tornadocontrib/noble-curves
1
0
Fork 0
forked from tornado-packages/noble-curves
Code Pull Requests Activity

Another schnorr adjustment

Browse Source
This commit is contained in:
Paul Miller 2023-01-25 06:55:21 +00:00
parent f2ee24bee4
commit ac52fea952
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/secp256k1.ts
View File

@ -131,9 +131,6 @@ const tag = taggedHash;
const toRawX = (point: PointType<bigint>) => point.toRawBytes(true).slice(1); const toRawX = (point: PointType<bigint>) => point.toRawBytes(true).slice(1);
const b2num = bytesToNumberBE; const b2num = bytesToNumberBE;
const modN = (x: bigint) => mod(x, secp256k1N); const modN = (x: bigint) => mod(x, secp256k1N);
function validateRS(r: bigint, s: bigint) {
if (!fe(r) || !ge(s)) throw new Error('Invalid signature');
}
const PPoint = secp256k1.ProjectivePoint; const PPoint = secp256k1.ProjectivePoint;
function schnorrGetScalar(priv: bigint) { function schnorrGetScalar(priv: bigint) {
const point = PPoint.fromPrivateKey(priv); const point = PPoint.fromPrivateKey(priv);
@ -184,8 +181,9 @@ function schnorrVerify(signature: Hex, message: Hex, publicKey: Hex): boolean {
const P = lift_x(b2num(ensureBytes(publicKey, 32))); // P = lift_x(int(pk)); fail if that fails const P = lift_x(b2num(ensureBytes(publicKey, 32))); // P = lift_x(int(pk)); fail if that fails
const sig = ensureBytes(signature, 64); const sig = ensureBytes(signature, 64);
const r = b2num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p. const r = b2num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
if (!fe(r)) throw new Error('');
const s = b2num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n. const s = b2num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
validateRS(r, s); if (!ge(s)) throw new Error('');
const m = ensureBytes(message); const m = ensureBytes(message);
const e = modN(b2num(tag(TAGS.challenge, numTo32b(r), toRawX(P), m))); const e = modN(b2num(tag(TAGS.challenge, numTo32b(r), toRawX(P), m)));
const R = PPoint.BASE.multiplyAndAddUnsafe(P, s, modN(-e)); // R = s⋅G - e⋅P const R = PPoint.BASE.multiplyAndAddUnsafe(P, s, modN(-e)); // R = s⋅G - e⋅P