Convert secp256k1_xonly_pubkey to secp256k1_pubkey #1097

issue w0xlt openend this issue on April 2, 2022
  1. w0xlt commented at 4:06 am on April 2, 2022: none

    Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

    Reason: Extract secp256k1_xonly_pubkey from a P2TR address and use it as parameter to secp256k1_ecdh().

    Edit: Seem related. #994 https://github.com/bitcoin-core/secp256k1/pull/262

  2. real-or-random commented at 5:35 pm on April 2, 2022: contributor

    Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

    No.

    You could prefix the serialized xonly_pubkey with 0x02 or 0x03 and then parse it into a normal pubkey. This works. Whether this is secure (whatever this means), depends on your application, and some of the discussion in #262 and #994 applies. Consult your cryptographer. ;)

    As a proper solution, we should indeed think about #994. Can you say more about your use case?

  3. w0xlt commented at 8:44 pm on April 3, 2022: none

    Thanks for clarifying @real-or-random .

    The use case is the “Basic Scheme” mentioned in the article “Silent Payment”.

    For testing purposes, I implemented an example of this scheme based on #994: https://github.com/w0xlt/secp256k1/blob/a9677ad9f064efd6c1f91afb9fa2f5d2ab43cd03/examples/spbs.c

    The result is something like below :

    Sender Secret Key:                      0x4740184e6841348dc9d5c76f7854164aced4e1f976aa7a1be3fcf8448a2fa5e9
Sender Serialized X-Only Public Key:    0xec6998a51c614bdd913472b5311d77e8907810991c298568c12450edfd1a0af2    

Recipient Secret Key:                   0x397f71e54c44f06b69023159fd4e491fde73ac10feb5ba0eaa2298d5aa09381f
Recipient Serialized X-Only Public Key: 0xb66b5717c0500cfe702fdecadad9351227884cb2016dc9c3233a51f957344c02

Sender Shared Secret:    0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4
Recipient Shared Secret: 0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4

Sender Output Public Key:    0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4
Recipient Output Public Key: 0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4

    As the recipient needs to previously expose the public key for the sender to calculate the tweaked address, this can only be done with P2TR, where the public key is in x-only format.

  4. w0xlt cross-referenced this on Apr 3, 2022 from issue x-only ECDH support by rustyrussell
  5. jonasnick cross-referenced this on Jul 6, 2022 from issue The principle of just-in-time xonly by LLFourn
  6. csjones cross-referenced this on Dec 22, 2022 from issue Contructing a PublicKey with rawRepresentation fails with incorrect size by pseudoramdom


w0xlt real-or-random

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-21 20:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me