Menu: crack demo curve calculator curve demo bitcoin transaction unittest
Author: Willem Hengeveld, itsme@xs4all.nl, Source: on github.

Several example calculations with the bitcoin parameters. In these calculations the following parameters are used:

Note that in bitcoin calculations the message is the hash of the prepared transaction.
Also note that in bitcoin the s value is required to be between 0 and half the group order, you have to take the negative when it is larger.

Example, cracking a key using secret-reuse

The calculation is:
 k = (m1-m2)/(s1-s2) 
And then calculate x in the same way as in the next example.

r:
m1: s1:
m2: s2:
k: x:

Example, cracking a key using known secret

x = (s*k-m)/r
k:
s: m:
x:

Example, calculate a public key

Y = G * x
x:
px: py:

Example, sign a message with a secret key

r = xcoord(G*k),  s = (m+x*r)/k
x: k:
m:
r: s:

Example, verify a message signature.

G*m+Y*r==R*s
px: py:
r: s:
m:
result:

Example, find pubkey.

Y = (R*s-G*m)/r
r: s:
m:
px: py:
px: py:

Example, find signing secret.

k = (m+x*r)/s
r: s:
x:
m:
k:

Example, add points.

x: y:
x: y:
x: y:

Example, multiply point by a number.

x: y:
a:
x: y:

Example, divide point by a number.

multiply by the modular inverse in GFn
x: y:
a:
x: y:

Decompress a point

 y = sqrt(x^3+a*x+b)
x:
even y:
odd y:

You can decompress from `y` as well.

 x = cuberoot(y^2-7)
This works, because for the secp256k1 curve, 'a' is zero.
y:
first x:
secondx:
third x:

Validate point.

checks that:
y2 == x3+a*x+b
result:
x: y: