Skip to content

Commit 81f0192

Browse files
paulmillrpaulmillr
committed
weierstrass: add helper. secp256k1: simplify schnorr signing.
1 parent c2caa6a commit 81f0192

2 files changed

Lines changed: 10 additions & 9 deletions

File tree

src/abstract/weierstrass.ts

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1336,6 +1336,12 @@ export function ecdsa(
13361336
throw new Error(`invalid signature ${title}: out of range 1..Point.Fn.ORDER`);
13371337
return num;
13381338
}
1339+
function validateSigLength(bytes: Uint8Array, format: ECDSASigFormat) {
1340+
validateSigFormat(format);
1341+
const size = lengths.signature!;
1342+
const sizer = format === 'compact' ? size : format === 'recovered' ? size + 1 : undefined;
1343+
return abytes(bytes, sizer, `${format} signature`);
1344+
}
13391345

13401346
/**
13411347
* ECDSA signature with its (r, s) properties. Supports compact, recovered & DER representations.
@@ -1352,22 +1358,18 @@ export function ecdsa(
13521358
}
13531359

13541360
static fromBytes(bytes: Uint8Array, format: ECDSASigFormat = defaultSigOpts_format): Signature {
1355-
validateSigFormat(format);
1356-
const size = lengths.signature!;
1361+
validateSigLength(bytes, format)
13571362
let recid: number | undefined;
13581363
if (format === 'der') {
13591364
const { r, s } = DER.toSig(abytes(bytes));
13601365
return new Signature(r, s);
13611366
}
13621367
if (format === 'recovered') {
1363-
abytes(bytes, size + 1);
13641368
recid = bytes[0];
1365-
13661369
format = 'compact';
13671370
bytes = bytes.subarray(1);
13681371
}
1369-
abytes(bytes, size);
1370-
const L = size / 2;
1372+
const L = Fn.BYTES;
13711373
const r = bytes.subarray(0, L);
13721374
const s = bytes.subarray(L, L * 2);
13731375
return new Signature(Fn.fromBytes(r), Fn.fromBytes(s), recid);

src/secp256k1.ts

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -179,9 +179,8 @@ function schnorrSign(message: Hex, secretKey: PrivKey, auxRand: Hex = randomByte
179179
const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array
180180
const t = Fn.toBytes(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
181181
const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
182-
const k_ = Fn.create(num(rand)); // Let k' = int(rand) mod n
183-
if (k_ === _0n) throw new Error('sign failed: k is zero'); // Fail if k' = 0.
184-
const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.
182+
// Let k' = int(rand) mod n. Fail if k' = 0. Let R = k'⋅G
183+
const { bytes: rx, scalar: k } = schnorrGetExtPubKey(rand);
185184
const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
186185
const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).
187186
sig.set(rx, 0);

0 commit comments

Comments
 (0)