# Distributive property

<script type="text/javascript" src="http://cdn.mathjax.org/mathjax/latest/MathJax.js?config=default"></script>
In abstract algebra and formal logic, the distributive property of binary operations generalizes the distributive law from Boolean algebra and elementary algebra. In propositional logic, distribution refers to two valid rules of replacement. The rules allow one to reformulate conjunctions and disjunctions within logical proofs.

For example, in arithmetic:

2 ⋅ (1 + 3) = (2 ⋅ 1) + (2 ⋅ 3), but 2 / (1 + 3) ≠ (2 / 1) + (2 / 3).

# ECDSA

In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography.

As with elliptic-curve cryptography in general, the bit size of the public key believed to be needed for ECDSA is about twice the size of the security level, in bits. For example, at a security level of 80 bits (meaning an attacker requires a maximum of about 2^80 operations to find the private key) the size of an ECDSA public key would be 160 bits, whereas the size of a DSA public key is at least 1024 bits. On the other hand, the signature size is the same for both DSA and ECDSA: approximately 4t bits, where t is the security level measured in bits, that is, about 320 bits for a security level of 80 bits.

# The elliptic curve scalar multiplication distributes over addition too 

$$ P = d_1 \times G + d_2 \times G = (d_1 + d_2) \times G $$ 

# Why this matters for Bitcoin ?

Bitcoin uses the secp256k1 elliptic curve for public key and signature genereration. 
ECDSA can be thought of as a special form of mathematics where division is, for all practical purposes, impossible. Public keys are formed from private keys by multiplication -- the public key is multiplied by the generator G. Because of the properties of multiplication, new public keys can be generated by an entity that doesn't know the corresponding private key.

For example, we can generate the more good-looking address for someone, without knowing his private key. 
##### Isn't it amazing?


# Math proof

$Person_1$ has the private key, the public key generated from private key and obviously the address, which is generated from the public key.
#### $Priv_1$, $Pub_1$, $Addr_1$

Person_2 wants Person_1 to have the beautiful shinny address, which everyone will respect and wanted to have one. Searching for such address requires a lot of computing power that Person_1 doesn't have. But the Person_2 have. And of couse Person_1 doesn't want Person_2 to know the private key for the address Person_2 had discorvered. The only information he needs to have is the public key of Person_1. 
#### Here is why: 
$Person_1$ has: 

$$ Pub_1 = Priv_1 \times G \\ Addr_1 =  Hash(Pub_1)  $$ 

$Person_2$ has: 

$$ Pub_2 = Priv_2 \times G  \\ Addr_2 = Hash(Pub_2) $$

$Person_2$ search for such private key ($Priv_2$), that will produce this public key ($Pub_2$), which can be added to the public key of Person_1 ($Pub_1$), that will create the good-looking address ($Addr_3$).

$$ Addr_3 = Hash(Pub_1 + Pub_2) $$

$Person_2$ send to $Person_1$ the private key he found ($Priv_2$). Person_1 will create the new private key, which will be the private key for the good-looking address.  

$$ Priv_3 = Priv_1 + Priv_2  \\ Pub_3 = Priv_3 \times G \\ Addr_3 = Hash(Pub_3)$$

#### Proof that $Addr_3$ founded here is equal to address founded by $Person_2$

$$ Priv_3 = Priv_1 + Priv_2 \\<br> Pub_3 = Priv_3 \times G \\<br> Pub_3 = (Priv_1 + Priv_2) \times G \\<br> Pub_1 = Priv_1 \times G \\<br> Pub_2 = Priv_2 \times G \\<br> Pub_3 = Pub_1 + Pub_2 \\<br> Addr_3 = Hash(Pub_3) = Hash(Pub_1 + Pub_2)$$

 Proof that $Person_2$ won't know the private key of new address:

$$ Addr_3 = Hash(Pub_3) = Hash(Pub_1 + Pub_2) \\ Pub_3 = Pub_1 + Pub_2 \\ Pub_3 = Pub_1 +  Priv_2 \times G \\ Priv_3 = Priv_1 + Priv_2 $$


$Priv_3$ is unknown because the $Priv_1$ is unknown for $Person_2$. 
$Priv_1$ is unknown for $Person_2$. 

# Code proof

In [1]:
import hashlib
from pycoin import ecdsa, encoding
import os
import codecs
#import ecdsa
from datetime import datetime
from bitcoin import *
import random
import string
import subprocess

In [2]:
priv = "18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725"
secret_exponent= int('0x'+priv, 0)
wif = encode_privkey(priv, 'wif')
pub = privtopub(wif)
addr = pubtoaddr(pub)

print("priv:{}".format(priv))
print ('secret_exponent:{}'.format(secret_exponent))
print("wif:{}".format(wif))
print("pub:{}".format(pub))
print("addr:{}".format(addr))

priv:18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725
secret_exponent:11253563012059685825953619222107823549092147699031672238385790369351542642469
wif:5J1F7GHadZG3sCCKHCwg8Jvys9xUbFsjLnGec4H125Ny1V9nR6V
pub:0450863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b23522cd470243453a299fa9e77237716103abc11a1df38855ed6f2ee187e9c582ba6
addr:16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM


In [3]:
priv = "B18427B169E86DE681A1A62588E1D02AE4A7E83C1B413849989A76282A7B562F"
secret_exponent= int('0x'+priv, 0)
wif = encode_privkey(priv, 'wif')
pub = privtopub(wif)
addr = pubtoaddr(pub)

print("priv:{}".format(priv))
print ('secret_exponent:{}'.format(secret_exponent))
print("wif:{}".format(wif))
print("pub:{}".format(pub))
print("addr:{}".format(addr))

priv:B18427B169E86DE681A1A62588E1D02AE4A7E83C1B413849989A76282A7B562F
secret_exponent:80292871962960388883916236853462235867240466961434727693140363052284989101615
wif:5KATzggDs9uHRRKLUMfG8jXr7F4fiBhznr3RfdRcMcdRwbrgsQh
pub:049c95e0949e397faccecf0fe8ead247e6fd082717e4a4a876049fb34a9aded110dfea2ef691cc4a1410498f4c312f3a94318cd5b6f0e8e92051064876751c8404
addr:12gFLYWpfnDTQ3JB5w5VDPpF5JQZnA1g1c


In [4]:
from pycoin.ecdsa import ellipticcurve 

_a = 0x0000000000000000000000000000000000000000000000000000000000000000
_b = 0x0000000000000000000000000000000000000000000000000000000000000007
_p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
curveSECP256k1 = ellipticcurve.CurveFp(_p,_a,_b)

pub1 = "0450863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b23522cd470243453a299fa9e77237716103abc11a1df38855ed6f2ee187e9c582ba6"
pub2 = "049c95e0949e397faccecf0fe8ead247e6fd082717e4a4a876049fb34a9aded110dfea2ef691cc4a1410498f4c312f3a94318cd5b6f0e8e92051064876751c8404"

#04 is prefix, meaning the public key is uncompressed and contains X and Y coordinate of EC: 64 + 64 + 2 = 130
pub1 = pub1[2:130]
pub2 = pub2[2:130]

X1,Y1 = pub1[0:64], pub1[64:128]
X2,Y2 = pub2[0:64], pub2[64:128]

# Generating points on SECP256k1 curve
Point1 = ellipticcurve.Point(curveSECP256k1, int(X1,16) , int(Y1,16), None)
Point2 = ellipticcurve.Point(curveSECP256k1, int(X2,16) , int(Y2,16), None)

# adding Points one to another 
Point3 = Point1.__add__(Point2)

X = Point3.x()
Y = Point3.y()

X_hex = str(hex(X))
Y_hex = str(hex(Y))

# the hex() of X is 0xed1c1b6ae8c12e36feb74c03dc7a8823b2477afc6b7cf993b229b7d31939f462L (for example), 
# "0x" and "L" at the end must be cutted
X_hex = X_hex[2:len(X_hex)-1]
Y_hex = Y_hex[2:len(Y_hex)-1]

pub = "04" + X_hex + Y_hex

addr = pubtoaddr(pub)

print("pub:{}".format(pub))
print("addr:{}".format(addr))

pub:0436970ce32e14dc06ac50217cdcf53e628b32810707080d6848d9c8d4be9fe461e100e705cca9854436a1283210ccefbb6b16cb9a86b009488922a8f302a27487
addr:166ev9JXn2rFqiPSQAwM7qJYpNL1JrNf3h


In [5]:
priv1 = "18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725"
priv2 = "B18427B169E86DE681A1A62588E1D02AE4A7E83C1B413849989A76282A7B562F"

priv1 = int("0x" + priv1, 16)
priv2 = int("0x" + priv2, 16)

priv = priv1 + priv2
priv = hex(priv1 + priv2)
priv = priv[2:len(priv)-1]

pub = privtopub(priv)
addr = pubtoaddr(pub)

print("priv:{}".format(priv))
print("pub:{}".format(pub))
print("addr:{}".format(addr))

priv:ca65722cd418ed28ec369e36cfe3b7f3cc1cd035bfbf6469ce759fca30ad6d54
pub:0436970ce32e14dc06ac50217cdcf53e628b32810707080d6848d9c8d4be9fe461e100e705cca9854436a1283210ccefbb6b16cb9a86b009488922a8f302a27487
addr:166ev9JXn2rFqiPSQAwM7qJYpNL1JrNf3h
