Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: modular inverse in bitcoin arithmetic
by
bkelly13
on 17/11/2024, 04:25:24 UTC
Potatotom: Song’s book is on order.  Hopefully that will be a thank you moment.

A follow up question.  The elliptic curve under discussion is defined as:

Y2 = x3 + ax + b  where a = 0 and b = 7 giving us
Y2 = x3 + 7 

To plot the curve we use exponentiation, which is repetitive multiplication.  And multiplication is repetitive addition.

Begin with point G on this curve, called the Generator Point.  If we have a private key of 0X0002, decimal value two, then the public address is the same as G added to itself, or G multiplied by 2.

I recognize that if we look at the curve, maybe graphed to show the two points, we cannot simply multiply point G by 2 to get the public address.  Or simply add G to G itself.  Those operations are not valid and don’t make sense. 

We must apply the arithmetic in accordance with the rules of the curve. 

But, we do have rules by which we can double G and/or add G to itself.  One set of rules has an equation that is used to calculate temporary variable used to determine the x and y values of the new point.  That one is:

s = ( 3 * (p1x) ** 2 + a ) / ( 2 * ( p1y ) )

This equation is about 2/3rds down the web page referenced above, under the header Double.  The equation uses color which will not work well here so I use p1x and p1y to refer to the x and y values of the first point.

The first question is trivial:  What does the a represent?  Is this the “a” from the equation where a = 0 and b = 7.  It may be a constant in the code but this is not apparent from the snipped provided.  In that case, it is interesting that “b” does not make an appearance in the doubling equations.

The second is a bit more involved.  Within the equation, we are using addition, multiplication, and exponentiation.  Not to the point itself, but to the constituent parts of the point, in accordance with the rules of the elliptic curve.   

To support this, mostly to verify or show wrong my claims, please visit to that web page, open the code section under “Double” and see that these regular arithmetic operations are utilized.

Why is division to the constituent parts of the point prohibited?