forked from taurushq-io/multi-party-sig
-
Notifications
You must be signed in to change notification settings - Fork 0
/
signature.go
57 lines (44 loc) · 1.13 KB
/
signature.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package ecdsa
import (
"github.com/koteld/multi-party-sig/pkg/math/curve"
)
const (
compactSigSize = 65
)
type Signature struct {
R curve.Point
S curve.Scalar
}
// EmptySignature returns a new signature with a given curve, ready to be unmarshalled.
func EmptySignature(group curve.Curve) Signature {
return Signature{R: group.NewPoint(), S: group.NewScalar()}
}
// Verify is a custom signature format using curve data.
func (sig Signature) Verify(X curve.Point, hash []byte) bool {
group := X.Curve()
m := curve.FromHash(group, hash)
sInv := group.NewScalar().Set(sig.S).Invert()
mG := m.ActOnBase()
r := sig.R.XScalar()
rX := r.Act(X)
R2 := mG.Add(rX)
R2 = sInv.Act(R2)
return R2.Equal(sig.R)
}
// ToCompactEth serializes signature to the compact format [R || S || V] format where V is 0 or 1.
func (sig Signature) ToCompactEth() []byte {
b := make([]byte, compactSigSize)
R := sig.R
S := sig.S
recoveryID := byte(R.IsOddYBit())
if R.XScalar().IsOverHalfOrder() {
recoveryID ^= 0x01
S.Negate()
}
bytesR := R.XBytes()
bytesS := S.Bytes()
copy(b[0:32], bytesR[:])
copy(b[32:64], bytesS[:])
b[64] = recoveryID
return b
}