How to encrypt using private key for ECC

Question

As we know, ECC using $C_2 = r \cdot G, C_1 = M + r \cdot G$; and decrypt with $M=C_1 - K \cdot C_2$. And sign using point $X$: $X = k \cdot G(x_0,y_0)$. $r = x_0 \cdot K; s = 1 / k \cdot (M + r \cdot d) \mod(n)$; here $d$ is private key, $K$ is public key. and then verify by is true of $r \cdot G == M \cdot G / s + x \cdot K/s$.

Here is my question: can I encrypt using private key (or sign) and get the message $M$ directly by public key $K$? Instead of $r \cdot G == M \cdot G / s + x \cdot K/s$, how can I got something like $M = \operatorname{function}(r,s,K,G)$ ?

Thanks Edward

Answer 1

In public-key cryptography, there is NO SUCH THING as "encrypt with private key". It's a misnomer since the RSA days.

Also, what you describe as "M = function(pubkey, signature)" is signature with message recovery. These algorithms are rare nowadays and had been largely replaced with signature with appendix (which ECDSA is one of them).

ECC as specified in SEC#* series of standards are based on discrete logarithm problem over elliptic curves. By their nature, building DLog-based trapdoor permutation of arbitrary size is significantly more inefficient than building signature formula that use DLog difficulty to prevent secret components from leaking. Therefore, ECC don't have digital signature with message recovery.