Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recovery function #6

Closed
1 of 3 tasks
sc0Vu opened this issue Mar 31, 2018 · 3 comments
Closed
1 of 3 tasks

Recovery function #6

sc0Vu opened this issue Mar 31, 2018 · 3 comments
Assignees
@sc0Vu
Projects
v0.3

Comments

@sc0Vu
Copy link
Member

sc0Vu commented Mar 31, 2018
edited

Recovery function

Go: https://github.com/ethereum/go-ethereum/tree/master/crypto/secp256k1

Js: https://github.com/indutny/elliptic/blob/master/lib/elliptic/ec/index.js#L193
https://github.com/ethereumjs/ethereumjs-util/blob/fde15dd0cc65885dc8731d1bd2facbba78fb39ac/index.js#L386

bitcoin: https://github.com/bitcoin-core/secp256k1/tree/master/src/modules/recovery

  • signature recovery param
  • signature recovery function
  • more tests
@sc0Vu sc0Vu self-assigned this Mar 31, 2018
@sc0Vu
Copy link
Member Author

sc0Vu commented Apr 2, 2018
edited 

var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |
                        (kpX.cmp(r) !== 0 ? 2 : 0);

// Use complement of `s`, if it is > `n / 2`
if (options.canonical && s.cmp(this.nh) > 0) {
  s = this.n.sub(s);
  recoveryParam ^= 1; // recoveryParam is recoveryParam XOR 1
}

s.v = s.recovery + 27 + (chainId * 2) + 8;

// from ec recovery
EC.prototype.recoverPubKey = function(msg, signature, j, enc) {
  assert((3 & j) === j, 'The recovery param is more than two bits');
  signature = new Signature(signature, enc);

  var n = this.n;
  var e = new BN(msg);
  var r = signature.r;
  var s = signature.s;

  // A set LSB signifies that the y-coordinate is odd
  var isYOdd = j & 1;
  var isSecondKey = j >> 1;
  if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)
    throw new Error('Unable to find sencond key candinate');

  // 1.1. Let x = r + jn.
  if (isSecondKey)
    r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);
  else
    r = this.curve.pointFromX(r, isYOdd);

  var rInv = signature.r.invm(n);
  var s1 = n.sub(e).mul(rInv).umod(n);
  var s2 = s.mul(rInv).umod(n);

  // 1.6.1 Compute Q = r^-1 (sR -  eG)
  //               Q = r^-1 (sR + -eG)
  return this.g.mulAdd(s1, r, s2);
};

mulAdd

var points = [ this, p2 ];
var coeffs = [ k1, k2 ];

if (this.curve.endo)
  return this.curve._endoWnafMulAdd(points, coeffs); // goes here
else
  return this.curve._wnafMulAdd(1, points, coeffs, 2);

@sc0Vu sc0Vu mentioned this issue Apr 2, 2018
Open
4 tasks
@sc0Vu sc0Vu added this to plan in v0.3 Apr 14, 2018
@sc0Vu sc0Vu moved this from plan to doing in v0.3 Apr 14, 2018
@sc0Vu sc0Vu mentioned this issue Apr 15, 2018
Closed
@digitaldonkey
Copy link

Finally I got it running https://github.com/digitaldonkey/ecverify

@sc0Vu
Copy link
Member Author

sc0Vu commented Jan 4, 2019

@digitaldonkey Cool, I think elliptic-php is a good library also I didn't want to give up phpecc:!
By the way I had created an issue in phpecc: phpecc/phpecc#237.

@sc0Vu sc0Vu closed this as completed Jan 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sc0Vu sc0Vu

Labels
None yet
Projects
v0.3
doing
Milestone
No milestone
Development

No branches or pull requests
2 participants
@digitaldonkey @sc0Vu