What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

Question

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

Answer 1

What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

There is no real context given, however we can understand it as

• SHA-256 function:

  Yes it is a function, in a rather precise way: a cryptographic hash function (collision-resistant hash);

  $$\operatorname{SHA256}:\{0,1\}^* \to \{0,1\}^{256}$$

  • One way: it should be practically impossible to invert the given hash digest ( or, Polynomially bounded adversaries cannot revert it).
  • Deterministic: the same input must provide the same output.
  • Random: we should not know the hash of input before hashing it. We can read this as hash functions are candidates for Random Oracles (RO) and SHA256 is not since it has a length extension attack, SHA3 and Blake2 are more close to RO.
  • has Pre-image resistance: close to one way; given a hash value $h$ it must be infeasible for polynomial-time adversaries to find input $m$ such that $\operatorname{SHA256}(m) = h$.
  • Second Pre-image resistance: given a message $m$ and it's hash value $h$, find another message $m'$ such that $\operatorname{SHA256}(m) = h = \operatorname{SHA256}(m')$.
  • and Collision resistance; find the distinct input messages $m_1 \neq m_2$ such that $\operatorname{SHA256}(m_1) = \operatorname{SHA256}(m_2)$.

  Bitcoin uses double SHA256 (SHA256d) and SHA256d is secure against the length extension attacks.

• Elliptic Curve function:

  This is strange naming, is it the L-function of the Elliptic curves or what? Since the question is talking about Bitcoin, it should rather be the set of functions that Elliptic curves provide more than the below functions:

  • Addition as the group operation (addition, negation, inverse, commute, and association).

  • Scalar multiplication: given a base point $G$ and add it $t$ times:

    $$[t]G : = \underbrace{G + G + \cdots + G}_{t-times} $$

  • Public key generation: Select random $k$ and calculate $[k]G$.

  • ECDSA signature generation.

  • ECDSA signature validation.

Now the answers to your other question are clear.

Do they have the same properties?

No, they don't! Even one is a function the other is a set of functions.

Can both be used to generate private and public key pairs?

No.

However, one can use SHA256 to digest an entropy source to select the random $k$ for their private key and find their public key $K = [k]G$ by using the scalar multiplication of the Elliptic Curves.

And the Bitcoin Address is calculated as;

$$\text{Bitcoin Adress} = \operatorname{RIPEMD160(SHA256(}K))$$ as 20-byte adresses (RIPEMD).

---

Special note: Some blockchain books/websites use EC multiplication for EC scalar multiplication, like Antonolopus's book Mastering Bitcoin, page 68. This confuses many since they start to think that $P\cdot Q$ exists. No! EC forms additive Abelian groups, and with the scalar multiplication (the usual way to define for additive groups) they form a Z-Module, nothing more.

Answer 2

Both are functions. it means they are relations between two sets (the input set and the output set) such that every elements $x$ of the input set is in relation with at most one element of the output set. This element is called the image of $x$.

But they do not have the same status in cryptography. Function in "elliptic curve function" is a way to describe an elliptic curve. If the function is $f$, the points of the curve are $(x, f(x))$.

SHA-256, is an algorithm (an algorithm is more precise than a function, because it indicates how compute the images) which is used to generate hashes.

To generate the private key, we pick uniformly at random an integer $n$ of $256$ bits.

To generate the public key we multiply a generator $G$ (given as a public parameter of the curve) by $n$ (by using the square-and-multiply procedure). It gives us a point of the curve $P$. Sometimes this $P$ is considered as a hash of the private key. But it is much more than a simple a hash, it's a public key. It verifies much more properties than usual hash functions such as SHA-256.

If you want more details, you can look : https://en.wikipedia.org/wiki/Elliptic_curve_digital_signature_algorithm