summaryrefslogtreecommitdiff
path: root/bip-0340
diff options
context:
space:
mode:
authorTim Ruffing <crypto@timruffing.de>2020-03-17 02:13:26 +0100
committerTim Ruffing <crypto@timruffing.de>2020-03-17 02:13:26 +0100
commit07d938a214475929e08df17e725b3904a3429dbf (patch)
tree93258f2d66f99806450740e476a310688e4004d2 /bip-0340
parent003d38cedbe1d8f550ea5032c16373c9779d28e3 (diff)
fixup! Optionally print intermediate values in reference code
Diffstat (limited to 'bip-0340')
-rw-r--r--bip-0340/reference.py10
1 files changed, 3 insertions, 7 deletions
diff --git a/bip-0340/reference.py b/bip-0340/reference.py
index 346b639..da1e689 100644
--- a/bip-0340/reference.py
+++ b/bip-0340/reference.py
@@ -78,7 +78,7 @@ def lift_x_even_y(b):
if P is None:
return None
else:
- return [x(P), y(P) if y(P) % 2 == 0 else p - y(P)]
+ return (x(P), y(P) if y(P) % 2 == 0 else p - y(P))
def int_from_bytes(b):
return int.from_bytes(b, byteorder="big")
@@ -90,7 +90,7 @@ def is_square(x):
return pow(x, (p - 1) // 2, p) == 1
def has_square_y(P):
- return (not is_infinity(P)) and (is_square(y(P)))
+ return (not is_infinity(P)) and is_square(y(P))
def has_even_y(P):
return y(P) % 2 == 0
@@ -98,14 +98,12 @@ def has_even_y(P):
def pubkey_gen(seckey):
d0 = int_from_bytes(seckey)
if not (1 <= d0 <= n - 1):
- debug_print_vars()
raise ValueError('The secret key must be an integer in the range 1..n-1.')
P = point_mul(G, d0)
return bytes_from_point(P)
def schnorr_sign(msg, seckey, aux_rand):
if len(msg) != 32:
- debug_print_vars()
raise ValueError('The message must be a 32-byte array.')
d0 = int_from_bytes(seckey)
if not (1 <= d0 <= n - 1):
@@ -117,16 +115,14 @@ def schnorr_sign(msg, seckey, aux_rand):
t = xor_bytes(bytes_from_int(d), tagged_hash("BIP340/aux", aux_rand))
k0 = int_from_bytes(tagged_hash("BIP340/nonce", t + bytes_from_point(P) + msg)) % n
if k0 == 0:
- debug_print_vars()
raise RuntimeError('Failure. This happens only with negligible probability.')
R = point_mul(G, k0)
k = n - k0 if not has_square_y(R) else k0
e = int_from_bytes(tagged_hash("BIP340/challenge", bytes_from_point(R) + bytes_from_point(P) + msg)) % n
sig = bytes_from_point(R) + bytes_from_int((k + e * d) % n)
+ debug_print_vars()
if not schnorr_verify(msg, bytes_from_point(P), sig):
- debug_print_vars()
raise RuntimeError('The signature does not pass verification.')
- debug_print_vars()
return sig
def schnorr_verify(msg, pubkey, sig):