secp256k1 icon indicating copy to clipboard operation
secp256k1 copied to clipboard

Published 20 hours ago verified publisher icon bitcoin-core

Convert `secp256k1_xonly_pubkey` to `secp256k1_pubkey`

Open w0xlt opened this issue 2 years ago • 2 comments

Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

Reason: Extract secp256k1_xonly_pubkey from a P2TR address and use it as parameter to secp256k1_ecdh().

Edit: Seem related. https://github.com/bitcoin-core/secp256k1/pull/994 https://github.com/bitcoin-core/secp256k1/pull/262

w0xlt avatar Apr 02 '22 04:04 w0xlt

Is there a way to convert a secp256k1_xonly_pubkey into a secp256k1_pubkey ?

No.

You could prefix the serialized xonly_pubkey with 0x02 or 0x03 and then parse it into a normal pubkey. This works. Whether this is secure (whatever this means), depends on your application, and some of the discussion in #262 and #994 applies. Consult your cryptographer. ;)

As a proper solution, we should indeed think about #994. Can you say more about your use case?

real-or-random avatar Apr 02 '22 17:04 real-or-random

Thanks for clarifying @real-or-random .

The use case is the "Basic Scheme" mentioned in the article "Silent Payment".

For testing purposes, I implemented an example of this scheme based on #994: https://github.com/w0xlt/secp256k1/blob/a9677ad9f064efd6c1f91afb9fa2f5d2ab43cd03/examples/spbs.c

The result is something like below :

Sender Secret Key:                      0x4740184e6841348dc9d5c76f7854164aced4e1f976aa7a1be3fcf8448a2fa5e9
Sender Serialized X-Only Public Key:    0xec6998a51c614bdd913472b5311d77e8907810991c298568c12450edfd1a0af2    

Recipient Secret Key:                   0x397f71e54c44f06b69023159fd4e491fde73ac10feb5ba0eaa2298d5aa09381f
Recipient Serialized X-Only Public Key: 0xb66b5717c0500cfe702fdecadad9351227884cb2016dc9c3233a51f957344c02

Sender Shared Secret:    0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4
Recipient Shared Secret: 0x9dd2bd3b402726bf3c40f48c419d871c60fb0501bf6b8123fbb6480ff4cf54a4

Sender Output Public Key:    0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4
Recipient Output Public Key: 0x03f898ab3f25d3dab1e5e5aee56c8daf0284c5934d97ef41d12c70aba25c34bed4

As the recipient needs to previously expose the public key for the sender to calculate the tweaked address, this can only be done with P2TR, where the public key is in x-only format.

w0xlt avatar Apr 03 '22 20:04 w0xlt