Topic: Half of any bitcoin (crypto) public key - (public key half) - page 2. (Read 2609 times)

any cryptography library that supports elliptic curve cryptography should have the math, may not be a public member in some cases since these are internals of calculation. depending on the language you want there are a bunch of them for example python-ecdsa is a python library that has all of this.

Is there a code or script to do the math?

Thanks for the links, I have a bit of a headache but now I have the basics to understand.
Well, I now know how to divide a point by 2 as in my example (private key 10). On the other hand, I realize after several tests that if the point to be divided corresponds to an odd private key, the result no longer corresponds to what I expected. As long as the private key is divisible by 2, the calculations seem to respect a certain logic but since the division does not give a whole number (without comma), this "rule" is shattered ^^.
Can someone explain to me this part:
3. If d is odd let P = P + Q
4. Double Q: Q = 2 * Q, halve d rounding towards zero: d = floor (d / 2)

I don't quite understand the logic yet.
The floor () method returns the floor of x i.e. the largest integer not greater than x. With bitcoin is this the rule to apply, why not the other way around? (the smallest integer)?

Thanks in advance

this topic is already filled with many examples!
i think you should start at the basics and read what Elliptic Curve Cryptography and Modular Arithmetic are before trying to come up with the code that computes half of a public key!
start here: https://en.wikipedia.org/wiki/Modular_arithmetic
then:
https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
and finally
https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication
https://en.wikipedia.org/wiki/Modular_multiplicative_inverse

I'm sorry but i don't understand, can you give me an example  
I do not have the necessary bases in mathematics and you lost me with "constant is c" & d
ideally a small python script would be welcome but I'm certainly asking too much

Signed: the noob ^^

Multiply by 57896044618658097711785492504343953926418782139537452191302581570759080747169


Let the point you want to multiply is G, and the multiplication constant is c. The result will be P=c*G

One way to do it is:

1. Start with the point at infinity P = (0,0) = 0*G, Q = G = 1*G, d = c

2. if d is zero return P

3. If d is odd let P = P + Q

4. Double Q: Q = 2*Q, halve d rounding towards zero: d = floor(d/2)

5. Go to step 2

How I just reread your post and I understand that you manage to do it ?
So my question is simple, how multiply a point (x,y) by 1/2 (mod n) ? I can't get a working méthod with python

Assume i have this public key (x = 72488970228380509287422715226575535698893157273063074627791787432852706183111 , y = 2898698443831883535403436258712770888294397026493185421712108624767191)
what is the math méthod to multiply (x,y) by 1/2 (mod n) --> it is also assumed that I do not know the private key
How get (x = 21505829891763648114329055987619236494102133314575206970830385799158076338148 , y = 98003708678762621233683240503080860129026887322874138805529884920309963580118)

 

Ok, this confirms what i thought. Even if it is possible to halve a point, it is useless ^^
On the other hand I still do not know how to do ^^ lol
Thanks for the explanations all.

Half a private key of 10 is not private key 5.
That is something entirely different these are curve points.
It's 5 curve points away.

For example think of it this way,
You can plot the first 10 points from G then you have a ladder that you can climb up and down.
Then you start at 10 and move back 5 points you will arrive at another point on the curve
Maybe that will make it a lot easier for you to understand.

PrivateKey:  1

X:  0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Y:  0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8

PrivateKey:  2

X:  0xc6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5
Y:  0x1ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a

PrivateKey:  3

X:  0xf9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9
Y:  0x388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672

PrivateKey:  4

X:  0xe493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13
Y:  0x51ed993ea0d455b75642e2098ea51448d967ae33bfbdfe40cfe97bdc47739922

PrivateKey:  5

X:  0x2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4
Y:  0xd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6

PrivateKey:  6

X:  0xfff97bd5755eeea420453a14355235d382f6472f8568a18b2f057a1460297556
Y:  0xae12777aacfbb620f3be96017f45c560de80f0f6518fe4a03c870c36b075f297

PrivateKey:  7

X:  0x5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc
Y:  0x6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da

PrivateKey:  8

X:  0x2f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01
Y:  0x5c4da8a741539949293d082a132d13b4c2e213d6ba5b7617b5da2cb76cbde904

PrivateKey:  9

X:  0xacd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe
Y:  0xcc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37

PrivateKey:  10

X:  0xa0434d9e47f3c86235477c7b1ae6ae5d3442d49b1943c2b752a68e2a47e247c7
Y:  0x893aba425419bc27a3b6c7e693a24c696f794c2ed877a1593cbee53b037368d7


So for your info you also start with X and Y so that is already two coordinates on the curve.

Hum! I'm clearly a noob and i can't get it working..
I'm ok with the concept of multiplicative inverse of 2 --> 57896044618658097711785492504343953926418782139537452191302581570759080747169
But how use this number to half a public key with x and y coordinates
I have a lot of difficulty doing research with my broken English, someone can clarify this for me, perhaps with a python code ---> how half public key (private key 10) to get public key (private key 5)

It's now that I realize that mathematics is a profession ^^ lol

Thanks in advance

In secp256k1 there are two important primes - the prime p which is used for coordinates x and y (2^256 - 2^32 - 977), and the prime n, which is the group order (2^256 - 432420386565659656852420866394968145599).

The group is defined by two operations - addition of two points, and doubling a point.

From this we easily could multiply a point by scalar, this is series of additions and doublings.

Multiplying a point by scalar gives another point. Multiplying a point by n gives the point at infinity (0,0).

Dividing by 2 in a group with order n is equivalent to multiplying by the scalar 1/2 (mod n).

One can find the inverse of 2 modulo n by the Extended Euclidean Algorithm.
1/2 (mod n) = 57896044618658097711785492504343953926418782139537452191302581570759080747169

You'd have to multiply (x,y) by 1/2 (mod n), this gives
x = 21505829891763648114329055987619236494102133314575206970830385799158076338148
y = 98003708678762621233683240503080860129026887322874138805529884920309963580118

you shouldn't think in terms of "divide by 2" but in terms of "multiply by 2^-1" and 2^-1 is defined this way in modular arithmetic:
find x such that 2*x ≡ 1 (mod prime)

this is all because of how 2^-1 is defined and its value is 57896044618658097711785492504343953926418782139537452191302581570759080747169 because 2 * 57896044618658097711785492504343953926418782139537452191302581570759080747169 ≡ 1 (mod N)
it can be computed using Euclidean algorithm or the simplified 2^(prime-2) mode prime.
now multiplying that with the point we had returns the half point

x = 21505829891763648114329055987619236494102133314575206970830385799158076338148
Y = 98003708678762621233683240503080860129026887322874138805529884920309963580118

EDIT: I made the mistake of using P as the prime but it should have been N (curve order). now it is fixed.

First thanks for the response.
Ok i begin to understand the concept but not ready to go yet ^^.
I know add or substract a point to another (different or equal) but i can't divide a point by any number if i only have the x and y coordinates.
If it's possible can you show me how divide this point by 2 for example ?

x = 72488970228380509287422715226575535698893157273063074627791787432852706183111
y = 62070622898698443831883535403436258712770888294397026493185421712108624767191

It is public key for private key: 10 , and we say here i haven't got this private key.

I expect to obtain the public key:

x = 21505829891763648114329055987619236494102133314575206970830385799158076338148
Y = 98003708678762621233683240503080860129026887322874138805529884920309963580118
(private key 5 )

Thanks in advance

why not. private key will tell you how many times to add G to itself. but after you are done and have the value for k*G as point P then you can do whatever you want with that point. for example you can add another G to that point and compute Q=P+G or R=P-G and similarly you can multiply that point with any number like computing S=3*P (the same way you would compute 3*G).
2^-1 is just another number that your point (P or G or Q,...) is multiplied by. you just have to first calculate what integer 2^-1 is in congruence with. to do that you compute its modular multiplicative inverse as i explained above. there is also an example in my second comment with small numbers.

hello,

I read this post several, several, several times and i can't understand how it is possible to half a point like the first example.
Is it possible without the private key to divide a point by 2 ?

assume i have like the first example a point without the private key for it and divide it by 2

x = 545d2c25b98ec8827f2d9bee22b7a9fb98091b2008bc45b3b806d44624dc038c
y = f1e18224b09ed00841c5407e571829e41876d44522f97e05e405a91ef38d4f00

How get ?

x = 8f870b1693cb408f96a3da9e3623b6d0315a403395d79f412f26044210bcddd2
y = 8a0a3e2399787a1f084d53500bc577ba1cc4e19ab7b2d9a2bd327e5e56e8afa0

I clearly don't understand the concept of multiply by 2^-1 (mod n)
is it possible for someone to clarify this with an real example (not n, N P Q ETC... LOL ..I was the one sleeping in math classroom ^)

Thanks

This makes no sense at all.

First, the public address is a hashed public key, so unless there are major flaws in both SHA256 and RIPEMD-160 (hint: there aren't), you cannot take a public address and derive its public key (and its X and Y coordinates on the elliptic curve).

The public address and the public key are two different things.

Second, the math above is... a complete mess.

Third, even if you hypothetically could, what the heck would be the point of all this?

It is simple XY coordinate python script:
import bitcoin as b
pubkey = b.decode_pubkey("02545d2c25b98ec8827f2d9bee22b7a9fb98091b2008bc45b3b806d44624dc038c")
print("X:", hex(pubkey[0]), "Y:", hex(pubkey[1]))

your calculation is wrong, 61 divided by 2 in this group does give you 64. read my post above.
your mistake is that you are calculating 61/2=30.5 using simple arithmetic whereas all the calculations here are modular arithmetic meaning:
where 34 is calculated by solving this:

When you read about ECDSA used in Bitcoin, you probably learn about adding points and doubling it. But it is also possible to subtract any two points. You can also multiply or divide any point by any number, but you cannot multiply or divide two public keys without knowing at least one matching private key.

Halving a point is possible, but it does not break ECDSA security. It is a bit different than typical integer division when you can just divide everything by two and quickly come to zero and break everything. It is not the case when using ECDSA and doing calculations over finite field.

To better understand it, you can do some calculations on smaller finite fields, for example using modulo 67. You can start from 1 and multiply it by two. You will get 1,2,4,8,16,32,64 and then suddenly you will get 128-67=61. Here you can see that dividing 61 by two will give you 64.

you can't calculate x,y from a bitcoin address since addresses are basically the hash of a public key (ie. x,y coordinates) and hashes are not reversible.
what OP is explaining is where you already have the public key and want to compute (1/2)*pubkey which is a simple multiplication of the public key with modular multiplicative inverse of 2. any crypto library that has ECC also has a method for computing "ModInverse" and "point multiplication".