--- Log opened Thu Sep 02 00:00:56 2021
02:33 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
06:28 -!- siv2r0930089 [~siv2r@103.77.37.153] has joined #secp256k1
08:07 -!- jonatack [~jonatack@user/jonatack] has quit [Quit: Client closed]
08:17 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
08:43 < ariard> in EC, point substraction is equivalent to add the additive inverse of the second term? if you have P = A + B, then A = P + (-B) holds ?
08:43 < sipa> yes
08:43 < sipa> this holds in fact in every group :)
08:44 -!- jonatack [~jonatack@user/jonatack] has quit [Quit: Client closed]
08:44 < ariard> yeah that's my understanding, in secp256k1 it's gej_add_ge_var(a,b), gej_neg(b), gej_add_ge_var(p, -b) ?
08:44 < sipa> well, "-b" won't work
08:44 < ariard> trying to do that with the python implemn and don't get the expected result :(
08:45 < ariard> well where -b = gej_neg(b)
08:45 < sipa> negating a point (x,y) is (x,-y)
08:45 < sipa> or negating (x,y,z) in jacobian coordinates gives you (x,-y,z)
08:46 < ariard> ah i need to use ge_neg() instead of gej_neg()
09:35 < ariard> okay works well with the C lib but can't get point substraction working correctly from Core test framework (key.py), here the code just in case: https://gist.github.com/ariard/3b5fdc299b352cc5f35107a500106368
09:36 < sipa> that doesn't work, you need the sign returned by compute_xonly_pubkey
09:36 < sipa> as private key x and -x have the same x-only pubkey
09:37 < sipa> oh, that's not the issue here
09:37 < sipa> nvm
09:37 < sipa> P is computed as Pa+Pb
09:37 < sipa> Q is computed as Pa-Pb
09:38 < ariard> right
09:38 < sipa> those won't ever be the same
09:38 < ariard> no Q is computed as Pa + (- Pb)
09:38 < sipa> yes, same thing
09:38 < sipa> that won't ever be equal to Pa+Pb
09:38 < sipa> unless Pb is 0
09:39 < ariard> ah, why?
09:39 < sipa> because A+B != A-B
09:39 < sipa> math, in general
09:40 < gmaxwell> well it's true in character=2 fields, :P
09:40 < ariard> wait Pnb is here the additive inverse of Pb
09:40 < sipa> yes
09:40 < sipa> you're computing Pa+Pb and Pa+(-Pb)
09:40 < sipa> those are not the same, unless Pb == -Pb
09:41 < gmaxwell> did you mean to do Pa+Pb+(-Pb)==Pa instead?
09:41 < sipa> which is the case when Pb==0, or as gmaxwell says, always true in characteristic-2 fields (which the secp256k1 coordinate field is not)
09:41 < ariard> that's right, let me correct the code, i think i've tried add(P, Pnb) before
09:41 < ariard> gmaxwell: yes
09:43 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
09:45 < ariard> okay, so I corrected to do Pa+pb+(-Pb)=Pa or in python code Q = SECP256K1.add(P, Pnb), and still got an error :/
09:45 < ariard> likely an error of mine, gonna investigate further :p
09:45 < sipa> show me your code
09:46 < ariard> same gist, just updated
09:47 < sipa> i think you're just hitting the lack of normalization
09:47 < sipa> P and Q should be the same point, but that doesn't mean their jacobian representation will be identical
09:48 < ariard> yeah and the results are in jacobian here
09:48 < sipa> try SECP256K1.affine(Pa) == SECP256K1.affine(Q)
09:49 < ariard> yeah it works :)
09:49 < sipa> or, more efficient: SECP256K1.add(Pa, SECP256K1.negate(Q)) is None
09:49 < ariard> thanks a lot!!
09:49 < ariard> why two points might not have the same jacobian representation? curious
09:50 < ariard> like if they're the same
09:51 < sipa> it's like fractions
09:52 < sipa> 3/6 and 1/2 are the same number, but they have different representations
09:52 < sipa> the jacobian tuple (X,Y,Z) represents the affine point (X/Z^2, Y/Z^3)
09:52 < sipa> so in a way, Z is a "denominator"
09:53 < sipa> but e.g. (X,Y,Z) and (4X,8Y,2Z) represent the same point
09:54 < ariard> gotcha, gonna read more how and why we pick up a given Z :)
09:54 < sipa> it depends on the actual order of operations performed, as you've seen
10:40 < gmaxwell> ariard: the simple formula for adding points has a divison in it. Divisions are slow.  So instead, it gives the result as a fraction.   This is a trick that works great for mental arithmetic too, back in the days when people used to do that:  if you're doing some sequence of operations, don't divide, just keep things in num/den form until you're done. 
11:39 -!- siv2r09300892 [~siv2r@103.77.37.175] has joined #secp256k1
11:43 -!- siv2r0930089 [~siv2r@103.77.37.153] has quit [Ping timeout: 252 seconds]
11:43 -!- siv2r09300892 is now known as siv2r0930089
17:19 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 244 seconds]
17:31 -!- belcher [~belcher@user/belcher] has joined #secp256k1
23:07 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 256 seconds]
23:26 -!- siv2r0930089 [~siv2r@103.77.37.175] has quit [Quit: The Lounge - https://thelounge.chat]
23:26 -!- siv2r09300892 [~siv2r@103.77.37.175] has joined #secp256k1
23:44 < darosior> My understanding of Musig2 in practice is that it's adapted for hot keys but not so much for cold ones given all the ways you can shoot yourself in the foot. Am i incorrect?
--- Log closed Fri Sep 03 00:00:56 2021