Can I quickly check the cofactor of secp256k1 is 1

I was wondering if there was a quick way to check that the group underlying the elliptic curve secp256k1 was indeed cyclic with the usual point G a generator. I am given the prime number underlying the field Fp, I am given the point G, I am given the integer orderwhich is presented as the order of the curve. I can check that the scalar multiplication order.G yields the infinity point. So I know that the order of G (i.e. the cardinal of its generated subgroup) divides order. I can check that order is a probable prime. So I reach the conclusion that the order of G is indeed order. But how do I know its generated subgroup is the whole elliptic curve?

import java.math.BigInteger; import org.bitcoinj.core.ECKey; import org.spongycastle.math.ec.ECCurve; import org.spongycastle.math.ec.ECPoint;   public class Test {   public static void main(String[] args){    // secp256k1 elliptic curve   ECCurve curve = ECKey.CURVE.getCurve();    // the order of the curve   BigInteger order = curve.getOrder();    // fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141   System.out.println(order.toString(16));    // The generator of the curve   ECPoint G = ECKey.CURVE.getG();   BigInteger X = G.getAffineXCoord().toBigInteger();   BigInteger Y = G.getAffineYCoord().toBigInteger();    // 79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798   System.out.println(X.toString(16));    // 483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8   System.out.println(Y.toString(16));     // Computing scalar multiplication order.G   ECPoint test = G.multiply(order);    System.out.println(test.isInfinity());  // true    // so we know the order of G (i.e. the cardinal of its   // generated subgroup) divides 'order'. However:    System.out.println(order.isProbablePrime(128)); // true    // and G is not infinity. So the order of G is precisely order.   // How do I check that the subgroup generated by G is actually    // the whole elliptic curve group, i.e. that the cofactor is 1?   } } 

Recent Questions – Bitcoin Stack Exchange

Scaling quickly

Scaling-wise, the Bitcoin Core developers are mainly focused on:

  • SegWit, which increases the "effective" max block size to 1.8-4 MB (the exact size depends on the distribution of transaction types).
  • Lightning, which "caches" transactions off-chain to allow for much higher volumes and zero confirmation times.

Both are very good ideas which will probably be essential to Bitcoin's long-term scaling. However, some people seem to be extremely concerned that fees could increase too quickly, and that the above solutions may be too slow in becoming widely useful. As I have previously mentioned, there are several options for quick scaling beyond SegWit or Lightning. I will outline a fairly simple one here, which will work on the Bitcoin network as it exists now. For those concerned about this issue, I recommend working on creating something like this.

The idea is to make a federated sidechain with an unlimited block size, and rely on a certain amount of centralization within that sidechain to increase efficiency. This is the same way that Blockstream's Liquid sidechain works, which is intended for high-volume settlement between banks.

With federated peg, a fixed set of centralized entities are designated as "signers" (aka "functionaries"). These are the only entities which need to run full nodes, so scaling is way easier: just buy super-beefy servers for all of them. Everyone else just needs to download the sidechain block headers, their own transactions, and the needed Merkle branches. Also, confirmations are near-instant because there is no PoW mining, and fees can be very low because there is no block-space scarcity and the cost to signers for processing a transaction is minimal. If the signers are all independent (ie. they won't collude) and in different countries, then this arrangement can be quite secure, and arguably even more decentralized than when lightweight nodes trust the highly-centralized Bitcoin miners. The Tor network works similarly: the entire Tor network is administered by about 6 directory authorities run by independent organizations in separate countries. Obviously, this centralized arrangement would be totally unacceptable for Bitcoin as a whole, but I think that it's reasonable in this context.

Blockstream has a framework for building your own federated 2-way-peg sidechain that will work with today's Bitcoin network: https://www.elementsproject.org/sidechains/creating-your-own.html Take that code, make a few adjustments for high volume (see the end of this post), and run with it. The code/instructions above creates a sidechain with only 1 signer — for security, you'd want to have multiple signers (maybe 10-20) in a production network. You could copy code from Elements Alpha for this.

From an end-user perspective: Wallets supporting the sidechain would have two separate balances, which can be thought of as "checking" and "savings". The savings part would be BTC balances exactly as now. The checking part would be BTC in the sidechain. BitPay etc. would show just one address, but would listen for transactions on both the Bitcoin network and the sidechain. Users would periodically move BTC from their savings to checking. Because the checking side is centralized and therefore less secure, I envision people generally never having a balance of more than $ 1000 or so in their checking balance — if a transaction is more than a few hundred dollars, it's better to do it on the Bitcoin network directly.

It's like having a high-security Swiss bank account which only allows wire transfers (Bitcoin network) plus a less-secure checking account which has a debit card (sidechain).

Adjustments for higher volume:

  • The overlay network would need to be different. It doesn't scale for everyone to broadcast their transactions to everyone else. Senders should just send transactions directly to one or more of the functionaries.
  • To fetch your incoming transactions, you'd need to query the functionaries. It'd be nice to do this in some way that doesn't give functionaries a list of all of your addresses. Bloom filters are better than nothing, but it's possible to do even better.
  • The functionaries all need beefy servers and low-latency, high-bandwidth connections between each other.

Additionally, it would be possible to add anonymity features to the sidechain (eg. confidential transactions). But I'm thinking here about something that could be done pretty quickly, so that's not essential.

Elements Alpha (already running, though not intended for production use) and Rootstock (apparently soon to be released) are federated sidechains and therefore offer many of these same advantages, but they're not really focused on high volume or close integration with Bitcoin transactions, so I think it'd be better to create a dedicated sidechain for this.

Since much of the code is already written, I think that a dedicated team could probably have this up and running in a month or two.

submitted by /u/theymos
[link] [comments]
Bitcoin

How to handle VirWox transfers and invoices that expire quickly?

I would like to withdraw a moderate amount of Bitcoin (equivalent to a few tens of USD) to pay the subscription to an online service.

I tried to use the “Request Withdrawal” command on the VirWox site, but it resulted in a message notifying that the Bitcoin transactions are only processed after a 48 hours period.

The invoice provided by the online service I want to subscribe to becomes expired after 15 minutes ; at least it is what is displayed on the pay site page I was redirected to (bitpay.com).

Is it possible to proceed to such a transaction directly from VirWox ? Or should I consider an other method ?

Thanks in advance for all suggestions (also please excuse my inexperience about the subject).

Recent Questions – Bitcoin Stack Exchange