def run_secdsa():
# Aclice
x1 = utils.randomnumber(ecdsa.n, inf=2)
y1 = ecdsa.get_pub(x1)
ka_pub, ka_priv = paillier.gen_key()
# Bob
x2 = utils.randomnumber(ecdsa.n, inf=2)
y2 = ecdsa.get_pub(x2)
kb_pub, kb_priv = paillier.gen_key()
zkp = eczkp.gen_params(1024)
pub = ecdsa.get_pub(x1 * x2 % ecdsa.n)
# pub_a = ecdsa.point_mult(y2, x1)
# pub_b = ecdsa.point_mult(y1, x2)
# pem.generate_tecdsa_pem(x1, ecdsa.expand_pub(pub), y2, ka_priv, kb_pub, zkp)
# pem.generate_tecdsa_pem(x2, ecdsa.expand_pub(pub), y1, kb_priv, ka_pub, zkp)
# Message hash
message = "hello"
h = hashlib.sha256()
h.update(message.encode("utf-8"))
m = long(h.hexdigest(), 16)
print "Message to sign: ", message
print "Hash: ", m
# ALICE ROUND 1
k1, z1, alpha, zeta, rr1, rr2 = alice_round_1(m, x1, y1, ka_pub, ka_priv)
# BOB ROUND 1
k2, r2 = bob_round_1(alpha, zeta)
# ALICE ROUND 2
r, pi = alice_round_2(alpha, zeta, r2, k1, y1, z1, x1, zkp, ka_pub, rr1, rr2)
# eczkp_pem.pi_to_pem(pi)
# BOB ROUND 2
mu, mup, pi2 = bob_round_2(pi, m, alpha, zeta, r, k2, x2, r2, y1, y2, ka_pub, kb_pub, zkp)
# eczkp_pem.pi_to_pem2(pi2)
# ALICE ROUND 3 (final)
sig = alice_round_3(pi2, r, r2, y2, mup, mu, alpha, zeta, zkp, ka_priv, kb_pub)
print "Signature:"
print sig
r, s = sig
print "Sig status: ", ecdsa.verify(sig, m, pub, ecdsa.G, ecdsa.n)
def priv_to_priv(extended_priv, i):
priv, chain = extended_priv
if i >= 0x80000000:
# Hardened
k = "%x" % chain
data = "00%32x%08x" % (priv, i)
hmac = hashlib.pbkdf2_hmac('sha512', k, data, 100)
l = binascii.hexlify(hmac)
key = long(l[:64], 16) + priv % ecdsa.n
c = long(l[64:], 16)
return key, c
else:
# Not hardened
k = "%x" % chain
data = "00%s%08x" % (ecdsa.expand_pub(ecdsa.get_pub(priv)), i)
hmac = hashlib.pbkdf2_hmac('sha512', k, data, 100)
l = binascii.hexlify(hmac)
key = long(l[:64], 16) + priv % ecdsa.n
c = long(l[64:], 16)
return key, c
def test():
# p = ecdsa.expand_pub(pub)
# print(p)
# rec_pub = ecdsa.recover_pub(p)
# print(rec_pub == pub)
# print(get(pub))
chain = ecdsa.gen_priv()
# Shares
p1 = ecdsa.gen_priv()
pub1 = ecdsa.get_pub(p1)
p2 = ecdsa.gen_priv()
pub2 = ecdsa.get_pub(p2)
p3 = ecdsa.gen_priv()
pub3 = ecdsa.get_pub(p3)
p4 = ecdsa.gen_priv()
pub4 = ecdsa.get_pub(p4)
skmas = ecdsa.aggregate(p1, p2, p3, p4)
pkmas = ecdsa.get_pub(skmas)
print(get(pkmas))
# Compute master pubkey with shares
pkmas_shares = ecdsa.point_add(
ecdsa.point_add(ecdsa.point_add(pub1, pub2), pub3), pub4)
print(get(pkmas_shares))
i = 1
# Pubkey derivation
# each one knows:
# - chain code
# - master pubkey
# - i
# - own share
sha2 = hashlib.sha256()
m = "%x%s%x" % (chain, ecdsa.expand_pub(pub), i)
sha2.update(m)
T = long(sha2.hexdigest(), 16)
pki = ecdsa.point_mult(pkmas, T)
# print get(pki)
# Privkey derivation
p11 = p1 * T
p21 = p2
p31 = p3
p41 = p4
pkmas1 = ecdsa.get_pub(ecdsa.aggregate(p11, p21, p31, p41))
# print(get(pkmas1))
extended_priv = (skmas, chain)
extended_pub = (pkmas, chain)
ext_priv1h = priv_to_priv(extended_priv, 0x80000000)
ext_priv1 = priv_to_priv(extended_priv, 0x00000001)
ext_pub1 = pub_to_pub(extended_pub, 0x00000001)
ext_priv2 = priv_to_priv(ext_priv1, 0x00000001)
ext_pub2 = pub_to_pub(ext_pub1, 0x00000001)
print(get(ecdsa.get_pub(ext_priv1[0])))
print(get(ext_pub1[0]))
print(get(ecdsa.get_pub(ext_priv2[0])))
print(get(ext_pub2[0]))
print("Multiplicatively")
print(get(ecdsa.get_pub(p1 * p2)))
print(get(ecdsa.point_mult(pub1, p2)))
def pub(self):
return ecdsa.get_pub(self.secret)
def get_address(self):
return get(self.get_pub())
if __name__ == "__main__":
print("=== Threshold addresses ===")
chain = ecdsa.gen_priv()
# Shares
s1 = Share(chain, True, ecdsa.gen_priv())
s2 = Share(chain, False, ecdsa.gen_priv())
s3 = Share(chain, False, ecdsa.gen_priv())
sec = (s1.secret * s2.secret * s3.secret) % ecdsa.n
pub = ecdsa.get_pub(sec)
add = get(pub)
print "Master root public key m/ :", add
s1.set_master_pub(pub)
s2.set_master_pub(pub)
s3.set_master_pub(pub)
print "\n*** Individual addresses m/ ***"
print "s1:", s1.address()
print "s2:", s2.address()
print "s3:", s3.address()
print "\n*** Hardened derivation for one share ***"
print "s1 m/44/0/1 :", get(s1.derive("m/44/0/1").master_pub)
print "s1 m/44/0/1' :", get(s1.derive("m/44/0/1'").master_pub)