In [1]:
# import everything and define a test runner function
from importlib import reload
from helper import run_test

import ecc
import helper

In [2]:
# Verify curve Example

prime = 137
x, y = 73, 128

print(y**2 % prime == (x**3 + 7) % prime)

True


### Exercise 1

#### 1.1. Find out which points are valid on the curve \\( y^2 = x^3 + 7: F_{223} \\)
```
(192,105), (17,56), (200,119), (1,193), (42,99)
```
#### 1.2. Write [this test](/edit/session2/ecc.py) using the results above
```
ecc.py:ECCTest:test_on_curve
```

In [3]:
# Exercise 1.1

from ecc import FieldElement, Point

prime = 223
a = FieldElement(0, prime)
b = FieldElement(7, prime)

points = ((192,105), (17,56), (200,119), (1,193), (42,99))

# iterate over points
for x_raw, y_raw in points:
    # Initialize points this way:
    # x = FieldElement(x_raw, prime)
    # y = FieldElement(y_raw, prime)
    x = FieldElement(x_raw, prime)
    y = FieldElement(y_raw, prime)
    # try initializing, ValueError means not on curve
    # p = Point(x, y, a, b)
    try:
        p = Point(x, y, a, b)
        print('({},{}) is on the curve'.format(x_raw, y_raw))
    except ValueError:
        print('({},{}) is not on the curve'.format(x_raw, y_raw))

(192,105) is on the curve
(17,56) is on the curve
(200,119) is not on the curve
(1,193) is on the curve
(42,99) is not on the curve


In [4]:
# Exercise 1.2

reload(ecc)
run_test(ecc.ECCTest('test_on_curve'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


In [5]:
# Example where x1 != x2

from ecc import FieldElement, Point

prime = 137
a = FieldElement(0, prime)
b = FieldElement(7, prime)
p1 = Point(FieldElement(73, prime), FieldElement(128, prime), a, b)
p2 = Point(FieldElement(46, prime), FieldElement(22, prime), a, b)

print(p1+p2)

Point(99,49)_137


### Exercise 2

#### 2.1. Find the following point additions on the curve  \\( y^2 = x^3 + 7: F_{223} \\)
```
(192,105) + (17,56), (47,71) + (117,141), (143,98) + (76,66)
```

#### 2.2. Write [this test](/edit/session2/ecc.py) using the results above
```
ecc.py:ECCTest:test_add
```

In [6]:
# Exercise 2.1

from ecc import FieldElement, Point

prime = 223
a = FieldElement(0, prime)
b = FieldElement(7, prime)

additions = ((192, 105, 17, 56), (47, 71, 117, 141), (143, 98, 76, 66))

# iterate over the additions to be done
for x1_raw, y1_raw, x2_raw, y2_raw in additions:
    # Initialize points this way:
    # x1 = FieldElement(x1_raw, prime)
    # y1 = FieldElement(y1_raw, prime)
    # p1 = Point(x1, y1, a, b)
    # x2 = FieldElement(x2_raw, prime)
    # y2 = FieldElement(y2_raw, prime)
    # p2 = Point(x2, y2, a, b)
    x1 = FieldElement(x1_raw, prime)
    y1 = FieldElement(y1_raw, prime)
    p1 = Point(x1, y1, a, b)
    x2 = FieldElement(x2_raw, prime)
    y2 = FieldElement(y2_raw, prime)
    p2 = Point(x2, y2, a, b)
    print('{} + {} = {}'.format(p1, p2, p1+p2))

Point(192,105)_223 + Point(17,56)_223 = Point(170,142)_223
Point(47,71)_223 + Point(117,141)_223 = Point(60,139)_223
Point(143,98)_223 + Point(76,66)_223 = Point(47,71)_223


In [7]:
# Exercise 2.2

reload(ecc)
run_test(ecc.ECCTest('test_add'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


In [8]:
# Example where x1 != x2

from ecc import FieldElement, Point

prime = 137
a = FieldElement(0, prime)
b = FieldElement(7, prime)
p = Point(FieldElement(73, prime), FieldElement(128, prime), a, b)

print(p+p)

Point(103,76)_137


### Exercise 3

#### 3.1. Find the following scalar multiplications on the curve  \\( y^2 = x^3 + 7: F_{223} \\)

* 2*(192,105)
* 2*(143,98)
* 2*(47,71)
* 4*(47,71)
* 8*(47,71)
* 21*(47,71)

#### Hint: add the point to itself n times

In [9]:
# Exercise 3.1

from ecc import FieldElement, Point

prime = 223
a = FieldElement(0, prime)
b = FieldElement(7, prime)

multiplications = ((2, 192, 105), (2, 143, 98), (2, 47, 71), (4, 47, 71), (8, 47, 71), (21, 47, 71))

