-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecp256k1.ecdsa.sage.py
76 lines (58 loc) · 2.1 KB
/
secp256k1.ecdsa.sage.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# This file was *autogenerated* from the file secp256k1.ecdsa.sage
from sage.all_cmdline import * # import sage library
_sage_const_64 = Integer(64); _sage_const_0 = Integer(0); _sage_const_1 = Integer(1); _sage_const_2 = Integer(2); _sage_const_0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F = Integer(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F); _sage_const_7 = Integer(7); _sage_const_0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 = Integer(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798); _sage_const_3952319235 = Integer(3952319235)
from sage.cpython.string import str_to_bytes
def padbytes(byteslist):
print(len(byteslist))
if len(byteslist) >= _sage_const_64 :
return byteslist
else:
return padbytes(b'0' + byteslist)
def encode(R):
xy = R.xy()
x = int(xy[_sage_const_0 ])
y = int(xy[_sage_const_1 ])
result = b''
print(y)
if y % _sage_const_2 :
result += b'3'
else:
result += b'2'
print(x)
result += padbytes(bytes(hex(x), "utf8")[_sage_const_2 :])
print(result)
return result
F = FiniteField (_sage_const_0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F )
C = EllipticCurve ([F (_sage_const_0 ), F (_sage_const_7 )])
#y^2 = x^3 + ax + b standard curve
#y^2 = x^3 + 0*x + 7 this curve
G = C.lift_x(_sage_const_0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 )
#group of p order means every element is a generator
#lift_x solves for y given X
#Generator
N = FiniteField (C.order()) # how many points are in our curve
d = int(N(_sage_const_3952319235 )) # our secret
pd = G*d # our pubkey
print(N(pd.xy()[_sage_const_1 ]))
m = int(N.random_element()) # our message
#sign
k = N.random_element() # our private nonce
R = int(k) * G # public nonce
# r = (int(k)*G).xy()[0]
# m = e
# X = pubkey pd
#econde R
#y = even = 2 else 3 concat x
# len(x) = 32 padd left with 0
c = hash(encode(R)+bytes(str(m), "utf8"))
print("c")
s = k - N(d) * N(c)
print("s")
#s = sig
#Given public to prove you have d
# s
# R
# m
# pd
c = hash(encode(R)+bytes(str(m), "utf8"))
print(int(s)*G == R - pd * c)