bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2026-02-23 15:38:22 +00:00
Code Issues Releases Wiki Activity

Use a tagged hash in bip-schnorr nonce derivation

Browse Source
This commit is contained in:
Jonas Nick
2019-08-26 11:32:04 +00:00
committed by Pieter Wuille
parent ba748dcd93
commit 7f3611d239
3 changed files with 13 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bip-schnorr/reference.py
View File

@@ -5,6 +5,10 @@ p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
G = (0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798, 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
def tagged_hash(tag, msg):
tag_hash = hashlib.sha256(tag.encode()).digest()
return hashlib.sha256(tag_hash + tag_hash + msg).digest()
def point_add(P1, P2):
if (P1 is None):
return P2
@@ -61,7 +65,7 @@ def schnorr_sign(msg, seckey0):
raise ValueError('The secret key must be an integer in the range 1..n-1.')
P = point_mul(G, seckey0)
seckey = seckey0 if (jacobi(P[1]) == 1) else n - seckey0
k0 = int_from_bytes(hash_sha256(bytes_from_int(seckey) + msg)) % n
k0 = int_from_bytes(tagged_hash("BIPSchnorrDerive", bytes_from_int(seckey) + msg)) % n
if k0 == 0:
raise RuntimeError('Failure. This happens only with negligible probability.')
R = point_mul(G, k0)