def verify(self,msg,sig,pu_key): """ Verifies a message signature. Args: msg (bytes) : the message hash to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = curve.order G = curve.generator r,s = decode_sig(sig, self.fmt) if (r == None or s == None or r == 0 or r >= n or s == 0 or s >= n ) : return False h = int.from_bytes(msg,'big') c = pow(s, n-2, n) u1 = (h*c)%n u2 = (r*c)%n u1G = u1*G u2Q = u2*pu_key.W GQ = u1G+u2Q if GQ.is_infinity: return False x = GQ.x % n return x == r
def verify(self, msg, sig, pu_key): """ Verifies a message signature. Args: msg (bytes) : the message to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = curve.order size = curve.size >> 3 #eR = sig[0:size] #S = int.from_bytes(sig[size:],'little') eR, S = decode_sig(sig, self.fmt) #left eR = eR.to_bytes(size, 'little') R = curve.decode_point(eR) hasher = self._hasher() eA = curve.encode_point(pu_key.W) hasher.update(eR + eA + msg) h = hasher.digest() h = int.from_bytes(h, 'little') h = h % n A = pu_key.W left = R + h * A #right right = S * curve.generator return left == right
def verify(self, msg, sig, pu_key): """ Verifies a message signature. Args: msg (bytes) : the message hash to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = curve.order G = curve.generator r, s = decode_sig(sig, self.fmt) if (r == None or s == None or r == 0 or r >= n or s == 0 or s >= n): return False h = int.from_bytes(msg, 'big') if n.bit_length() < h.bit_length(): # h is the 'n.bit_length()' leftmost bits of the received h value, # leading zeroes included (if any). hbyteslen = (h.bit_length() + 7) // 8 h = int(format(h, f'0{8*hbyteslen}b')[:n.bit_length()], 2) c = pow(s, n - 2, n) u1 = (h * c) % n u2 = (r * c) % n u1G = u1 * G u2Q = u2 * pu_key.W GQ = u1G + u2Q if GQ.is_infinity: return False x = GQ.x % n return x == r
def verify(self, msg, sig, pu_key): """ Verifies a message signature. Args: msg (bytes) : the message hash to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = pu_key.curve.order G = pu_key.curve.generator size = curve.size >> 3 r, s = decode_sig(sig, self.fmt) if (r == None or r > (pow(2, size * 8) - 1) or s == 0 or s > n - 1): return False hasher = self._hasher() if self.option == "ISO": sG = s * G rW = r * pu_key.W Q = sG - rW xQ = Q.x.to_bytes(size, 'big') yQ = Q.y.to_bytes(size, 'big') hasher.update(xQ + yQ + msg) v = hasher.digest() v = int.from_bytes(v, 'big') elif self.option == "ISOx": sG = s * G rW = r * pu_key.W Q = sG - rW xQ = Q.x.to_bytes(size, 'big') hasher.update(xQ + msg) v = hasher.digest() v = int.from_bytes(v, 'big') elif self.option == "BSI": sG = s * G rW = r * pu_key.W Q = sG + rW xQ = (Q.x).to_bytes(size, 'big') hasher.update(msg + xQ) v = hasher.digest() v = int.from_bytes(v, 'big') elif self.option == "LIBSECP": rb = r.to_bytes(size, 'big') hasher.update(rb + msg) h = hasher.digest() h = int.from_bytes(h, 'big') if h == 0 or h > n: return 0 sG = s * G hW = h * pu_key.W R = sG + hW v = R.x % n return v == r
def gen_random_tx(curve): n = curve.order P = curve.generator sA = random.randint(0, n) sk = ECPrivateKey(sA, curve) QA = sA * P pk = ECPublicKey(QA) payee_sA = random.randint(0, n) payee_sk = ECPrivateKey(payee_sA, curve) payee_QA = sA * P payee_pk = ECPublicKey(payee_QA) sum_string = "*** Bitcoin transaction ***\n" serial = random.getrandbits(128) sum_string += "Serial number: " + str(serial) + "\n" sum_string += "Payer Public key - x: " + str(QA.x) + "\n" sum_string += "Payer Public key - y: " + str(QA.y) + "\n" sum_string += "Payee Public key - x: " + str(payee_QA.x) + "\n" sum_string += "Payee Public key - y: " + str(payee_QA.y) + "\n" amount = random.randint(1, 1000000) sum_string += "Amount: " + str(amount) + " Satoshi" + "\n" signer = ECDSA() sig = signer.sign(sum_string.encode('UTF-8'), sk) (r, s) = decode_sig(sig) # k = random.randint(1, n - 1) # R = k * P # r = R.x % n # #r = str(r).encode('UTF-8') # h = hashlib.sha3_256() # h.update(sum_string.encode('UTF-8')) # # h.update(str(r).encode('UTF-8')) # #h.update(r) # m + r # s = (modinv(k, n) * ((int(h.hexdigest(), 16)) + (sA * r))) % n # #h = int(h.hexdigest(), 16) sum_string += "Signature - r: " + str(r) + "\n" sum_string += "Signature - s: " + str(s) + "\n" return sum_string
def verify(self, msg, sig, pu_key): """ Verifies a message signature. Args: msg (bytes) : the message to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = curve.order size = curve._coord_size() eR, S = decode_sig(sig, self.fmt) #left eR = eR.to_bytes(size, 'little') R = curve.decode_point(eR) hasher = self._hasher() eA = curve.encode_point(pu_key.W) if curve.name == 'Ed448': hasher.update(b'SigEd448\x00\x00') hasher.update(eR) hasher.update(eA) hasher.update(msg) h = hasher.digest(self._hash_len) elif curve.name == 'Ed521': hasher.update(b'SigEd521\x00\x00') hasher.update(eR) hasher.update(eA) hasher.update(msg) h = hasher.digest(self._hash_len) elif curve.name == 'Ed25519': hasher.update(eR) hasher.update(eA) hasher.update(msg) h = hasher.digest() else: assert False, '%s not supported' % curve.name h = int.from_bytes(h, 'little') h = h % n A = pu_key.W left = R + h * A #right right = S * curve.generator return left == right
