Pi (i?1,2,...,r), generate a random number _xi (i?1,2,...,r) and generate yi (i?1,2,...,r) with r public key encryption. Then select the random number v and generate ys from a specific algorithm v_ and yi as parameters. As the owner of the private key, the sender can easily use the private key and ys to calculate xs. The final ring signature, P, consists of the following parameters (where the s/ps is the sender's public key)

The public key can be thought of as your Bitcoin account. The private key is multiplied by an elliptic curve, and the public key can be obtained. However, it is not possible to reverse the push of the private key from the public key. The public key is used to generate a Bitcoin address and also to verify the signature. The public and private keys appear in pairs, and the public key can generate a unique address that confirms whether the sent transaction uses the corresponding private key.

## Generate initial public and private key shards

BACKGROUND: Ethereum uses the password method of the elliptic curve to generate a public/private key pair. A point on the secp256k1 ECDSA curve is calculated using the 256-bit private key to generate the public key. Then use the keccak256 hash function to generate the public key.

For example, guess the account private key generated by "Brain Wallet". The brain wallet only needs the user to provide a few words, and it will automatically generate the private key and public key. At first glance, this method is very convenient, but the public key and private key generated by these words are more likely to be cracked by brute force than the completely randomly generated public key.

The private key is generated by the SECCP256K1 algorithm, SECP256K1 is an elliptical curve encryption algorithm, similar to the RSA algorithm, through a known private key, to generate a public key, but through the public key can not be pushed out of the private key.

The first thing to do is to get the public key from the private key, then the public key to the wallet, and finally generate the corresponding wallet ID. With an ID, the two devices can be looked for by each other and then re-built into a centralized network of operations.

In this way, as long as a sequence of integers is determined, a unique child public-private key pair can be generated from the parent public-private key pair. If you only need a child public key, you can generate all child public keys without touching the parent private key.

The private key consists of 64-bit-long hexadete characters, such as: 0xE4356E49C88C8B7AB370AF7D5C0C54F0261AAA006F6BDE09CD4745CF54E115A, an account has only one private key and can not be modified, who has the private key can control the number of account numbers. Usually a wallet private key and public key is in pairs, with the private key, we can generate the public key through a certain algorithm, and then through a certain algorithm to generate the address, this process is irreversible, how to generate? We explained in detail in the previous section. The private key must be kept in a safe place, and if it is leaked someone else can unlock the account through the private key to transfer out of your account's digital currency.

In the Bitcoin network, accounts and passwords are also required for transfer transactions, which are used as "public keys" and passwords as "private keys". The private key can be encrypted to generate a public key, which means that as long as you know someone else's private key, you know someone else's "bank account" and "bank card number" and so on, you can transfer bitcoins from the account.

Technically, you start by generating the private key, then you start by generating the public key, and finally you generate the address from the public key. Each of these steps is an irreversible process, meaning that the public key cannot be dededied from the address or from the public key.

## Select a private key k and generate the public key K-kG.

Simply put, the ECDSA algorithm can use public key cryptography to generate a collection of public/private keys for signing and validating signatures. Let's see what public key cryptography looks like.

There are two ways to infer a child public key from the parent private key. The first obvious method is to derive the child private key before the child private key derives the child public key, and the second only applies to the normal child key, that is, the corresponding parent public key is derived from the parent private key, and then the child public key is derived from the parent public key.

In any case, the computing power required to create random numbers to generate a private key is negligible. It is also computationally simple to generate signatures with the private key and to validate them with the public key. But the amount of work required to guess the private key increases exponentially with each additional number added. In order for the private key to be "immune" to brute force, we just need to add enough numbers - we just need to make them big enough.

## How do I generate a child public key?

A private key can have a compressed public key, and an uncompressed public key, each public key will generate an address, the private key will have two addresses are: 1HZwkjkeao ZfTSaJxDw6aKkxp45 agDiEzN (uncompressed public key), 1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV (compressed public key), both addresses are the address of this private key, each address above the money can be used. This private key is spent. However, most applications today support private keys in compressed formats.

This is because in blockchain, the private key generates the public key through encryption, and the public key converts the format to generate the address. That is, the private key can derive the public key, and the public key can derive the address.

MEET. The public and private keys of the ONE sidechain account name can be understood as account numbers and passwords, and the private key can generate public keys, but not the other way around. The private key is used to generate a signature to initiate a transaction. Each account has owner and active permissions by default, corresponding to a pair of public and private keys, and also supports custom permissions. Active key is generally used for transfers, voting, etc., and if active key is stolen, owner key can be replaced with active key.

Use the holder's public key to generate a public account, make a good agreement in advance, how much amount of money needs to be signed, etc. , when the holder signs with the private key, as long as the number of consents reached the setting can be successful.

Both the public key and the address are generated on the private key, so we only need to save the private key, with the private key can generate the public key and address, we can spend the corresponding address above the bitcoin.