code:
04 C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5 1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A   2*G
Then, we add these two points:
Code:
modulo=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
px=79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
py=483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
qx=C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5
qy=1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A
c=(qy-py)/(qx-px)
c=(1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)/(C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5-79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
c=d2a68e877f99fed44620881d385be245fade7e1c8be17cc7871c611855bf0ca1/4c4619154810c1c0daa4ddd8c73971d159db91705f2113ce51b9885e4578874d
c=d2a68e877f99fed44620881d385be245fade7e1c8be17cc7871c611855bf0ca1*ac946f7cd9ccebb8d59803e73c7d12aa395b2eb7e59a8ba119742df442fc6604
c=342119815c0f816f31f431a9fe98a6c76d11425ecaeaecf2d0ef6def197c56b0
rx=c*c-px-qx
rx=342119815c0f816f31f431a9fe98a6c76d11425ecaeaecf2d0ef6def197c56b0^2-79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798-C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5
rx=38f37014ce22fc29cf19f28a5ce4da091445536c3e2cff318ba07c2a3048f518-79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798-C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5
rx=bf350995d446407d79798ff48e5dcf0211a95691105ed65831adface1950d9af-C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5
rx=f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
ry=c*(px-rx)-py
ry=342119815c0f816f31f431a9fe98a6c76d11425ecaeaecf2d0ef6def197c56b0*(79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798-f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9)-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=342119815c0f816f31f431a9fe98a6c76d11425ecaeaecf2d0ef6def197c56b0*808ddc7d6783f89c0c6c130fd5e9b8dd4d6a3495aa5e8f28d3f090465a17dcce-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=80ca558689d1ac796d8833e23848fbff62185de1db4777350901ce057fc9bb2a-483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
ry=388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
As you can see, we have:
Code:
rx=f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
ry=388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672
That matches 3*G:
Code:
04 F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9 388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672   3*G
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
A related problem, I'm implementing secp256k1 multiplication now that I completed and tested add & double, and this is the pseudocode Wikipedia has  about the subject:

Code:
  R0 ← 0
  R1 ← P
  for i from m downto 0 do
      if di = 0 then
          R1 ← point_add(R0, R1)
          R0 ← point_double(R0)
      else
          R0 ← point_add(R0, R1)
          R1 ← point_double(R1)
  return R0

I initially thought that d is just a binary decomposition of the multiplicand i.e. 3 => 11b, 6 => 110b, etc. But this doesn't seem to produce the correct results.

3*G (G+G+G) should give me this result (mod p):

Hex:
-6cf75fe6da73cefb6cbb07a0762add64ace37ba7c90664f79fe0eeb431fc536
-c77084f09cd217ebf01cc819d5c80ca99aff5666cb3ddce4934602897b4715bd

decimal:
-3080428797605589366822325834758234751155007324101155494826970452699058783542 -90209061256745311731914079131285931446821116410824268969537695047367247992253

but my implementation of Montgomery ladder is not returning that, so I'm wondering if the d array is supposed to be something else.
copper member
Activity: 909
Merit: 2301
Quote
yes but how to ALice can calculate private key of BOB?
She cannot. All she can do is multiplying his public key by her private key.

Edit: for example Alice only has that things:
Code:
+---------------------------------------------------------------------+
| Alice's computer:                                                   |
+---------------------------------------------------------------------+
| Alice's private key:                                                |
| a294bf599609918d80a43321326215d9cd95bf5462901d0c734ee0c785ae2e95    |
| Bob's public key:                                                   |
| 03 552336062684334EC2FD3CA6929BF0975C8FDEFB967342F4B38F1759C63F55CF |
| Shared key:                                                         |
| 03 DEFB20FD5EE58BFCDE96CFBF1C93B2498787F8B024FDCCF4F1DB3DD230EE759F |
+---------------------------------------------------------------------+
And Bob only has that things:
Code:
+---------------------------------------------------------------------+
| Bob's computer:                                                     |
+---------------------------------------------------------------------+
| Bob's private key:                                                  |
| 84d324b55a6e1d94e66cca1daa00377d7fff9de18bdcdaa59de87e5c4a9713ea    |
| Alice's public key:                                                 |
| 03 3E6501A24451EBA3459C32C4C67ED5365FD09991DAD6C96F9DADE780B5DED602 |
| Shared key:                                                         |
| 03 DEFB20FD5EE58BFCDE96CFBF1C93B2498787F8B024FDCCF4F1DB3DD230EE759F |
+---------------------------------------------------------------------+
copper member
Activity: 909
Merit: 2301
Quote
SO the question : if some one sent to me transaction in to my "Pubkey" address, which I know private*G, so I know the pubkey of delivery of transaction.
How to calculate privatekey of second pubkey?
if a*G (my pubkey) then do I : a*pubkey2 , and what next?
If you are Alice, you know "a" and "bG", so you can do "a*bG" that is equal to "abG". If you are Bob, you know "b" and "aG", so you can do "b*aG" that is equal to "abG". In this way, Alice and Bob can create shared secret that is unknown to everyone else. If public key multiplication would be directly possible, then anyone could calculate that shared key and read the whole traffic between Alice and Bob.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
how Alice can calculate Bob privatekey , and how Bob calculate Alice private key?
from transaction or it has nothing to do with transaction?
It doesn't have to do (directly) with the transaction, you only need the public keys; if they reused their addresses then their public keys would be exposed (so that's how you'd get them). As said by the folks above, if elliptic curve point multiplication was possible you could raise to any power as well. Using Pohlig-Hellman in conjunction with Pollard-Rho would lead you to k with only 254 multiply operations. Knowing k means, you're one equation away for finding out the private key (d).

what is aG and bG?
Since a and b are private keys, then aG is Alice's public key and bG, Bob's public key.
staff
Activity: 4326
Merit: 8951
I'm no familiar with ECDH, but why would an observer want to compute aG and bG assuming he knows about abG? He can't do anything with aG & bG even if he divides abG to get them. It's like saying that if you had a public key, which was result from the multiplication of two others, and I somehow could reveal them I could also sign from them.

For key agreement the passive observer sees aG sent by alice, and bG sent by bob.  The observer cannot compute abG -- their shared secret.  If they could multiply points they could multiply what they saw aG and bG and get the shared secret and read their traffic.

full member
Activity: 206
Merit: 450
How can you defeat the system if you're able of multiplying two points instead of a number and a point?

Multiplying two points allows us to square as well, and consequently rise to any power. Then we can work in the multiplicative group, which has order N-1, and excludes the point at infinity (0,0). ​The biggest factor of N-1 is only 108 bits. Using Pohlig-Hellman in conjunction with Pollard-Rho (or BSGS for smaller factors, and exhaustive search for the smallest) we find k with cost O(254) multiply operations.

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Probably the simplest example is that in ECDH key agreement: Alice has private key a and sends aG and Bob has private key b and sends bG, and their joint shared secret is H(abG) which they can both compute by multiplying what they received with their own private key and hashing it.  But a passive observer can't multiply the two points, and so they can't compute the shared secret.
I'm no familiar with ECDH, but why would an observer want to compute aG and bG assuming he knows about abG? He can't do anything with aG & bG even if he divides abG to get them. It's like saying that if you had a public key, which was result from the multiplication of two others, and I somehow could reveal them I could also sign from them.

The observer could not compute the shared secret, could he?

No, because then ECDSA would be broken.
How can you defeat the system if you're able of multiplying two points instead of a number and a point?
staff
Activity: 4326
Merit: 8951
If you wanted to be silly you could also implement dividing a point by a scalar more directly.

One efficient way of computing a modular inverse is to use the extended GCD algorithm. A GCD starts with a vector of the number to be inverted and the modulus and applies a series of primitive transformations to the numbers which preserve their GCD and reduce their magnitude, until eventually you end up with the [1,0] vector. An extended GCD has an additional vector of numbers mod n which runs along side it and which it applies the same primitive transformations to, which ends up being the modular inverse at the end.  If the GCD you use is a binary GCD then all the transformation operations you perform are simple operations you can perform on curve points. So if you slap ecc points in place of this this secondary vector, the algorithm will divide a curve point by a number directly.

However, given that scalar operations are so much faster than curve operations, this would be slower than computing the inverse and then using a fast scalar/point multiply algorithm.  But I think it could be fairly said to be an algorithm for directly dividing a curve point by a scalar, although a rather silly one.

I was wondering if two points could be multiplied with each other, as opposed to a point and a number e.g. P*Q.
You cannot.  As garlonicon noted that it would break a lot of ECC protocols if you could.  Probably the simplest example is that in ECDH key agreement: Alice has private key a and sends aG and Bob has private key b and sends bG, and their joint shared secret is H(abG) which they can both compute by multiplying what they received with their own private key and hashing it.  But a passive observer can't multiply the two points, and so they can't compute the shared secret.

In pairing cryptography which is built with specialized elliptic curves that have a precisely engineered weakness you effectively gain an ability to multiply curve points, but only once: the result is in a different group.  But this extra ability alone lets you create all kinds of fancy cryptographic protocols that you can't create with plain ECC (or only exist in interactive form for plain ECC).

One thing that can be done if I know three points and their discrete logs: A=aG, B=bG, C=abG, I can write a proof that convinces you that C is the product of A and B (and that I know their discrete logs), without revealing to you anything else.  But you can't perform the computation yourself.
legendary
Activity: 3472
Merit: 10611
Apologies for my ignorance but I might recognize this constant from somewhere, is this number n/2 (which means for halfing I can just do kn-1 I think)?
No it is 1/2 (mod N).
Since we don't exactly have a division defined each [point divided by number] operation is changed into [point] * [modular multiplicative inverse of the divisor].
So P/2 becomes P*2-1 where 2-1 is computed by solving 2*x ≡ 1 (mod N)
And x is 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1

FWIW: N/2 = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Yes, of course. For example you can double a point or halve a point by multiplying it by 7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1.

Apologies for my ignorance but I might recognize this constant from somewhere, is this number n/2 (which means for halfing I can just do kn-1 I think)?
copper member
Activity: 821
Merit: 1992
Quote
Basically, we can already do kP, so I want to know if P/k = k-1P is doable.
Yes, of course. For example you can double a point or halve a point by multiplying it by 7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1. It's that simple, for example after halving Satoshi's key you can get:
Code:
04 678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB6 49F6BC3F4CEF38C4F35504E51EC112DE5C384DF7BA0B8D578A4C702B6BF11D5F 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa Satoshi
04 DEF2F43AFAA185045DDE45A7EA5621C45D3F9B2C2E96DB7260E0D617C2B0F09F CF30AED022D0932E39B68C5B618D11248EA94B08644E80605ED825A278405435 1CMjuddbCMYTYBxCLHvw9CXPynVHcey2Eh Satoshi/2
The same you can do for any number. Division is just multiplication by inverse.
Quote
I was wondering if two points could be multiplied with each other
No, because then ECDSA would be broken.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Quote
This is supposed to be to implement the division operation P/k.

~

I cannot guess what you mean.

Basically, we can already do kP, so I want to know if P/k = k-1P is doable.

When I said:

Quote
Also - I don't think multiplicative inverse of points (i.e. P-1, not group numbers) exists, does it?

I was wondering if two points could be multiplied with each other, as opposed to a point and a number e.g. P*Q.
full member
Activity: 206
Merit: 450
I am building a secp256k1 class in Node.js to use in my tools, and I know that numbers in a group already have a multiplicative inverse - and how to calculate it - I have point multiplication already implemented but I am not sure if there is such a factor k-1 such that

k-1P * kP = P
Modulo prime number for every number (except zero) there's unique inverse. That is, the sequence of all inverse is a permutation of all positive numbers.

Quote
Is it simply the inverse of k mod curve order n?

Since the curve order is n, then k-1 is mod n as well.


Quote
This is supposed to be to implement the division operation P/k.

Also - I don't think multiplicative inverse of points (i.e. P-1, not group numbers) exists, does it?

I cannot guess what you mean.

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I am building a secp256k1 class in Node.js to use in my tools, and I know that numbers in a group already have a multiplicative inverse - and how to calculate it - I have point multiplication already implemented but I am not sure if there is such a factor k-1 such that

k-1P * kP = P

Is it simply the inverse of k mod curve order n?

This is supposed to be to implement the division operation P/k.

Also - I don't think multiplicative inverse of points (i.e. P-1, not group numbers) exists, does it?
Jump to: