Score:1

Crypto

Verify that x, y coordinates given as hex string are valid points on an Elliptic Curve

factor2

10/15/22, 4:28 PM

Given the following information:

"curve": "P-256",

"qx": "729C51D177EBE2079A0FB7B0B3C2145159CF81EC61960E642A1744719AA9F913",

"qy": "8C36BCF51475016E614F8C7E0CB1B37C7EA65B4ECCF809852C9B2D0E438710BD"

The above coordinates are supposedly valid as per the test vector expected results:

"testPassed": true

I need to determine if the above public key coordinates are valid points on the curve or not. I have tried converting the coordinates in python into ints with:

>>> x = int("7C96DFF02F55B876A2A885A920E9FB5E30C6E1A4061A62517FD5C936A16AD363", 16)
>>> y = int("301ABC6B82DF5B6B6D3E8D56D7660D83A6E4F55E321BD2E57A5AC4A6A683374E", 16)

And then plugged those integer values into both of the following formulas:

y^2 = X^3 + 7 (secp256k1)

y^2 = x^3 - 3x + b where b is 41058363725152142129326129780047268409114441015993725554835256314039467401291

In neither case did the formula indicate that the values were valid.

Would anybody happen to know how I could go about validating these coordinates?

268

1 + 12

elliptic-curves

public-key

test-vectors

dsa

secp256k1

poncho

10/15/22, 4:45 PM

For P256; it's the $y^2 \equiv x^3 - 3x + b \pmod p$ formula. Did you remember to do the $\bmod p$ part?

factor2

10/15/22, 4:50 PM

Ah, I definitely had the formula wrong because I did leave out the mod p component. How can I get that component out of the x, y coordinates?

poncho

10/15/22, 4:51 PM

If you know that you're checking a P256 curve, that gives you the $p$ value

factor2

10/15/22, 5:00 PM

Okay, I still end up getting the wrong value. After conversion, I get the following x and y values: x = 56353365848849265321159620645865428036014544177922197398856507648435978687331 y = 21758255182490996347272889474463336439598185139152900800520689763795259832142 This gives me a (y^2) % 256 = 196 and a (x^3 -3x + b) % 256 = 93 Is my constant b value wrong perhaps?

factor2

10/15/22, 5:08 PM

and with the first equation I get (x^3 + 7) %256 = 66

Ievgeni

10/15/22, 5:08 PM

Why are you %256 doing? You're supposed to do %$p$.

factor2

10/15/22, 5:10 PM

Oh I assumed from the above comment that I was being dumb and that the p value would be the value of the curve (i.e. 256). I guess I was still being dumb. Could I get a link to the documentation that shows the p value?

kelalaka

10/15/22, 5:17 PM

@ponco the problem is this: the curve is not correct. It should be secp256r1. The current point is not on the curve secp256k1 it is on the curve secp256r1.

kelalaka

10/15/22, 5:19 PM

Now I can call this dupe of this [Verify that a point belongs to secp256r1](https://crypto.stackexchange.com/a/90154/18298)

factor2

10/15/22, 5:21 PM

Thank you Kelalaka, I did not realize I was on the wrong curve. Much appreciated

factor2

10/15/22, 5:29 PM

A brief glance looks like yes, it will. I haven't been able to test it as I got pulled into a meeting. Won't get back to it for another hour or so. I will mark it when I get back on it

factor2

10/15/22, 5:37 PM

Well, that was faster than expected. Yup, works with the secp256r1 curve

Score:0

Crypto

Ievgeni

10/15/22, 5:20 PM

As you wrote you're supposed to check that $y^2 = x^3 + ax + b \mod p$.

According to this source.

$$p = 2^{256}-2^{224}+2^{192}+2^{96}-1$$

Notice that the $256$ refers to the bit size of $p$, and not to $p$ itself.

0 + 1

factor2

10/15/22, 5:23 PM

A commenter above pointed out that I am on the wrong curve, but I want to thank you for the link to that documentation, good knowledge for me to read through in general

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Verify that x, y coordinates given as hex string are valid points on an Elliptic Curve

TH: ตรวจสอบว่าพิกัด x, y ที่กำหนดเป็นสตริงฐานสิบหกเป็นจุดที่ถูกต้องบน Elliptic Curve

RO: Verificați că coordonatele x, y date ca șir hexagonal sunt puncte valide pe o curbă eliptică

RU: Убедитесь, что координаты x, y, заданные в виде шестнадцатеричной строки, являются допустимыми точками на эллиптической кривой.

VI: Xác minh rằng tọa độ x, y được cung cấp dưới dạng chuỗi hex là các điểm hợp lệ trên Đường cong Elliptic

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.