def test_pubpoint(self): # write a test that tests the public point for the following points = ( # secret, x, y (7, 0x5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc, 0x6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da ), (1485, 0xc982196a7466fbbbb0e27a940b6af926c1a74d5ad07128c82824a11b5398afda, 0x7a91f9eae64438afb9ce6448a1c133db2d8fb9254e4546b6f001637d50901f55 ), (2**128, 0x8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da, 0x662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82 ), (2**240 + 2**31, 0x9577ff57c8234558f293df502ca4f09cbc65a6572c842b39b366f21717945116, 0x10b49c67fa9365ad7b90dab070be339a1daf9052373ec30ffae4f72d5e66d053 ), ) for secret, x, y in points: # initialize the secp256k1 point point = S256Point(x, y) # check that te secret*G is the same as the point self.assertEqual(secret * G, point)
def test_verify_ch3_example8(self): z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574 py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4 point = S256Point(px, py) self.assertTrue(point.verify(z, Signature(r, s)))
def test_example_8(self): point = S256Point(0x5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC, 0x6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA) uncompressed = b'\x04' + point.x.num.to_bytes(32, 'big') + point.y.num.to_bytes(32, 'big') if point.y.num % 2 == 1: compressed = b'\x03' + point.x.num.to_bytes(32, 'big') else: compressed = b'\x02' + point.x.num.to_bytes(32, 'big') self.assertEqual(uncompressed.hex(), '045cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da') self.assertEqual(compressed.hex(), '025cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc')
def test_example_9(self): z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec point = S256Point( 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574, 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4) u = z * pow(s, N - 2, N) % N v = r * pow(s, N - 2, N) % N self.assertEqual((u * G + v * point).x.num, r)
def test_verify(self): point = S256Point( 0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34) z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60 r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395 s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 self.assertTrue(point.verify(z, Signature(r, s))) z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6 self.assertTrue(point.verify(z, Signature(r, s)))
def getaddress(x, y, testnet=True, compressed=True): p = S256Point(x, y) comp = p.sec(compressed) h160 = hash160(comp) prefix = b'\00' if testnet: prefix = b'\x6f' else: prefix = b'\00' raw = prefix + h160 checksum = double_sha256(raw)[:4] total = raw + checksum return encode_base58(total)
def test_exercise_1(self): px = 0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c py = 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34 signatures = (( 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60, 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395, 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 ), (0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d, 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c, 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6) ) point = S256Point(px, py) for z, r, s in signatures: u = z * pow(s, N - 2, N) % N v = r * pow(s, N - 2, N) % N self.assertTrue((u * G + v * point).x.num == r)
def build_transaction2(transidsarr, transindexarr, pubkeysarr, amountsarr, tnet=True): tx_ins = buildinputs(transidsarr, transindexarr) print("ins") print(tx_ins) tx_outs = buildoutputs(pubkeysarr, amountsarr) print("pubkeys") print(pubkeysarr) print("outs") print(tx_outs) tx_obj = Tx(version=1, tx_ins=tx_ins, tx_outs=tx_outs, locktime=0, testnet=tnet) #hash_type = SIGHASH_ALL #z = tx_obj.sig_hash(0, hash_type) #pk = PrivateKey(secret=privatekey) for i in range(len(tx_ins)): sighash = SIGHASH_ALL z = tx_obj.sig_hash(i, sighash) #print("getting sign:") r, s = ardubridge.sign(z) s = int(s) others = N - s if others < s: s = others #print("r: " + str(r)) #print("s: " + str(s)) sig = Signature(int(r), s) der = sig.der() sig = der + bytes([sighash]) #sec = pk.point.sec() #print("public point:") #print(int(pk.point.x.hex(), 16)) #print(int(pk.point.y.hex(), 16)) x, y = ardubridge.getpubkey() if (x == -1 and y == -1): return '-1' #pub = S256Point(53237820045986896539096637357322002537362350769420441605069248472301971758546, 49407176618187043960559197373734381057571970898731550795341045595301080938882) pub = S256Point(int(x), int(y)) sec2 = pub.sec() tx_obj.tx_ins[i].script_sig = Script([sig, sec2]) return hexlify(tx_obj.serialize())
