I'm currently trying to understand electrum's approach to decompress compressed public keys. However, I'm struggling with two things:
- What is the meaning of the offset? Why is it needed? Other implementations seem to be fine without it.
What are the mathematical foundations? Why does x + offset still result in the same y (or does it?)? - When calculating y^2, why is the coefficent a multiplied by x^2 instead of just x, like in the basic elliptic curve equation?
Could this be a bug, that has not yet been discovered, because a is 0 in secp256k1?
Did you ever forward your find to the Electrum team so that they can take a look at it and fix it?
It is indeed strange that they have the "offset" variable, which could only ever return false results if it is not 0
On the other hand. When does Electrum use that function? I suppose it is used very rarely, and that is why that bug has not been found before.