# iterate over the multiplications
for n, x_raw, y_raw in multiplications:
    # Initialize points this way:
    # x = FieldElement(x_raw, prime)
    # y = FieldElement(y_raw, prime)
    # p = Point(x, y, a, b)
    x = FieldElement(x_raw, prime)
    y = FieldElement(y_raw, prime)
    p = Point(x, y, a, b)
    # start product at 0 (point at infinity)
    product = Point(None, None, a, b)
    # loop over n times (n is 2, 4, 8 or 21 in the above examples)
    for _ in range(n):
        # add the point to the product
        product = product + p
    # print product    
    print(product)

Point(49,71)_223
Point(64,168)_223
Point(36,111)_223
Point(194,51)_223
Point(116,55)_223
Point(infinity)


In [10]:
# Group Example

from ecc import FieldElement, Point

prime = 223
a = FieldElement(0, prime)
b = FieldElement(7, prime)
G = Point(FieldElement(47, prime), FieldElement(71, prime), a, b)
inf = Point(None, None, a, b)
total = G
count = 1

while total != inf:
    print('{}:{}'.format(count, total))
    total += G
    count += 1
print('{}:{}'.format(count, total))

1:Point(47,71)_223
2:Point(36,111)_223
3:Point(15,137)_223
4:Point(194,51)_223
5:Point(126,96)_223
6:Point(139,137)_223
7:Point(92,47)_223
8:Point(116,55)_223
9:Point(69,86)_223
10:Point(154,150)_223
11:Point(154,73)_223
12:Point(69,137)_223
13:Point(116,168)_223
14:Point(92,176)_223
15:Point(139,86)_223
16:Point(126,127)_223
17:Point(194,172)_223
18:Point(15,86)_223
19:Point(36,112)_223
20:Point(47,152)_223
21:Point(infinity)


### Exercise 4

#### 4.1. Find out what the order of the group generated by (15, 86) is on  \\( y^2 = x^3 + 7: F_{223} \\)

#### Hint: add the point to itself until you get the point at infinity

#### 4.2 Write [this test](/edit/session2/ecc.py) using the results above
```
ecc.py:ECCTest:test_rmul
```

In [11]:
# Exercise 4.1

from ecc import FieldElement, Point

prime = 223
a = FieldElement(0, prime)
b = FieldElement(7, prime)

x = FieldElement(15, prime)
y = FieldElement(86, prime)
p = Point(x, y, a, b)
inf = Point(None, None, a, b)

# start product at point
product = p
# start counter at 1
counter = 1
# loop until you get point at infinity (0)
while product != inf:
    # add the point to the product
    product += p
    # increment counter
    counter += 1
# print counter
print(counter)

7


In [12]:
# Exercise 4.2

reload(ecc)
run_test(ecc.ECCTest('test_rmul'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


In [13]:
# Confirgming G is on the curve
p = 2**256 - 2**32 - 977
x = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
y = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
print(y**2 % p == (x**3 + 7) % p)

True


In [14]:
# Confirming order of G is n
from ecc import G

n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
print(n*G)

S256Point(infinity)


In [15]:
# Getting the public point from a secret
from ecc import G

secret = 999
point = secret*G
print(point)

S256Point(68073332634951771983379810576461367518612914887001815873609470706324019594353,100265349306802633132698962749090572900634375768193967970766835776642803928888)


### Exercise 5

#### 5.1. Get the public point where the scalar is the following:

* 7
* 1485
* \\(2^{128}\\)
* \\(2^{240}+2^{31}\\)

#### 5.2. Make [this test](/edit/session2/ecc.py) pass
```
ecc.py:S256Test:test_pubpoint
```

In [16]:
# Exercise 5.1

from ecc import G

secrets = (7, 1485, 2**128, 2**240+2**31)

# iterate over secrets
for secret in secrets:
    # get the public point
    print(secret*G)

S256Point(41948375291644419605210209193538855353224492619856392092318293986323063962044,48361766907851246668144012348516735800090617714386977531302791340517493990618)
S256Point(91144748097329341227315146716405895133044962575665947613151200288251569549274,55440085219269127825789759728109305451504918753795093767574238082182444752725)
S256Point(64865771952738249789114440545196421582918768733599534045195125031385885360346,46211216742671250426576585530459394900178019437443360579906162037052661563266)
S256Point(67606631551526079174363160834905769336240182401619533769043587988551063851286,7556117524685686037096665667879267882143292133281453141941949923550388736083)


In [17]:
# Exercise 5.2

reload(ecc)
run_test(ecc.S256Test('test_pubpoint'))

.
----------------------------------------------------------------------
Ran 1 test in 0.063s

OK


In [18]:
# SEC Example

from ecc import S256Point

point = S256Point(0x5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC, 0x6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA)

uncompressed = b'\x04' + point.x.num.to_bytes(32, 'big') + point.y.num.to_bytes(32, 'big')
print(uncompressed.hex())
if point.y.num % 2 == 1:
    compressed = b'\x03' + point.x.num.to_bytes(32, 'big')
else:
    compressed = b'\x02' + point.x.num.to_bytes(32, 'big')
print(compressed.hex())

045cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da
025cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc


#### Exercise 6

#### 6.1. Find the compressed and uncompressed SEC format for pub keys where the private keys are:
```
999**3, 123, 42424242
```

