def test_pubpoint(self):
# write a test that tests the public point for the following
points = (
# secret, x, y
(7,
0x5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc,
0x6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da
),
(1485,
0xc982196a7466fbbbb0e27a940b6af926c1a74d5ad07128c82824a11b5398afda,
0x7a91f9eae64438afb9ce6448a1c133db2d8fb9254e4546b6f001637d50901f55
),
(2**128,
0x8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da,
0x662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82
),
(2**240 + 2**31,
0x9577ff57c8234558f293df502ca4f09cbc65a6572c842b39b366f21717945116,
0x10b49c67fa9365ad7b90dab070be339a1daf9052373ec30ffae4f72d5e66d053
),
)
for secret, x, y in points:
# initialize the secp256k1 point
point = S256Point(x, y)
# check that te secret*G is the same as the point
self.assertEqual(secret * G, point)
def test_verify_ch3_example8(self):
z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423
r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6
s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec
px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574
py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4
point = S256Point(px, py)
self.assertTrue(point.verify(z, Signature(r, s)))
def test_example_8(self):
point = S256Point(0x5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC, 0x6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA)
uncompressed = b'\x04' + point.x.num.to_bytes(32, 'big') + point.y.num.to_bytes(32, 'big')
if point.y.num % 2 == 1:
compressed = b'\x03' + point.x.num.to_bytes(32, 'big')
else:
compressed = b'\x02' + point.x.num.to_bytes(32, 'big')
self.assertEqual(uncompressed.hex(), '045cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da')
self.assertEqual(compressed.hex(), '025cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc')
def test_example_9(self):
z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423
r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6
s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec
point = S256Point(
0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574,
0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4)
u = z * pow(s, N - 2, N) % N
v = r * pow(s, N - 2, N) % N
self.assertEqual((u * G + v * point).x.num, r)
def test_verify(self):
point = S256Point(
0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c,
0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)
z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60
r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395
s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
self.assertTrue(point.verify(z, Signature(r, s)))
z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d
r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c
s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
self.assertTrue(point.verify(z, Signature(r, s)))
def getaddress(x, y, testnet=True, compressed=True):
p = S256Point(x, y)
comp = p.sec(compressed)
h160 = hash160(comp)
prefix = b'\00'
if testnet:
prefix = b'\x6f'
else:
prefix = b'\00'
raw = prefix + h160
checksum = double_sha256(raw)[:4]
total = raw + checksum
return encode_base58(total)
def test_exercise_1(self):
px = 0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c
py = 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34
signatures = ((
0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60,
0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395,
0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
), (0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d,
0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c,
0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6)
)
point = S256Point(px, py)
for z, r, s in signatures:
u = z * pow(s, N - 2, N) % N
v = r * pow(s, N - 2, N) % N
self.assertTrue((u * G + v * point).x.num == r)
def build_transaction2(transidsarr,
transindexarr,
pubkeysarr,
amountsarr,
tnet=True):
tx_ins = buildinputs(transidsarr, transindexarr)
print("ins")
print(tx_ins)
tx_outs = buildoutputs(pubkeysarr, amountsarr)
print("pubkeys")
print(pubkeysarr)
print("outs")
print(tx_outs)
tx_obj = Tx(version=1,
tx_ins=tx_ins,
tx_outs=tx_outs,
locktime=0,
testnet=tnet)
#hash_type = SIGHASH_ALL
#z = tx_obj.sig_hash(0, hash_type)
#pk = PrivateKey(secret=privatekey)
for i in range(len(tx_ins)):
sighash = SIGHASH_ALL
z = tx_obj.sig_hash(i, sighash)
#print("getting sign:")
r, s = ardubridge.sign(z)
s = int(s)
others = N - s
if others < s:
s = others
#print("r: " + str(r))
#print("s: " + str(s))
sig = Signature(int(r), s)
der = sig.der()
sig = der + bytes([sighash])
#sec = pk.point.sec()
#print("public point:")
#print(int(pk.point.x.hex(), 16))
#print(int(pk.point.y.hex(), 16))
x, y = ardubridge.getpubkey()
if (x == -1 and y == -1):
return '-1'
#pub = S256Point(53237820045986896539096637357322002537362350769420441605069248472301971758546, 49407176618187043960559197373734381057571970898731550795341045595301080938882)
pub = S256Point(int(x), int(y))
sec2 = pub.sec()
tx_obj.tx_ins[i].script_sig = Script([sig, sec2])
return hexlify(tx_obj.serialize())
from ecc import G, N print(N*G) # In[14]: from ecc import S256Point, G, N z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574 py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4 point = S256Point(px, py) s_inv = pow(s, N-2, N) u = z * s_inv % N v = r * s_inv % N print((u*G + v*point).x.num == r) # ### Exercise 6 # # Verify whether these signatures are valid: # # ``` # P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, # 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34) # # # signature 1
''' #code >>> from io import BytesIO >>> from random import randint >>> import ecc, helper, tx, script >>> from ecc import G, N, S256Point, Signature >>> from helper import hash256 >>> from tx import Tx #endcode #code >>> # Signing Example >>> secret = 1800555555518005555555 >>> z = int.from_bytes(hash256(b'ECDSA is awesome!'), 'big') >>> k = 12345 >>> r = (k*G).x.num >>> s = (z+r*secret) * pow(k, N-2, N) % N >>> print(hex(z), hex(r), hex(s)) 0xcf6304e0ed625dc13713ad8b330ca764325f013fe7a3057dbe6a2053135abeb4 0xf01d6b9018ab421dd410404cb869072065522bf85734008f105cf385a023a80f 0xf10c07e197e8b0e717108d0703d874357424ece31237c864621ac7acb0b9394c >>> print(secret*G) S256Point(0x4519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574,0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4) #endcode #code >>> # Verification Example >>> z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 >>> r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 >>> s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec >>> point = S256Point(0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574, ... 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4)
from ecc import S256Point, G, N
from helper import hash256
# z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423
# r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6
# s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec
# px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574
# py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4
# point = S256Point(px, py)
# s_inv = pow(s, N-2, N) # <1>
# u = z * s_inv % N # <2>
# v = r * s_inv % N # <3>
# print((u*G + v*point).x.num == r) # <4>
P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c,
0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)
Point = S256Point(P[0], P[1])
#1
z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60
r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395
s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
s_inv = pow(s, N - 2, N)
u = z * s_inv % N
v = r * s_inv % N
print(((u * G) + (v * Point)).x.num == r)
#2
z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d
r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c
s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
from ecc import S256Point, G, N px = 0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c # Public key x point py = 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34 # Public key y point z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60 # Hash r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395 # Signature x point s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 # Signature y point point = S256Point(px, py) s_inv = pow(s, N - 2, N) # Fermat's Little Theorem (N is prime) u = z * s_inv % N # u = z/s v = r * s_inv % N # v = r/s print((u * G + v * point).x.num == r) # Checks if x coordinate is r
def test_nG_on_secp256k1(self):
inf = S256Point(None, None)
self.assertEqual(N * G, inf)
# Exercise 4
p1 = [(192, 105), 2]
p2 = [(143, 98), 2]
p3s = [[(47, 71), i] for i in [2,4,8, 21]]
pts = [p1, p2, *p3s]
for pt in pts:
point = Point(FieldElement(pt[0][0], prime), FieldElement(pt[0][1], prime), a, b)
for i in range(pt[1] - 1):
point = point + point
print(point)
from ecc import S256Point, N, G
# Exercise 6
P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c,
0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34)
point = S256Point(*P)
# signature 1
z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60
r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395
s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4
s_inv = pow(s, N-2, N)
u = z * s_inv % N
v = r * s_inv % N
print((u*G + v*point).x.num == r)
# signature 2
z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d
r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c
s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
s_inv = pow(s, N-2, N)
u = z * s_inv % N
