Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do I verify compact signatures? #45

Closed
dpc opened this issue Jul 23, 2014 · 6 comments
Closed

How do I verify compact signatures? #45

dpc opened this issue Jul 23, 2014 · 6 comments

Comments

@dpc
Copy link

dpc commented Jul 23, 2014

Hi,

I'm working on Rust language bindings for bitcoin-secp256k1 and I can't get tests verifing the compact signatures to work:

The code is here:
https://github.com/dpc/bitcoin-secp256k1-rs/blob/master/src/secp256k1.rs#L354

The results are here:

running 8 tests
test sign_and_verify ... ok
test sign_compact ... FAILED
test valid_pubkey_compressed ... ok
test sign ... ok
test invalid_pubkey ... ok
test valid_pubkey_uncompressed ... ok
test sign_and_verify_fail ... ok
test sign_compact_with_recovery ... FAILED

failures:

---- sign_compact stdout ----
        task 'sign_compact' failed at 'assertion failed: `(left == right) && (right == left)` (left: `Err(InvalidSignature)`, right: `Ok(true)`)', src/secp256k1.rs:370


---- sign_compact_with_recovery stdout ----
        task 'sign_compact_with_recovery' failed at 'assertion failed: `(left == right) && (right == left)` (left: `Err(InvalidSignature)`, right: `Ok(true)`)', src/secp256k1.rs:392



failures:
    sign_compact
    sign_compact_with_recovery

test result: FAILED. 6 passed; 2 failed; 0 ignored; 0 measured

task '<main>' failed at 'Some tests failed', /home/dpc/opt/src/rust/src/libtest/lib.rs:242
An unknown error occurred

make: *** [test] Error 1

Am I missing something obvious?
@sipa
Copy link
Contributor

sipa commented Aug 3, 2014

Compact signatures use a different format, which _verify does not accept. All you can do is call recover on it, and check that the recovered public key is what you expect it to be.

@sipa sipa closed this as completed Aug 4, 2014
@dpc
Copy link
Author

dpc commented Aug 4, 2014

So basically I should recover the public key from the recovery signature, sign the message again with it, and if the generated normal signature passes verify, I can be sure that the recovery one was valid too?

I see. Thank you.

@sipa
Copy link
Contributor

sipa commented Aug 4, 2014

No, just recover the pubkey and compare the pubkey with what you expect it to be.

And you can't sign with a public key.

@dpc
Copy link
Author

dpc commented Aug 4, 2014

Well, that should work too, but wouldn't what I described work too? Or is it just not secure for some reason?

@sipa
Copy link
Contributor

sipa commented Aug 4, 2014

It would be impossible (you don't get the private key) and even if it was, very inefficient. The key recovery guarantees that the signature is a valid signature for that message with the private key corresponding to the recovered public key.

@dpc
Copy link
Author

dpc commented Aug 4, 2014

In real life I wouldn't have the private key, right.

And the header file states that recovery: (which guarantees a correct signature).

I think I know everything now. Thank you!

real-or-random pushed a commit to real-or-random/secp256k1 that referenced this issue Mar 5, 2019
@apoelstra
Merge pull request bitcoin-core#45 from apoelstra/2019-02-musig-docs
1bbad3a 
musig: add user documentation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dpc @sipa