Пример #1
0
 def test_sign_schnorr(self):
     pk = PrivateKey(randint(1, N))
     msg = int_to_big_endian(randint(1, N), 32)
     sig = pk.sign_schnorr(msg, aux=b"\x00" * 32)
     self.assertTrue(pk.point.verify_schnorr(msg, sig))
     # tweak
     tweak = randint(1, N)
     tweak_point = pk.tweaked(tweak).point
     k = randint(1, N)
     r = k * G
     if r.parity:
         k = N - k
         r = k * G
     message = r.bip340() + tweak_point.bip340() + msg
     challenge = big_endian_to_int(hash_challenge(message)) % N
     if pk.point.parity == tweak_point.parity:
         secret = pk.secret
     else:
         secret = -pk.secret
     s = (k + challenge * secret) % N
     if tweak_point.parity:
         s = (s - challenge * tweak) % N
     else:
         s = (s + challenge * tweak) % N
     sig = SchnorrSignature.parse(r.bip340() + int_to_big_endian(s, 32))
     self.assertTrue(tweak_point.verify_schnorr(msg, sig))
Пример #2
0
 def test_signing(self):
     tests = [
         (
             "0",
             "0000000000000000000000000000000000000000000000000000000000000003",
             "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9",
             "0000000000000000000000000000000000000000000000000000000000000000",
             "0000000000000000000000000000000000000000000000000000000000000000",
             "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0",
             "",
         ),
         (
             "1",
             "B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF",
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "0000000000000000000000000000000000000000000000000000000000000001",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A",
             "",
         ),
         (
             "2",
             "C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9",
             "DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8",
             "C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906",
             "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C",
             "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7",
             "",
         ),
         (
             "3",
             "0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710",
             "25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
             "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3",
             "test fails if msg is reduced modulo p or n",
         ),
     ]
     for (
             index,
             secret,
             bip340_pk,
             aux_rand,
             message,
             signature,
             comment,
     ) in tests:
         private_key = PrivateKey(secret=int(secret, 16))
         public_key = S256Point.parse(bytes.fromhex(bip340_pk))
         aux = bytes.fromhex(aux_rand)
         msg = bytes.fromhex(message)
         want_sig = SchnorrSignature.parse(bytes.fromhex(signature))
         self.assertTrue(public_key.verify_schnorr(msg, want_sig))
         sig = private_key.sign_schnorr(msg, aux)
         self.assertEqual(sig, want_sig)
Пример #3
0
 def finalize_p2tr_multisig(self, input_index, sigs):
     tx_in = self.tx_ins[input_index]
     if len(tx_in.witness.items) < 2 or tx_in.tap_script is None:
         raise RuntimeError("initialize single leaf multisig first")
     for point in tx_in.tap_script.points:
         for sig in sigs:
             if len(sig) == 0:
                 continue
             elif len(sig) == 64:
                 hash_type = SIGHASH_DEFAULT
                 schnorr = SchnorrSignature.parse(sig)
             elif len(sig) == 65:
                 hash_type = sig[-1]
                 schnorr = SchnorrSignature.parse(sig[:-1])
             else:
                 raise RuntimeError("invalid signature length")
             msg = self.sig_hash(input_index, hash_type=hash_type)
             if point.verify_schnorr(msg, schnorr):
                 tx_in.witness.items.insert(0, sig)
                 break
         else:
             tx_in.witness.items.insert(0, b"")
     return self.verify_input(input_index)
Пример #4
0
 def get_signature(self, s_sum, r, sig_hash, tweak=0):
     tweak_point = self.get_tweak_point(tweak)
     if tweak:
         msg = r.bip340() + tweak_point.bip340() + sig_hash
         challenge = big_endian_to_int(hash_challenge(msg)) % N
         if tweak_point.parity:
             s = (-s_sum - challenge * tweak) % N
         else:
             s = (s_sum + challenge * tweak) % N
     else:
         s = s_sum % N
     s_raw = int_to_big_endian(s, 32)
     sig = r.bip340() + s_raw
     schnorrsig = SchnorrSignature.parse(sig)
     if not tweak_point.verify_schnorr(sig_hash, schnorrsig):
         raise ValueError("Invalid signature")
     return schnorrsig
Пример #5
0
 def test_verify(self):
     tests = [
         (
             "D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9",
             "4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703",
             "00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4",
         ),
         (
             "d0fa46cb883e940ac3dc5421f05b03859972639f51ed2eccbf3dc5a62e2e1b15",
             "11864b0142c248fdb090d08893745e0b36a78f988a8334d2056814ad5f541596",
             "23b1d4ff27b16af4b0fcb9672df671701a1a7f5a6bb7352b051f461edbc614aa6068b3e5313a174f90f3d95dc4e06f69bebd9cf5a3098fde034b01e69e8e7889",
         ),
     ]
     for bip340_pk, message, signature in tests:
         public_key = S256Point.parse(bytes.fromhex(bip340_pk))
         msg = bytes.fromhex(message)
         sig = SchnorrSignature.parse(bytes.fromhex(signature))
         self.assertTrue(public_key.verify_schnorr(msg, sig))
Пример #6
0
def op_checksig_schnorr(stack, tx_obj, input_index):
    # check to see if there's at least 2 elements
    if len(stack) < 2:
        return False
    pubkey = stack.pop()
    signature = stack.pop()
    point = S256Point.parse_bip340(pubkey)
    if len(signature) == 65:
        hash_type = signature[-1]
        signature = signature[:-1]
    elif len(signature) == 0:
        stack.append(encode_num(0))
        return True
    else:
        hash_type = 0
    sig = SchnorrSignature.parse(signature)
    msg = tx_obj.sig_hash(input_index, hash_type)
    if point.verify_schnorr(msg, sig):
        stack.append(encode_num(1))
    else:
        stack.append(encode_num(0))
    return True
Пример #7
0
 def test_errors(self):
     tests = [
         (
             "EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B",
             ValueError,
             "public key not on the curve",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2",
             AssertionError,
             "has_even_y(R) is false",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD",
             AssertionError,
             "negated message",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6",
             AssertionError,
             "negated s value",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051",
             AssertionError,
             "sG - eP is infinite. Test fails in single verification if has_even_y(inf) is defined as true and x(inf) as 0",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197",
             AssertionError,
             "sG - eP is infinite. Test fails in single verification if has_even_y(inf) is defined as true and x(inf) as 1",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B",
             ValueError,
             "sig[0:32] is not an X coordinate on the curve",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B",
             ValueError,
             "sig[0:32] is equal to field size",
         ),
         (
             "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
             ValueError,
             "sig[32:64] is equal to curve order",
         ),
         (
             "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30",
             "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89",
             "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B",
             ValueError,
             "public key is not a valid X coordinate because it exceeds the field size",
         ),
     ]
     for bip340_pk, message, signature, error, comment in tests:
         with self.assertRaises(error):
             print(comment)
             public_key = S256Point.parse(bytes.fromhex(bip340_pk))
             msg = bytes.fromhex(message)
             sig = SchnorrSignature.parse(bytes.fromhex(signature))
             assert public_key.verify_schnorr(msg, sig)