Notes and analysis from Programming Bitcoin by Jimmy Song
In the previous post we described the Elliptic curve group as a continuous curve over the real numbers. We defined a way to generate points from other points using a geometrical method we called “point addition”. There is still one more operation we will need for cryptographic purposes.
This operation is defined using repeated point addition. Recall that adding distinct points requires finding a third collinear point whereas adding a point to itself requires finding the point collinear to the tangent. If we want to add a point, G, to itself 10 times we can write 10G instead of G+G+G+…, 10 times. This is called scalar multiplication.
To calculate 10G we can first simplify by using a combination of distinct and double point additions:
In the picture below you can see graphically how to compute 8G from G, which also finds 2G.
The final step (not pictured) is to add 8G and 2G together to get 10G, i.e. the negation of the third point collinear to 8G and 2G. It should be off the screen in the upper right hand quadrant.
What’s interesting about scalar multiplication is that it enumerates points on the curve in a way which is unique to that generator point, G. Keep that in mind for later
Another interesting thing about this scalar multiplication is that the function is nonlinear; the output point can be anywhere with respect to the input points (left, right or inbetween), there’s no good way to predict the answer generally. Furthermore, going backwards (e.g. finding P provided kP, for some integer k) is more difficult. Take for example some point 2P, you are asked to find P. For this you have to find a point whose tangent line crosses the negation of 2P, there may be multiple such points, see diagram below. So the inverse calculation requires guessing at each round of point doubling so for large scalar products it’s virtually impossible. For these reasons we call scalar multiplication a one-way function.
This irreversibility property of one-way functions turns out to be very important. It forms the basis of asymmetric cryptography, i.e. public/private keypair cryptography. With scalar multiplication the scalar itself, k, acts as the private key and the resulting product, kP, is the public key. The generator point is assumed to be well known to all parties.
To see how this works imagine a sender and receiver. The sender picks a random integer as the private key then computes the resulting public key kP and shares it with the receiver knowing that there is no efficient way to deduce k from P and kP.
We don’t actually know that no one will ever find a way to reverse the function. After all, it’s hard to prove the non-existence of something. Nevertheless mathematicians have identified several functions where no efficient method of computing inverses is known. More precisely these functions are “hard” to solve because a randomly chosen input has a negligible probability (effectively zero chance) of generating the correct output, or stated differently the average-case asymptotic complexity grows faster than polynomial time.
There is one remaining issue preventing us from using point addition as a crypto system, numerical stability. It turns out that the same property, non-linearity, that enables strong security also makes it sensitive to small changes.
Our scalar multiplication example, finding 10G from G, required a sequence of chained point doublings. Under the real number field these calculations lose precision each round. With careful numerical analysis we could figure out how many rounds we can go before losing all precision, but it’s not clear how often we would encounter that situation for arbitrary points. In this way using real numbers limits our capacity to harden the cryptosystem by using large values. Check out this post for more analysis of ECC over the real numbers.
So how do we avoid numerical precision issues? Is there a way to use integers instead of floating point numbers? Take a look at the equations from the last post, there were 4 cases:
Notice that we only use basic calculator functions: addition, subtraction, multiplication, division. There are no irrational values like square roots, logarithms, or trigonometric functions, which would force us to use the real numbers. This suggests that point addition does not necessarily require the real numbers, in fact any field will work.
To use a different field over the elliptic curve, the coefficients a and b (from: y²=x³+ax+b) must also be members of that field. As mentioned previously scalar multiplication requires a generator point. With these steps taken we can use any number field we want. There are a few different options: rational numbers, complex numbers and finite fields. Of those, only finite fields allow us to know the exact precision needed for all possible values since the number of elements is finite and known exactly. We described finite fields in the first post here. As described there we redefine the four arithmetic operations by taking the remainder mod p, for some prime p.
Let’s think about what this means graphically. Each point in the finite field represents all the numbers congruent mod p to that number, (.., x-2p, x-p, x, x+p, x+2p, ..), but in both the x and y dimension. The curve over the reals is half positive and half negative in the y axis, the negative values mod p get shifted up by p so we get the same vertical symmetry about the middle of the range of values.
Here are some example finite fields for different values of p.
Unlike the elliptic curve over the real numbers, these “curves” do not connect together into a smooth path. Nevertheless they are connected to each other via scalar multiplication.
Earlier in this post we mentioned that scalar multiplication enumerates points on the curve starting from a generator point. For the real numbers this sequence continues forever but for finite fields the same cannot be true, it’s finite after all. For finite fields the whole sequence repeats eventually, which is why it’s called a cyclic group. We know this cyclic group can’t be more than p elements since that’s the size of the field. The question remains how long is the sequence before it repeats?
As an example take the curve: y² = x³ + 2x + 3 mod 97 with generator point G=(3,6).
0*G = (infinity)
1*G = (3,6)
2*G = (80,10)
3*G = (80,87)
4*G = (3,91)
5*G = (infinity)
6*G = (3,6)
7*G = …
The order of this cyclic group is 5, much less than 97. The points have been partitioned into separate cyclic groups, all of the same size. The number of such groups is called the cofactor, denoted h below. Additionally the size of the subgroups, denoted r, multiplied by the number of such groups is the total number of points on the curve also called the order of the curve, or n for short. Be aware that the order the curve, n, is not the same as the order of the finite field p, in fact n is bounded above by p, n < p.
Another trick to keep in mind is that any time the prime order p mod 4 equals 3 we know that the cofactors is 1. In other words all points on the curve are in one big cyclic group maximizing security properties of the curve. The size and composition of these elliptic curve groups is an active area of research, you can learn more about it here.
Bitcoin uses the following curve: y²=x³+7 mod 2²⁵⁶-2³²-977, so a=0 and b=7 according to the generic form. The prime was chosen to fit inside 32 bytes by being less than 2²⁵⁶ and susceptible to additional optimizations that I won’t go into. These parameters result in a curve order of:
n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
With initial point:
Note that the bitcoin prime, 2²⁵⁶ – 2³² – 977, has a cofactor of 1 so all the points are in a single cyclic group! One of the ramifications of this is that every point on the curve generates the same set of points (but in a different order), which means any choice for G will work.
This is an almost unfathomably large number, by the way, approximately ~10⁷⁷, is just shy of the number of atoms in the whole universe (10⁸⁰). A slightly closer approximation is the number of atoms in 10 billion galaxies, since there are about ~10⁶⁷ atoms in this galaxy you would need 10¹⁰ (10 billion) of those to get to the same order of magnitude (10¹⁰10⁶⁷=10⁷⁷).
Signing and Verifying messages
As mentioned above the curve is characterized by the well-known parameters (a, b, p, n and G). Additionally we will need a well-known hash function that produces positive numbers less than p, HASH(m)=z, that takes as input our plain text message and outputs a hexadecimal string of fixed size which we treat as a number. This allows anyone to sign and verify messages consistently.
Now assume Alice wants to send Bob a message. Alice has message m, e.g. “Hello World”, and a keypair (e, P), where eG=P. To calculate the signature multiply the secret key by the hash of the message: s = ze
Alice transmits message m and signature s to Bob. Bob then validates that Alice sent the message by multiplying message hash, z, by Alice’s public key P and compares that to signature s times the base point G:
Unfortunately there are a couple problems with this approach:
- Replay attacks: Imagine sending money to someone in a message and having an attacker replay that message effectively forcing you to over pay by 100% each time they replay the message. Of course this can’t actually happen in Bitcoin for other reasons but it illustrates the point.
- Private key leak: This one is rather devastating, an attacker can derive the secret key by calculating the inverse of the hash: s/z = sz^(p-2) = e, (remember Fermat’s little theorem?).
To fix these issues we need to add something to our calculation that changes every time we generate a signature. This is similar to a nonce (number used once) or a password salt.
Let Alice instead generate a separate one-time keypair kG = R. Alice will share both R and s as her signature. Now instead of hashing the message, m, Alice hashes m and R concatenated together, HASH(m,R) = z’.
Now to compute the signature we need to combine the two private keys with the hash in a way that can be validated by Bob. This turns out to be the following: s = k – z’e. To verify, Bob computes points sG and z’A and takes their sum. The resulting point should be equal to R. To see why this works take the definition of s, multiply both sides by G and simplify
If you didn’t know k or e and you wanted to forge a signature for some message you would be thwarted because you:
- Can’t make up k and solve for s and R because you don’t know e.
- Can’t make up s and solve for R because R can’t be extracted from z’.
Although if you reuse the one-time keypair (k,R) there is a method to extract e, as was famously done with the PlayStation 3 hack.
Now you should have a pretty good idea of what the bitcoin elliptic curve is. We learned about the associated cyclic group, how it’s formed from the one-way function scalar multiplication and how that is used as an asymmetric cryptosystem to digitally sign messages.
I’ll leave you with Jimmy Song’s closing words from this chapter:
Even if you don’t read another page in this book, you’ve learned to implement what was once considered “weapons-grade munitions”
Cardano Price Analysis: 17 May
At a time when other altcoins were stumbling, Cardano [ADA] witnessed significant growth. Although the price of the digital asset mirrored the correction in the Bitcoin market, the overall market still seemed to hold on to a high value.
At the time of press, ADA had lost 12% of its value since the peak and was currently being traded at $2.14 with a market capitalization of $69.31 billion.
Cardano hourly chart
The above chart of Cardano shows the drops seen by the markets recently. Although the price dropped from a peak of $2.47, it has now managed to hold on to $2.13. Though the overall market looked strong, short-term indicators predicted a correction.
As the price traded right above the support at $2.10, a fall could push it under the level and close to the next immediate support at $2.02.
ADA market unlike many other altcoins markets was showing reduced volatility. Convergence of Bollinger bands was indicative of this trend. The signal line was moving lower, tracing the movement of the candlesticks.
As the price remained above the current support for a long time, there were chances that the price would breach support. The relative strength index was noting that selling pressure which was maintained close to 50 was now heading towards the oversold zone. The rise in selling pressure could push the price lower; however, Chaikin money flow suggested that the money that was leaving the market was now coming back in.
Take profit: $2.01
Stop level: $2.16
Risk to Reward: 1.04
The current Cardano market was suggesting that the consolidating price might be looking to correct again. The indicators were suggesting a rise in selling pressure, which could result in another fall. However, the buying pressure could result in a trend reversal as the CMF highlighted money entering the ADA market.
Sign Up For Our Newsletter
Creating NFT artwork with my kids
One of the hottest trending topics which fascinated my kid is crypto. Quite honestly, he felt that Dogecoin is the coolest currency and he even asked me to help him purchase some of it with his savings.
We’ve all heard of the term “Digital Natives” and I’m sure some of us here are “Digital Natives”. This refers to the generation that grew up with technology. Technology is here to stay, and I don’t think it’s going to a standstill. As many of us are still grappling with how this whole crypto and blockchain technology works, fueled with the whole speculation in the cryptocurrency market, this is definitely an area of fascination and fear.
While this is not an article explaining the technology, I wanted to approach this from the angle of exposing kids to technology and the other applications of this technology. There’s been too much hype around the speculation of cryptocurrencies which is just one part of the story.
Blockchain technology is something that will be here to stay. The benefits that the technology brings, especially with the ability to create a unique identity for digital assets, opens up endless possibilities for creators such as artists to “mint” original pieces which cannot be replicated.
While I feel that this technology is in its early days and will evolve to something more efficient, there is already wide adoption of blockchain technology in our lives today.
It really started with my 11-year-old boy, Isaac taking an interest in Dogecoin. He’s been reading it on Reddit a lot and is fascinated with the whole Elon Musk sending Dogecoin to the moon. While I’m glad he’s fascinated with how these things work, there is a lot of fluff in this whole proposition which I don’t entirely agree with. The other worrying thing is that he is starting to develop his values around investments and the value of money. Having him exposed to just a single facet of the technology would set that foundation wrong.
Having an interest in any given topic is priceless, and I didn’t want to let this slip. I did let him invest a small part of his savings in Dogecoin. $15 of it to be exact. That story was a good one. He was making over a dollar at one time, before losing about 40% of it on paper. Throughout the whole episode, I checked in with him on how he felt, and he was able to make a decision to hold on to it believing that it was still a good decision to invest. It did recover, and he sold everything making a handsome profit of 40 cents. He later kicked himself when it sent up further and he could have made a lot more. He’s now staying on the sideline and refusing to put any money into it, but I know he’s researching the next thing he should be investing in.
The thing about Blockchain, and Cryptocurrencies, it can get very energy hungry. To put it in context, Bitcoin uses more energy than Argentina and that puts the technology in the top 30 energy users worldwide according to a report by BBC.
Using blockchain technology, unique identities for digital assets such as artwork can be created and stored on the blockchain. This is referred to as NFT. This allows content creators to create their masterpieces without the issue of them being replicated. A good recent example of such an artwork changing hands is that of Mr. Vignesh Sundaresan (Metakovanby) purchasing artwork by digital artist Beeple at a Christie’s auction on March 11. He paid US69 mil for it, which was unthinkable even today.
Riding on the interest of my younger 7-year-old daughter’s in art, I suggested to the kids that we should create our own NFT Artwork and sell it online. This is a perfect example for us in how we can explore the technology together, create an art piece, and put it up for sale.
I also wanted them to think about the good that we can do along with the power to create. So, I asked them if they would give some of the proceeds away to a charity, and they immediately said “YES!”.
Out came the iPad, and we started drawing. It’s a simple illustration of a cute little Mochi. Yes, it’s very elementary, but it was fun creating it!
I did a quick search online, and realized that there aren’t any “NFT Mochi”, but I could be wrong. As far as research goes, this is actually the first NFT Mochi illustration that’s minted!
I also took the opportunity to show them the cost of minting which essentially is the “gas” money that goes to processing the transaction on the Ethereum blockchain network. This fluctuates a lot and depending on the load and if you’re going to pay more to expedite the processing, it can range from a couple of tens of dollars to over a hundred dollars just to mint this NFT artwork.
This allowed me to explain to the kids how the technology works in kids language, and also how the energy impact the technology has.
We had a lot of fun in this process of being an NFT Artist. It was super cool, and I think we might do this again.
Our artwork, “World’s First NFT Mochi” is on sale, do check it out and if you are feeling the “work” that we’ve put in, do put in a bid to buy it! (That would be another story for me and my kids!)
Hope you’ve found this sharing useful. Do share your thoughts and comments with me.
Legacy Records, The First Record Label Paying Music Artists In Crypto
From painters to digital artists to musicians, crypto continues to find integration across artistic mediums. Music continues to be a field that is ripe for revitalization, from a business standpoint. Accordingly, a number of different musicians have been releasing songs and albums as NFTs. Now, we have what’s being reported as the first official record label looking to get involved. The label looks to have artists join the ranks of other musicians getting involved in crypto.
In a press release issued to start this week, Legacy Records CEO Keishia McLeod said it came down to “either get involved or get left behind”. McLeod cited unique income stream opportunities for artists and closed by saying that “this is the future, not a trend”. McLeod has stated previously her intent to drive the label to be at the forefront of leveraging emerging technology in music.
There are two major buckets contributing to Legacy’s approach. The first is the most notable, as the label will become the first to offer artists an opportunity to receive their advance and royalty payments in the form of crypto. The second is to engage artists with NFTs, allowing fans to participate in auctions for unique content. The label’s specific plans around NFTs, and number of artists seeking to get paid in crypto, have not yet been disclosed.
