LBRYCommunity/bitcoinjs-lib
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ecdsa: split steps up further as per sec1-v2.pdf

Browse source
This commit is contained in:
Daniel Cousens 2015-04-10 17:20:22 +10:00
parent 4f8c7f4348
commit a221bd142c
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/ecdsa.js
View file

@ -115,21 +115,27 @@ function verifyRaw (curve, e, signature, Q) {
if (r.signum() <= 0 || r.compareTo(n) >= 0) return false if (r.signum() <= 0 || r.compareTo(n) >= 0) return false
if (s.signum() <= 0 || s.compareTo(n) >= 0) return false if (s.signum() <= 0 || s.compareTo(n) >= 0) return false
// c = s^-1 mod n // Compute s^-1
var c = s.modInverse(n) var sInv = s.modInverse(n)
// 1.4.4 Compute u1 = es^1 mod n // 1.4.4 Compute u1 = es^1 mod n
// u2 = rs^1 mod n // u2 = rs^1 mod n
var u1 = e.multiply(c).mod(n) var u1 = e.multiply(sInv).mod(n)
var u2 = r.multiply(c).mod(n) var u2 = r.multiply(sInv).mod(n)
// 1.4.5 Compute R = (xR, yR) = u1G + u2Q // 1.4.5 Compute R = (xR, yR)
// R = u1G + u2Q
var R = G.multiplyTwo(u1, Q, u2) var R = G.multiplyTwo(u1, Q, u2)
var v = R.affineX.mod(n)
// 1.4.5 (cont.) Enforce R is not at infinity // 1.4.5 (cont.) Enforce R is not at infinity
if (curve.isInfinity(R)) return false if (curve.isInfinity(R)) return false
// 1.4.6 Convert the field element R.x to an integer
var xR = R.affineX
// 1.4.7 Set v = xR mod n
var v = xR.mod(n)
// 1.4.8 If v = r, output "valid", and if v != r, output "invalid" // 1.4.8 If v = r, output "valid", and if v != r, output "invalid"
return v.equals(r) return v.equals(r)
} }