public key – Why not each [x,y] coordinate on the Secp256k1 curve corresponds to a legitimate uncompressed publicKey?

2 views 8:33 am 0 Comments June 9, 2023


First, some background.

1. There are some coordinates x,y satisfying y^2(mod p)=x^3+7(mod p) on the Secp256k1 curve that don’t correspond to a legitimate Bitcoin uncompressed publicKey of the shape 04[x,y].

We will show 1 utilizing the random_point() operate in Sage with unknown generator belowE=EllipticCurve(GF(modi), [0,7]). If we get fortunate, after a number of trials Sage returns some extent akin to Q.

   Q=E.random_point()

   Q
   (B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA : 
    691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3 : 1)

Now we’ve:

   Qx=B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA
   Qy=691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3

We confirm that Qy^2(mod p) = Qx^3+7 (mod p) is glad so we verify that Q is some extent on the Secp256k1 curve.

Subsequent, we attempt to validate Q as an uncompressed Bitcoin publicKey:

04B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3

We get: Q will not be a legitimate publicKey.

But, checking the validity of the mirrored level -Q, returns a legitimate publicKey:

   -Qx=B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA
   -Qy=F96E55BBAFDDEDA6EECD5590D8A7D4870668966721CAA3B11A69F24EA53F598C

Legitimate publicKey for -Q:

04B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DAF96E55BBAFDDEDA6EECD5590D8A7D4870668966721CAA3B11A69F24EA53F598C

Legitimate publicKey for -Q (hashed):

1A2gaiiKy91Pmx8EUcbT4Hd6JFZ3sQvUhM

Query:

Why not each [x,y] coordinate on the Secp256k1 curve corresponds to a legitimate uncompressed publicKey?

Word:

On this query, by validity I imply a set of EC coordinates (x,y) that may be hashed right into a bitcoin uncompressed deal with. I’m specifying uncompressed for apparent causes. My query is detailed sufficient I hope to point out that it isn’t referring to compressed Bitcoin addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *