@ -165,8 +165,8 @@ K = 1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD * G
----
K = (x, y)
where,
x = 325D52E3B7...E5D378
y = 7A3D41E670...CD90C2
x = F028892BAD...DC341A
y = 07CF33DA18...505BDB
----
To visualize multiplication of a point with an integer, we will use the simpler elliptic curve over the real numbers - remember, the math is the same. Our goal is to find the multiple kG of the generator point G. That is the same as adding G to itself, k times in a row. In elliptic curves, adding a point to itself is the equivalent of drawing a tangent line on the point and finding where it intersects the curve again, then reflecting that point on the x-axis.
@ -316,21 +316,21 @@ Here's the public key generated by the private key we created above, shown as th
.Public Key K defined as a point +K = (x,y)+
----
x = 325D52E3B7...E5D378
y = 7A3D41E670...CD90C2
x = F028892BAD...DC341A
y = 07CF33DA18...505BDB
----
Here's the same public key shown as a 512-bit number (130 hex digits) with the prefix +04+ followed by +x+ and then +y+ coordinates, as +04 x y+:
.Uncompressed Public Key K shown in hex (130 hex digits) as +04xy+
----
K = 04325D52E3B7...CD90C2
K = 04F028892BAD...505BDB
----
[[comp_pub]]
===== Compressed Public Keys
Compressed public keys were introduced to bitcoin to reduce the size of transactions and conserve disk space on nodes that store the bitcoin blockchain database. Most transactions include the public key, required to validate the owner's credentials and spend the bitcoin. Each public key requires 513 bytes (prefix \+ x \+ y), which when multiplied by several hundred transactions per block, or tens of thousands of transactions per day, adds a significant amount of data to the blockchain.
Compressed public keys were introduced to bitcoin to reduce the size of transactions and conserve disk space on nodes that store the bitcoin blockchain database. Most transactions include the public key, required to validate the owner's credentials and spend the bitcoin. Each public key requires 513 bits (prefix \+ x \+ y), which when multiplied by several hundred transactions per block, or tens of thousands of transactions per day, adds a significant amount of data to the blockchain.
As we saw in the section <<pubkey>> above, a public key is a point (x,y) on an elliptic curve. Since the curve expresses a mathematical function, a point on the curve represents a solution to the equation and therefore if we know the x-coordinate we can calculate the y-coordinate by solving the equation y^2^ mod p = (x^3^ + 7) mod p. That allows us to store only the x-coordinate of the public key point, omitting the y-coordinate and reducing the size of the key and the space required to store it by 256 bits. A 50% reduction in size in every transaction adds up to a lot of data saved over time!
@ -340,11 +340,11 @@ Whereas uncompressed public keys have a prefix of +04+, compressed public keys s
Here's the same public key generated previously, shown as a +compressed public key+ stored in 264-bits (66 hex digits) with the prefix +02+ indicating the +y+ coordinate is even:
Here's the same public key generated previously, shown as a +compressed public key+ stored in 264-bits (66 hex digits) with the prefix +03+ indicating the +y+ coordinate is odd:
.Compressed Public Key K shown in hex (66 hex digits) as +K = {02 or 03} x+
----
K = 02325D52E3B7...E5D378
K = 03F028892BAD...DC341A
----
The compressed public key, above, corresponds to the same private key, meaning that it is generated from the same private key. However it looks different from the uncompressed public key. More importantly, if we convert this compressed public key to a bitcoin address using the double-hash function (RIPEMD160(SHA256(K))) it will produce a _different_ bitcoin address. This can be confusing, because it means that a single private key can produce a public key expressed in two different formats (compressed and uncompressed) which produce two different bitcoin addresses. However, the private key is identical for both bitcoin addresses.
Minh T. Nguyen
10 years ago
committed by