Merge pull request #5 from gmaxwell/ecdsa1

Adds a sage notebook for ECDSA signing and verifying.

diff --git a/index.html b/index.html
index 6b703a66b0514c6a8e6e777fad026ac7666a2d51..a8d066890bd4fe0c2e7341aea877ec2319698d4a 100644 (file)
--- a/index.html
+++ b/index.html
@@ -32,6 +32,11 @@ Papers of interest:
 <li><a href="https://download.wpsoftware.net/bitcoin/wizardry/cryptonote-whitepaper.pdf">CryptoNote Whitepaper</a> containing an innovative ring-signature scheme</li>
 </ul>
 
+<a href="http://sagemath.org/">Sage</a> notebooks:
+<ul>
+<li><a href="secp256k1.ecdsa.sage">ECDSA with secp256k1</a>
+</ul>
+
 Edit this page at <a href="https://github.com/TheBlueMatt/bitcoinninja">https://github.com/TheBlueMatt/bitcoinninja</a>
 
 </body>

diff --git a/secp256k1.ecdsa.sage b/secp256k1.ecdsa.sage
new file mode 100644 (file)
index 0000000..22d5e88
--- /dev/null
+++ b/secp256k1.ecdsa.sage
@@ -0,0 +1,26 @@
+#Simple ECDSA sage notebook (greg@xiph.org)
+
+#Parameters for secp256k1
+F = FiniteField (0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
+C = EllipticCurve ([F (0), F (7)])
+G = C.lift_x(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
+N = FiniteField (C.order()) # how many points are in our curve
+
+d = int(F.random_element()) # our secret
+pd = G*d # our pubkey
+e = int(N.random_element()) # our message
+
+#sign
+k = N.random_element() # our nonce
+r = (int(k)*G).xy()[0]
+s = (1/k)*(e+N(r)*d)
+
+#verify
+w = 1/N(s)
+r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0]
+
+#mutate
+s2 = N(s)*N(-1)
+s2 != s
+w = 1/s2
+r == (int(w*e)*G + int(N(r)*w)*pd).xy()[0]  # sign flip mutant