message signing – Does Bitcoin Core Validate ECDSA Signature Part r Utilizing Mod N? – CoinNewsTrend

message signing – Does Bitcoin Core Validate ECDSA Signature Part r Utilizing Mod N?

Posted by By Admin


Within the guide Programming Bitcoin (2019) by Jimmy Music (pg’s 61-72) the ECDSA signing/verification process for message hash z, personal/public key pair (e, P), generator level G = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798,
0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8), elliptic curve cyclic group order

N = |<G>| = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141, discipline order p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F, and ephemeral personal key okay is outlined by :

  1. Signature (r, s) created as follows :
    r = x coordinate of the purpose R = kG (so r is within the vary [0, p – 1]),
    s = (z + re) / okay mod N (so s is in vary [0, N – 1])

  2. Signature (r, s) is validated as follows :
    Calculate the purpose Q = (z/s)G + (r/s)P.
    (r, s) is legitimate if x coordinate of Q equals r

That is applied within the guide code at :
https://github.com/jimmysong/programmingbitcoin/blob/grasp/code-ch13/ecc.py
within the strategies PrivateKey.signal and S256Point.confirm.

Nonetheless in different sources, eg :
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://andrea.corbellini.title/2015/05/30/elliptic-curve-cryptography-ecdh-and-ecdsa/
https://www.secg.org/sec1-v2.pdf

the algorithm is barely completely different :

  1. r is taken to be mod N (so r is within the vary [0, N – 1]),

  2. (r, s) is taken into account legitimate if (x coordinate of Q mod N) equals r

My query is which strategy does Bitcoin itself undertake ?

If Bitcoin adopts the latter strategy then if we signal as in Jimmy’s guide, and if the x coordinate of R is within the vary [N, p – 1], which is feasible as N < p, then our r worth is within the vary [N, p – 1]. Nonetheless then, on validation utilizing the second strategy we compute (x coordinate of Q mod N), which should lie within the vary [0, N – 1] and thus it could by no means equal r, and the validation fails.

The likelihood of acquiring the x coord of R within the vary [N, p – 1] could be very small as N is proportionately very near p, nonetheless is it good observe in Bitcoin programming to imagine this could by no means occur ?



Supply hyperlink