Adds a sage notebook for ECDSA signing and verifying.

diff --git a/index.html b/index.html
index 5f09a2f0dac729f67cf96ff2424df33c7f8f1ac8..f29074ed6594937dd1b600273071f7b885a287a6 100644 (file)
--- a/index.html
+++ b/index.html
@@ -31,6 +31,11 @@ Papers of interest:
 <li><a href="http://freico.in/docs/freimarkets.pdf">Freimarkets: a bitcoin extension to support user issued assets, p2p lending, options and more.</a>
 </ul>
 
+<a href="http://sagemath.org/">Sage</a> notebooks:
+<ul>
+<li><a href="secp256k1.ecdsa.sage">ECDSA with secp256k1</a>
+</ul>
+
 Edit this page at <a href="https://github.com/TheBlueMatt/bitcoinninja">https://github.com/TheBlueMatt/bitcoinninja</a>
 
 </body>

diff --git a/secp256k1.ecdsa.sage b/secp256k1.ecdsa.sage
new file mode 100644 (file)
index 0000000..22d5e88
--- /dev/null
+++ b/secp256k1.ecdsa.sage
@@ -0,0 +1,26 @@
+#Simple ECDSA sage notebook (greg@xiph.org)
+
+#Parameters for secp256k1
+F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
+C = EllipticCurve ([F (0), F (7)])
+G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
+N = FiniteField (C.order()) # how many points are in our curve
+
+d = int(F.random_element()) # our secret
+pd = G*d # our pubkey
+e = int(N.random_element()) # our message
+
+#sign
+k = N.random_element() # our nonce
+r = (int(k)*G).xy()[0]
+s = (1/k)*(e+N(r)*d)
+
+#verify
+w = 1/N(s)
+r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0]
+
+#mutate
+s2 = N(s)*N(-1)
+s2 != s
+w = 1/s2
+r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0]  # sign flip mutant