Author

Topic: Odd or even? (Read 455 times)

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
January 19, 2022, 06:53:16 AM
#19
Good day!

I think  that answer is NO, but maybe..

Is there any ways to understand is private key of known public key odd or even? Maybe any mathematician operations with public keys may helps?

Thank you!

So, first of all I often like to recommend Learn me a Bitcoin for Bitcoin basics.

As we can see, going from private to public key is done through ECDSA. You can read more about the algorithm on Wikipedia. In general, one of the basic requirements of signature algorithms is that they don't leak anything. One such thing would be if it the private key is even or odd, since it would be halving the input space. This would be an instant K.O. for any signature algorithm and nobody would use it.
jr. member
Activity: 56
Merit: 26
January 19, 2022, 06:51:01 AM
#18
CrunchyF
A question for you.
If you know how to define the range in which the private key is located.
How can I find out the private key?
What is an algorithm?

P.S. I have previously asked this question on this forum people who also boasted that if you know the range you can find out the private key.
They did not provide answers. (Either they don't know how to brag or they don't want to share.)

Yes you can !
but only with this following condition:

1)the public key you have is a raw point (x,y) and not a pubkeyhash (in this case only bruteforce in the range is possible).

2) You had an "oracle" which can tell where is the range of any public key with a precision > 50%. ( 50.000000001% would be ok depending of your power of computation)

It is difficult to answer to your question about a specific algorithm because the algorithm you have to designed depend on the information you can guess on the privkey with the public key

But for example if you can tell if your point is located in the first half or in the second half of N [1,N/2] or in [N/2,N] this is a possible algorithm:


you divide your  point by 2 ( pt' = pt*inv_mod(2,P)) to transfer your point in the upper or in the lower of the range of N as follow :

[1,N/2] if priv (in priv*G) is even:
and
[N/2,N] if priv (in priv*G) if point is odd:

you run your oracle.

with his prediction you can deducte that your initial  privkey is even or odd.
If your oracle is not 100% accurate you repeat the guess with other same point (for example in our case you add 2 on your initial point (to be sure to stay in our range, and to be sure that the new point have the same parity than the initial )  and you rerun your oracle enough times needed  to draw a statistical signifiant trend.

if you know that your priv is odd or even you can use the simple algorithm to decompose a number in binary representation and redo 256 times the process
and that it

Fanch
jr. member
Activity: 38
Merit: 1
January 19, 2022, 04:41:01 AM
#17
CrunchyF
A question for you.
If you know how to define the range in which the private key is located.
How can I find out the private key?
What is an algorithm?

P.S. I have previously asked this question on this forum people who also boasted that if you know the range you can find out the private key.
They did not provide answers. (Either they don't know how to brag or they don't want to share.)
jr. member
Activity: 56
Merit: 26
January 19, 2022, 04:04:31 AM
#16
Good day!

I think  that answer is NO, but maybe..

Is there any ways to understand is private key of known public key odd or even? Maybe any mathematician operations with public keys may helps?

Thank you!

If you manage to guess any piece of information (parity , range ,bias,  divisibility by a number etc...) of a private key with his public key  (or a bunch of public keys), secp256k1 will  be broken and bitcoin too.

We are pretty sure (99.9999% but not 100%) that is impossible and the generated public key (EC point)  of a specific private key seems to be perfectly random an perfectly distributed.

Fanch
jr. member
Activity: 38
Merit: 1
January 17, 2022, 12:23:06 PM
#15
I appreciate your opinion and your position on the curve.
It wasn't an opinion. Those were facts.

That, according to your words, there are 2-96, closed inclusions.
Which differ from each other.
But form completely the same

Public key
HASH160
Closed inclusions? Do you use some sort of translator? Because that doesn't make much sense. There are ~296 different private keys that give the same RIPEMD-160 hash, but they each give a unique public key that cannot be generated by any other private key.


I realized . Sorry for interfering with the conversation and didn't understand.
legendary
Activity: 2268
Merit: 18711
January 17, 2022, 11:46:53 AM
#14
But form completely the same

Public key
HASH160
.
.
.
.
The address compressed and uncompressed.
Not quite. The 296 private keys in question will produce 296 different public keys. It is the public keys which undergo RIPEMD-160 to produce the same output which will encode to the same address.

So different private keys, different public keys, same address.

The address compressed and uncompressed.
There is no reason that two private keys which give an address collision for their compressed public key would also give an address collision for their uncompressed public key, and vice versa.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 17, 2022, 11:45:40 AM
#13
I appreciate your opinion and your position on the curve.
It wasn't an opinion. Those were facts.

That, according to your words, there are 2-96, closed inclusions.
Which differ from each other.
But form completely the same

Public key
HASH160
Closed inclusions? Do you use some sort of translator? Because that doesn't make much sense. There are ~296 different private keys that give the same RIPEMD-160 hash, but they each give a unique public key that cannot be generated by any other private key.
jr. member
Activity: 38
Merit: 1
January 17, 2022, 11:40:19 AM
#12
o_e_l_e_o
I understood you correctly.
That, according to your words, there are 2-96 private keys.
Which differ from each other.
But form completely the same

Public key
HASH160
.
.
.
.
The address compressed and uncompressed.

Everything is correct  ?
legendary
Activity: 2268
Merit: 18711
January 17, 2022, 11:26:31 AM
#11
But, there are at least on the curve, two private keys that are completely different from each other. At the same time they form identical (identical)
Public key
HASH160
.
.
.
.
The address  compressed and uncompressed.
Each private key corresponds to one public key. That public key can expressed in two ways - compressed and uncompressed - but they both refer to the same point on the curve. There are almost 2256 possible private keys, and the same number of possible public keys (or double that if you count compressed and uncompressed public keys separately).

There are only 2160 possible P2PKH addresses though, since to reach an address you must use the RIPEMD-160 function, which outputs a 160 bit result. So there are in the region 296 possible different private keys which will all give the same address (and again, more than that if you consider compressed and uncompressed public keys separately).
jr. member
Activity: 38
Merit: 1
January 17, 2022, 10:35:57 AM
#10
Gentlemen.
pooya87
HeRetiK
BlackHatCoiner
I appreciate your opinion and your position on the curve.
But, there are at least on the curve, two private keys that are completely different from each other. At the same time they form identical (identical)
Public key
HASH160
.
.
.
.
The address  compressed and uncompressed.




But, in my opinion, there are 4 such keys. Which can be different, and at the same time form the same source data, up to the address itself.

P.S.
I can't prove the theory of 4 keys now, I'm working on it. In free time from work.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 17, 2022, 08:31:57 AM
#9
You are all wrong.
Take any number you want and solve the equation y2 = x3 + 7 mod p. You'll realize that there are two points that have the same x coordinates, but different y coordinates. These are considered different public keys.

But, in my opinion, there are four different such keys. Which can form all the same.
Form the same public key or address?
legendary
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
January 17, 2022, 05:10:40 AM
#8
You are all wrong.
There are at least two different private keys that can be generated, one and the same public key and everything related to it, to the address itself.
But, in my opinion, there are four different such keys. Which can form all the same.

I believe you may be confusing deriving the public key from the private key and deriving the address from the public key? Apologies if you are referring something else entirely.
legendary
Activity: 3472
Merit: 10611
January 17, 2022, 02:11:59 AM
#7
There are at least two different private keys that can be generated, one and the same public key and everything related to it, to the address itself.
A public key P(x,y) is computed from one and only one private key.
Keep in mind that P(x,-y) is computed from a different private key too which is equal to n-k.
jr. member
Activity: 38
Merit: 1
January 17, 2022, 01:49:50 AM
#6
You are all wrong.
There are at least two different private keys that can be generated, one and the same public key and everything related to it, to the address itself.
But, in my opinion, there are four different such keys. Which can form all the same.
full member
Activity: 206
Merit: 447
January 16, 2022, 08:28:05 AM
#5
To answer to this question, there is no need to mathematical calculations at all. The answer is the same for any public key.
Any public key can be generated by 2^96 private keys on average. Therefore, any known public key can be generated by numerous odd private keys and numerous even private keys.  

You are gravely mistaken. One private key corresponds to exactly one public key, and vice versa.

Each P2PKH and P2WPKH address could correspond to about 297 or 296 keys.

Finding out if private key is even or odd is equivalent to solving ECDLP, which currently takes about 2128 curve operations.

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 16, 2022, 08:25:44 AM
#4
I had seen this asked before. What for? What can you achieve by excluding half of the available private keys?

Any public key can be generated by 2^96 private keys on average.
This is false. You've confused it with the address. A public key can only be generated by one private key.
legendary
Activity: 2380
Merit: 5213
January 16, 2022, 06:40:03 AM
#3
To answer to this question, there is no need to mathematical calculations at all. The answer is the same for any public key.
Any public key can be generated by 2^96 private keys on average. Therefore, any known public key can be generated by numerous odd private keys and numerous even private keys.  


Sorry, there is exactly 1 private key for any public key.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7
January 16, 2022, 05:47:27 AM
#2
No. The public key is derived from the private key by multiplying a point on the secp256k1 curve by your private key.

The "curve" on the secp256k1 curve is not a curve that you would see in a circle. If you were to see its points plotted on a graph, it would look more like random points to most people.

It is not possible to divide by a point on the secp256k1 curve, and as such, you cannot calculate the mod 2 of the private key.
jr. member
Activity: 51
Merit: 18
January 16, 2022, 05:36:38 AM
#1
Good day!

I think  that answer is NO, but maybe..

Is there any ways to understand is private key of known public key odd or even? Maybe any mathematician operations with public keys may helps?

Thank you!
Jump to: