This question relates to the application of basic elliptic curve crypto for the needs of a Bitcoin project.
I need to generate a receive address (contract_public_key) that is directly associated with another (issuer_public_key) and some metadata, M, to form a Bitcoin contract.
I will try to put in more general terms...
So we have the following:
G is the elliptic curve base point.
issuer_private_key = <some random 256bit scalar>
issuer_public_key = issuer_private_key * G
M = 'Terms of contract bla bla and also includes issuer_public_key for safety'
I want a function, GenPub, where:
GenPub(issuer_public_key, M) = contract_public_key
I want a function, GenPriv, where:
GenPub(issuer_public_key, issuer_private_key, M) = contract_private_key
such that,
contract_public_key = contract_private_key * G
Here is my first attempt in pseudo-python:
def GenPub(issuer_public_key, M):
# generate a hash of the message
e = SHA256(M)
# create an EC point that is known to both parties
contract_point = (e * issuer_public_key)
# generate a public key for this contract
return contract_point + issuer_public_key
def GenPriv(issuer_public_key, issuer_private_key, M):
# generate a hash of the message
e = SHA256(M)
# create an EC point that is known to both parties
contract_point = (e * issuer_public_key)
# generate a private key for this contract
return contract_point + issuer_private_key
# the public key for the contract
contract_private_key = GenPub(issuer_public_key, M)
# the private key for contract
contract_private_key = GenPriv(issuer_public_key, issuer_private_key, M)
Feedback much appreciated
contract_point + issuer_private_keycannot be computed.contract_pointis a point on elliptic curve butissuer_private_keyis just a scalar.Suppose you want is:
I am not sure the security of this system. It needs some cryptanalysis. Maybe you can ask help from crypto.stackexchange.com.
In my opinion, I will use a key exchange scheme to negotiate a secret key of the contract.