As the crypto market grows, both artists and businesses are getting involved | Source: CRYPTOCAP-TOTAL on TradingView.com
Legacy Music’s Broader Business Growth
Las Vegas-based Legacy Records, not to be confused with Sony’s Legacy Recordings, will look to take advantage of the potential press buzz from the announcement. However, in tandem with the release, the label also announced a to-be-name music distributor who has also agreed to pay Legacy Records artists in bitcoin. The label also merged with New Jersey entertainment lawyer Navarro Gray’s ‘The Gray Firm’, to provide legal guidance around digital execution.
McLeod has noted previously that the label has desired being a mainstay in revolutionizing the way music artists do business. In a January interview with the LA Tribune, McLeod cited Netflix’s impact on the film industry, adding that “we haven’t seen that yet in this industry, but it’s coming. We’re going to be a large part of making that happen”.
Related Reading | Reviewing Topps MLB’s First Swing At NFT Tech
Music Artists Emerging Into Crypto
Legacy’s roster has the potential to join a growing list of music artists that continue to engage with crypto and NFTs. Last month, we wrote about long-time hip-hop artist Eminem partnering with Nifty Gateway to release original instrumental beats. Saturday Night Live promptly had a sketch explaining the digital collectibles parodying Eminem’s “Without Me”.
Other musicians engaging with NFTs include DJ Premier, 3LAU, The Weeknd, Linkin Park’s Mike Shinoda, and more.
Each week, our team recaps the week’s NFT action with ‘NFTs In A Nutshell‘ – covering everything NFT, from sport, music, and more.
Featured image from Pixabay, Charts from TradingView.com
Coinsmart. Beste Bitcoin-Börse in Europa
US Investment Bank Cowen to Offer Crypto Custody Services
Which ‘green’ cryptocurrency is Tesla likely to add for payments?
Buterin Plugs UNI as Next Oracle Token
Elon Musk Pokes Massive Hole in the Bitcoin Market After Halting Bitcoin Payments at Tesla
Facebook’s Diem Enters Crypto Space With Diem USD Stablecoin
Shiba Inu Coin – Is it Worth the Hype?
MicroStrategy Buys Another $15M Worth of Bitcoin at $55K
Diem parters with Silvergate bank to launch stablecoin in the US
The STC Token is Live – And Over 10 Crypto Exchanges are Ready for It
YooShi Launches MEME DeFi Token
DeFi Staple UMA Launches “Optimistic Oracle”
Get the most out of social media with the Weentar blockchain platform
Diem Relocates From Switzerland to the US to Launch an USD-Backed Stablecoin
Central Bank of Bahrain and JPMorgan to work on digital currency settlement pilot
Here’s why Ethereum, AAVE, ALPHA are unfazed by Bitcoin’s latest ‘Elon candle’
Chiliz, Socios announce partnerships with three major Indian cricket franchises
Cardano DeFi Project deFIRE Secures $5M in Funding Round
Sportsbet.io and Arsenal FC Launch Augmented Reality Matchday Programme
Increasing Popularity of Crypto Pressures Samsung to Add Hardware Wallet Support to Its Galaxy Smartphones
AppSwarm’s DOGE division calls for a global dev teams to build off Dogecoin
Blockchain6 days ago
Palantir Accepts Bitcoin for Payments and Considers Adding BTC to Balance Sheet
Blockchain1 week ago
Ray Dalio’s Bridgewater CFO leaves to work on Bitcoin full-time
Blockchain1 week ago
Ethereum price closes in on $4K as Shiba Inu (SHIB) steals Dogecoin’s thunder
Blockchain1 week ago
CFO of World’s Largest Hedge Fund Joins Institutional Bitcoin Firm NYDIG
Blockchain1 week ago
Ethereum (ETH) Hits $3800 ATH As Coinbase Premium Shoots With Institutional Interest
Blockchain1 week ago
Crypto Banter Will Give Away Over $500K To 10 Eligible Community Members
Blockchain1 week ago
Legendary Pelé NFT Set to Drop on Ethernity May 8
Blockchain1 week ago