Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug In Library #15

Closed
downygg opened this issue Jul 29, 2019 · 2 comments
Closed

Bug In Library #15

downygg opened this issue Jul 29, 2019 · 2 comments

Comments

@downygg
Copy link

downygg commented Jul 29, 2019

I found bug from library. Look at this, how do I found it.
I want sign 2 msg, there are:

  1. 44ab4c3451
  2. 0444ab4c3451 (I put 04 on first string).

and then I compare with the other lib using this lib https://github.com/blockcypher/btcutils/tree/master/signer , the result of signing is different.

Result of msg = 44ab4c3451:
your lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22

golang lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22

Result of msg = 0444ab4c3451:
your lib: 304502202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa022100e01dfac253641b2f03030c0c5b66c5f71d329bdc5898e8afd6d3d2f1b500d8fa

Golang lib : 304402202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa02201fe2053dac9be4d0fcfcf3f3a4993a079d7c410a56afb78be8fe8b9b1b356847

Maybe your lib cant read zero on first string, could you help me to fix this ?
Sorry my bad english.
Thanks.
@ldudzsim
Copy link
Member

If you want to show us an example please give us full data of this example, so we can check it and verify your request (you miss private key hex, also your code will be great help). I performed test using other data and the behaviour was similar, I mean sometimes signatures differs.

First of all our ECDSA signatures are still valid, because in ECDSA you can use any k to sign a message, it calls non deterministic signatures. But there is https://tools.ietf.org/html/rfc6979 which describes how to generate k basing on message - signatures which using this k are "deterministic". Determinisitc signatures should be the same but they not always are. You can see note at page you linked https://github.com/blockcypher/btcutils/tree/master/signer

"As a friendly reminder, if you run this example locally, your resulting signature may differ---ECDSA does not furnish deterministic signatures, but they are no less valid."

We generate k the same as https://www.npmjs.com/package/elliptic and we have always the same signatures as they have. You can say that we have bug in our k generating, but as I see it is correct and match with RFC. If you have more libs and examples when our determinisitic signatures differs, you can show us FULL examples of them, and we verify it.

Lastly when you verify a ECDSA signature you never should compare it with some strings, you should always verify it using some calculation and by calling verify method.

@downygg
Copy link
Author

downygg commented Jul 31, 2019

maybe you can try by adding zero at the beginning of the string or the length of the string is odd.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ldudzsim @downygg