From c82e1eeead4b86be89369f7cbae7e6812d334d0e Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Sun, 10 Mar 2013 06:55:46 +0100 Subject: [PATCH] maybe ecdsa --- ecdsa.h | 16 ++++++++++++---- num.h | 3 +++ secp256k1.cpp | 42 +++++++++++++++++++++--------------------- 3 files changed, 36 insertions(+), 25 deletions(-) diff --git a/ecdsa.h b/ecdsa.h index 7a309a0719..334acb2efb 100644 --- a/ecdsa.h +++ b/ecdsa.h @@ -26,6 +26,8 @@ private: Number r,s; public: + Signature(Context &ctx) : r(ctx), s(ctx) {} + bool Verify(Context &ctx, const GroupElemJac &pubkey, const Number &message) { const GroupConstants &c = GetGroupConst(); @@ -37,17 +39,23 @@ public: return false; Context ct(ctx); - Number sn(ct); sn.SetModInverse(ct, s, c.order); - Number u1(ct); u1.SetModMul(ct, sn, message, c.order); - Number u2(ct); u2.SetModMul(ct, sn, r, c.order); + Number sn(ct), u1(ct), u2(ct), xrn(ct); + sn.SetModInverse(ct, s, c.order); + u1.SetModMul(ct, sn, message, c.order); + u2.SetModMul(ct, sn, r, c.order); GroupElemJac pr; ECMult(ct, pr, pubkey, u2, u1); if (pr.IsInfinity()) return false; FieldElem xr; pr.GetX(xr); unsigned char xrb[32]; xr.GetBytes(xrb); - Number xrn(ct); xrn.SetBytes(xrb,32); xrn.SetMod(ct,xrn,c.order); + xrn.SetBytes(xrb,32); xrn.SetMod(ct,xrn,c.order); return xrn.Compare(r) == 0; } + + void SetRS(const Number &rin, const Number &sin) { + r = rin; + s = sin; + } }; } diff --git a/num.h b/num.h index 78e5a62fd5..89f06a64ad 100644 --- a/num.h +++ b/num.h @@ -127,6 +127,9 @@ public: void SetHex(const std::string &str) { BN_hex2bn(&bn, str.c_str()); } + void SetPseudoRand(const Number &max) { + BN_pseudo_rand_range(bn, max.bn); + } void SplitInto(Context &ctx, int bits, Number &low, Number &high) const { BN_copy(low.bn, bn); BN_mask_bits(low.bn, bits); diff --git a/secp256k1.cpp b/secp256k1.cpp index f7ad1ddb61..3c78d75819 100644 --- a/secp256k1.cpp +++ b/secp256k1.cpp @@ -10,31 +10,31 @@ using namespace secp256k1; int main() { Context ctx; - FieldElem x,y; + FieldElem x; const Number &order = GetGroupConst().order; - x.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004"); - y.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f"); - GroupElemJac a(x,y); - printf("a=%s\n", a.ToString().c_str()); - Number an(ctx); - an.SetHex("8b30bce9ad2a890696b23f671709eff3727fd8cc04d3362c6c7bf458f2846fff"); - Number af(ctx); - af.SetHex("1337"); - printf("an=%s\n", an.ToString().c_str()); - Number gn(ctx); - gn.SetHex("f557be925d4b65381409fdf30514750f1eb4343a91216a4f71163cb35f2f6e0e"); - Number gf(ctx); - gf.SetHex("7113"); - printf("gn=%s\n", gn.ToString().c_str()); + Number r(ctx), s(ctx), m(ctx); + Signature sig(ctx); + x.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f"); + int cnt = 0; + int good = 0; for (int i=0; i<1000000; i++) { - ECMult(ctx, a, a, an, gn); +// ECMult(ctx, a, a, an, gn); // an.SetModMul(ctx, af, order); // gn.SetModMul(ctx, gf, order); - an.Inc(); - gn.Inc(); +// an.Inc(); +// gn.Inc(); + r.SetPseudoRand(order); + s.SetPseudoRand(order); + if (i == 0) + x.SetSquare(x); + m.SetPseudoRand(order); + sig.SetRS(r,s); + GroupElemJac pubkey; pubkey.SetCompressed(x, true); + if (pubkey.IsValid()) { + cnt++; + good += sig.Verify(ctx, pubkey, m); + } } - printf("%s\n", an.ToString().c_str()); - printf("%s\n", gn.ToString().c_str()); - printf("%s\n", a.ToString().c_str()); + printf("%i/%i\n", good, cnt); return 0; }