Merge bitcoin-core/secp256k1#996: Fix G.y parity in sage code

real-or-random · real-or-random · commit aa1b889b61be · 2021-10-20T16:40:55.000+02:00
044d956 Fix G.y parity in sage code (Pieter Wuille) Pull request description: I'm not sure if `EllipticCurve.lift_x` has well-defined Y coordinate or not, but at least my current version of Sage computes the wrong G. Fix this. ACKs for top commit: real-or-random: ACK 044d956 Tree-SHA512: afb919af29027da2bb3c58628924f9740672d3c347ad39cc663c9c399b1aa8536256fd3fd4e1e54457e38344704d47f281d82488da413f4e6e67e191decc960f
diff --git a/sage/secp256k1_params.sage b/sage/secp256k1_params.sage
@@ -9,6 +9,9 @@ C = EllipticCurve([F(0), F(7)])
 
 """Base point of secp256k1"""
 G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
+if int(G[1]) & 1:
+    # G.y is even
+    G = -G
 
 """Prime order of secp256k1"""
 N = C.order()
