In [1]:
# import everything and define a test runner function
import unittest
import importlib

import ecc
import helper

def run_test(test):
    suite = unittest.TestSuite()
    suite.addTest(test)
    unittest.TextTestRunner().run(suite)

### Exercise 1

#### 1.1. Find out which points are valid on the curve y^2 = x^3 + 7
```
(192,105), (17,56), (200,119), (1,193), (42,99)
```
#### 1.2. Write this test using the results above
```
ecc.py:ECCTest:test_on_curve
```

In [2]:
# Exercise 1.1

points = ((192,105), (17,56), (200,119), (1,193), (42,99))

for point in points:
    if point[1]**2 % 223 == (point[0]**3 + 7) % 223:
        print('({},{}) is on the curve'.format(point[0], point[1]))
    else:
        print('({},{}) is not on the curve'.format(point[0], point[1]))

(192,105) is on the curve
(17,56) is on the curve
(200,119) is not on the curve
(1,193) is on the curve
(42,99) is not on the curve


In [3]:
# Exercise 1.2

importlib.reload(ecc)
run_test(ecc.ECCTest('test_on_curve'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


### Exercise 2

#### 2.1. Find the following point additions on the curve y^2 = x^3 + 7
```
(192,105) + (17,56), (47,71) + (117,141), (143,98) + (76,66)
```

#### 2.2. Write this test using the results above
```
ecc.py:ECCTest:test_add1
```

In [4]:
# Exercise 2.1

def add_points(i, j):
    x1, y1 = i
    x2, y2 = j
    s=(y2-y1)*pow(x2-x1, 221, 223) % 223
    x3=(s**2-x1-x2) % 223
    y3=(s*(x1-x3)-y1) % 223
    return (x3, y3)

print(add_points((192,105), (17,56)))
print(add_points((47,71),(117,141)))
print(add_points((143,98),(76,66)))

(170, 142)
(60, 139)
(47, 71)


In [5]:
# Exercise 2.2

importlib.reload(ecc)
run_test(ecc.ECCTest('test_add1'))

.
----------------------------------------------------------------------
Ran 1 test in 0.001s

OK


### Exercise 3

#### 3.1. Find the following scalar multiplications on the curve y^2 = x^3+7
```
2*(192,105), 2*(143,98), 2*(47,71), 4*(47,71), 8*(47,71), 21*(47,71)
```

#### Hint: add the point to itself n times

In [6]:
# Exercise 3.1

def add_points(i, j):
    x1, y1 = i
    x2, y2 = j
    if i == j:
        s=(3*x1**2)*pow(2*y1, 221, 223) % 223
        x3=(s**2-2*x1) % 223
        y3=(s*(x1-x3)-y1) % 223
    elif x1 == x2:
        return (None, None)
    else:
        s=(y2-y1)*pow(x2-x1, 221, 223) % 223
        x3=(s**2-x1-x2) % 223
        y3=(s*(x1-x3)-y1) % 223
    return (x3, y3)

def multiply_points(n, point):
    current = point
    for _ in range(n-1):
        current = add_points(point, current)
    return current
            
print(multiply_points(2, (192,105)))
print(multiply_points(2, (143,98)))
print(multiply_points(2, (47,71)))
print(multiply_points(4, (47,71)))
print(multiply_points(8, (47,71)))
print(multiply_points(21, (47,71)))

(49, 71)
(64, 168)
(36, 111)
(194, 51)
(116, 55)
(None, None)


### Exercise 4

#### 4.1. Find out what the order of the group generated by (15, 86) is

#### Hint: add the point to itself until you get the point at infinity

#### 4.2 Write this test using the results above
```
ecc.py:ECCTest:test_rmul
```
#### 4.3 Make this test pass
```
ecc.py:ECCTest:test_rmul
```

In [7]:
# Exercise 4.1

def add_points(i, j):
    x1, y1 = i
    x2, y2 = j
    if i == j:
        s=(3*x1**2)*pow(2*y1, 221, 223) % 223
        x3=(s**2-2*x1) % 223
        y3=(s*(x1-x3)-y1) % 223
    elif x1 == x2:
        return (None, None)
    else:
        s=(y2-y1)*pow(x2-x1, 221, 223) % 223
        x3=(s**2-x1-x2) % 223
        y3=(s*(x1-x3)-y1) % 223
    return (x3, y3)

e = 1
current = (15, 86)
while current != (None, None):
    current = add_points(current, (15, 86))
    e += 1
print(e)

7


In [8]:
# Exercise 4.2 and 4.3

importlib.reload(ecc)
run_test(ecc.ECCTest('test_rmul'))

.
----------------------------------------------------------------------
Ran 1 test in 0.005s

OK


In [9]:
x = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
y = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
p = 2**256 - 2**32 - 977
y**2 % p == (x**3 + 7) % p

True

In [10]:
x = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
y = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
from ecc import G
n*G

Point(infinity)

In [11]:
from ecc import G
secret = 999
point = secret*G
print(point)

Point(9680241112d370b56da22eb535745d9e314380e568229e09f7241066003bc471,ddac2d377f03c201ffa0419d6596d10327d6c70313bb492ff495f946285d8f38)