from ecc import G, N print(N*G) # In[14]: from ecc import S256Point, G, N z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574 py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4 point = S256Point(px, py) s_inv = pow(s, N-2, N) u = z * s_inv % N v = r * s_inv % N print((u*G + v*point).x.num == r) # ### Exercise 6 # # Verify whether these signatures are valid: # # ``` # P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, # 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34) # # # signature 1
''' #code >>> from io import BytesIO >>> from random import randint >>> import ecc, helper, tx, script >>> from ecc import G, N, S256Point, Signature >>> from helper import hash256 >>> from tx import Tx #endcode #code >>> # Signing Example >>> secret = 1800555555518005555555 >>> z = int.from_bytes(hash256(b'ECDSA is awesome!'), 'big') >>> k = 12345 >>> r = (k*G).x.num >>> s = (z+r*secret) * pow(k, N-2, N) % N >>> print(hex(z), hex(r), hex(s)) 0xcf6304e0ed625dc13713ad8b330ca764325f013fe7a3057dbe6a2053135abeb4 0xf01d6b9018ab421dd410404cb869072065522bf85734008f105cf385a023a80f 0xf10c07e197e8b0e717108d0703d874357424ece31237c864621ac7acb0b9394c >>> print(secret*G) S256Point(0x4519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574,0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4) #endcode #code >>> # Verification Example >>> z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 >>> r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 >>> s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec >>> point = S256Point(0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574, ... 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4)
from ecc import S256Point, G, N from helper import hash256 # z = 0xbc62d4b80d9e36da29c16c5d4d9f11731f36052c72401a76c23c0fb5a9b74423 # r = 0x37206a0610995c58074999cb9767b87af4c4978db68c06e8e6e81d282047a7c6 # s = 0x8ca63759c1157ebeaec0d03cecca119fc9a75bf8e6d0fa65c841c8e2738cdaec # px = 0x04519fac3d910ca7e7138f7013706f619fa8f033e6ec6e09370ea38cee6a7574 # py = 0x82b51eab8c27c66e26c858a079bcdf4f1ada34cec420cafc7eac1a42216fb6c4 # point = S256Point(px, py) # s_inv = pow(s, N-2, N) # <1> # u = z * s_inv % N # <2> # v = r * s_inv % N # <3> # print((u*G + v*point).x.num == r) # <4> P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34) Point = S256Point(P[0], P[1]) #1 z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60 r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395 s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 s_inv = pow(s, N - 2, N) u = z * s_inv % N v = r * s_inv % N print(((u * G) + (v * Point)).x.num == r) #2 z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6
from ecc import S256Point, G, N px = 0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c # Public key x point py = 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34 # Public key y point z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60 # Hash r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395 # Signature x point s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 # Signature y point point = S256Point(px, py) s_inv = pow(s, N - 2, N) # Fermat's Little Theorem (N is prime) u = z * s_inv % N # u = z/s v = r * s_inv % N # v = r/s print((u * G + v * point).x.num == r) # Checks if x coordinate is r
def test_nG_on_secp256k1(self): inf = S256Point(None, None) self.assertEqual(N * G, inf)
# Exercise 4 p1 = [(192, 105), 2] p2 = [(143, 98), 2] p3s = [[(47, 71), i] for i in [2,4,8, 21]] pts = [p1, p2, *p3s] for pt in pts: point = Point(FieldElement(pt[0][0], prime), FieldElement(pt[0][1], prime), a, b) for i in range(pt[1] - 1): point = point + point print(point) from ecc import S256Point, N, G # Exercise 6 P = (0x887387e452b8eacc4acfde10d9aaf7f6d9a0f975aabb10d006e4da568744d06c, 0x61de6d95231cd89026e286df3b6ae4a894a3378e393e93a0f45b666329a0ae34) point = S256Point(*P) # signature 1 z = 0xec208baa0fc1c19f708a9ca96fdeff3ac3f230bb4a7ba4aede4942ad003c0f60 r = 0xac8d1c87e51d0d441be8b3dd5b05c8795b48875dffe00b7ffcfac23010d3a395 s = 0x68342ceff8935ededd102dd876ffd6ba72d6a427a3edb13d26eb0781cb423c4 s_inv = pow(s, N-2, N) u = z * s_inv % N v = r * s_inv % N print((u*G + v*point).x.num == r) # signature 2 z = 0x7c076ff316692a3d7eb3c3bb0f8b1488cf72e1afcd929e29307032997a838a3d r = 0xeff69ef2b1bd93a66ed5219add4fb51e11a840f404876325a1e8ffe0529a2c s = 0xc7207fee197d27c618aea621406f6bf5ef6fca38681d82b2f06fddbdce6feab6 s_inv = pow(s, N-2, N) u = z * s_inv % N