def gen_random_tx(curve): # get a random 128 BIT integer for serial number serial_num = Num.getRandomNBitInteger(128) # create the public key for sender n = curve.order P = curve.generator sA = Num.getRandomRange(0, n + 1) sK = ECPrivateKey(sA, curve) QA = sA * P pk = ECPublicKey(QA) signer = ECDSA() # create the public key for sendee sA_2 = Num.getRandomRange(0, n + 1) sK_2 = ECPrivateKey(sA_2, curve) P2 = curve.generator QA_2 = sA_2 * P2 pk_2 = ECPublicKey(QA_2) # header for the block temp = "*** Bitcoin transaction ***\n" # add the serial number to the block temp = temp + "Serial number: " + str(serial_num) + "\n" # write payers public keys temp = temp + "Payer public key - x: " + str(QA.x) + "\n" temp = temp + "Payer public key - y: " + str(QA.y) + "\n" # write payees public keys temp = temp + "Payee public key - x: " + str(QA_2.x) + "\n" temp = temp + "Payee public key - y: " + str(QA_2.y) + "\n" # get random transaction val amount = Num.getRandomRange(0, 1000001) temp = temp + "Amount: " + str(amount) + "\n" sig = signer.sign(temp.encode("utf-8"), sK) (r, s) = decode_sig(sig) temp = temp + "Signature (r): " + str(r) + "\n" temp = temp + "Signature (s): " + str(s) + "\n" return temp
def verify(self,msg,sig,pu_key): """ Verifies a message signature. Args: msg (bytes) : the message hash to verify the signature sig (bytes) : signature to verify pu_key (ecpy.keys.ECPublicKey): key to use for verifying """ curve = pu_key.curve n = curve.order G = curve.generator r,s = decode_sig(sig, self.fmt) if (r == None or s == None or r == 0 or r >= n or s == 0 or s >= n ) : return False # if "msg (hash) bit length" is greater that the "domain bit length", # we only consider the left most "domain bit length" of message. msg_len = len(msg)*8; h = int.from_bytes(msg, 'big') if msg_len > curve.size: h = h >> (msg_len-curve.size) c = pow(s, n-2, n) u1 = (h*c)%n u2 = (r*c)%n u1G = u1*G u2Q = u2*pu_key.W GQ = u1G+u2Q if GQ.is_infinity: return False x = GQ.x % n return x == r
def gen_random_tx(curve): serial = random.randrange(pow(2, 127), pow(2, 128)) amount = random.randrange(1, 1000001) n = curve.order P = curve.generator sA = random.randint(0, n) sB = random.randint(0, n) skA = ECPrivateKey(sA, curve) skB = ECPrivateKey(sB, curve) QA = sA * P QB = sB * P pkA = ECPublicKey(QA) pkB = ECPublicKey(QB) signer = ECDSA() trans = "**** Bitcoin transaction ****" + \ "\nSerial number: " + str(serial) + \ "\nPayer public key - x: " + str(QA.x) + \ "\nPayer public key - y: " + str(QA.y) + \ "\nPayee public key - x: " + str(QB.x) + \ "\nPayee public key - y: " + str(QB.y) + \ "\nAmount: " + str(amount) + "\n" t = trans.encode("UTF-8") sig = signer.sign(t, skA) (r, s) = decode_sig(sig) trans += "Signature (r): " + str(r) + "\n" + "Signature (s): " + str( s) + "\n" return trans
def gen_random_tx(curve): serial = random.randint(0, 2**128 - 1) # creates 128 bit random serial number n = curve.order P = curve.generator sA = random.randint(0, n) sk = ECPrivateKey(sA, curve) QA = sA * P pk = ECPublicKey(QA) sB = random.randint(0, n) skB = ECPrivateKey(sB, curve) QB = sB * P pkB = ECPublicKey(QB) amount = random.randint(1, 1000000) # create a random int for amount transaction = "**** Bitcoin transaction ****\n" transaction += "Serial number: " + str(serial) + "\n" transaction += "Payer public key - x: " + str(QA.x) + "\n" transaction += "Payer public key - y: " + str(QA.y) + "\n" transaction += "Payee public key - x: " + str(QB.x) + "\n" transaction += "Payee public key - y: " + str(QB.y) + "\n" transaction += "Amount: " + str(amount) + "\n" signer = ECDSA() message = transaction message = message.encode('UTF-8') sig = signer.sign(message, sk) (r, s) = decode_sig(sig) transaction += "Signature (r): " + str(r) + "\n" transaction += "Signature (s): " + str(s) + "\n" return transaction
curve = Curve.get_curve('secp256k1') n = curve.order P = curve.generator sA = random.randint(0,n) sk = ECPrivateKey(sA, curve) QA = sA*P pk = ECPublicKey(QA) signer = ECDSA() message = b'Anything goes here' sig = signer.sign(message, sk) (r, s) = decode_sig(sig) f = open("deneme.txt", "w") f.write("Public key - x: " + str(QA.x)+"\n") f.write("Public key - y: " + str(QA.y)+"\n") f.write("Signature - r: " + str(r)+"\n") f.write("Signature - s: " + str(s)+"\n") f.close() f = open("deneme.txt", "r") x1 = int(f.readline()[16:-1]) y1 = int(f.readline()[16:-1]) r1 = int(f.readline()[15:-1]) s1 = int(f.readline()[15:-1]) f.close()