First, some background.
1. There are some coordinates x,y
satisfying y^2(mod p)=x^3+7(mod p)
on the Secp256k1 curve that don’t correspond to a sound Bitcoin uncompressed publicKey of the shape 04[x,y]
.
We will show 1 utilizing the random_point()
perform in Sage with unknown generator underneathE=EllipticCurve(GF(modi), [0,7])
. If we get fortunate, after just a few trials Sage returns a degree equivalent to Q.
Q=E.random_point()
Q
(B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA :
691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3 : 1)
Now we’ve got:
Qx=B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA
Qy=691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3
We confirm that Qy^2(mod p) = Qx^3+7 (mod p)
is happy so we verify that Q is a degree on the Secp256k1 curve.
Subsequent, we attempt to validate Q as an uncompressed Bitcoin publicKey:
04B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA691AA44502212591132AA6F27582B78F9976998DE355C4EE5960DB05AC0A2A3
We get: Q will not be a sound publicKey
.
But, checking the validity of the mirrored level -Q, returns a sound publicKey:
-Qx=B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DA
-Qy=F96E55BBAFDDEDA6EECD5590D8A7D4870668966721CAA3B11A69F24EA53F598C
Legitimate publicKey for -Q:
04B8F0170E293FCC9291BEE2665E9CA9B25D3B11810ED68D9EA0CB440D7064E4DAF96E55BBAFDDEDA6EECD5590D8A7D4870668966721CAA3B11A69F24EA53F598C
Legitimate publicKey for -Q (hashed):
1A2gaiiKy91Pmx8EUcbT4Hd6JFZ3sQvUhM
Query:
Why not each [x,y] coordinate on the Secp256k1 curve corresponds to a sound uncompressed publicKey?
Be aware:
On this query, by validity I imply a set of EC coordinates (x,y) that may be hashed right into a bitcoin uncompressed tackle. I’m specifying uncompressed for apparent causes. My query is detailed sufficient I hope to point out that it isn’t referring to compressed Bitcoin addresses.