bip-schnorr 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e68ad5d5ccf6213171279052ddef947229a8eab7597cc93ca2b8cc312d0e7254
-  data.tar.gz: b77fed1e8cc5dba386dcf6ce81bfe3d36c20985bd246b5c5d5e6f9ce45db6177
+  metadata.gz: 46a74af7fff8c807780488e505f4065e7ec3f7ad63a8e5b9ca52f4304f19c9b8
+  data.tar.gz: f68b54e7158a474a821bac1d62ea1f9cfade33fc81f58a65bc4f5a885f674a61
 SHA512:
-  metadata.gz: 0d2a1ffd174074375af26fe2e4dfae18d6a72e9e44e76861d09e3724d3d13c4b90e182b2dc7533cefb93fbc44317cd92f4941716ae3e0fe549dc4e950e09b710
-  data.tar.gz: ebeba83783283f328b321ab19a5c3cebf4f74aa0d56c9f491283a502367a4baf29ea78f905b335f547f1cd8b6215395260c72981776d9e2743d3b4d03d408d7f
+  metadata.gz: f0a90d133c6afb2015c19e5c93c054bfc744d8fc4d6f9a768fa6c087e37545bb4248e09bd8785ba24915169ca27afadcd0134ce49d59d3c1fda668efd20c89e3
+  data.tar.gz: 0c22a9a02be20cb9386bab115770e95db0ab9513f2c3bf168439ee22f864a5e50610ed4d8a02f289a7cdec0bde63c9cff01e7f9b713b6f4c796aab750f8b1566

data/README.md

@@ -34,6 +34,9 @@ message = ['5E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C'].p
 
 # create signature
 signature = Schnorr.sign(message, private_key)
+# if use auxiliary random data, specify it to the 3rd arguments.
+aux_rand = SecureRandom.bytes(32) # aux_rand must be a 32-byte binary.
+signature = Schnorr.sign(message, private_key, aux_rand)
 
 # signature r value
 signature.r 
@@ -55,7 +58,7 @@ require 'schnorr'
 # public key does not start with 02 or 03.
 public_key = ['DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659'].pack('H*')
 
-signature = ['0E12B8C520948A776753A96F21ABD7FDC2D7D0C0DDC90851BE17B04E75EF86A47EF0DA46C4DC4D0D1BCB8668C2CE16C54C7C23A6716EDE303AF86774917CF928'].pack('H*')
+signature = ['6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A'].pack('H*')
 
 message = ['243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89'].pack('H*')
 
@@ -71,8 +74,6 @@ sig = Schnorr::Signature.decode(signature)
 This library changes the following functions of `ecdsa` gem in `lib/schnorr/ec_point_ext.rb`.
 
 * `ECDSA::Point` class has following two instance methods.
-    * `#has_square_y?` check this point does not infinity and square?(y coordinate)
-    * `#square?(x)` check whether `x` is a quadratic residue modulo p.
     * `#has_even_y?` check the y-coordinate of this point is an even.
     * `#encode(only_x = false)` encode this point into a binary string.
 * `ECDSA::Format::PointOctetString#decode` supports decoding only from x coordinate.

data/lib/schnorr.rb

@@ -24,14 +24,14 @@ module Schnorr
     p = GROUP.new_point(d0)
     d = p.has_even_y? ? d0 : GROUP.order - d0
 
-    t = d ^ tagged_hash('BIP340/aux', aux_rand).unpack('H*').first.to_i(16)
+    t = d ^ tagged_hash('BIP0340/aux', aux_rand).unpack('H*').first.to_i(16)
     t = ECDSA::Format::IntegerOctetString.encode(t, GROUP.byte_length)
 
-    k0 = ECDSA::Format::IntegerOctetString.decode(tagged_hash('BIP340/nonce', t + p.encode(true) + message)) % GROUP.order
+    k0 = ECDSA::Format::IntegerOctetString.decode(tagged_hash('BIP0340/nonce', t + p.encode(true) + message)) % GROUP.order
     raise 'Creation of signature failed. k is zero' if k0.zero?
 
     r = GROUP.new_point(k0)
-    k = r.has_square_y? ? k0 : GROUP.order - k0
+    k = r.has_even_y? ? k0 : GROUP.order - k0
     e = create_challenge(r.x, p, message)
 
     sig = Schnorr::Signature.new(r.x, (k + e * d) % GROUP.order)
@@ -59,7 +59,6 @@ module Schnorr
     raise InvalidSignatureError, 'The message must be a 32-byte array.' unless message.bytesize == 32
     raise InvalidSignatureError, 'The public key must be a 32-byte array.' unless public_key.bytesize == 32
 
-
     sig = Schnorr::Signature.decode(signature)
     pubkey = ECDSA::Format::PointOctetString.decode(public_key, GROUP)
     field = GROUP.field
@@ -73,7 +72,7 @@ module Schnorr
 
     r = GROUP.new_point(sig.s) + pubkey.multiply_by_scalar(GROUP.order - e)
 
-    if r.infinity? || !r.has_square_y? || r.x != sig.r
+    if r.infinity? || !r.has_even_y? || r.x != sig.r
       raise Schnorr::InvalidSignatureError, 'signature verification failed.'
     end
 
@@ -86,7 +85,7 @@ module Schnorr
   # @return (Integer) digest e.
   def create_challenge(x, p, message)
     r_x = ECDSA::Format::IntegerOctetString.encode(x, GROUP.byte_length)
-    (ECDSA.normalize_digest(tagged_hash('BIP340/challenge', r_x + p.encode(true) + message), GROUP.bit_length)) % GROUP.order
+    (ECDSA.normalize_digest(tagged_hash('BIP0340/challenge', r_x + p.encode(true) + message), GROUP.bit_length)) % GROUP.order
   end
 
   # Generate tagged hash value.

data/lib/schnorr/ec_point_ext.rb

@@ -2,25 +2,12 @@
 module ECDSA
   class Point
 
-    # Check this point does not infinity and square?(y coordinate)
-    # @return (Boolean)
-    def has_square_y?
-      !infinity? && square?(y)
-    end
-
     # Check the y-coordinate of this point is an even.
     # @return (Boolean) if even, return true.
     def has_even_y?
       y.even?
     end
 
-    # Check whether +x+ is a quadratic residue modulo p.
-    # @param x (Integer)
-    # @return (Boolean)
-    def square?(x)
-      x.pow((group.field.prime - 1) / 2, group.field.prime) == 1
-    end
-
     # Encode this point into a binary string.
     # @param (Boolean) only_x whether or not to encode only X-coordinate. default is false.
     def encode(only_x = false)

data/lib/schnorr/version.rb

@@ -1,3 +1,3 @@
 module Schnorr
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bip-schnorr
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - azuchi
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-08 00:00:00.000000000 Z
+date: 2020-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ecdsa