Cryptography 从消息的哈希生成新公钥。

这个问题涉及基本椭圆曲线密码在比特币项目中的应用

我需要生成一个接收地址（

contract\u public\u key

），该地址与另一个（

issuer\u public\u key

）和一些元数据（

M

）直接关联，以形成比特币合约

我将尝试用更一般的术语

因此，我们有以下几点：

G is the elliptic curve base point.

issuer_private_key = <some random 256bit scalar>
issuer_public_key = issuer_private_key * G

M = 'Terms of contract bla bla and also includes issuer_public_key for safety'

我想要一个函数，GenPriv，其中：

GenPub(issuer_public_key, issuer_private_key, M) = contract_private_key

这样,

contract_public_key = contract_private_key * G

以下是我第一次尝试使用伪python：

def GenPub(issuer_public_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # create an EC point that is known to both parties
    contract_point =  (e * issuer_public_key)

    # generate a public key for this contract
    return contract_point + issuer_public_key


def GenPriv(issuer_public_key, issuer_private_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # create an EC point that is known to both parties
    contract_point =  (e * issuer_public_key)

    # generate a private key for this contract
    return contract_point + issuer_private_key


# the public key for the contract
contract_private_key = GenPub(issuer_public_key, M)

# the private key for contract
contract_private_key = GenPriv(issuer_public_key, issuer_private_key, M)

---

非常感谢的反馈

无法计算合同点+发行人密钥

contract\u point

是椭圆曲线上的一个点，但

issuer\u private\u key

只是一个标量

假设您想要的是：

def GenPriv(issuer_public_key, issuer_private_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # generate a private key for this contract
    return e + issuer_private_key

我不确定这个系统的安全性。它需要一些密码分析。也许你可以向我寻求帮助

---

在我看来，我将使用一个方案来协商合同的密钥

最好将其转换成半正式的数学形式，并发布在crypto.stackexchange.com上。

def GenPriv(issuer_public_key, issuer_private_key, M):
    # generate a hash of the message
    e = SHA256(M)

    # generate a private key for this contract
    return e + issuer_private_key