Nonce usage in ECDSA signing algorithm

Nonce usage in ECDSA signing algorithm

I'm trying to understand the signing function secp256k1_ecdsa_sig_sign(), and I'm curious about the nonce usage here.

static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) {
  unsigned char b[32];
  secp256k1_gej rp;
  secp256k1_ge r;
  secp256k1_scalar n;
  int overflow = 0;

  secp256k1_ecmult_gen(ctx, &rp, nonce);
  secp256k1_ge_set_gej(&r, &rp);
  secp256k1_fe_normalize(&r.x);
  secp256k1_fe_normalize(&r.y);
  secp256k1_fe_get_b32(b, &r.x);
  secp256k1_scalar_set_b32(sigr, b, &overflow);
  /* These two conditions should be checked before calling */
  VERIFY_CHECK(!secp256k1_scalar_is_zero(sigr));
  VERIFY_CHECK(overflow == 0);

  if (recid) {
    /* The overflow condition is cryptographically unreachable as hitting   it requires finding the discrete log
     * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria.
     */
     *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
  }
  secp256k1_scalar_mul(&n, sigr, seckey);
  secp256k1_scalar_add(&n, &n, message);
  secp256k1_scalar_inverse(sigs, nonce);
  secp256k1_scalar_mul(sigs, sigs, &n);
  secp256k1_scalar_clear(&n);
  secp256k1_gej_clear(&rp);
  secp256k1_ge_clear(&r);

  if (secp256k1_scalar_is_zero(sigs)) {
    return 0;
  }

  if (secp256k1_scalar_is_high(sigs)) {
    secp256k1_scalar_negate(sigs, sigs);

    if (recid) {
      *recid ^= 1;
    }

  }

  return 1;
}

I'm familiar with the standard ECDSA, but what exactly is being done with the nonce here and why?

Thanks!

http://bit.ly/2RVYzX4

Comments

Post a Comment

Popular posts from this blog

sendrawtransaction and txn-mempool-conflict

sendrawtransaction and txn-mempool-conflict When i sendrawtransaction to bitcoind, i get error (exceptions) 18: txn-mempool-conflict (use Bitcoin JSON-RPC denpamusic/php-bitcoinrpc ) But the transaction is sent to the network and is subsequently confirmed. Example one decoded transaction : https://jsfiddle.net/rn58a4j6/ then i send this transaction: 94ec12fc463230b4285a29b047608627c05572a4c6eabe6688a201ce49ae72f7 https://ift.tt/2MY2KP0
Read more

couldn't connect to server: EOF reached (code 1)

couldn't connect to server: EOF reached (code 1) I'm running a full node on my raspberry pi3. I try to do a simple command such as bitcoin-cli getblockchaininfo but I always get this error: error: couldn't connect to server: EOF reached (code 1) (make sure server is running and you are connecting to the correct RPC port) My bitcoin.conf file looks like this: Bitcoind options server=1 daemon=1 reindex-chainstate=1 reindex=1 txindex=1 disablewallet=1 listenonion=0 Connection settings rpcuser= * rpcpassword=* rpcport=8332 rpcallowip=127.0.0.1 rpcthreads=10 I also tried to get a command with "bitcoin-cli -rpcuser: * - rpcpassword=* -rpcportt8332 getblockchaininfo". But this also didn't work. Does someone has some advice or experience with this error? https://ift.tt/2D82TLW
Read more