def signature2(m, sk): assert len(sk) == 32 h = H(sk[:32]) a_bytes, inter = h[:32], h[32:] a = bytes_to_clamped_scalar(a_bytes) r = Hint(inter + m) R = Base.scalarmult(r) R_bytes = R.to_bytes() S = r + Hint(R_bytes + m) * a return R_bytes + scalar_to_bytes(S)
def signature(m,sk,pk): assert len(sk) == 32 # seed assert len(pk) == 32 h = H(sk[:32]) a_bytes, inter = h[:32], h[32:] a = bytes_to_clamped_scalar(a_bytes) r = Hint(inter + m) R = Base.scalarmult(r) R_bytes = R.to_bytes() S = r + Hint(R_bytes + pk + m) * a return R_bytes + scalar_to_bytes(S)
def sign_ed25519(f: BinaryIO, private_key: bytes) -> bytes: """ Signs file-like object using a private key, defined in a very special way, compatible to crypto library, used by sign_update in Sparkle :param f: file-like object to be signed :param private_key: 96 bytes, concatenated private_scalar=a, sha512_right_half=RH, pubkey=A :return: signature """ from pure25519.basic import bytes_to_clamped_scalar, Base, scalar_to_bytes assert len(private_key) == 96 a_bytes, RH, public_key = private_key[:32], private_key[ 32:64], private_key[64:] a = bytes_to_clamped_scalar(a_bytes) r = hashlib.sha512() r.update(RH) f.seek(0) for block in iter(partial(f.read, FILE_BLOCK_SIZE), b""): r.update(block) r = int.from_bytes(r.digest(), "little") R = Base.scalarmult(r) R_bytes = R.to_bytes() RAM_hashed = hashlib.sha512() RAM_hashed.update(R_bytes) RAM_hashed.update(public_key) f.seek(0) for block in iter(partial(f.read, FILE_BLOCK_SIZE), b""): RAM_hashed.update(block) RAM_hashed = int.from_bytes(RAM_hashed.digest(), "little") S = r + RAM_hashed * a return R_bytes + scalar_to_bytes(S)
def publickey(seed): # turn first half of SHA512(seed) into scalar, then into point assert len(seed) == 32 a = bytes_to_clamped_scalar(H(seed)[:32]) A = Base.scalarmult(a) return A.to_bytes()
def _get_private_key_as_scalar(priv): h = dhh(priv.sk_s[:32]) # Hash the seed (the first 32 bytes of sk_s) a_bytes = h[:32] # The first 32 bytes of the hash is used as the secret key return bytes_to_clamped_scalar(a_bytes) # return key as a scalar