How to figure out the coordinates of a compressed G point?

Question

I really can't get my head around this ECDSA thing... So far I know that it's used for validating transactions by having a private key sign its signature to the transaction. I've come to the math part of ECDSA, but I just can't find any sources that are newb-friendly or explain everything to detail. I've checked out the datasheet for the secp256k1 and all the recommended values for the different variables. In the datasheet there's the G point, which is in both compressed and uncompressed form, but I just don't get how I figure out the X and Y value, the actual coordinates, the location of the base point?

Does anyone have any SUPER well explained guide or something on how the math behind it works? It's for a really important assignment due thursday.

Thanks in advanced.

The uncompressed encoding in hex for elliptic curve points is 04 + 32-byte X + 32-byte Y. — Pieter Wuille, Dec 17 '18 at 00:40
Try reading SEC 1 - Standards for Efficient Cryptography Group it contains everything apart from the efficient ways of computing different things (like point multiplication) but I think it is a good start. The part answering your question is explained in section 2.3.3 page 10 and 11. — Coding Enthusiast, Mar 18 '19 at 16:05

score 1 · Answer 1 · answered Feb 15 '19 at 14:46

Actually the compressed form in hex is 02 + X_coordinate if Y coordinate is even, or 03 + X_coordinate if Y coordinate is odd; comparing to the uncompressed form is 04 + X_coordinate + Y_coordinate.

So to retrieve the coordinates from the compressed form, just calculate the Y coordinate by curve equation Y^2 = X^3 + a*X + b, there will be two Y values, then choose the correct one by the prefix which is 02 or 03.

You will get the actual coordinates of the point.

skaht · Answer 2 · 2020-11-19T06:52:08.647

The following complements the answer from @James with some simple working bitcoin-explorer math examples to facilitate comprehension:

G = 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798

k = 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD (private key)

K = G*k

where 0 < k < 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

To compute a compressed public key (K) using secp256k1 elliptic curve math:

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD

03f028892bad7ed57d2fb57bf33081d5cfcf6f9ed3d3d7f159c2e2fff579dc341a

Since G is fixed for secp256k1, the compressed public key can be simply computed using this:

% bx ec-to-public 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD 03f028892bad7ed57d2fb57bf33081d5cfcf6f9ed3d3d7f159c2e2fff579dc341a

The information below should provide addition low level insights. Notice with the examples below if elliptic curve addition is defined then elliptic curve multiplication can be defined:

G + G = 2*G:

% bx ec-add 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000001 02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5

G + G + G = 3*G:

% bx ec-add 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000002 02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9

2G + 2G = 4*G:

% bx ec-add 02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5 0000000000000000000000000000000000000000000000000000000000000002 02e493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13

4G + 4G = 8*G:

% bx ec-add 02e493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13 0000000000000000000000000000000000000000000000000000000000000004 022f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01

256-bit private key (k) integers can be factored and addition operations above applied repeatedly to create lookup tables to quickly calculate elliptic curve multiplication operations:

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000001 0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000002 02c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000003 02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000004 02e493dbf1c10d80f3581e4904930b1404cc6c13900ee0758474fa94abe8c4cd13

% bx ec-multiply 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0000000000000000000000000000000000000000000000000000000000000008 022f01e5e15cca351daff3843fb70f3c2f0a1bdd05e5af888a67784ef3e10a2a01

Hi, I think you have switched G and k? G should be 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798. Can you please fix it? Thanks in advance, Bernard — Bernard Ladenthin, Nov 17 '20 at 23:44

How to figure out the coordinates of a compressed G point?

2 Answers2