Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Pollard's kangaroo ECDLP solver
by
BitCrack
on 27/05/2020, 15:01:50 UTC
Quote from: arulbero on Today at 02:50:46 PM
Quote from: MrFreeDragon on Today at 02:23:59 PM
Quote from: arulbero on Today at 12:40:30 PM
-snip-
There are about 2^256 points, then 2^255 different X-coordinates (k*G and -k*G have the same x-coordinate).
-snip-

Is this proved fact?

I mean why every private key leads to the unique X-coordinate? (except for symmetry point).
In other words, if k and (order-k) leads to x-coordinate Xk, how could we be sure that there are no other key m leads to Xk as well? (m differs from k and (order-k) )

Because it is proved that:

1) for each private key there is only 1 point (n private keys, n points, n is the order of the curve)

2) for each x-coordinate, the y-coordinate must fulfil this relation: y^2 = x^3 + 7 mod n;

each equation of the form y^2 = a   has or 2 opposite solutions (+y and -y -> k*G / -k*G), or has no solution.

Therefor there can't be 3 different points with the same x-coordinate and with 3 different y-coordinate, because there are no 3 different y solutions for the equation y^2 = a mod n.

We know that there are exactly (n-1)/2 different x-coordinates (and (n-1)/3 different y-coordinates)


That's how the math works. The points on the curve form a group (https://en.wikipedia.org/wiki/Group_%28mathematics%29) and the point G is a generator of that group.