Hfrxdjt

How does one intimidate enemies without having the capacity for violence?

Do Phineas and Ferb ever actually get busted in real time?

How do we improve the relationship with a client software team that performs poorly and is becoming less collaborative?

Why CLRS example on residual networks does not follows its formula?

N.B. ligature in Latex

Is there a familial term for apples and pears?

Infinite past with a beginning?

What would happen to a modern skyscraper if it rains micro blackholes?

XeLaTeX and pdfLaTeX ignore hyphenation

GPS Rollover on Android Smartphones

The iconography of Laddu Gopal's soles

Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?

How can bays and straits be determined in a procedurally generated map?

Why don't electron-positron collisions release infinite energy?

Dragon forelimb placement

Type 1 Error & Type 2 Error's pregnancy test analogy: is it legit?

Relation between Frobenius, spectral norm and sum of maxima

I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine

Why don't electromagnetic waves interact with each other?

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

How long does it take to type this?

Why are weather verbs 曇る and 晴れる treated differently in this sentence?

Explain the parameters before and after @ in the terminal prompt

Basic combinations logic doubt in probability

Can you tell me why doing scalar multiplication of a point on a Elliptic curve over a finite field gets to a point at infinity?

What is the relationship between p (prime), n (order) and h (cofactor) of an elliptic curve?What is the point at infinity on secp256k1 and how to calculate it?Modulus for elliptic curve point multiplicationGraphically representing points on Elliptic Curve over finite fieldElliptic curve group over a prime finite field $F_p$Scalar Multiplication for Elliptic CurveUsage of parameter “b” of an elliptic curve over GF(p)Elliptic curve scalar point multiplicationElliptic curve point multiplication — who is wrong?Understanding elliptic curve point addition over a finite fieldPoint-at-infinity in the scalar multiplicationelliptic curve infinity point implementation returns exception

2

1

$begingroup$

I am reading Programming Bitcoin. The author said:

Another property of scalar multiplication is that at a certain multiple, we get to the point at infinity (remember, the point at infinity is the additive identity or $0$). If we imagine a point $G$ and scalar-multiply until we get the point at infinity.

He doesn't explain why. So I don't understand why. I would like you to give me a plain explanation, without a serious mathematical proof, if that could be possible.

elliptic-curves cryptocurrency

share|improve this question

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

2

1

$begingroup$

I am reading Programming Bitcoin. The author said:

Another property of scalar multiplication is that at a certain multiple, we get to the point at infinity (remember, the point at infinity is the additive identity or $0$). If we imagine a point $G$ and scalar-multiply until we get the point at infinity.

He doesn't explain why. So I don't understand why. I would like you to give me a plain explanation, without a serious mathematical proof, if that could be possible.

elliptic-curves cryptocurrency

share|improve this question

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

$begingroup$

I am reading Programming Bitcoin. The author said:

Another property of scalar multiplication is that at a certain multiple, we get to the point at infinity (remember, the point at infinity is the additive identity or $0$). If we imagine a point $G$ and scalar-multiply until we get the point at infinity.

He doesn't explain why. So I don't understand why. I would like you to give me a plain explanation, without a serious mathematical proof, if that could be possible.

elliptic-curves cryptocurrency

share|improve this question

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

share|improve this question

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

edited 1 hour ago

Maarten Bodewes♦

55.7k679196

asked 10 hours ago

inherithandleinherithandle

1111

New contributor

inherithandle is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 10 hours ago

inherithandleinherithandle

1111

1 Answer
1

active

oldest

votes

3

$begingroup$

The points on the Elliptic Curves are forming an additive group with the identity $mathcalO$, the point at infinity.

The scalar multiplication $k P$ this actually means adding $P$, $k$-times itself

$$kP=underbraceP+P+cdots+P_text$k$ times.$$

Bitcoin uses Secp256k1 which has characteristic $p$ and it is defined over the prime field $mathbbZ_p$ with the curve equation $y^2=x^3-7$.

Point addition in $mathbbZ_p$ has an interesting property since the number of elements is finite if you add a point $P$ itself many times eventually you will get the identity $mathcalO$.

$$underbraceP+P+cdots+P_text$t$ times = mathcalO$$

The smallest $t$ will be the order of the subgroup generated by the $P$. For security, we want this order huge.

Note 1: a point $P$ may not generate the whole group but it generates a cyclic subgroup.

