Public Key Recovery Operation #101
Comments
|
sounds good a new static or class method in post a design here or prepare a proof-of-concept PR if you want to discuss it further |
|
Here is a prototype of the maths. class Signature(object):
"""ECDSA signature.
"""
def __init__(self, r, s):
self.r = r
self.s = s
def recover_public_keys(self, hash, generator):
"""Returns two public keys for which the signature is valid
hash is signed hash
generator is the used generator of the signature
"""
curve = generator.curve()
n = generator.order()
r = self.r
s = self.s
e = hash
x = r
# Compute the curve point with x as x-coordinate
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = numbertheory.square_root_mod_prime(alpha, curve.p())
y = beta if beta % 2 == 0 else curve.p() - beta
# Compute the public key
R1 = ellipticcurve.Point(curve, x, y, n)
Q1 = numbertheory.inverse_mod(r, n) * (s * R1 + (-e % n) * generator)
Pk1 = Public_key(generator, Q1)
# And the second solution
R2 = ellipticcurve.Point(curve, x, -y, n)
Q2 = numbertheory.inverse_mod(r, n) * (s * R2 + (-e % n) * generator)
Pk2 = Public_key(generator, Q2)
return [Pk1, Pk2] |
|
looks good otherwise, please add test cases and propose a PR |
The sign and verify methods also have a parameter called |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given a signature and the corresponding message it's possible to compute multiple public keys for which the signature is valid.
I would like to add a method to the signature class which does this according to http://www.secg.org/sec1-v2.pdf chapter 4.1.6.
The text was updated successfully, but these errors were encountered: