-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC6979 nonce (k) generation should be modulo-reduced #328
Comments
I'm not entirely sure I understood this correctly, but if I did, I can't reproduce any difference in behavior: import * as noble from '@noble/secp256k1'
import elliptic from 'elliptic'
const { ec: EC } = elliptic
const curve = new EC('secp256k1')
// n: fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
const key01 = '0000000000000000000000000000000000000000000000000000000000000001'
const keyn1 = 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142'
const msg = 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
const sig0 = await noble.sign(msg, key01)
const sig1 = new Uint8Array(curve.sign(msg, key01).toDER())
const sig2 = new Uint8Array(curve.sign(msg, keyn1).toDER())
console.log({ sig0, sig1, sig2 })
console.log(Buffer.compare(sig0, sig1) ? 'Different' : 'Equal')
console.log(Buffer.compare(sig0, sig2) ? 'Different' : 'Equal') Output: {
sig0: Uint8Array(70) [
48, 68, 2, 32, 124, 179, 140, 197, 113, 46, 158, 17,
167, 103, 97, 95, 96, 128, 219, 193, 17, 201, 205, 214,
19, 235, 152, 153, 159, 217, 42, 134, 186, 253, 69, 64,
2, 32, 121, 35, 202, 31, 77, 3, 71, 29, 40, 102,
247, 118, 239, 138, 109, 60, 172, 9, 155, 66, 115, 49,
174, 178, 69, 170, 157, 175, 237, 220, 241, 21
],
sig1: Uint8Array(70) [
48, 68, 2, 32, 124, 179, 140, 197, 113, 46, 158, 17,
167, 103, 97, 95, 96, 128, 219, 193, 17, 201, 205, 214,
19, 235, 152, 153, 159, 217, 42, 134, 186, 253, 69, 64,
2, 32, 121, 35, 202, 31, 77, 3, 71, 29, 40, 102,
247, 118, 239, 138, 109, 60, 172, 9, 155, 66, 115, 49,
174, 178, 69, 170, 157, 175, 237, 220, 241, 21
],
sig2: Uint8Array(70) [
48, 68, 2, 32, 124, 179, 140, 197, 113, 46, 158, 17,
167, 103, 97, 95, 96, 128, 219, 193, 17, 201, 205, 214,
19, 235, 152, 153, 159, 217, 42, 134, 186, 253, 69, 64,
2, 32, 121, 35, 202, 31, 77, 3, 71, 29, 40, 102,
247, 118, 239, 138, 109, 60, 172, 9, 155, 66, 115, 49,
174, 178, 69, 170, 157, 175, 237, 220, 241, 21
]
}
Equal
Equal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently k256 produces different signatures WHEN msg and privkey are bigger than curve order. This is not a big deal but it's better to follow RFC
See this for more info: bitcoin-core/secp256k1#1064, https://github.com/paulmillr/noble-curves/blob/e0ad0530f64d7cc01514b65d819b7f76db5f0da4/src/abstract/weierstrass.ts#L1047-L1052
The text was updated successfully, but these errors were encountered: