def open(self): c, a, mac = self.c m, d, z = self.d alpha = CF(to_sha256int(gen_address(c))) assert mac == hmac.new(str(d[1].value).encode(), encode_pubkey(a).encode()).hexdigest() assert self.S.proof return m
def sign(priv: CF, m: str) -> SigType: ''' https://bitcoin.stackexchange.com/questions/38351/ecdsa-v-r-s-what-is-v ''' k = CF(random_privkey()) z = CF(to_sha256int(m)) p = G @ k r, y = CF(p.value[0]), CF(p.value[1]) s = (z + priv * r) / k v = CF(27 + y.value % 2) return v, r, s
def commit(self, m, ak): pk, vk, h = self.key com = PedersonCommitment(H, G, pk, ak) # (π,π)=π»πππππππ‘ππ(ππ) c, d = com.C, com.D # Ξ±=β(π) alpha = CF(to_sha256int(gen_address(c))) # Now we simulate a proof of knowledge of a signature on πΌ with challenge π S = PedersonCommitment(H, G, vk, alpha) r1, r2 = randfield(vk.functor), randfield(vk.functor) a = S.commit(r1, r2) z = S.challenge(m) self.S = S # Finally, we compute πππ=ππ΄πΆππ(π). mac = hmac.new(str(ak.value).encode(), encode_pubkey(a).encode()).hexdigest() self.c = (c, a, mac) self.d = (m, d , z)
def proof(): priv = random_privkey() m = 'test' k = CF(random_privkey()) z = CF(to_sha256int(m)) r = CF((G @ k).value[0]) s = z / k + priv * r / k assert k == z / s + priv * r / s assert G @ k == G @ (z / s + priv * r / s) assert G @ k == G @ (z / s) + G @ priv @ (r / s) pub = G @ priv assert pub == pubkey(priv) assert G @ k == G @ (z / s) + pub @ (r / s) u1 = z / s u2 = r / s assert G @ k == G @ u1 + pub @ u2
def recover_via_msg(sig: tuple, msg: str): return recover(sig, to_sha256int(msg))
def verify(pub: CG, sig: tuple, msg: str): mhash = to_sha256int(msg) return verify_msghash(pub, sig, mhash)
def keygen(F): pk = randfield(F) vk = F(to_sha256int(str(pk.value))) h = gen_address return (pk, vk, h)
# from klefki.types.algebra.concrete import EllipticCurveCyclicSubgroupSecp256k1 as ECC from klefki.types.algebra.concrete import EllipticCurveGroupSecp256k1 as Cruve from klefki.types.algebra.concrete import FiniteFieldCyclicSecp256k1 as CF from klefki.types.algebra.concrete import FiniteFieldSecp256k1 as F from klefki.types.algebra.utils import randfield from klefki.bitcoin.address import gen_address from klefki.utils import to_sha256int import hmac from klefki.bitcoin.public import encode_pubkey from klefki.utils import int_to_byte from klefki.zkp.commitment import Commitment, Sigma from klefki.zkp.pedersen import PedersonCommitment G = ECC.G H = Cruve.lift_x(CF(to_sha256int("hello NIRNCS"))) def keygen(F): pk = randfield(F) vk = F(to_sha256int(str(pk.value))) h = gen_address return (pk, vk, h) class NMCommitment(Commitment): def __init__(self, G, H, key=None): if not key: