Pages:
Author

Topic: Point addition / Point concatenate (Read 1052 times)

jr. member
Activity: 70
Merit: 1
December 21, 2021, 01:15:49 AM
#52
iknow r s1s2  value
i need z1z2 how to calculate
i read this post explain testnet ,i am not understad https://bitcointalksearch.org/topic/m.56686056
https://bitcointalksearch.org/topic/m.10669517 #read 1,3page

please explain stepy by step calulate z1z2  from bitcoin mainet or write code #mybadenglish

run this script https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.py
output : show r s1s2 z1,z2
but i got error what my mistake

https://tbtc.bitaps.com/raw/transaction/ff948290ff332aed8f0e5d767118a02e8671578c6775a333bb4ee4d6ccfcf639
i am enter raw tx i got error https://github.com/FoxxD3V/btc-rsz/blob/master/RawTX_RSZ.py
Code:
Traceback (most recent call last):
File "RawTX_RSZ.py", line 13, in
s = keyUtils.derSigToHexSig(m[1][:-2])
File "/home/runner/btc-rsz/keyUtils.py", line 32, in derSigToHexSig
x, s = ecdsa.der.remove_integer(s)
File "/usr/local/lib/python2.7/dist-packages/ecdsa/der.py", line 218, in remove_integer
raise UnexpectedDER("Negative integers are not supported")
ecdsa.der.UnexpectedDER: Negative integers are not supported
i know r s1s2
i need z1z2 value please how to get z1z2 #mybadenglish
legendary
Activity: 2268
Merit: 18771
April 30, 2021, 03:20:31 AM
#51
The problem is that I don't think we have division defined in modular arithmetic.
That's correct, but that's kind of my point. When performing point addition on an elliptic curve, you must use division to calculate the slope of the line. Since we can't do that modulo p, we instead convert to multiplying the multiplicative inverse, again modulo p.

As NotATether says, perhaps it would have been more accurate to write:

(x mod p)(y-1 mod p) mod p = x * y-1 mod p

So if we take 23/27 mod 17, for example

(23 mod 17 / 27 mod 17) mod 17
(6 / 10) mod 17
(6 * 12) mod 17
72 mod 17
4

Or

(23 / 27) mod 17
(23 * 12) mod 17
276 mod 17
4
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April 29, 2021, 10:56:28 PM
#50
(x mod p)(y mod p)-1 mod p = x/y mod p
This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic.

They both look like the same operation since technically every variable has to be mod p, so it's like writing (x mod p)(y-1 mod p) mod p which would be the same as x * y-1 nonetheless (mod p of course).
legendary
Activity: 3472
Merit: 10611
April 29, 2021, 10:28:26 PM
#49
(x mod p)(y mod p)-1 mod p = x/y mod p
This doesn't look right to me. The problem is that I don't think we have division defined in modular arithmetic. In the following 3 divided by 7 is 0.4 and we can't work with that. However we have modular multiplicative inverse that can't be converted to a division:

3/7 ≡ 6 (mod 13)

7*2 ≡ 1 -> 7-1 ≡ 2 (mod 13)
3/7 ≡ 3 * 7-1 ≡ 3 * 2 ≡ 6 (mod 13)
legendary
Activity: 2268
Merit: 18771
April 29, 2021, 07:45:10 AM
#48
I'll just assume that all ops have to be done mod p instead of line-by-line.
It actually makes no difference. In modulo arithmetic, the following all hold true:

(x mod p + y mod p) mod p = (x + y) mod p
(x mod p)(y mod p) mod p = xy mod p
(x mod p)(y mod p)-1 mod p = x/y mod p

So whether you do [(By - Ay) mod p / (Bx - Ax) mod p] mod p or just [(By - Ay) / (Bx - Ax)] mod p, your result will be the same.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April 29, 2021, 04:38:04 AM
#47
-snip-
You need to use the multiplicative inverse, which every number will have since p is prime.

~

Code:
l=(By-Ay) * libnum.invmod(Bx-Ax,p)

D'oh!  Embarrassed  Yeah something felt wrong about using that division operator but I totally forgot it was doing numerical division.

I have some code somewhere for performing a mod-inverse since apparently libnum's PyPI page says it should not be used in crypto implementations.

Code:
#credits: https://gist.github.com/nlitsme/c9031c7b9bf6bb009e5a
def inverse(x, p):
    """
    Calculate the modular inverse of x ( mod p )
    
    the modular inverse is a number such that:
    
    (inverse(x, p) * x) % p  ==  1
    
    you could think of this as: 1/x
    """
    inv1 = 1
    inv2 = 0
    while p != 1 and p!=0:
        inv1, inv2 = inv2, inv1 - inv2 * (x / p)
        x, p = p, x % p

    return inv2

Some more functions for convenience:

Code:
def add(x, y, p):
    return (x + y) % p

def sub(x, y, p):
    return (x - y) % p

def mul(x, y, p):
    return (x * y) % p

def div(x, y, p):
    return (x * inverse(y, p)) % p

def exp(x, y, p):
  z = 1
  for i in range(1, y+1):
    z = mul(z, x, p)
  return z

p = 2**256 - 2**32 - 977

#TODO  edge cases

def point_add(Ax, Ay, Bx, By):
    """Point addition of points (Ax, Ay) and (Bx, By)"""
    
    l = div(sub(By, Ay,p), sub(Bx, Ax, p), p)
    Cx = sub(sub(exp(l, 2, p), Ax, p), Bx, p)
    Cy = sub(mul(l, sub(Ax, Cx, p), p), Ay, p)
    return Cx, Cy   # Point (Cx, Cy) = (Ax, Ay) + (Bx, By)

I'll just assume that all ops have to be done mod p instead of line-by-line.
full member
Activity: 162
Merit: 230
April 28, 2021, 11:33:30 AM
#46
Multisig does not require all participants to sign, you can generate any N-of-M schemes, like 1-of-2 where only a single participant needs to sign to spend. Or 2-of-3 where a majority needs to sign, but not everyone.
member
Activity: 348
Merit: 34
April 28, 2021, 11:19:25 AM
#45
person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...
And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address.

both dont know each other prvkeys, only pubkeys known each other ...
If this is what you want to achieve, then why not just use multi-sig?

Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access.
multisig requird both person sign/verify, in my new system, address and pubkey multi control, but could sign fro both and/or single, etc, anyway debate on every new system is always long, but first we need point con tests, Smiley

legendary
Activity: 2268
Merit: 18771
April 28, 2021, 10:46:20 AM
#44
person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...
And then what? Knowing the private keys to two public keys that you have added together, concatenated, whatever, will not let you spend any coins sent to that resulting public key's address.

both dont know each other prvkeys, only pubkeys known each other ...
If this is what you want to achieve, then why not just use multi-sig?

Trying to roll your own system like this is going to end up with you locking coins in an address or behind a script that you cannot access.
member
Activity: 348
Merit: 34
April 28, 2021, 10:29:39 AM
#43
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),


That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.
point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?

Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid.

Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless.
person a have prvkey = abc
person b have prvkey = def
both person have there prvkeys and pubkeys, then concatenate pubkeys points to get next pubkeys, .. so on word...
both dont know each other prvkeys, only pubkeys known each other ...
its all next level of works, first level work is point concatenate formula, consider on it to make point concatenate with it

full member
Activity: 162
Merit: 230
April 28, 2021, 09:51:50 AM
#42
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),


That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.
point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?

Your y values comes from the fact that the math behind the recovery of y values always gives some answer, even if the original x coordinate is invalid.

Also, you as saying you want to use this to generate new public addresses, but do you have any way to find the private key for these? Because without someone knowing the private key, having a public key is pretty useless.
legendary
Activity: 2268
Merit: 18771
April 28, 2021, 02:56:14 AM
#41
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....
Your result is wrong.

Consider graphically what is happening. The two points you have given above are the same point reflected over the x axis. To add these points you draw a line between them and mark the third point where it intersects the curve. The line you are drawing is vertical and therefore there is no y coordinate. As an example, look at this picture:



And now consider the equations I gave above. If the two x coordinates are the same, then Bx - Ax gives zero, meaning you must divide by zero to obtain the slope of the line.
member
Activity: 348
Merit: 34
April 27, 2021, 07:29:33 PM
#40
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),


That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.
point concatenation will help me to generate new public addresses in new security level, like multi pubkeys "3" p2wsh, p2sh, similar, finding new paring, diffrent level secure, but must know, 0 point loop holes
example if x=0 and not at curve then where from y -y comes, as its not satisfy Equation, Q is where from y-y comes ?
full member
Activity: 162
Merit: 230
April 27, 2021, 07:15:33 PM
#39
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),


That's not the way to do this point addition, if you add two points with the same X coordinate but opposite Y coordinates, you get the curve's infinity point, which is a special case and can't be represented as a public key.

Also you still haven't explained what this "concatenation" is supposed to accomplish.
member
Activity: 348
Merit: 34
April 27, 2021, 07:07:31 PM
#38
0379be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
+
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

result
valid curve x=0 and y=8f53.....

base on these strategy, going to find point concatenate, where result will be on curve or not at curve (if outside of modulo p),
full member
Activity: 162
Merit: 230
April 27, 2021, 07:00:04 PM
#37
None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7

get three x1, x2, x3 from x=0
tell me what y's and x's you get result

There are no results, because x=0 is not on the curve. The y values you get from x=0 do not as far as I can tell have any solution on the curve.

from x = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589

y1 = 84125d3056d8364cf8962165f479d3da6f2ebc096f792df0ba484d8d703c0667
y2 = 7beda2cfa927c9b30769de9a0b862c2590d143f69086d20f45b7b2718fc3f5c8
x1 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x2 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2
x3 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403

These, though, are valid, but what is the point? What is the relevance of finding other points with the same y coordinates?
member
Activity: 348
Merit: 34
April 27, 2021, 06:54:23 PM
#36
from x = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589

y1 = 84125d3056d8364cf8962165f479d3da6f2ebc096f792df0ba484d8d703c0667
y2 = 7beda2cfa927c9b30769de9a0b862c2590d143f69086d20f45b7b2718fc3f5c8
x1 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x2 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2
x3 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403
member
Activity: 348
Merit: 34
April 27, 2021, 06:52:03 PM
#35
None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7

get three x1, x2, x3 from x=0
tell me what y's and x's you get result
full member
Activity: 162
Merit: 230
April 27, 2021, 06:48:53 PM
#34
None of the combinations of those points are on the secp256k1 curve. Whatever you are doing, it is simply wrong.

Try it yourself, to be a valid point it has to satisfy the equation (x**3 + A*x + B) % N == (y**2) % N and for secp256k1 N = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f, A = 0, B = 7
member
Activity: 348
Merit: 34
April 27, 2021, 06:40:22 PM
#33
I got curious and wondered where you got 0x70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53 from, and discovered that it's what happens when you try to decompress a point with the x coordinate set to 0. Note that there are NO points on the secp256k1 curve with 0 as a valid x coordinate, this just happens because that iancoleman site doesn't check point validity at all.

If you enter 030000000000000000000000000000000000000000000000000000000000000000 into the iancoleman site, you get x=0 and y=0x70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53 - which makes me yet again wonder what the hell you are trying to do.

Could you try to explain a bit more what your goal is?
btw i mention valid points, as compress address same and uncompressed address changed

when you construct x1, x2, x3 from y1 or y2
your x=0 vanish

y1 = 8f537eefdfc1606a0727cd69b4a7333d38ed44e3932a7179eecb4b6fba9360dc
y2 = 70ac8110203e9f95f8d832964b58ccc2c712bb1c6cd58e861134b48f456c9b53
x1 = eb611af1fd2e89e5361028f25d1a5510a4bc477757be925a594ce17436afe403
x2 = 8a80022196a21dcf65edb784fabedce993aba053f77169c814b61f30be356589
x3 = 8a1ee2ec6c2f584b64021f88a826ce05c7981834b0d003dd91fcff590b1aaed2

i am simple playing with bits and curves Smiley
Pages:
Jump to: