From: Gregory Maxwell Date: Sat, 27 Sep 2014 18:42:39 +0000 (-0700) Subject: Adds a sage notebook for ECDSA signing and verifying. X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=013a0a1b7570946c16818b515c63eab0c693837b;p=bitcoinninja Adds a sage notebook for ECDSA signing and verifying. --- diff --git a/index.html b/index.html index 5f09a2f..f29074e 100644 --- a/index.html +++ b/index.html @@ -31,6 +31,11 @@ Papers of interest:
  • Freimarkets: a bitcoin extension to support user issued assets, p2p lending, options and more. +Sage notebooks: + + Edit this page at https://github.com/TheBlueMatt/bitcoinninja diff --git a/secp256k1.ecdsa.sage b/secp256k1.ecdsa.sage new file mode 100644 index 0000000..22d5e88 --- /dev/null +++ b/secp256k1.ecdsa.sage @@ -0,0 +1,26 @@ +#Simple ECDSA sage notebook (greg@xiph.org) + +#Parameters for secp256k1 +F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) +C = EllipticCurve ([F (0), F (7)]) +G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) +N = FiniteField (C.order()) # how many points are in our curve + +d = int(F.random_element()) # our secret +pd = G*d # our pubkey +e = int(N.random_element()) # our message + +#sign +k = N.random_element() # our nonce +r = (int(k)*G).xy()[0] +s = (1/k)*(e+N(r)*d) + +#verify +w = 1/N(s) +r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0] + +#mutate +s2 = N(s)*N(-1) +s2 != s +w = 1/s2 +r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0] # sign flip mutant