def verify_commit(receipt, c, hasher=sha256):
ec.y(receipt[0], False) # receipt[0] is valid iif its y does exist
ec.tuple_from_point(receipt[1]) # verify it is a good point
w, R = receipt
e = hasher(R[0].to_bytes(32, 'big') + c).digest()
e = int_from_hash(e, ec.order)
W = ec.pointAdd(R, ec.pointMultiply(e))
return w % ec.order == W[0] % ec.order
def test_tuple_from_point(self):
prv = 0xc28fca386c7a227600b2fe50b7cae11ec86d3bf1fbe471be89827e19d72aa1d
Pub = secp256k1.pointMultiply(prv)
Pub_bytes = b'\x02' + Pub[0].to_bytes(32, "big")
p2 = secp256k1.tuple_from_point(Pub_bytes)
self.assertEqual(p2, Pub)
Pub_hex_str = Pub_bytes.hex()
p2 = secp256k1.tuple_from_point(Pub_hex_str)
self.assertEqual(p2, Pub)
Pub_bytes = b'\x04' + Pub[0].to_bytes(32, "big") + Pub[1].to_bytes(32, "big")
p2 = secp256k1.tuple_from_point(Pub_bytes)
self.assertEqual(p2, Pub)
Pub_hex_str = Pub_bytes.hex()
p2 = secp256k1.tuple_from_point(Pub_hex_str)
self.assertEqual(p2, Pub)
def det_wallet2(key, r, i):
r_bytes = r.to_bytes(32, 'big')
i_bytes = i.to_bytes(32, 'big')
h_hex = sha256(i_bytes+r_bytes).hexdigest()
h_int = int(h_hex, 16)
try:
prvkey = int_from_prvkey(key)
return (prvkey + h_int) % ec.order
except:
pubkey = ec.tuple_from_point(key)
return ec.pointAdd(pubkey, ec.pointMultiply(h_int))
raise ValueError("Invalid key")
def ecssa_verify(m, ssasig: Tuple[int, int], pub, hasher=sha256) -> bool:
if type(m) == str: m = hasher(m.encode()).digest()
check_ssasig(ssasig)
pub = ec.tuple_from_point(pub)
return ecssa_verify_raw(m, ssasig, pub, hasher)
def bip32_ckd(xparentkey, index):
"""Child Key Derivation (CDK)
Key derivation is normal if the extended parent key is public or
child_index is less than 0x80000000.
Key derivation is hardened if the extended parent key is private and
child_index is not less than 0x80000000.
"""
if isinstance(index, int):
index = index.to_bytes(4, 'big')
elif isinstance(index, bytes) or isinstance(index, bytearray):
assert len(index) == 4
else:
raise TypeError("a 4 bytes int is required")
xparent = b58decode_check(xparentkey)
assert len(xparent) == 78, "wrong length for extended parent key"
version = xparent[:4]
xkey = version # version
xkey += (xparent[4] + 1).to_bytes(1, 'big') # (increased) depth
if (version in PUBLIC):
assert xparent[45] in (2, 3), \
"version/key mismatch in extended parent key"
Parent_bytes = xparent[45:]
Parent = ec.tuple_from_point(Parent_bytes)
xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint
assert index[0] < 0x80, \
"no private/hardened derivation from pubkey"
xkey += index # child index
parent_chain_code = xparent[13:45] ## normal derivation
h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest()
xkey += h[32:] # chain code
offset = int.from_bytes(h[:32], 'big')
Offset = ec.pointMultiply(offset)
Child = ec.pointAdd(Parent, Offset)
Child_bytes = ec.bytes_from_point(Child, True)
xkey += Child_bytes # public key
elif (version in PRIVATE):
assert xparent[45] == 0, "version/key mismatch in extended parent key"
parent = int.from_bytes(xparent[46:], 'big')
Parent = ec.pointMultiply(parent)
Parent_bytes = ec.bytes_from_point(Parent, True)
xkey += h160(Parent_bytes)[:4] # parent pubkey fingerprint
xkey += index # child index
parent_chain_code = xparent[13:45]
if (index[0] < 0x80): ## normal derivation
h = HMAC(parent_chain_code, Parent_bytes + index, sha512).digest()
else: ## hardened derivation
h = HMAC(parent_chain_code, xparent[45:] + index, sha512).digest()
xkey += h[32:] # chain code
offset = int.from_bytes(h[:32], 'big')
child = (parent + offset) % ec.order
child_bytes = b'\x00' + child.to_bytes(32, 'big')
xkey += child_bytes # private key
else:
raise ValueError("invalid extended key version")
return b58encode_check(xkey)