#### 6.2. Make [this test](/edit/session2/ecc.py) pass
```
ecc.py:S256Test:test_sec
```

In [19]:
# Exercise 6.1

from ecc import G

secrets = (999**3, 123, 42424242)

# iterate through secrets
for secret in secrets:
    # get public point
    point = secret * G
    # uncompressed - b'\x04' followed by x coord, then y coord
    # here's how you express a coordinate in bytes: some_integer.to_bytes(32, 'big')
    uncompressed = b'\x04' + point.x.num.to_bytes(32, 'big') + point.y.num.to_bytes(32, 'big')
    # compressed - b'\x02'/b'\x03' follewed by x coord. 02 if y is even, 03 otherwise
    if point.y.num % 2 == 1:
        compressed = b'\x03' + point.x.num.to_bytes(32, 'big')
    else:
        compressed = b'\x02' + point.x.num.to_bytes(32, 'big')
    # print the .hex() of both
    print(uncompressed.hex())
    print(compressed.hex())

049d5ca49670cbe4c3bfa84c96a8c87df086c6ea6a24ba6b809c9de234496808d56fa15cc7f3d38cda98dee2419f415b7513dde1301f8643cd9245aea7f3f911f9
039d5ca49670cbe4c3bfa84c96a8c87df086c6ea6a24ba6b809c9de234496808d5
04a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b
03a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5
04aee2e7d843f7430097859e2bc603abcc3274ff8169c1a469fee0f20614066f8e21ec53f40efac47ac1c5211b2123527e0e9b57ede790c4da1e72c91fb7da54a3
03aee2e7d843f7430097859e2bc603abcc3274ff8169c1a469fee0f20614066f8e


In [20]:
# Exercise 6.2

reload(ecc)
run_test(ecc.S256Test('test_sec'))

.
----------------------------------------------------------------------
Ran 1 test in 0.017s

OK


In [21]:
# Address Example

from helper import encode_base58, hash160, double_sha256
sec = bytes.fromhex('025CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC')
h160 = hash160(sec)
raw = b"\x00" + h160
raw = raw + double_sha256(raw)[:4]
addr = encode_base58(raw)
print(addr)

b'19ZewH8Kk1PDbSNdJ97FP4EiCjTRaZMZQA'


### Exercise 7

#### 7.1. Find the mainnet and testnet addresses corresponding to the private keys:

* \\(888^3\\), compressed
* 321, uncompressed
* 4242424242, uncompressed

#### 7.2. Make [this test](/edit/session2/ecc.py) pass
```
helper.py:HelperTest:test_encode_base58_checksum
```

#### 7.3. Make [this test](/edit/session2/ecc.py) pass
```
ecc.py:S256Test:test_address
```

In [22]:
# Exercise 7.1
from ecc import G

from helper import double_sha256, encode_base58, hash160

components = (
    # (secret, compressed)
    (888**3, True),
    (321, False),
    (4242424242, False),
)

# iterate through components
for secret, compressed in components:
    # get the public point
    point = secret * G
    # get the sec format
    sec = point.sec(compressed)
    # hash160 the result
    h160 = hash160(sec)
    # prepend b'\x00' for mainnet b'\x6f' for testnet
    for prefix in (b'\x00', b'\x6f'):
        # raw is the prefix + h160
        raw = prefix + h160
        # get the double_sha256 of the raw, first 4 bytes are the checksum
        checksum = double_sha256(raw)[:4]
        # append checksum
        total = raw + checksum
        # encode_base58 the whole thing
        print(encode_base58(total).decode('ascii'))

148dY81A9BmdpMhvYEVznrM45kWN32vSCN
mieaqB68xDCtbUBYFoUNcmZNwk74xcBfTP
1S6g2xBJSED7Qr9CYZib5f4PYVhHZiVfj
mfx3y63A7TfTtXKkv7Y6QzsPFY6QCBCXiP
1226JSptcStqn4Yq9aAmNXdwdc2ixuH9nb
mgY3bVusRUL6ZB2Ss999CSrGVbdRwVpM8s


In [23]:
# Exercise 7.2

reload(helper)
run_test(helper.HelperTest('test_encode_base58_checksum'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


In [24]:
# Exercise 7.3

reload(ecc)
run_test(ecc.S256Test('test_address'))

.
----------------------------------------------------------------------
Ran 1 test in 0.020s

OK


### Exercise 8

#### 8.1. Create a testnet address using your own secret key
#### (use your phone number if you can't think of anything)
#### Record this secret key for tomorrow!

In [25]:
# Exercise 8.1
from ecc import G
from helper import double_sha256, little_endian_to_int

# use a passphrase
passphrase = b'jimmy@programmingblockchain.com secret passphrase'
secret = little_endian_to_int(double_sha256(passphrase))

# get the public point
point = secret*G
# if you completed 7.2, just do the .address(testnet=True) method on the public point
print(point.address(testnet=True))

mqYz6JpuKukHzPg94y4XNDdPCEJrNkLQcv
