18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725 0450863AD64

1. 18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725
2.  
3. 0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6
4.  
5. 11253563012059685825953619222107823549092147699031672238385790369351542642469
6.  
7. 36422191471907241029883925342251831624200921388586025344128047678873736520530
8. 20277110887056303803699431755396003735040374760118964734768299847012543114150
9.  
10. 1*G
11. 2*G = G+G
12. 4*G = 2*G + 2*G
13. 8*G = 4*G + 4*G
14. 16*G = 8*G + 8*G
15. 32*G = 16*G + 16*G
16. 64*G = 32*G + 32*G
17.  
18. privkey pointlist
19. 1 1*G
20. 0 2*G
21. 0 4*G
22. 1 8*G
23. 0 16*G
24. 1 32*G
25. 1 64*G
26.  
27. 9*G = 1*G + 8*G
28. 41*G = (9+32)*G = 9*G + 32*G
29. 105*G = (41+64)*G = 41*G + 64*G
30.  
31. #! /usr/bin/env python
32. # python 2.x
33.  
34. class CurveFp( object ):
35. def __init__( self, p, a, b ):
36. self.__p = p
37. self.__a = a
38. self.__b = b
39.  
40. def p( self ):
41. return self.__p
42.  
43. def a( self ):
44. return self.__a
45.  
46. def b( self ):
47. return self.__b
48.  
49. def contains_point( self, x, y ):
50. return ( y * y - ( x * x * x + self.__a * x + self.__b ) ) % self.__p == 0
51.  
52. class Point( object ):
53. def __init__( self, curve, x, y, order = None ):
54. self.__curve = curve
55. self.__x = x
56. self.__y = y
57. self.__order = order
58. if self.__curve: assert self.__curve.contains_point( x, y )
59. if order: assert self * order == INFINITY
60.  
61. def __add__( self, other ):
62. if other == INFINITY: return self
63. if self == INFINITY: return other
64. assert self.__curve == other.__curve
65. if self.__x == other.__x:
66. if ( self.__y + other.__y ) % self.__curve.p() == 0:
67. return INFINITY
68. else:
69. return self.double()
70.  
71. p = self.__curve.p()
72. l = ( ( other.__y - self.__y ) *
73. inverse_mod( other.__x - self.__x, p ) ) % p
74. x3 = ( l * l - self.__x - other.__x ) % p
75. y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
76. return Point( self.__curve, x3, y3 )
77.  
78. def __mul__( self, other ):
79. def leftmost_bit( x ):
80. assert x > 0
81. result = 1L
82. while result <= x: result = 2 * result
83. return result / 2
84.  
85. e = other
86. if self.__order: e = e % self.__order
87. if e == 0: return INFINITY
88. if self == INFINITY: return INFINITY
89. assert e > 0
90. e3 = 3 * e
91. negative_self = Point( self.__curve, self.__x, -self.__y, self.__order )
92. i = leftmost_bit( e3 ) / 2
93. result = self
94. while i > 1:
95. result = result.double()
96. if ( e3 & i ) != 0 and ( e & i ) == 0: result = result + self
97. if ( e3 & i ) == 0 and ( e & i ) != 0: result = result + negative_self
98. i = i / 2
99. return result
100.  
101. def __rmul__( self, other ):
102. return self * other
103.  
104. def __str__( self ):
105. if self == INFINITY: return "infinity"
106. return "(%d,%d)" % ( self.__x, self.__y )
107.  
108. def double( self ):
109. if self == INFINITY:
110. return INFINITY
111.  
112. p = self.__curve.p()
113. a = self.__curve.a()
114. l = ( ( 3 * self.__x * self.__x + a ) *
115. inverse_mod( 2 * self.__y, p ) ) % p
116. x3 = ( l * l - 2 * self.__x ) % p
117. y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
118. return Point( self.__curve, x3, y3 )
119.  
120. def x( self ):
121. return self.__x
122.  
123. def y( self ):
124. return self.__y
125.  
126. def curve( self ):
127. return self.__curve
128.  
129. def order( self ):
130. return self.__order
131.  
132. INFINITY = Point( None, None, None )
133.  
134. def inverse_mod( a, m ):
135. if a < 0 or m <= a: a = a % m
136. c, d = a, m
137. uc, vc, ud, vd = 1, 0, 0, 1
138. while c != 0:
139. q, c, d = divmod( d, c ) + ( c, )
140. uc, vc, ud, vd = ud - q*uc, vd - q*vc, uc, vc
141. assert d == 1
142. if ud > 0: return ud
143. else: return ud + m
144.  
145. # secp256k1
146. _p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2FL
147. _r = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141L
148. _b = 0x0000000000000000000000000000000000000000000000000000000000000007L
149. _a = 0x0000000000000000000000000000000000000000000000000000000000000000L
150. _Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798L
151. _Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8L
152.  
153. class Public_key( object ):
154. def __init__( self, generator, point ):
155. self.curve = generator.curve()
156. self.generator = generator
157. self.point = point
158. n = generator.order()
159. if not n:
160. raise RuntimeError, "Generator point must have order."
