Score:1

What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

hk flag

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

et flag
SHA256 is a hash function - https://en.wikipedia.org/wiki/Hash_function & for ECC look here - https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
kelalaka avatar
in flag
Your edit is totally a new question, should be rollback. Changing the course of the question once answered is not an accepted behavior in [so]. What is the input of SHA-256? There is a [short input space problem](https://crypto.stackexchange.com/a/81652/18298) on the hash functions. Also, there is [no multiplication on ECC](https://crypto.stackexchange.com/q/88214/18298), only scalar multiplication.
kelalaka avatar
in flag
Also, if I've understood correctly, you cannot map arbitrarily inputs to point on the curve. The ECC relies on the [discrete logarithm problem](https://crypto.stackexchange.com/q/76230/18298), so we first select a uniform random integer then map it to a point on the curve by the scalar multiplication.
Score:10
in flag

What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

There is no real context given, however we can understand it as

  • SHA-256 function:

    Yes it is a function, in a rather precise way: a cryptographic hash function (collision-resistant hash);

    $$\operatorname{SHA256}:\{0,1\}^* \to \{0,1\}^{256}$$

    • One way: it should be practically impossible to invert the given hash digest ( or, Polynomially bounded adversaries cannot revert it).
    • Deterministic: the same input must provide the same output.
    • Random: we should not know the hash of input before hashing it. We can read this as hash functions are candidates for Random Oracles (RO) and SHA256 is not since it has a length extension attack, SHA3 and Blake2 are more close to RO.
    • has Pre-image resistance: close to one way; given a hash value $h$ it must be infeasible for polynomial-time adversaries to find input $m$ such that $\operatorname{SHA256}(m) = h$.
    • Second Pre-image resistance: given a message $m$ and it's hash value $h$, find another message $m'$ such that $\operatorname{SHA256}(m) = h = \operatorname{SHA256}(m')$.
    • and Collision resistance; find the distinct input messages $m_1 \neq m_2$ such that $\operatorname{SHA256}(m_1) = \operatorname{SHA256}(m_2)$.

    Bitcoin uses double SHA256 (SHA256d) and SHA256d is secure against the length extension attacks.

  • Elliptic Curve function:

    This is strange naming, is it the L-function of the Elliptic curves or what? Since the question is talking about Bitcoin, it should rather be the set of functions that Elliptic curves provide more than the below functions:

    • Addition as the group operation (addition, negation, inverse, commute, and association).

    • Scalar multiplication: given a base point $G$ and add it $t$ times:

      $$[t]G : = \underbrace{G + G + \cdots + G}_{t-times} $$

    • Public key generation: Select random $k$ and calculate $[k]G$.

    • ECDSA signature generation.

    • ECDSA signature validation.

Now the answers to your other question are clear.

Do they have the same properties?

No, they don't! Even one is a function the other is a set of functions.

Can both be used to generate private and public key pairs?

No.

However, one can use SHA256 to digest an entropy source to select the random $k$ for their private key and find their public key $K = [k]G$ by using the scalar multiplication of the Elliptic Curves.

And the Bitcoin Address is calculated as;

$$\text{Bitcoin Adress} = \operatorname{RIPEMD160(SHA256(}K))$$ as 20-byte adresses (RIPEMD).


Special note: Some blockchain books/websites use EC multiplication for EC scalar multiplication, like Antonolopus's book Mastering Bitcoin, page 68. This confuses many since they start to think that $P\cdot Q$ exists. No! EC forms additive Abelian groups, and with the scalar multiplication (the usual way to define for additive groups) they form a Z-Module, nothing more.

Cort Ammon avatar
gb flag
+1. I would have said they're like comparing apples and orangutans, but you took the extra effort to describe the properties of apples and the properties of orangutans in a way that should help the OP research the topic, and potentially form a more exacting question in the future. Great Stack Exchange form!
kelalaka avatar
in flag
@CortAmmon the OP did not specify the source, however, I've seen that many sites and books cause confusion. See the newly added special note with an example.
Maarten Bodewes avatar
in flag
We'll exclude hash-based signatures for now I guess. If you count those they you can also do message authentication, key derivation and random number generation "with a hash function".
kelalaka avatar
in flag
@MaartenBodewes Sure they exist. I want to keep the answer in the context of bitcoin. And the hash functions are ubiquitous as we listed some [here](https://crypto.stackexchange.com/q/64588/18298). Do you know that used in bitcoin?
kelalaka avatar
in flag
@MaartenBodewes blockchains now is a wide subject that I've might miss one that use...
kelalaka avatar
in flag
@MaartenBodewes is there a specific reason to be removed from HNQ? Seen now while looking OP's edits.
Score:1
cn flag

Both are functions. it means they are relations between two sets (the input set and the output set) such that every elements $x$ of the input set is in relation with at most one element of the output set. This element is called the image of $x$.

But they do not have the same status in cryptography. Function in "elliptic curve function" is a way to describe an elliptic curve. If the function is $f$, the points of the curve are $(x, f(x))$.

SHA-256, is an algorithm (an algorithm is more precise than a function, because it indicates how compute the images) which is used to generate hashes.

To generate the private key, we pick uniformly at random an integer $n$ of $256$ bits.

To generate the public key we multiply a generator $G$ (given as a public parameter of the curve) by $n$ (by using the square-and-multiply procedure). It gives us a point of the curve $P$. Sometimes this $P$ is considered as a hash of the private key. But it is much more than a simple a hash, it's a public key. It verifies much more properties than usual hash functions such as SHA-256.

If you want more details, you can look : https://en.wikipedia.org/wiki/Elliptic_curve_digital_signature_algorithm

hk flag
If SHA256 is irreversible or preimage resistant. Why bitcoin just don't use the SHA256 to generate a public key out of a randomly generated private key instead of elliptic curve multiplication. I know the input of SHA256 can be anything and output can be 0 to 2^256. Can someone explain to me the elliptic curve multiplication or function whatever is it in the sense of input and output just like SHA256. Because I am not able to understand it from Wikipedia. I have tried it several times.
Ievgeni avatar
cn flag
Preimage resistance is not enough. You need to sign, it's much more difficult to make, a simple hash function is not enough. Eliptic curve are not basic maths, you can try to read this: cryptobook.nakov.com/asymmetric-key-ciphers/
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.