BIP 340: Verify sig before returning it

author: Jonas Nick <jonasd.nick@gmail.com> 2020-02-24 17:01:19 +0000
committer: Jonas Nick <jonasd.nick@gmail.com> 2020-03-04 16:34:24 +0000
commit: 9bfa53e9fb4af9f17d63806fe0710f18203c94c9 (patch)
tree: 495de4a03368388c9b1bca1efe5835f520d00b2c /bip-0340
parent: b6b5f58e6e919a485604ce7037f650e1ae54969f (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/bip-0340/reference.py b/bip-0340/reference.py
index 1ada7f1..79f9578 100644
--- a/bip-0340/reference.py
+++ b/bip-0340/reference.py
@@ -110,7 +110,10 @@ def schnorr_sign(msg, seckey0, aux_rand):
     R = point_mul(G, k0)
     k = n - k0 if not has_square_y(R) else k0
     e = int_from_bytes(tagged_hash("BIP340/challenge", bytes_from_point(R) + bytes_from_point(P) + msg)) % n
-    return bytes_from_point(R) + bytes_from_int((k + e * seckey) % n)
+    sig = bytes_from_point(R) + bytes_from_int((k + e * seckey) % n)
+    if not schnorr_verify(msg, bytes_from_point(P), sig):
+        raise RuntimeError('The signature does not pass verification.')
+    return sig
 
 def schnorr_verify(msg, pubkey, sig):
     if len(msg) != 32:
author	Jonas Nick <jonasd.nick@gmail.com>	2020-02-24 17:01:19 +0000
committer	Jonas Nick <jonasd.nick@gmail.com>	2020-03-04 16:34:24 +0000
commit	9bfa53e9fb4af9f17d63806fe0710f18203c94c9 (patch)
tree	495de4a03368388c9b1bca1efe5835f520d00b2c /bip-0340
parent	b6b5f58e6e919a485604ce7037f650e1ae54969f (diff)