(Python)
> p=0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
>
> x=0x78D430274F8C5EC1321338151E9F27F4C676A008BDF8638D07C0B6BE9AB35C71
>
> x3=pow(x,3,p) --> x^3 = x^3 mod p
>
> y2=(x3+7) % p --> y^2 = x^3 + 7 mod p
>
> y=pow(y2,(p+1)/4,p) --> this line computes sqrt(y^2) = y
>
> hex(y)
'0x5eae7f9cdbc532b201694991c0d137fec371f8d32f64c7cb5e607e08a633c7da'
>
because this y is even, we compute -y = p-y (if y is even, p-y is always odd and viceversa)
>
> hex(p-y)
>'0xa1518063243acd4dfe96b66e3f2ec8013c8e072cd09b3834a19f81f659cc3455'
then:
A1518063243ACD4DFE96B66E3F2EC8013C8E072CD09B3834A19F81F659CC3455 : y (odd)
uncompressed key = '04' + 'x' + 'y'
0478D430274F8C5EC1321338151E9F27F4C676A008BDF8638D07C0B6BE9AB35C71A1518063243ACD4DFE96B66E3F2EC8013C8E072CD09B3834A19F81F659CC3455
Wow, thank you for posting this. I was driving myself insane trying to understand more of the math and how it's actually implemented, trying very small values from links like this one:
https://www.coindesk.com/math-behind-bitcointo get a feel for it. I think I'm getting there. I hope that ordering and reading Mastering Bitcoin: Programming the Open Blockchain will help with the math, and trying to write my own blockchain parser.
I'm not a math heavyweight, so I have a couple of questions if you have time:
From what I understand so far, there are constants that are always the same in Bitcoin. This includes the Q (curve generator), the p (for mod p), taken from your code and which I noted in the link to coindesk. I couldn't see how the order was calculated, given other values. Can you briefly describe what a base point is? I think I'm getting a decent idea of what a finite field is.
When trying to find:
y=pow(y2,(p+1)/4,p) --> this line computes sqrt(y^2) = y
Is this always how it's done, for any y2, p is always the same, and the (p+1)/4 part is constant as well for getting y from y2?
Thanks again!