Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC6979 nonce (k) generation should be modulo-reduced #328

Open
paulmillr opened this issue Nov 12, 2024 · 1 comment
Open

RFC6979 nonce (k) generation should be modulo-reduced #328

paulmillr opened this issue Nov 12, 2024 · 1 comment

Comments

@paulmillr
Copy link

Currently k256 produces different signatures WHEN msg and privkey are bigger than curve order. This is not a big deal but it's better to follow RFC

See this for more info: bitcoin-core/secp256k1#1064, https://github.com/paulmillr/noble-curves/blob/e0ad0530f64d7cc01514b65d819b7f76db5f0da4/src/abstract/weierstrass.ts#L1047-L1052

@ChALkeR
Copy link
Contributor

ChALkeR commented Nov 13, 2024

I'm not entirely sure I understood this correctly, but if I did, I can't reproduce any difference in behavior:

import * as noble from '@noble/secp256k1'
import elliptic from 'elliptic'

const { ec: EC } = elliptic
const curve = new EC('secp256k1')

// n: fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
const key01 = '0000000000000000000000000000000000000000000000000000000000000001'
const keyn1 = 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142'
const msg = 'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'

const sig0 = await noble.sign(msg, key01)
const sig1 = new Uint8Array(curve.sign(msg, key01).toDER())
const sig2 = new Uint8Array(curve.sign(msg, keyn1).toDER())

console.log({ sig0, sig1, sig2 })
console.log(Buffer.compare(sig0, sig1) ? 'Different' : 'Equal')
console.log(Buffer.compare(sig0, sig2) ? 'Different' : 'Equal')

Output:

{
  sig0: Uint8Array(70) [
     48,  68,   2,  32, 124, 179, 140, 197, 113,  46, 158,  17,
    167, 103,  97,  95,  96, 128, 219, 193,  17, 201, 205, 214,
     19, 235, 152, 153, 159, 217,  42, 134, 186, 253,  69,  64,
      2,  32, 121,  35, 202,  31,  77,   3,  71,  29,  40, 102,
    247, 118, 239, 138, 109,  60, 172,   9, 155,  66, 115,  49,
    174, 178,  69, 170, 157, 175, 237, 220, 241,  21
  ],
  sig1: Uint8Array(70) [
     48,  68,   2,  32, 124, 179, 140, 197, 113,  46, 158,  17,
    167, 103,  97,  95,  96, 128, 219, 193,  17, 201, 205, 214,
     19, 235, 152, 153, 159, 217,  42, 134, 186, 253,  69,  64,
      2,  32, 121,  35, 202,  31,  77,   3,  71,  29,  40, 102,
    247, 118, 239, 138, 109,  60, 172,   9, 155,  66, 115,  49,
    174, 178,  69, 170, 157, 175, 237, 220, 241,  21
  ],
  sig2: Uint8Array(70) [
     48,  68,   2,  32, 124, 179, 140, 197, 113,  46, 158,  17,
    167, 103,  97,  95,  96, 128, 219, 193,  17, 201, 205, 214,
     19, 235, 152, 153, 159, 217,  42, 134, 186, 253,  69,  64,
      2,  32, 121,  35, 202,  31,  77,   3,  71,  29,  40, 102,
    247, 118, 239, 138, 109,  60, 172,   9, 155,  66, 115,  49,
    174, 178,  69, 170, 157, 175, 237, 220, 241,  21
  ]
}
Equal
Equal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants