Author

Topic: ECDSA as a shared secret key generator (Read 263 times)

legendary
Activity: 1624
Merit: 2509
February 19, 2020, 07:50:47 AM
#3
I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:

Actually that is being used.
That's how the PayNym feature of the mobile wallet Samourai works.

1. Bob publishes a "watching address"
2. Alice creates a notificatin message (transaction) to the watching address of Bob containing 80 byte of Data which is the basis for the ECDH key exchange.
3. The shared secret between both of them is used to derive new addresses for single use.

That's useful if you for example want to provide a (publicly available) donation address without anyone being able to see how much donations you already received.
legendary
Activity: 3150
Merit: 2185
Top-tier crypto casino and sportsbook
February 06, 2020, 05:46:48 PM
#2
Sooo... an Elliptic-curve Diffie-Hellman key exchange over the Bitcoin blockchain?

I think this paper describes pretty much what you are suggesting, maybe it's of interest for you:
https://eprint.iacr.org/2015/308.pdf

I'm not aware of any implementations being used in practice though. Something related was suggested in the form of ECDH addresses a while back:
https://en.bitcoin.it/wiki/ECDH_address
https://github.com/bitcoin/bips/blob/master/bip-0047.mediawiki
newbie
Activity: 1
Merit: 4
February 06, 2020, 03:45:02 PM
#1
Assume Alice and Bob have their public keys revealed on blockchain. If Alice wants to send some message to Bob, she can multiply her private key by Bob's public key and calculate their "shared public key". She can send symmetrically-encrypted message to Bob and attach her public key at the beginning. Bob can receive it, multiply her public key by his private key and calculate the same "shared public key" to decrypt received message.

(AlicePrivateKey*BobPrivateKey)*BasePoint=(BobPrivateKey*AlicePrivateKey)*BasePoint
AlicePrivateKey*(BobPrivateKey*BasePoint)=BobPrivateKey*(AlicePrivateKey*BasePoint)
AlicePrivateKey*BobPublicKey=BobPrivateKey*AlicePublicKey

It is not possible for anyone else to calculate this shared point, because there is no such operation over ECDSA. Adding and subtracting points is possible. Multiplying and dividing given point by given number is possible. But it is impossible to multiply or divide two points.

Exchanging some basic messages over mempool after OP_RETURN should be enough to start communication. Later, both parties can communicate using any protocol, because sending big messages on blockchain is too expensive. Revealing public keys is necessary to create valid transaction. Some bytes after OP_RETURN are encrypted and can contain IP addresses, hostnames, IRC channels, emails or anything meaningful for all parties having this shared key and it should be enough to send next messages off-chain.
Jump to: