diff options
| author | Jonas Nick <jonasd.nick@gmail.com> | 2019-08-26 11:32:04 +0000 |
|---|---|---|
| committer | Pieter Wuille <pieter.wuille@gmail.com> | 2020-01-19 14:47:33 -0800 |
| commit | 7f3611d2398f053d4c1a9889cb20d814bd6abedd (patch) | |
| tree | 522dcee40fe1e872afc0275c9c1db77f6abd7f49 /bip-schnorr | |
| parent | ba748dcd93896885e41c620f9d1d88aac748ca63 (diff) | |
| download | bips-7f3611d2398f053d4c1a9889cb20d814bd6abedd.tar.xz | |
Use a tagged hash in bip-schnorr nonce derivation
Diffstat (limited to 'bip-schnorr')
| -rw-r--r-- | bip-schnorr/reference.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/bip-schnorr/reference.py b/bip-schnorr/reference.py index f89b3c4..4f0d1df 100644 --- a/bip-schnorr/reference.py +++ b/bip-schnorr/reference.py @@ -5,6 +5,10 @@ p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 G = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8) +def tagged_hash(tag, msg): + tag_hash = hashlib.sha256(tag.encode()).digest() + return hashlib.sha256(tag_hash + tag_hash + msg).digest() + def point_add(P1, P2): if (P1 is None): return P2 @@ -61,7 +65,7 @@ def schnorr_sign(msg, seckey0): raise ValueError('The secret key must be an integer in the range 1..n-1.') P = point_mul(G, seckey0) seckey = seckey0 if (jacobi(P[1]) == 1) else n - seckey0 - k0 = int_from_bytes(hash_sha256(bytes_from_int(seckey) + msg)) % n + k0 = int_from_bytes(tagged_hash("BIPSchnorrDerive", bytes_from_int(seckey) + msg)) % n if k0 == 0: raise RuntimeError('Failure. This happens only with negligible probability.') R = point_mul(G, k0) |