From 013a0a1b7570946c16818b515c63eab0c693837b Mon Sep 17 00:00:00 2001 From: Gregory Maxwell Date: Sat, 27 Sep 2014 11:42:39 -0700 Subject: [PATCH] Adds a sage notebook for ECDSA signing and verifying. --- index.html | 5 +++++ secp256k1.ecdsa.sage | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 secp256k1.ecdsa.sage diff --git a/index.html b/index.html index 5f09a2f..f29074e 100644 --- a/index.html +++ b/index.html @@ -31,6 +31,11 @@ Papers of interest:
  • Freimarkets: a bitcoin extension to support user issued assets, p2p lending, options and more. +Sage notebooks: + + Edit this page at https://github.com/TheBlueMatt/bitcoinninja diff --git a/secp256k1.ecdsa.sage b/secp256k1.ecdsa.sage new file mode 100644 index 0000000..22d5e88 --- /dev/null +++ b/secp256k1.ecdsa.sage @@ -0,0 +1,26 @@ +#Simple ECDSA sage notebook (greg@xiph.org) + +#Parameters for secp256k1 +F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F) +C = EllipticCurve ([F (0), F (7)]) +G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798) +N = FiniteField (C.order()) # how many points are in our curve + +d = int(F.random_element()) # our secret +pd = G*d # our pubkey +e = int(N.random_element()) # our message + +#sign +k = N.random_element() # our nonce +r = (int(k)*G).xy()[0] +s = (1/k)*(e+N(r)*d) + +#verify +w = 1/N(s) +r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0] + +#mutate +s2 = N(s)*N(-1) +s2 != s +w = 1/s2 +r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0] # sign flip mutant -- 2.39.5