semisol's avatar
semisol semisol@nostr.land 1 month ago
Any integer x over GF(p) have a modular inverse x^-1 so that x * x^-1 = 1. So the view private key v = H(S || “magic number”) * s (where s is your nsec, and S = sG = npub) can be reversed, by testing each possible S’, and if it holds, then it is the view key for S’: S’ = H(S’ || “magic number)^-1 * v * G = H^-1 * H * s * G = sG = S Then you can trivially reverse the key s = H(S || “magic number”)^-1 * v
↑ Parent

Replies (2)

Tim Bouma's avatar
Tim Bouma trbouma@getsafebox.app 1 month ago
That looks like tonight’s homework. Thanks! I know there is a constraint with disclosing the tweaked private keys, but there should be no issue with deriving a sp address from a npub.
1 replies ↓
SatsAndSports's avatar
SatsAndSports 0 months ago
Thanks for the write-up of that, semisol. Makes sense I was thinking of multiplication in a different context, where it is sometimes a bit better than addition, but you're right that it doesn't help here
1 replies ↓