161. if not n * point == INFINITY:
162. raise RuntimeError, "Generator point order is bad."
163. if point.x() < 0 or n <= point.x() or point.y() < 0 or n <= point.y():
164. raise RuntimeError, "Generator point has x or y out of range."
165.  
166. curve_256 = CurveFp( _p, _a, _b )
167. generator_256 = Point( curve_256, _Gx, _Gy, _r )
168. g = generator_256
169.  
170. if __name__ == "__main__":
171. print '======================================================================='
172. ### set privkey
173. # wiki
174. #secret = 0xE9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262L
175. # question
176. secret = 0x18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725L
177.  
178. ### print privkey
179. print 'secret', hex(secret)
180. ### generate pubkey
181. pubkey = Public_key( g, g * secret )
182. ### print pubkey
183. print 'pubkey', hex(pubkey.point.x()), hex(pubkey.point.y())
184. print '======================================================================='
185.  
186. class CalcPub
187. {
188. public static void Main()
189. {
190. var p = BigInteger.Parse("0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", NumberStyles.HexNumber);
191. var b = (BigInteger)7;
192. var a = BigInteger.Zero;
193. var Gx = BigInteger.Parse("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", NumberStyles.HexNumber);
194. var Gy = BigInteger.Parse("483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", NumberStyles.HexNumber);
195.  
196. CurveFp curve256 = new CurveFp(p, a, b);
197. Point generator256 = new Point(curve256, Gx, Gy);
198.  
199. var secret = BigInteger.Parse("18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725", NumberStyles.HexNumber);
200.  
201. Console.WriteLine("secret {0}", secret.ToString("X"));
202. var pubkeyPoint = generator256 * secret;
203. Console.WriteLine("pubkey {0}{1}", pubkeyPoint.X.ToString("X"), pubkeyPoint.Y.ToString("X"));
204. }
205. }
206. class Point
207. {
208. public static readonly Point INFINITY = new Point(null, default(BigInteger), default(BigInteger));
209. public CurveFp Curve { get; private set; }
210. public BigInteger X { get; private set; }
211. public BigInteger Y { get; private set; }
212.  
213. public Point(CurveFp curve, BigInteger x, BigInteger y)
214. {
215. this.Curve = curve;
216. this.X = x;
217. this.Y = y;
218. }
219. public Point Double()
220. {
221. if (this == INFINITY)
222. return INFINITY;
223.  
224. BigInteger p = this.Curve.p;
225. BigInteger a = this.Curve.a;
226. BigInteger l = ((3 * this.X * this.X + a) * InverseMod(2 * this.Y, p)) % p;
227. BigInteger x3 = (l * l - 2 * this.X) % p;
228. BigInteger y3 = (l * (this.X - x3) - this.Y) % p;
229. return new Point(this.Curve, x3, y3);
230. }
231. public override string ToString()
232. {
233. if (this == INFINITY)
234. return "infinity";
235. return string.Format("({0},{1})", this.X, this.Y);
236. }
237. public static Point operator +(Point left, Point right)
238. {
239. if (right == INFINITY)
240. return left;
241. if (left == INFINITY)
242. return right;
243. if (left.X == right.X)
244. {
245. if ((left.Y + right.Y) % left.Curve.p == 0)
246. return INFINITY;
247. else
248. return left.Double();
249. }
250.  
251. var p = left.Curve.p;
252. var l = ((right.Y - left.Y) * InverseMod(right.X - left.X, p)) % p;
253. var x3 = (l * l - left.X - right.X) % p;
254. var y3 = (l * (left.X - x3) - left.Y) % p;
255. return new Point(left.Curve, x3, y3);
256. }
257. public static Point operator *(Point left, BigInteger right)
258. {
259. var e = right;
260. if (e == 0 || left == INFINITY)
261. return INFINITY;
262. var e3 = 3 * e;
263. var negativeLeft = new Point(left.Curve, left.X, -left.Y);
264. var i = LeftmostBit(e3) / 2;
265. var result = left;
266. while (i > 1)
267. {
268. result = result.Double();
269. if ((e3 & i) != 0 && (e & i) == 0)
270. result += left;
271. if ((e3 & i) == 0 && (e & i) != 0)
272. result += negativeLeft;
273. i /= 2;
274. }
275. return result;
276. }
277.  
278. private static BigInteger LeftmostBit(BigInteger x)
279. {
280. BigInteger result = 1;
281. while (result <= x)
282. result = 2 * result;
283. return result / 2;
284. }
285. private static BigInteger InverseMod(BigInteger a, BigInteger m)
286. {
287. while (a < 0) a += m;
288. if (a < 0 || m <= a)
289. a = a % m;
290. BigInteger c = a;
291. BigInteger d = m;
292.  
293. BigInteger uc = 1;
294. BigInteger vc = 0;
295. BigInteger ud = 0;
296. BigInteger vd = 1;
297.  
