Search Posts

Post

Topic

Board Development & Technical Discussion

Re: Pairs of matching n-values in secp256k1 with changed b-values

eugenekhashin

on 03/01/2025, 14:12:43 UTC

Quote from: dexizer7799 on Today at 01:38:57 PM

p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f ** 2
K = GF(p)
a = K(0x0000000000000000000000000000000000000000000000000000000000000000)
b = K(0x0000000000000000000000000000000000000000000000000000000000000007)
E = EllipticCurve(K, (a, b))
G = E(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8)
E.set_order(0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 * 0x1)

Are you sure this works? I'm getting the error:

Quote

---------------------------------------------------------------------------
ValueError Traceback (most recent call last)
Cell In [685], line 19
17 E = EllipticCurve(K, (a, b))
18 G = E(Integer(0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798), Integer(0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8))
---> 19 E.set_order(Integer(0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141) * Integer(0x1))

File /private/var/tmp/sage-9.8-current/local/var/lib/sage/venv-python3.11.1/lib/python3.11/site-packages/sage/schemes/elliptic_curves/ell_finite_field.py:1302, in EllipticCurve_finite_field.set_order(self, value, check, num_checks)
1300 a,b = Hasse_bounds(q,1)
1301 if not a <= value <= b:
-> 1302 raise ValueError('Value %s illegal (not an integer in the Hasse range)' % value)
1303 # Is value*random == identity?
1304 for i in range(num_checks):

ValueError: Value 115792089237316195423570985008687907852837564279074904382605163141518161494337 illegal (not an integer in the Hasse range)

Also I'm not quite sure this makes any sense when you're trying to define the cardinality, especially trying to set the same cardinality of the initial curve.

Post

Topic

Board Development & Technical Discussion

Re: Pairs of matching n-values in secp256k1 with changed b-values

eugenekhashin

on 03/01/2025, 13:25:04 UTC

Quote from: dexizer7799 on Today at 07:46:44 AM

We can convert even to (p ^ 2) for secp256k1 but this is useless because we cannot do twist/subgroup/invalid curve attack.

Could you please explain what do you mean by p^2 exactly?

Post

Topic

Board Development & Technical Discussion

Re: Pairs of matching n-values in secp256k1 with changed b-values

eugenekhashin

on 02/01/2025, 10:14:08 UTC

Quote from: vjudeu on March 21, 2024, 05:49:54 AM

The question is: does it mean that there is some kind of connection between y^2=x^3+7, and for example y^2=x^3+2? Or maybe there is another connection, where points on curves with identical p-value and n-value can be mapped? Does it mean, that if we have b=0x7, where there are "n" points, and for example b=0xc curve also has the same amount of points, then does it mean we can map them 1:1?

You may also have a look at Jacobian coordinates of points and this bijection might become more clear for you: you're getting the same point using the same X and Y, but changing third Z coordinate. By saying the "same point" I mean the point which might be projected to any isomorphic plane. Note, that not all the possible Z values might be projected to initial curve (with Z=1).

Post

Topic

Board Development & Technical Discussion

Re: Pairs of matching n-values in secp256k1 with changed b-values

eugenekhashin

on 02/01/2025, 09:44:09 UTC

Quote from: vjudeu on March 21, 2024, 05:49:54 AM

Yes, you can map points on curves with the same cardinality (Eg a6: 7, 12, 20, 23, 26, 37, etc.) - they're are 100% isomorphic. Also there are no known connection (at least for me) between points on curves with different cardinalities (Eg a6: 7 and 2).