# Elliptic Curve Math - Exercises with Libbitcoin BX

### 1. Basic EC operations

#### Derive a new valid secret  (secp256k1) from 512-bit entropy:

In [None]:
# bx [command]
seed=$(bx seed --bit_length 512)


#### Derive a new (uncompressed) EC point from the generated secret:

In [None]:
# bx [command]
point=$(bx ec-new $seed | bx ec-to-public)


#### Demonstrate  associativity: 

Scalar operations: `(a + b) * c = a * c + b * c`
* `a = 86101c23edfcdf19bf47836b7fe4b86bd3023983d477e0324adc81230b22851b`
* `b = b6ab20f3d9311eb7ebcad6bb2933008eb350418c3f499fb764204ee08f4171f2`
* `c = 6dbcfab245c6e278659dc26ec9d989c14c223f23cd17941ab45bb04c91290cdf`

In [None]:
# bx [command]


Scalar & EC point operations: `(a + b) * G = A + B`

In [None]:
# bx [command]



### 2. Joint public key point

`Alice` and `Bob` would like to create a `joint public key`. However, it is important that neither party alone has the corresponding private key of this joint public key point. How can this be achieved?

The joint public key generation scheme could follow the following sequence of events.

* `Alice` performs something.
* `Bob` performs something.
* `Alice` and `Bob` interact.
* `Alice` and `Bob` individually derive the `joint public key`

**`Alice` performs the following:**

In [1]:
# bx [command]
# (a+b)G = A+B
alice_secret='55829ce8935bd943b148e71da08a0e2c1a4f23c3ddd995740eb0ce0d5d7aff23'
alice_pubkey=$(bx ec-to-public $alice_secret)
echo $alice_pubkey

03b7bd0d5d0151a12f9de777ce34bdbefea3e3be0bbab3a6703a32ffc745f53c17


 **`Bob` performs the following:**

In [2]:
# bx [command]
bob_secret='056a76b36b8391f8da3932c9742dfe5b638ab63b2574ec80076544bb8bb869a2'
bob_pubkey=$(bx ec-to-public $bob_secret)
echo $bob_pubkey


0225a866944e77bf94fed16efc32c31004030a52588aba4f7ddca13788e41a7639


#### `Alice` and `Bob` exchange the following data:

In [None]:
echo  "data from alice to bob: "
# echo [data] 
echo  "data from bob to alice: "
# echo [data] 


#### `Alice` computes the following from data received from `Bob`

In [3]:
# bx [command]
joint_pubkey=$(bx ec-add $bob_pubkey $alice_secret)
echo $joint_pubkey

0215f58f01411c44a094bac44d9021b61199003aa15fdb5e28f0af96a8d979d8a6


#### `Bob` computes the following from data received from `Alice`

In [5]:
# bx [command] 
joint_pubkey=$(bx ec-add $alice_pubkey $bob_secret)
echo $joint_pubkey

0215f58f01411c44a094bac44d9021b61199003aa15fdb5e28f0af96a8d979d8a6


### 2b. Spending from the joint public key 
How can `Alice` and `Bob` allow the other party to spend from this `joint public key`?

In [None]:
# bx [command] 


### 3. Commitment Schemes

`Alice` would like to commit to a secret number without revealing this number to `Bob`. This `commitment` must be binding, meaning `Alice` must be able to prove she hasn't changed it after the secret is revealed.

* `Alice` generates a commitment from a secret.
* `Bob` receives the commitment.
* `Alice` reveals the secret, proving it was the number originally commited to.

#### `Alice` generates a commitment from a secret number.

In [None]:
# bx [command] 

# With elliptic curve operations:
# -------------------------------
# 


# With hashing operations:
# -------------------------------


### 3b. How does `Bob` later verify Alice's commitment?

In [None]:
# bx [command] 

# With elliptic curve operations:
# -------------------------------


# With hashing operations:
# -------------------------------



### 4) Blinding commitment Schemes

`Alice` creates multiple commitments for `Bob`, but would like prevent `Bob` from noticing if she uses the same secret multiple times. This is call a `blinding commitment` as it blinds the receiver of the commitment from gaining any information about the secret.

How can `Alice` achieve this?

* `Alice` generates a blinding commitment from a secret.
* `Bob` receives the commitment.
* `Alice` reveals the secret (and supporting data), proving it was the number originally commited to.

Alice's secret:
* `a = 86101c23edfcdf19bf47836b7fe4b86bd3023983d477e0324adc81230b22851b`

**Hint:** `Alice` can generate a random number to blind the commitment.

#### `Alice` generates a blinded commitment from a secret number.

In [None]:
# bx [command] 
# uG+vP=C
# u=preimage, v=blinding factor
# P=e*G, (u+v*e)*G = C

# C = uG+vP


#### `Bob` verifies that the secret matches her initial commitment.

In [None]:
# bx [command] 

