diff options
author | Jonas Nick <jonasd.nick@gmail.com> | 2020-02-03 21:56:03 +0000 |
---|---|---|
committer | Jonas Nick <jonasd.nick@gmail.com> | 2020-03-04 16:34:24 +0000 |
commit | b6b5f58e6e919a485604ce7037f650e1ae54969f (patch) | |
tree | b962c59949cb4916ed90c5f539cedec92df0ec39 /bip-0340/reference.py | |
parent | d41e778ca12408de476f4c75d79d6480728fbb8d (diff) | |
download | bips-b6b5f58e6e919a485604ce7037f650e1ae54969f.tar.xz |
BIP 340: Use synthetic nonces in reference code and test vectors
Diffstat (limited to 'bip-0340/reference.py')
-rw-r--r-- | bip-0340/reference.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/bip-0340/reference.py b/bip-0340/reference.py index 9b5592e..1ada7f1 100644 --- a/bip-0340/reference.py +++ b/bip-0340/reference.py @@ -51,6 +51,9 @@ def bytes_from_int(x): def bytes_from_point(P): return bytes_from_int(x(P)) +def xor_bytes(b0, b1): + return bytes(x ^ y for (x, y) in zip(b0, b1)) + def lift_x_square_y(b): x = int_from_bytes(b) if x >= p: @@ -90,15 +93,18 @@ def pubkey_gen(seckey): P = point_mul(G, x) return bytes_from_point(P) -def schnorr_sign(msg, seckey0): +def schnorr_sign(msg, seckey0, aux_rand): if len(msg) != 32: raise ValueError('The message must be a 32-byte array.') seckey0 = int_from_bytes(seckey0) if not (1 <= seckey0 <= n - 1): raise ValueError('The secret key must be an integer in the range 1..n-1.') + if len(aux_rand) != 32: + raise ValueError('aux_rand must be 32 bytes instead of %i.' % len(aux_rand)) P = point_mul(G, seckey0) seckey = seckey0 if has_even_y(P) else n - seckey0 - k0 = int_from_bytes(tagged_hash("BIP340/nonce", bytes_from_int(seckey) + bytes_from_point(P) + msg)) % n + t = xor_bytes(bytes_from_int(seckey), tagged_hash("BIP340/aux", aux_rand)) + k0 = int_from_bytes(tagged_hash("BIP340/nonce", t + bytes_from_point(P) + msg)) % n if k0 == 0: raise RuntimeError('Failure. This happens only with negligible probability.') R = point_mul(G, k0) @@ -137,7 +143,7 @@ def test_vectors(): reader = csv.reader(csvfile) reader.__next__() for row in reader: - (index, seckey, pubkey, msg, sig, result, comment) = row + (index, seckey, pubkey, aux_rand, msg, sig, result, comment) = row pubkey = bytes.fromhex(pubkey) msg = bytes.fromhex(msg) sig = bytes.fromhex(sig) @@ -150,7 +156,8 @@ def test_vectors(): print(' * Failed key generation.') print(' Expected key:', pubkey.hex().upper()) print(' Actual key:', pubkey_actual.hex().upper()) - sig_actual = schnorr_sign(msg, seckey) + aux_rand = bytes.fromhex(aux_rand) + sig_actual = schnorr_sign(msg, seckey, aux_rand) if sig == sig_actual: print(' * Passed signing test.') else: |