# Fiat–Shamir heuristics with ECC

* ASS link: https://asecuritysite.com/zero/go_fiat
* The original non-ecc paper 1986 How to prove yourself: https://link.springer.com/content/pdf/10.1007/3-540-47721-7_12.pdf

With Fiat–Shamir we can prove that we know a value without actually revealing the orginal value. In the following Bob will prove to Alice that he still knows his password. Bob generates a random number v) and Alices generates a challenge value (c)

1. Alice and Bob agree on two EC points $(G,H)$
2. Bob takes secret, $x$ and computes $x=\texttt{H}(x)$
3. Bob computes $(xG,xH)$
4. Alice generates random challenge $c$ and sends it to Bob
5. Bob generates random value $v$ and computes $r=v-cx$
6. Bob computes $(vG,vH)$
7. Bob sends $(r,vG,vH)$
8. Alice checks if $vG=rG+c(xG)$ and if $vH=rH+c(xH)$


In [1]:
from ecpy.curves import Curve
from Crypto.Util import number
from Crypto.Hash import SHA256

In [2]:
curve = Curve.get_curve('secp256k1')
order = curve.order

In [4]:
# Alice and Bob agree on
G = curve.generator
H = number.getRandomRange(2,order) * G

# Bob's parts 2-3
x = SHA256.new()
x.update(bytes(str(number.getRandomRange(2,order)).encode('utf-8')))
x = int(x.hexdigest(),base=16)
xG = x*G
xH = x*H

# Alice parts 4
c = number.getRandomRange(2,order)

# Bob parts 5-7
v = number.getRandomRange(2,order)
r = v-c*x % order
vG = v*G
vH = v*H

# Alice gets (r,vG,vH) and does step 8
assert vG == r*G+c*xG
assert vH == r*H+c*xH