TL;DR: you’ll be able to to a restricted extent outline what level addition between two distinct curves is, by simply reusing the formulation, however there won’t be any relation between this and the corresponding personal keys.
Allow us to think about elliptic curves of the shape
Y2 = X3 + aX + b, modulo p
(these are known as brief Weierstrass curves)
For secp256k1, p = 2256 – 232 – 977, a = 0, b = 7.
Probably the most impactful parameter is p. Should you change p, you alter what type of numbers X and Y are. Whereas they’re written identically, “the integer 37“, “the integer 37 within the set of numbers modulo p“, and “the integer 37 within the set of numbers modulo q ≠ p” are all three very completely different beasts, with very completely different mathematical properties. Due to this, I will follow the identical modulus p going ahead. Should you change the modulus, I do not see the way you’d outline what operations on elliptic curve factors seem like. Which modulus do you employ?
As a substitute, let’s prohibit ourselves to modulus p. Now have a look at the elliptic curve level addition equation (which doesn’t apply when including some extent to itself or its negation, however ignore these) for including the purpose (X1,Y1) to (X2,Y2), leading to (X3,Y3):
X3 = λ2 – X1 – X2, and Y3 = λ(X1 – X3) – Y1, the place λ = (X2 – X1)-1(Y2 – Y1), all modulo p.
Observe that ()-1 refers back to the modular inverse right here, not the common inverse.
Now observe that neither the curve coefficients a or b seem on this equation. Which means in idea, there is no such thing as a subject with appropriating the identical method to attempt to do a cross-chain level addition. We’ll get some numbers out; the query is simply if these are significant numbers.
Because you’re asking a few relation between the personal keys, now we have an extra requirement. The personal keys stay in yet one more form of quantity area, the integers modulo n, the place n is the order of the curve, and this order relies on the opposite parameters (p, a, and b). If we maintain a=0 like in secp256k1, we discover the next orders:
- b=1: n = p – 671331852483699643819086596696745227419
- b=2: n = p + 432420386565659656852420866390673177328
- b=3: n = p – 238911465918039986966665730306072050092
- b=4: n = p + 238911465918039986966665730306072050094
- b=5: n = p – 238911465918039986966665730306072050092 (identical as b=3)
- b=6: n = p + 671331852483699643819086596696745227421
- b=7: n = p – 432420386565659656852420866390673177326 (
secp256k1) - b=8: n = p – 671331852483699643819086596696745227419 (identical as b=1)
- …
- b=12: n = p – 671331852483699643819086596696745227419 (identical as
secp256k1, b=7)
Personal keys will not be comparable when working with curves of distinct orders, so let’s choose two equal-order curves:
- E1 : Y2 = X3 + 7 (
secp256k1) - E2 : Y2 = X3 + 12 (identical order as
secp256k1).
And let’s choose some extent on every:
- P1 = (1, √8) ∊ E1 (notice that √ right here refers back to the modular sq. root).
- P2 = (3, √39) ∊ E2
If we apply the addition method to those factors, we get (95199522409000127469965119215597403251155081608447464174576216444950477495870, 17817862784113219767619204370558314933049610986520000131582270812967486670101) which lies on yet one more curve, Y2 = X3 + 113806959772543662429059682568787218964422045791894232716808486305727155222289, which has order n = p + 671331852483699643819086596696745227421. Because the order is completely different from secp256k1, this implies its personal key shall be incomparable to secp256k1 personal keys.
Let’s attempt once more:
- Q1 = (4, √71) ∊ E1
- Q2 = (8, √524) ∊ E2
Including these, we get (83860777440659491102688138897119789724824336349874362905090427965396639347581,94100849044437599780075883675011580302479606607256518328981974291822837065288), which lies on curve Y2 = X3 + 49979308264443915896639903731913831145103210634021312327468991256158292998092, which has order n = p + 432420386565659656852420866390673177328.
So, even after we choose maximally related curves, and attempt to add factors throughout them, we find yourself with factors that land on numerous distinct unrelated curves, on which the personal keys are meaningless to check with secp256k1.
