1 #Simple ECDSA sage notebook (greg@xiph.org)
3 #Parameters for secp256k1
4 F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
5 C = EllipticCurve ([F (0), F (7)])
6 G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
7 N = FiniteField (C.order()) # how many points are in our curve
9 d = int(F.random_element()) # our secret
11 e = int(N.random_element()) # our message
14 k = N.random_element() # our nonce
15 r = (int(k)*G).xy()[0]
20 r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0]
26 r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0] # sign flip mutant