Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert secp256k1_xonly_pubkey to secp256k1_pubkey #1097

Open
w0xlt opened this issue Apr 2, 2022 · 2 comments
Open

Convert secp256k1_xonly_pubkey to secp256k1_pubkey #1097

w0xlt opened this issue Apr 2, 2022 · 2 comments

Comments

@w0xlt
Copy link

w0xlt commented Apr 2, 2022
edited
Loading

Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

Reason: Extract secp256k1_xonly_pubkey from a P2TR address and use it as parameter to secp256k1_ecdh().

Edit: Seem related.
#994
#262
@real-or-random
Copy link
Contributor

Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

No.

You could prefix the serialized xonly_pubkey with 0x02 or 0x03 and then parse it into a normal pubkey. This works. Whether this is secure (whatever this means), depends on your application, and some of the discussion in #262 and #994 applies. Consult your cryptographer. ;)

As a proper solution, we should indeed think about #994. Can you say more about your use case?

@w0xlt
Copy link
Author

w0xlt commented Apr 3, 2022

Thanks for clarifying @real-or-random .

The use case is the "Basic Scheme" mentioned in the article "Silent Payment".

For testing purposes, I implemented an example of this scheme based on #994:
https://github.com/w0xlt/secp256k1/blob/a9677ad9f064efd6c1f91afb9fa2f5d2ab43cd03/examples/spbs.c

The result is something like below :

Sender Secret Key:                      0x4740184e6841348dc9d5c76f7854164aced4e1f976aa7a1be3fcf8448a2fa5e9
Sender Serialized X-Only Public Key:    0xec6998a51c614bdd913472b5311d77e8907810991c298568c12450edfd1a0af2    

Recipient Secret Key:                   0x397f71e54c44f06b69023159fd4e491fde73ac10feb5ba0eaa2298d5aa09381f
Recipient Serialized X-Only Public Key: 0xb66b5717c0500cfe702fdecadad9351227884cb2016dc9c3233a51f957344c02

Sender Shared Secret:    0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4
Recipient Shared Secret: 0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4

Sender Output Public Key:    0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4
Recipient Output Public Key: 0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4

As the recipient needs to previously expose the public key for the sender to calculate the tweaked address, this can only be done with P2TR, where the public key is in x-only format.

@w0xlt w0xlt mentioned this issue Apr 3, 2022
Open
@jonasnick jonasnick mentioned this issue Jul 6, 2022
Closed
@csjones csjones mentioned this issue Dec 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@real-or-random @w0xlt