298. while (c != 0)
299. {
300. BigInteger r;
301. //q, c, d = divmod( d, c ) + ( c, );
302. var q = BigInteger.DivRem(d, c, out r);
303. d = c;
304. c = r;
305.  
306. //uc, vc, ud, vd = ud - q*uc, vd - q*vc, uc, vc;
307. var uct = uc;
308. var vct = vc;
309. var udt = ud;
310. var vdt = vd;
311. uc = udt - q * uct;
312. vc = vdt - q * vct;
313. ud = uct;
314. vd = vct;
315. }
316. if (ud > 0) return ud;
317. else return ud + m;
318. }
319. }
320. class CurveFp
321. {
322. public BigInteger p { get; private set; }
323. public BigInteger a { get; private set; }
324. public BigInteger b { get; private set; }
325. public CurveFp(BigInteger p, BigInteger a, BigInteger b)
326. {
327. this.p = p;
328. this.a = a;
329. this.b = b;
330. }
331. }
332.  
333. #! /usr/bin/env python
334.  
335. class Point(object):
336. def __init__(self, _x, _y, _order = None): self.x, self.y, self.order = _x, _y, _order
337.  
338. def calc(self, top, bottom, other_x):
339. l = (top * inverse_mod(bottom)) % p
340. x3 = (l * l - self.x - other_x) % p
341. return Point(x3, (l * (self.x - x3) - self.y) % p)
342.  
343. def double(self):
344. if self == INFINITY: return INFINITY
345. return self.calc(3 * self.x * self.x, 2 * self.y, self.x)
346.  
347. def __add__(self, other):
348. if other == INFINITY: return self
349. if self == INFINITY: return other
350. if self.x == other.x:
351. if (self.y + other.y) % p == 0: return INFINITY
352. return self.double()
353. return self.calc(other.y - self.y, other.x - self.x, other.x)
354.  
355. def __mul__(self, e):
356. if self.order: e %= self.order
357. if e == 0 or self == INFINITY: return INFINITY
358. result, q = INFINITY, self
359. while e:
360. if e&1: result += q
361. e, q = e >> 1, q.double()
362. return result
363.  
364. def __str__(self):
365. if self == INFINITY: return "infinity"
366. return "04 %x %x" % (self.x, self.y)
367.  
368. def inverse_mod(a):
369. if a < 0 or a >= p: a = a % p
370. c, d, uc, vc, ud, vd = a, p, 1, 0, 0, 1
371. while c:
372. q, c, d = divmod(d, c) + (c,)
373. uc, vc, ud, vd = ud - q*uc, vd - q*vc, uc, vc
374. if ud > 0: return ud
375. return ud + p
376.  
377. p, INFINITY = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2FL, Point(None, None) # secp256k1
378. g = Point(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798L, 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8L,
379. 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141L)
380. secret = 0x18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725L
381. print ' privkey: %xn pubkey: %s' % (secret, g * secret)
382.  
383. privkey: 18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725
384. pubkey: 04 50863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352 2cd470243453a299fa9e77237716103abc11a1df38855ed6f2ee187e9c582ba6
385.  
386. def sk_to_pk(sk):
387. """
388. Derive the public key of a secret secp256k1 key.
389.  
390. Args:
391. sk: An integer representing the secret key (also known as secret
392. exponent).
393.  
394. Returns:
395. A coordinate (x, y) on the curve repesenting the public key
396. for the given secret key.
397.  
398. Raises:
399. ValueError: The given key was not valid.
400. """
401. # base point (generator)
402. G = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
403. 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
404.  
405. # field prime
406. P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
407.  
408. # order
409. N = (1 << 256) - 0x14551231950B75FC4402DA1732FC9BEBF
410.  
411. # check if the key is valid
412. if not(0 < sk < N):
413. msg = "{} is not a valid key (not in range [1, {}]"
414. raise ValueError(msg.format(hex(sk), hex(N-1)))
415.  
416. # addition operation on the elliptic curve
417. # see: https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Point_addition
418. # note that the coordinates need to be given modulo P and that division is
419. # done by computing the multiplicative inverse, which can be done with
420. # x^-1 = x^(P-2) mod P using fermat's little theorem (the pow function of python
421. # can do this efficiently even for very large P)
422. def add(p, q):
423. px, py = p
424. qx, qy = q
425. if p == q:
426. lam = (3 * px * px) * pow(2 * py, P - 2, P)
427. else:
428. lam = (qy - py) * pow(qx - px, P - 2, P)
429. xr = (lam**2 - px - qx)
430. yr = (lam * (px - xr) - py)
431. return xr % P, yr % P
432.  
433. # compute G * sk by repeatedly adding
434. # by using the binary representation of sk this can be done in 256
435. # iterations
436. ret = None
437. for i in xrange(256):
438. if sk & (1 << i):
439. if ret is None:
440. ret = G
441. else:
442. ret = add(ret, G)
443. G = add(G, G)
444.  
445. return ret