Introduce secp256k1 module with field and group classes to test framework #26222 #32
Replies: 1 comment
-
SummaryElliptic curve operations can be implemented without introducing field and group logic. This was how elliptic curve operations were done in the test framework before this PR. Fields and groups are just powerful tools that can be used to generalize and study elliptic curves. Rewriting elliptic curve operations using these tools makes the code much more intuitive to understand and easier to read. Field logic needs to be introduced in the test framework to implement algorithms like Elligator Swift to transmit public keys securely. Using field/group logic for all the elliptic curve operations improves code consistency. 1. Did you review the PR? Concept ACK, approach ACK, tested ACK, or NACK? What was your review approach?Concept/tested ACK by the participants, who found the code much more intuitive. 2. Diophantus from Ancient Greece in his famous work "Arithmetica" discovered a way to find another rational point on an elliptic curve. Modern cryptography, which uses these elliptic curves is a very recent 21st century phenomenon. Pretty sure Diophantus didn't in his wildest dreams imagine that elliptic curves would find such widespread use in cryptography/magic internet money :) How did something which was discovered 1800 years ago out of curiosity(maybe) end up being used in modern cryptography?Let's into the evolution of elliptic curves, abstract algebra and modern cryptography over time:
3. What is a Group?
4. What is a Field?
5. Write a test using class FE for basic field element operations - addition, multiplication.file name: test/functional/test_framework/secp256k1.py
6. Verify Fermat's little theorem using class FE.file name: test/functional/test_framework/secp256k1.py
7. Elliptic curve point addition of 2 points P and Q is defined geometrically by drawing a line between 2 points P and Q. This line will intersect the elliptic curve at one more point called R. However, we don't say the result of point addition is this point R! We still need to reflect point R about the x axis to get the result of our point addition. Why do this reflection? What would happen if we defined point addition without reflection?Because we reflect about x axis, performing P + (Q + R) = (P + Q) + R and we can just write it as P + Q + R. Reflection is needed to ensure associative property in elliptic curve groups. 8. class GE represents infinity explicitly. What is the point at infinity in an elliptic curve? Why do we need this point? Where are regions in the code where we need to handle infinity scenarios properly?Geometrically, when we add an elliptic curve point P with its inverse -P, it will not intersect the curve again at a 3rd point. So we introduce an artificial point called point at infinity. This point helps the elliptic curve behave as a group and serves as the identity element. We need to distinguish scenarios where infinity is returned from cases where none (which happens due to errors) is returned in the code. 9. What's a generator point in an elliptic curve?Generator point is the point using which we can generate all possible elliptic curve points on the curve by multiplying it with integers in the range [1...n], where n is the order of the curve (total number of points on the curve including infinity point). Watch this video for understanding how the generator point for secp256k1 might have been picked. 10. Are there any downsides to rewriting the elliptic curve logic using fields/groups?The elliptic curve operations were slower. Using a multiplication table in the second commit helped speed things up. There's still a lag caused by the need to assert if every curve point is valid when initializing group elements. References |
Beta Was this translation helpful? Give feedback.
-
Session Details
[Crypto]
[python]
Learning
Summary
This PR redefines the cryptographic primitives used in the Bitcoin core's functional testing framework. And adds a new module in the python framework as
secp256k1.py
. This module includes all the cryptographic primitives. So the way to review this PR is to understand some fun basic crypto maths.To start with, Cover the first 3 chapters of the Programming Bitcoin Book.
If you haven't done programming Bitcoin already, skim through the concepts and skip the exercises.
A free PDF is available here
Cover the below concepts from the book
Theory
Bitcoin uses
secp256k1
elliptic curve for all its cryptographic operations like key/address generation, digital signatures etc. See curve specifications for the full curve details.Mathematically:
group elements
.field elements
.field element
from which a curve point on the elliptic curve is generated.Generator Point
is a predefined point (group element
) on the elliptic curve, which is used to "generate" the public key, from the private key.Questions
In the questions below, GE = group element and FE = field element
class FE
for basic field element operations - addition, multiplication.class FE
.class GE
represents infinity explicitly. what is point at infinity in an elliptic curve? Why do we need this point? Where are regions in the code where we need to handle infinity scenarios properly?Beta Was this translation helpful? Give feedback.
All reactions