Note 2: As pointed by SqueamishOssifrage, The Smart showed that if the order of the curve and order of the base field are same then the discrete logarithm on this curves runs in linear time.

share|improve this answer

edited 1 hour ago

answered 8 hours ago

kelalakakelalaka

8,75532351

$endgroup$

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The order of the scalar ring is not the characteristic or order of the coordinate field. The orders are related, but are not the same except in cases that are trivially breakable as Nigel Smart showed.
  $endgroup$
  – Squeamish Ossifrage
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @SqueamishOssifrage thanks and for the links.
  $endgroup$
  – kelalaka
  1 hour ago
  
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

inherithandle is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68593%2fcan-you-tell-me-why-doing-scalar-multiplication-of-a-point-on-a-elliptic-curve-o%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

$begingroup$

The points on the Elliptic Curves are forming an additive group with the identity $mathcalO$, the point at infinity.

The scalar multiplication $k P$ this actually means adding $P$, $k$-times itself

$$kP=underbraceP+P+cdots+P_text$k$ times.$$

Bitcoin uses Secp256k1 which has characteristic $p$ and it is defined over the prime field $mathbbZ_p$ with the curve equation $y^2=x^3-7$.

Point addition in $mathbbZ_p$ has an interesting property since the number of elements is finite if you add a point $P$ itself many times eventually you will get the identity $mathcalO$.

$$underbraceP+P+cdots+P_text$t$ times = mathcalO$$

The smallest $t$ will be the order of the subgroup generated by the $P$. For security, we want this order huge.

Note 1: a point $P$ may not generate the whole group but it generates a cyclic subgroup.

Note 2: As pointed by SqueamishOssifrage, The Smart showed that if the order of the curve and order of the base field are same then the discrete logarithm on this curves runs in linear time.

share|improve this answer

edited 1 hour ago

answered 8 hours ago

kelalakakelalaka

8,75532351

$endgroup$

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The order of the scalar ring is not the characteristic or order of the coordinate field. The orders are related, but are not the same except in cases that are trivially breakable as Nigel Smart showed.
  $endgroup$
  – Squeamish Ossifrage
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @SqueamishOssifrage thanks and for the links.
  $endgroup$
  – kelalaka
  1 hour ago
  
  

  
  
  
  

add a comment | 

3

$begingroup$

The points on the Elliptic Curves are forming an additive group with the identity $mathcalO$, the point at infinity.

The scalar multiplication $k P$ this actually means adding $P$, $k$-times itself

$$kP=underbraceP+P+cdots+P_text$k$ times.$$

Bitcoin uses Secp256k1 which has characteristic $p$ and it is defined over the prime field $mathbbZ_p$ with the curve equation $y^2=x^3-7$.

Point addition in $mathbbZ_p$ has an interesting property since the number of elements is finite if you add a point $P$ itself many times eventually you will get the identity $mathcalO$.

$$underbraceP+P+cdots+P_text$t$ times = mathcalO$$

The smallest $t$ will be the order of the subgroup generated by the $P$. For security, we want this order huge.

Note 1: a point $P$ may not generate the whole group but it generates a cyclic subgroup.

Note 2: As pointed by SqueamishOssifrage, The Smart showed that if the order of the curve and order of the base field are same then the discrete logarithm on this curves runs in linear time.

share|improve this answer

edited 1 hour ago

answered 8 hours ago

kelalakakelalaka

8,75532351

$endgroup$

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  $begingroup$
  The order of the scalar ring is not the characteristic or order of the coordinate field. The orders are related, but are not the same except in cases that are trivially breakable as Nigel Smart showed.
  $endgroup$
  – Squeamish Ossifrage
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  $begingroup$
  @SqueamishOssifrage thanks and for the links.
  $endgroup$
  – kelalaka
  1 hour ago
  
  

  
  
  
  

add a comment | 

$begingroup$

The points on the Elliptic Curves are forming an additive group with the identity $mathcalO$, the point at infinity.

The scalar multiplication $k P$ this actually means adding $P$, $k$-times itself

$$kP=underbraceP+P+cdots+P_text$k$ times.$$

Bitcoin uses Secp256k1 which has characteristic $p$ and it is defined over the prime field $mathbbZ_p$ with the curve equation $y^2=x^3-7$.

Point addition in $mathbbZ_p$ has an interesting property since the number of elements is finite if you add a point $P$ itself many times eventually you will get the identity $mathcalO$.

$$underbraceP+P+cdots+P_text$t$ times = mathcalO$$

The smallest $t$ will be the order of the subgroup generated by the $P$. For security, we want this order huge.

Note 1: a point $P$ may not generate the whole group but it generates a cyclic subgroup.

Note 2: As pointed by SqueamishOssifrage, The Smart showed that if the order of the curve and order of the base field are same then the discrete logarithm on this curves runs in linear time.

share|improve this answer

edited 1 hour ago

answered 8 hours ago

kelalakakelalaka

8,75532351

$endgroup$

share|improve this answer

edited 1 hour ago

answered 8 hours ago

kelalakakelalaka

8,75532351

answered 8 hours ago

kelalakakelalaka

8,75532351

answered 8 hours ago

kelalakakelalaka

8,75532351