diff options
| author | Tim Ruffing <crypto@timruffing.de> | 2020-03-17 02:13:26 +0100 |
|---|---|---|
| committer | Tim Ruffing <crypto@timruffing.de> | 2020-03-17 02:13:26 +0100 |
| commit | 07d938a214475929e08df17e725b3904a3429dbf (patch) | |
| tree | 93258f2d66f99806450740e476a310688e4004d2 /bip-0340 | |
| parent | 003d38cedbe1d8f550ea5032c16373c9779d28e3 (diff) | |
| download | bips-07d938a214475929e08df17e725b3904a3429dbf.tar.xz | |
fixup! Optionally print intermediate values in reference code
Diffstat (limited to 'bip-0340')
| -rw-r--r-- | bip-0340/reference.py | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/bip-0340/reference.py b/bip-0340/reference.py index 346b639..da1e689 100644 --- a/bip-0340/reference.py +++ b/bip-0340/reference.py @@ -78,7 +78,7 @@ def lift_x_even_y(b): if P is None: return None else: - return [x(P), y(P) if y(P) % 2 == 0 else p - y(P)] + return (x(P), y(P) if y(P) % 2 == 0 else p - y(P)) def int_from_bytes(b): return int.from_bytes(b, byteorder="big") @@ -90,7 +90,7 @@ def is_square(x): return pow(x, (p - 1) // 2, p) == 1 def has_square_y(P): - return (not is_infinity(P)) and (is_square(y(P))) + return (not is_infinity(P)) and is_square(y(P)) def has_even_y(P): return y(P) % 2 == 0 @@ -98,14 +98,12 @@ def has_even_y(P): def pubkey_gen(seckey): d0 = int_from_bytes(seckey) if not (1 <= d0 <= n - 1): - debug_print_vars() raise ValueError('The secret key must be an integer in the range 1..n-1.') P = point_mul(G, d0) return bytes_from_point(P) def schnorr_sign(msg, seckey, aux_rand): if len(msg) != 32: - debug_print_vars() raise ValueError('The message must be a 32-byte array.') d0 = int_from_bytes(seckey) if not (1 <= d0 <= n - 1): @@ -117,16 +115,14 @@ def schnorr_sign(msg, seckey, aux_rand): t = xor_bytes(bytes_from_int(d), tagged_hash("BIP340/aux", aux_rand)) k0 = int_from_bytes(tagged_hash("BIP340/nonce", t + bytes_from_point(P) + msg)) % n if k0 == 0: - debug_print_vars() raise RuntimeError('Failure. This happens only with negligible probability.') R = point_mul(G, k0) k = n - k0 if not has_square_y(R) else k0 e = int_from_bytes(tagged_hash("BIP340/challenge", bytes_from_point(R) + bytes_from_point(P) + msg)) % n sig = bytes_from_point(R) + bytes_from_int((k + e * d) % n) + debug_print_vars() if not schnorr_verify(msg, bytes_from_point(P), sig): - debug_print_vars() raise RuntimeError('The signature does not pass verification.') - debug_print_vars() return sig def schnorr_verify(msg, pubkey, sig): |