Deterministic signing
This commit is contained in:
Pieter Wuille
parent
3060e36098
commit
a53fd41485
4 changed files with 49 additions and 14 deletions
29
src/key.cpp
29
src/key.cpp
|
|
@ -5,6 +5,7 @@
|
|||
#include "key.h"
|
||||
|
||||
#include "crypto/hmac_sha512.h"
|
||||
#include "crypto/rfc6979_hmac_sha256.h"
|
||||
#include "eccryptoverify.h"
|
||||
#include "pubkey.h"
|
||||
#include "random.h"
|
||||
|
|
@ -71,19 +72,22 @@ CPubKey CKey::GetPubKey() const {
|
|||
return result;
|
||||
}
|
||||
|
||||
bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig) const {
|
||||
bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, uint32_t test_case) const {
|
||||
if (!fValid)
|
||||
return false;
|
||||
vchSig.resize(72);
|
||||
int nSigLen = 72;
|
||||
CKey nonce;
|
||||
RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
|
||||
do {
|
||||
nonce.MakeNewKey(true);
|
||||
if (secp256k1_ecdsa_sign((const unsigned char*)&hash, 32, (unsigned char*)&vchSig[0], &nSigLen, begin(), nonce.begin()))
|
||||
break;
|
||||
uint256 nonce;
|
||||
prng.Generate((unsigned char*)&nonce, 32);
|
||||
nonce += test_case;
|
||||
int nSigLen = 72;
|
||||
int ret = secp256k1_ecdsa_sign((const unsigned char*)&hash, 32, (unsigned char*)&vchSig[0], &nSigLen, begin(), (unsigned char*)&nonce);
|
||||
vchSig.resize(nSigLen);
|
||||
nonce = 0;
|
||||
if (ret)
|
||||
return true;
|
||||
} while(true);
|
||||
vchSig.resize(nSigLen);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig) const {
|
||||
|
|
@ -91,10 +95,13 @@ bool CKey::SignCompact(const uint256 &hash, std::vector<unsigned char>& vchSig)
|
|||
return false;
|
||||
vchSig.resize(65);
|
||||
int rec = -1;
|
||||
CKey nonce;
|
||||
RFC6979_HMAC_SHA256 prng(begin(), 32, (unsigned char*)&hash, 32);
|
||||
do {
|
||||
nonce.MakeNewKey(true);
|
||||
if (secp256k1_ecdsa_sign_compact((const unsigned char*)&hash, 32, &vchSig[1], begin(), nonce.begin(), &rec))
|
||||
uint256 nonce;
|
||||
prng.Generate((unsigned char*)&nonce, 32);
|
||||
int ret = secp256k1_ecdsa_sign_compact((const unsigned char*)&hash, 32, &vchSig[1], begin(), (unsigned char*)&nonce, &rec);
|
||||
nonce = 0;
|
||||
if (ret)
|
||||
break;
|
||||
} while(true);
|
||||
assert(rec != -1);
|
||||
|
|
|
|||
|
|
@ -121,8 +121,12 @@ public:
|
|||
*/
|
||||
CPubKey GetPubKey() const;
|
||||
|
||||
//! Create a DER-serialized signature.
|
||||
bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig) const;
|
||||
/**
|
||||
* Create a DER-serialized signature.
|
||||
* The test_case parameter tweaks the deterministic nonce, and is only for
|
||||
* testing. It should be zero for normal use.
|
||||
*/
|
||||
bool Sign(const uint256& hash, std::vector<unsigned char>& vchSig, uint32_t test_case = 0) const;
|
||||
|
||||
/**
|
||||
* Create a compact signature (65 bytes), which allows reconstructing the used public key.
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
#include "script/script.h"
|
||||
#include "uint256.h"
|
||||
#include "util.h"
|
||||
#include "utilstrencodings.h"
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
|
@ -142,6 +143,28 @@ BOOST_AUTO_TEST_CASE(key_test1)
|
|||
BOOST_CHECK(rkey1C == pubkey1C);
|
||||
BOOST_CHECK(rkey2C == pubkey2C);
|
||||
}
|
||||
|
||||
// test deterministic signing
|
||||
|
||||
std::vector<unsigned char> detsig, detsigc;
|
||||
string strMsg = "Very deterministic message";
|
||||
uint256 hashMsg = Hash(strMsg.begin(), strMsg.end());
|
||||
BOOST_CHECK(key1.Sign(hashMsg, detsig));
|
||||
BOOST_CHECK(key1C.Sign(hashMsg, detsigc));
|
||||
BOOST_CHECK(detsig == detsigc);
|
||||
BOOST_CHECK(detsig == ParseHex("304402205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d022014ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
||||
BOOST_CHECK(key2.Sign(hashMsg, detsig));
|
||||
BOOST_CHECK(key2C.Sign(hashMsg, detsigc));
|
||||
BOOST_CHECK(detsig == detsigc);
|
||||
BOOST_CHECK(detsig == ParseHex("3044022052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd5022061d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
||||
BOOST_CHECK(key1.SignCompact(hashMsg, detsig));
|
||||
BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc));
|
||||
BOOST_CHECK(detsig == ParseHex("1c5dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
||||
BOOST_CHECK(detsigc == ParseHex("205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
||||
BOOST_CHECK(key2.SignCompact(hashMsg, detsig));
|
||||
BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc));
|
||||
BOOST_CHECK(detsig == ParseHex("1c52d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
||||
BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
||||
}
|
||||
|
||||
BOOST_AUTO_TEST_SUITE_END()
|
||||
|
|
|
|||
|
|
@ -248,8 +248,9 @@ public:
|
|||
{
|
||||
uint256 hash = SignatureHash(scriptPubKey, spendTx, 0, nHashType);
|
||||
std::vector<unsigned char> vchSig, r, s;
|
||||
uint32_t iter = 0;
|
||||
do {
|
||||
key.Sign(hash, vchSig);
|
||||
key.Sign(hash, vchSig, iter++);
|
||||
if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) {
|
||||
NegateSignatureS(vchSig);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue