[−][src]Constant secp256k1zkp::constants::GENERATOR_PUB_J_RAW
pub const GENERATOR_PUB_J_RAW: [u8; 64]
Generator point J
Used as generator point in Switch Commitments. Created as NUMS (nothing-up-my-sleeve) curve point from double-SHA256 hash of G. Details: Calculate sha256 of sha256 of uncompressed serialization format of G, treat the result as x-coordinate, find the first point on curve with this x-coordinate (which happens to exist on the curve)
Example in SageMath:
sage: import hashlib
sage: # finite field of secp256k1: sage: F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) sage: # Elliptic Curve defined by y^2 = x^3 + 0x + 7 over finite field F ( = secp256k1) sage: secp256k1 = EllipticCurve ([F (0), F (7)])
sage: # hash of generator point G in uncompressed form: sage: hash_of_g = hashlib.sha256('0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8'.decode('hex'))
sage: # double hash of generator point G: sage: double_hash_of_g = hashlib.sha256(hash_of_g.hexdigest().decode('hex')) sage: # treat as Integer sage: double_hash_as_int = Integer(int(double_hash_of_g.hexdigest(),16))
sage: # get the first point on the curve (if any exists) from given x-coordinate: sage: POINT_J = secp256k1.lift_x(double_hash_as_int)
sage: # output x- and y-coordinates of the point in hexadecimal: sage: '%x %x'%POINT_J.xy()
sage Result: 'b860f56795fc03f3c21685383d1b5a2f2954f49b7e398b8d2a0193933621155f a43f09d32caa8f53423f427403a56a3165a5a69a74cf56fc5901a2dca6c5c43a'
Format: raw x- and y- coordinate, without compressed/uncompressed prefix byte in REVERSED byte order (indicated by the suffix "_RAW")!
This is different from G and H as in the underlying secp256k1 library, J is declared as "secp256k1_pubkey" while G and H are declared as "secp256k1_generator" which seem to be represented and parsed differently (see "secp256k1_ec_pubkey_parse" vs "secp256k1_generator_parse" in https://github.com/mimblewimble/secp256k1-zkp/).