### Exercise 5

#### 5.1. Get the public point where the scalar is the following:
```
7, 1485, 2**128, 2**256+2**31
```

#### 5.2. Make this test pass
```
ecc.py:S256Test:test_pubpoint
```

In [12]:
# Exercise 5.1

from ecc import G

for s in (7, 1485, 2**128, 2**240+2**31):
    print(s*G)

Point(5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc,6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da)
Point(c982196a7466fbbbb0e27a940b6af926c1a74d5ad07128c82824a11b5398afda,7a91f9eae64438afb9ce6448a1c133db2d8fb9254e4546b6f001637d50901f55)
Point(8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da,662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82)
Point(9577ff57c8234558f293df502ca4f09cbc65a6572c842b39b366f21717945116,10b49c67fa9365ad7b90dab070be339a1daf9052373ec30ffae4f72d5e66d053)


In [13]:
# Exercise 5.2

importlib.reload(ecc)
run_test(ecc.S256Test('test_pubpoint'))

.
----------------------------------------------------------------------
Ran 1 test in 0.214s

OK


#### Exercise 6

#### 6.1. Find the compressed and uncompressed SEC format for pub keys where the private keys are:
```
999**3, 123, 42424242
```

#### 6.2. Make this test pass
```
ecc.py:S256Test:test_sec
```

In [14]:
# Exercise 6.1

from ecc import G

for s in (999**3,123,42424242):
    point = s*G
    print('04{:x}{:x}'.format(point.x.num, point.y.num))
    if point.y.num % 2 == 1:
        print('03{:x}'.format(point.x.num))
    else:
        print('02{:x}'.format(point.x.num))

049d5ca49670cbe4c3bfa84c96a8c87df086c6ea6a24ba6b809c9de234496808d56fa15cc7f3d38cda98dee2419f415b7513dde1301f8643cd9245aea7f3f911f9
039d5ca49670cbe4c3bfa84c96a8c87df086c6ea6a24ba6b809c9de234496808d5
04a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b
03a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5
04aee2e7d843f7430097859e2bc603abcc3274ff8169c1a469fee0f20614066f8e21ec53f40efac47ac1c5211b2123527e0e9b57ede790c4da1e72c91fb7da54a3
03aee2e7d843f7430097859e2bc603abcc3274ff8169c1a469fee0f20614066f8e


In [15]:
# Exercise 6.2

importlib.reload(ecc)
run_test(ecc.S256Test('test_sec'))

.
----------------------------------------------------------------------
Ran 1 test in 0.175s

OK


### Exercise 7

#### 7.1. Find the mainnet and testnet addresses corresponding to the private keys:
```
compressed, 888**3
uncompressed, 321
uncompressed, 4242424242
```

#### 7.2. Make this test pass
```
ecc.py:S256Test:test_address
```

In [16]:
# Exercise 7.1

from binascii import unhexlify

from ecc import G
from helper import double_sha256, encode_base58, hash160

for private_key, compressed in ((8883, True), (321, False), (4242424242, False)):
    point = private_key*G
    sec = unhexlify(point.sec(compressed=compressed))
    h160 = hash160(sec)
    raw = b'\x00' + h160
    raw = raw + double_sha256(raw)[:4]
    print(encode_base58(raw))
    raw = b'\x6f' + h160
    raw = raw + double_sha256(raw)[:4]
    print(encode_base58(raw))

b'13vBaGDHtHdj6aKPcCCPdy8nLXhaatu6xk'
b'miS8sKJGhK4ysgo1KmAmTtM7CXJHWYzBjk'
b'1S6g2xBJSED7Qr9CYZib5f4PYVhHZiVfj'
b'mfx3y63A7TfTtXKkv7Y6QzsPFY6QCBCXiP'
b'1226JSptcStqn4Yq9aAmNXdwdc2ixuH9nb'
b'mgY3bVusRUL6ZB2Ss999CSrGVbdRwVpM8s'


In [17]:
# Exercise 7.2

importlib.reload(ecc)
run_test(ecc.S256Test('test_address'))

.
----------------------------------------------------------------------
Ran 1 test in 0.169s

OK


### Exercise 8

#### 8.1. Create a testnet address using your own secret key
#### (use your phone number if you can't think of anything)
#### Record this secret key for tomorrow!

### Exercise 9

#### 9.1. Which sigs are valid?

```
P = (887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 
     61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)
z, r, s = ec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60,
          ac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395,
          68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
z, r, s = 7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d,
          eff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c,
          c7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
```

#### 9.2. Make these tests pass
```
ecc.py:S256Test:test_verify
ecc.py:PrivateKeyTest:test_sign
```

In [18]:
# Exercise 9.1

from ecc import S256Point, N

point = S256Point(0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)
z, r, s = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60, 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395, 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
u = z * pow(s, N-2, N) % N
v = r * pow(s, N-2, N) % N
print((u*G + v*point).x.num == r)

z, r, s = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d, 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c, 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
u = z * pow(s, N-2, N) % N
v = r * pow(s, N-2, N) % N
print((u*G + v*point).x.num == r)

True
True


In [19]:
# Exercise 9.2

importlib.reload(ecc)
run_test(ecc.S256Test('test_verify'))
run_test(ecc.PrivateKeyTest('test_sign'))

.
----------------------------------------------------------------------
Ran 1 test in 0.315s

OK
.
----------------------------------------------------------------------
Ran 1 test in 0.319s

OK
