Search code examples
cryptographybitcoinelliptic-curve

Generate new public key from hash of a message.

This question relates to the application of basic elliptic curve crypto for the needs of a Bitcoin project.

I need to generate a receive address (contract_public_key) that is directly associated with another (issuer_public_key) and some metadata, M, to form a Bitcoin contract.

I will try to put in more general terms...

So we have the following:

G is the elliptic curve base point.

issuer_private_key = <some random 256bit scalar>
issuer_public_key = issuer_private_key * G

M = 'Terms of contract bla bla and also includes issuer_public_key for safety'

I want a function, GenPub, where:

GenPub(issuer_public_key, M) = contract_public_key

I want a function, GenPriv, where:

GenPub(issuer_public_key, issuer_private_key, M) = contract_private_key

such that,

contract_public_key = contract_private_key * G

Here is my first attempt in pseudo-python:

def GenPub(issuer_public_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # create an EC point that is known to both parties
    contract_point =  (e * issuer_public_key)

    # generate a public key for this contract
    return contract_point + issuer_public_key


def GenPriv(issuer_public_key, issuer_private_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # create an EC point that is known to both parties
    contract_point =  (e * issuer_public_key)

    # generate a private key for this contract
    return contract_point + issuer_private_key


# the public key for the contract
contract_private_key = GenPub(issuer_public_key, M)

# the private key for contract
contract_private_key = GenPriv(issuer_public_key, issuer_private_key, M)

Feedback much appreciated

Solution

  • contract_point + issuer_private_key cannot be computed. contract_point is a point on elliptic curve but issuer_private_key is just a scalar.

    Suppose you want is:

    def GenPriv(issuer_public_key, issuer_private_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # generate a private key for this contract
    return e + issuer_private_key

    I am not sure the security of this system. It needs some cryptanalysis. Maybe you can ask help from crypto.stackexchange.com.

    In my opinion, I will use a key exchange scheme to negotiate a secret key of the contract.