deterministic_generate_k

[kvhnuke]

Hi kmackay
Im trying to replicate the following python code using micro-ecc and struggling to get it to generate the same signature. I even tried to using the same K values generated using k = deterministic_generate_k(msghash, priv) and plug that into uECC_sign_with_k but the signature i received was completely different. Can you point me in the right direction. Thanks!

def deterministic_generate_k(msghash, priv):
v = b'\x01' * 32
k = b'\x00' * 32
priv = encode_privkey(priv, 'bin')
msghash = encode(hash_to_int(msghash), 256, 32)
k = hmac.new(k, v+b'\x00'+priv+msghash, hashlib.sha256).digest()
v = hmac.new(k, v, hashlib.sha256).digest()
k = hmac.new(k, v+b'\x01'+priv+msghash, hashlib.sha256).digest()
v = hmac.new(k, v, hashlib.sha256).digest()
return decode(hmac.new(k, v, hashlib.sha256).digest(), 256)

def ecdsa_raw_sign(msghash, priv):
z = hash_to_int(msghash)
k = deterministic_generate_k(msghash, priv)
r, y = fast_multiply(G, k)
s = inv(k, N) * (z + r*decode_privkey(priv)) % N
v, r, s = 27+((y % 2) ^ (0 if s * 2 < N else 1)), r, s if s * 2 < N else N - s
if 'compressed' in get_privkey_format(priv):
v += 4
return v, r, s

[kmackay]

I can't really debug your code for you, but I have a few thoughts:

• It looks like your calculation of s in ecdsa_raw_sign() is not calculating the product mod N (it is calculating the product of two things that are mod N, which isn't the same thing).
• I'm not sure what the 's if s * 2 < N else N - s' is supposed to be calculating, but it doesn't seem correct to me. Maybe it should be 's if s < N else s - N'? But, if you calculate the product mod N, you don't need to do this.
• If you are trying to use uECC_sign_with_k(), make sure you are representing k correctly. Note that it is a little-endian array of words, so the first word is the least-significant.