Fully understanding bitcoin transcation verifying and secp256k1

Question

Hello fellow cryptographers.

I have spent last few days trying to understand and find a way to generate secp256k1 private and public keys from scratch, but i failed.

I have seen tons of videos and read tons of pdfs about it but I still can't understand how to implement it even in pseudocode.

r = Random
k = PrivateKey (64bit hex string that should safely be generated from r and hashed)
K = PublicKey
G =
0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C4655DA4FBF0E1108A8FD17B448A68554199C47D08FFB10D4B8
K = k * G

Now i know G has x,y and that 04 at the beginning means that its in uncompressed form. But i am confused with the way I should multiply k and G, since whenever I tried turning them into decimal values multiplying them and then encoding them into hex afterwards I would get wrong results.

Now lets say I have K(public key).

How would I go about encrypting an message, and then proving that I can decrypt it?

I really look forward to hearing your answers :D

Elliptic curves aren't used for encryption. They're used for the exchange of symmetric keys (via ECDH) or for signatures (what Bitcoin uses). No encryption involved. It's possible to instantiate ElGamal with an elliptic curve, but that's basically never done in practice because asymmetric encryption is pretty useless compared to hybrid encryption. — SAI Peregrinus, May 11 '21 at 18:14
Also, why are you trying to use decimal values for anything here? That's unnecessary complication. Programming questions are off-topic on this site (that's what StackOverflow is for), unless related to particular implementation details specific to cryptography (side-channel attacks and such). But you have some general questions about how ECC works (I think you're trying to ask why a public key is k*G, how to use ECC to transfer a message in secret, and maybe some other questions). It'd be better if you asked one question per post, each about the math and concepts you're confused about. — SAI Peregrinus, May 11 '21 at 18:19
Finally, Cloudflare have a good primer on ECC: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ — SAI Peregrinus, May 11 '21 at 18:25
You might have the same conceptual problem Problem on Elliptic Curve Point Doubling, Can you tell me why doing scalar multiplication of a point on a Elliptic curve over a finite field gets to a point at infinity?. You need the formulas What is the point at infinity on secp256k1 and how to calculate it? to calculate it. Use SageMath,easier. — kelalaka, May 11 '21 at 18:56
You might also want to see the visialization of ECC and with torus, too — kelalaka, May 11 '21 at 21:55
Also, a secp256k1 private key is 256 bits; 64 bits would be easily broken and not secure. It can be represented by 64 hex digits, but hex digits aren't bits, and hex is only one of many ways to represent bits. It generally doesn't need to be hashed, unless it's derived from human input like a password or in bitcoin commonly a 'seed phrase' -- a sequence of 12 or 24 words but not really a phrase -- in which case a simple hash is nowhere near sufficient and you should follow tested designs like BIP 39 or the many many existing Qs on password-based hashing and key derivation. — dave_thompson_085, May 12 '21 at 01:07

score 1 · Answer 1 · answered May 12 '21 at 17:36

G is a point on the curve, but multiplication on elliptic curves is not the same as just multiplying the x and y value by the number. Have a look here https://en.m.wikipedia.org/wiki/Elliptic_curve_point_multiplication to see how you multiply a Point (G) with a natural number. Because the elliptic curve, you are talking about, is not over the real numbers, but over a residual field (natural numbers mod N), the division is just another way to write the multiplication by the inverse (mod N) https://en.m.wikipedia.org/wiki/Modular_multiplicative_inverse

Fully understanding bitcoin transcation verifying and secp256k1

1 Answers1