Point addition / Point concatenate | Bitcointalksearch.org

mausuv

jr. member

Activity: 70

Merit: 1

iknow r s1s2 value
i need z1z2 how to calculate
i read this post explain testnet ,i am not understad https://bitcointalksearch.org/topic/m.56686056
https://bitcointalksearch.org/topic/m.10669517 #read 1,3page

please explain stepy by step calulate z1z2 from bitcoin mainet or write code #mybadenglish

run this script https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.py
output : show r s1s2 z1,z2
but i got error what my mistake

https://tbtc.bitaps.com/raw/transaction/ff948290ff332aed8f0e5d767118a02e8671578c6775a333bb4ee4d6ccfcf639
i am enter raw tx i got error https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.py

Code:

Traceback (most recent call last):
File "RawTX_RSZ.py", line 13, in
s = keyUtils.derSigToHexSig(m[1][:-2])
File "/home/runner/btc-rsz/keyUtils.py", line 32, in derSigToHexSig
x, s = ecdsa.der.remove_integer(s)
File "/usr/local/lib/python2.7/dist-packages/ecdsa/der.py", line 218, in remove_integer
raise UnexpectedDER("Negative integers are not supported")
ecdsa.der.UnexpectedDER: Negative integers are not supported

i know r s1s2
i need z1z2 value please how to get z1z2 #mybadenglish

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: pooya87 on April 29, 2021, 10:28:26 PM

The problem is that I don't think we have division defined in modular arithmetic.

That's correct, but that's kind of my point. When performing point addition on an elliptic curve, you must use division to calculate the slope of the line. Since we can't do that modulo p, we instead convert to multiplying the multiplicative inverse, again modulo p.

As NotATether says, perhaps it would have been more accurate to write:

(x mod p)(y^-1 mod p) mod p = x * y^-1 mod p

So if we take 23/27 mod 17, for example

(23 mod 17 / 27 mod 17) mod 17
(6 / 10) mod 17
(6 * 12) mod 17
72 mod 17
4

Or

(23 / 27) mod 17
(23 * 12) mod 17
276 mod 17
4

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: pooya87 on April 29, 2021, 10:28:26 PM

Quote from: o_e_l_e_o on April 29, 2021, 07:45:10 AM

(x mod p)(y mod p)^-1 mod p = x/y mod p

This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic.

They both look like the same operation since technically every variable has to be mod p, so it's like writing (x mod p)(y^-1 mod p) mod p which would be the same as x * y^-1 nonetheless (mod p of course).

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: o_e_l_e_o on April 29, 2021, 07:45:10 AM

(x mod p)(y mod p)^-1 mod p = x/y mod p

This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic. In the following 3 divided by 7 is 0.4 and we can't work with that. However we have modular multiplicative inverse that can't be converted to a division:
3/7 ≡ 6 (mod 13) 7*2 ≡ 1 -> 7^-1 ≡ 2 (mod 13) 3/7 ≡ 3 * 7^-1 ≡ 3 * 2 ≡ 6 (mod 13)

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: NotATether on April 29, 2021, 04:38:04 AM

I'll just assume that all ops have to be done mod p instead of line-by-line.

It actually makes no difference. In modulo arithmetic, the following all hold true:

(x mod p + y mod p) mod p = (x + y) mod p
(x mod p)(y mod p) mod p = xy mod p
(x mod p)(y mod p)^-1 mod p = x/y mod p

So whether you do [(By - Ay) mod p / (Bx - Ax) mod p] mod p or just [(By - Ay) / (Bx - Ax)] mod p, your result will be the same.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: o_e_l_e_o on April 27, 2021, 02:43:23 PM

Quote from: NotATether on April 27, 2021, 12:58:10 PM

-snip-

You need to use the multiplicative inverse, which every number will have since p is prime.

~

Code:

l=(By-Ay) * libnum.invmod(Bx-Ax,p)

D'oh!

Yeah something felt wrong about using that division operator but I totally forgot it was doing numerical division.

I have some code somewhere for performing a mod-inverse since apparently libnum's PyPI page says it should not be used in crypto implementations.

Code:

#credits: https://gist.github.com/nlitsme/c9031c7b9bf6bb009e5a
def inverse(x, p):
    """
    Calculate the modular inverse of x ( mod p )
    
    the modular inverse is a number such that:
    
    (inverse(x, p) * x) % p  ==  1 
    
    you could think of this as: 1/x
    """
    inv1 = 1
    inv2 = 0
    while p != 1 and p!=0:
        inv1, inv2 = inv2, inv1 - inv2 * (x / p)
        x, p = p, x % p

    return inv2

Some more functions for convenience:

Code:

def add(x, y, p):
    return (x + y) % p

def sub(x, y, p):
    return (x - y) % p

def mul(x, y, p):
    return (x * y) % p

def div(x, y, p):
    return (x * inverse(y, p)) % p

def exp(x, y, p):
  z = 1
  for i in range(1, y+1):
    z = mul(z, x, p)
  return z

p = 2**256 - 2**32 - 977

#TODO  edge cases

def point_add(Ax, Ay, Bx, By):
    """Point addition of points (Ax, Ay) and (Bx, By)"""
    
    l = div(sub(By, Ay,p), sub(Bx, Ax, p), p)
    Cx = sub(sub(exp(l, 2, p), Ax, p), Bx, p)
    Cy = sub(mul(l, sub(Ax, Cx, p), p), Ay, p)
    return Cx, Cy   # Point (Cx, Cy) = (Ax, Ay) + (Bx, By)

I'll just assume that all ops have to be done mod p instead of line-by-line.

ymgve2

full member

Activity: 161

Merit: 230

Multisig does not require all participants to sign, you can generate any N-of-M schemes, like 1-of-2 where only a single participant needs to sign to spend. Or 2-of-3 where a majority needs to sign, but not everyone.

brainless

member

Activity: 330

Merit: 34

Quote from: o_e_l_e_o on April 28, 2021, 10:46:20 AM

Quote from: brainless on April 28, 2021, 10:29:39 AM

person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...

And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address.

Quote from: brainless on April 28, 2021, 10:29:39 AM

both dont know each other prvkeys, only pubkeys known each other ...

If this is what you want to achieve, then why not just use multi-sig?

Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access.

multisig requird both person sign/verify, in my new system, address and pubkey multi control, but could sign fro both and/or single, etc, anyway debate on every new system is always long, but first we need point con tests,

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: brainless on April 28, 2021, 10:29:39 AM

person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...

And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address.

Quote from: brainless on April 28, 2021, 10:29:39 AM

both dont know each other prvkeys, only pubkeys known each other ...

If this is what you want to achieve, then why not just use multi-sig?

Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access.

brainless

member

Activity: 330

Merit: 34

Quote from: ymgve2 on April 28, 2021, 09:51:50 AM

Quote from: brainless on April 27, 2021, 07:29:33 PM

Quote from: ymgve2 on April 27, 2021, 07:15:33 PM

Quote from: brainless on April 27, 2021, 07:07:31 PM

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),

That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.

point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?

Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid.

Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless.

person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...
both dont know each other prvkeys, only pubkeys known each other ...
its all next level of works, first level work is point concatenate formula, consider on it to make point concatenate with it

ymgve2

full member

Activity: 161

Merit: 230

Quote from: brainless on April 27, 2021, 07:29:33 PM

Quote from: ymgve2 on April 27, 2021, 07:15:33 PM

Quote from: brainless on April 27, 2021, 07:07:31 PM

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),

That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.

point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?

Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid.

Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: brainless on April 27, 2021, 07:07:31 PM

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

Your result is wrong.

Consider graphically what is happening. The two points you have given above are the same point reflected over the x axis. To add these points you draw a line between them and mark the third point where it intersects the curve. The line you are drawing is vertical and therefore there is no y coordinate. As an example, look at this picture:

And now consider the equations I gave above. If the two x coordinates are the same, then Bx - Ax gives zero, meaning you must divide by zero to obtain the slope of the line.

brainless

member

Activity: 330

Merit: 34

Quote from: ymgve2 on April 27, 2021, 07:15:33 PM

Quote from: brainless on April 27, 2021, 07:07:31 PM

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),

That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.

point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?

ymgve2

full member

Activity: 161

Merit: 230

Quote from: brainless on April 27, 2021, 07:07:31 PM

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),

That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.

brainless

member

Activity: 330

Merit: 34

0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),

ymgve2

full member

Activity: 161

Merit: 230

Quote from: brainless on April 27, 2021, 06:52:03 PM

Quote from: ymgve2 on April 27, 2021, 06:48:53 PM

None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7

get three x1, x2, x3 from x=0
tell me what y's and x's you get result

There are no results, because x=0 is not on the curve. The y values you get from x=0 do not as far as I can tell have any solution on the curve.

Quote from: brainless on April 27, 2021, 06:54:23 PM

from x = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589

y1 = 84125d3056d8364cf8962165f479d3da6f2ebc096f792df0ba484d8d703c0667
y2 = 7beda2cfa927c9b30769de9a0b862c2590d143f69086d20f45b7b2718fc3f5c8
x1 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x2 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2
x3 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403

These, though, are valid, but what is the point? What is the relevance of finding other points with the same y coordinates?

brainless

member

Activity: 330

Merit: 34

from x = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589

y1 = 84125d3056d8364cf8962165f479d3da6f2ebc096f792df0ba484d8d703c0667
y2 = 7beda2cfa927c9b30769de9a0b862c2590d143f69086d20f45b7b2718fc3f5c8
x1 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x2 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2
x3 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403

brainless

member

Activity: 330

Merit: 34

Quote from: ymgve2 on April 27, 2021, 06:48:53 PM

None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7

get three x1, x2, x3 from x=0
tell me what y's and x's you get result

ymgve2

full member

Activity: 161

Merit: 230

None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7

brainless

member

Activity: 330

Merit: 34

Quote from: ymgve2 on April 27, 2021, 05:05:04 PM

I got curious and wondered where you got 0x70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53 from, and discovered that it's what happens when you try to decompress a point with the x coordinate set to 0. Note that there are NO points on the secp256k1 curve with 0 as a valid x coordinate, this just happens because that iancoleman site doesn't check point validity at all.

If you enter 030000000000000000000000000000000000000000000000000000000000000000 into the iancoleman site, you get x=0 and y=0x70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53 - which makes me yet again wonder what the hell you are trying to do.

Could you try to explain a bit more what your goal is?

btw i mention valid points, as compress address same and uncompressed address changed

when you construct x1, x2, x3 from y1 or y2
your x=0 vanish

y1 = 8f537eefdfc1606a0727cd69b4a7333d38ed44e3932a7179eecb4b6fba9360dc
y2 = 70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53
x1 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403
x2 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x3 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2

i am simple playing with bits and curves

Topic: Point addition / Point concatenate (Read 1044 times)