⭐ Merited by vapourminer (1)
My first post on this forum was about "split" keys. I ended that post by saying that you shouldn't mix up field operations with different moduli (funny word).
@garlonicon left a reply and a nice edit about how mixing them up can actually be useful, here's the relevant snip:
This made very little sense to me at the time, and I've been trying to figure it out on my own.
I get that for a given point you can find a "second" Y co-ordinate by negating it (modulo P).
As I understand it, this is because there are two solutions (given X) to this equation (modulo P):
Equation A: Y = (X ** 3 + 7) ** 1/2
I also get that if you negate the private key (modulo N), it has the same effect (i.e. producing a public key with the "other" Y co-ordinate).
Okay, so that takes care of the first two "trivial" points, what about the other four?
At first, I couldn't see how it would be possible to have three points with the same Y co-ordinate.
But, after learning a bit more about finding roots in finite fields I can now appreciate how there are three solutions (given Y) to this equation (modulo P):
Equation B: X = (Y ** 2 - 7) ** 1/3
I'm still not sure what (if any) the corresponding operations are with private keys (i.e. what do you have to do to a private key to produce these "other" X co-ordinates?).
Okay, so I can now see how to compute these 6 "trivial" points:
X1 = First solution to Equation B (given Y)
X2 = Second solution to Equation B (given Y)
X3 = Third solution to Equation B (given Y)
Y1 = First solution to Equation A (given X)
Y2 = Second solution to Equation A (given X)
Point A: (X1, Y1)
Point B: (X2, Y1)
Point C: (X3, Y1)
Point D: (X1, Y2)
Point E: (X2, Y2)
Point F: (X3, Y2)
What are these useful for? What "crazy stuff" can be done with them?
Thanks for your help
@garlonicon left a reply and a nice edit about how mixing them up can actually be useful, here's the relevant snip:
It is better than that: you can join sub-fields if you know how it works. For example, you have two public keys with the same x-value, and you have three public keys with the same y-value. That means, for a given public key, you always have six "trivial" points, forming some area. And you can do crazy stuff if you start dealing with such rectangles.
This made very little sense to me at the time, and I've been trying to figure it out on my own.
I get that for a given point you can find a "second" Y co-ordinate by negating it (modulo P).
As I understand it, this is because there are two solutions (given X) to this equation (modulo P):
Equation A: Y = (X ** 3 + 7) ** 1/2
I also get that if you negate the private key (modulo N), it has the same effect (i.e. producing a public key with the "other" Y co-ordinate).
Okay, so that takes care of the first two "trivial" points, what about the other four?
At first, I couldn't see how it would be possible to have three points with the same Y co-ordinate.
But, after learning a bit more about finding roots in finite fields I can now appreciate how there are three solutions (given Y) to this equation (modulo P):
Equation B: X = (Y ** 2 - 7) ** 1/3
I'm still not sure what (if any) the corresponding operations are with private keys (i.e. what do you have to do to a private key to produce these "other" X co-ordinates?).
Okay, so I can now see how to compute these 6 "trivial" points:
X1 = First solution to Equation B (given Y)
X2 = Second solution to Equation B (given Y)
X3 = Third solution to Equation B (given Y)
Y1 = First solution to Equation A (given X)
Y2 = Second solution to Equation A (given X)
Point A: (X1, Y1)
Point B: (X2, Y1)
Point C: (X3, Y1)
Point D: (X1, Y2)
Point E: (X2, Y2)
Point F: (X3, Y2)
What are these useful for? What "crazy stuff" can be done with them?
Thanks for your help