2
$\begingroup$

I have 2 key pairs $(x_1, y_1)$, $(x_2, y_2)$.

I also have $a = $random 256-bit array and $b = $256-bit of defined values from me.

I know the values for $(x_1, y_1)$, $x_2$ and $b$. But I miss the value of $y_2$ (private key).

I have the following term:

// * = scalarmult_vartime (a * sha512 (a + b) [0-32]) + x1 = x2

Can I solve this equation for $y_2$? $a$ is flexible, so maybe it can be derived from $b$?

Of course, I know that I can not get a private key from a public bookmark, but in this case the publickey is the sum of the addition of a publickey (to which I know the private key) with a value defined to me.

(This is a simplified version of ECC Curve25519: How to generate this kind of private key? / Strange key exchange mechanism)

Improve this question
$\endgroup$
5
  • $\begingroup$ What is $x_3$? It doesn't seem defined in your question. $\endgroup$ Commented Jul 13, 2018 at 12:50
  • $\begingroup$ Try our new Meta answer about formatting math here and make your question look ni$e! Others, feel free to point to it! To my knowledge, just "Great" doesn't mean anything, by the way. Try and keep the question as clean / concise as possible. Finally, if this is a simplication or continuation of your previous question then please link to it. $\endgroup$ Commented Jul 13, 2018 at 12:57
  • $\begingroup$ Ah alright. You teaching me very well :). $\endgroup$ Commented Jul 13, 2018 at 13:22
  • 1
    $\begingroup$ If you know $x_2$, then you can easily calculate $y_2$ with the equation of the curve (this includes calculating discrete square roots in the underlying group) - all the rest is unrelated to your question. It you look at the wikipedia article, they mention the protocol uses compressed points (basically just the $x$ coordinate, because you can get $y$ from the curve equation anyway). $\endgroup$ Commented Jul 13, 2018 at 14:06
  • $\begingroup$ I'm not entirely sure which values in your expression above are scalars and which are points. My personal preference is to use lowercase values to represent scalars (private keys) and uppercase to represent points. Alice's keypair would be $(a,A)$ and Bob's $(b, B)$. With this nomenclature keep in mind that the secret key value for any linear combination of public key points is the corresponding linear combination of the secret keys. Otherwise stated: if $x,y$ are scalars then the secret key for the point $xA+yB$ is $xa+yb$. $\endgroup$ Commented Jul 13, 2018 at 18:12

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.