Bitcoin: Does Bitcoin Core Validate ECDSA Signature Component r Using Mod N?
Oshtop Component Signature ECDSA with Uspolzima N in Bitkoye Yadre
Electronic deneal hand -running prints (ECG) and algorithm of the elliptic kriva (ECDSA) are the two basic components of the protocol bitcoin. In this state, we dissatisfied with the Bitcoin Core confirmed components of ECDSA signatures with MOD N.
PROSUTURA Signature/Signature/ECDSA
In the book «Bitcoin Programing» the song jimmi is remembered that the process of signatures/ecd -transfers for the hash -sow z encloses in the sowing goals:
- Install the public key «P» from the partial key e ‘.
- Read the Signature Hash
Zwith Uspolzing Algorithm ECDSA:
`
S = R * G^X MOD M
4
C
V = R ^ X MOD H_P
S = S ^ V MOD H_S
fashion n validation
In order to deflect the signatures of the ECDSA with the fashion N, we need to disturb the appropriate moduleMand the main point 'g, which he corresponds to the finished property. Key personality is that the closed key is in the volume that «emodular pointer of the generator" g.
In the nuclei of the Bitcoin, the partial key «ewas presented by time" (d, p), where closed key in the ten -form form, and p- public key (ie (x, y) ) N -a, we need to rolve the module “m yes ::
* D^E ≡ 1 MOD M
* G^e ≡ g^X MOD M
We can choose the m = p (the main number) and to determine the part of the module rooting point of the generatorg '. The generally accessible key "P" is just a coordinate (X, y) .
Realization in Bitcoin Core
To relyst the fashion in the nuclei bitcoin, we can use the following clip code:
C
#include
// Decrease the structure that presents components of the ECDSA signatures
Typedef Struct {
nint8_t r [4];
nint8_t x;
} S;
// Function for ECDSA Signatures and Towards with help n
S ECDSA_SIGN (CONST8_T Z, Const Uint64_T E, Const Uint8_T P) {{
// Sevele the component of the open key closed key
Const uint32_t d = (z [0] << 24) + (z [1] << 16) + (z [2] << 8) + z [3];
S* Signature = new (Sizeof (s) s;
// Read signs ECDSA and check it with the help n
S R;
for (int I = 0; I <4; I ++) {) {
R.R [i] = (d >> (I * 8) & 255);
Nour
Signature-> R [3] = (Z [0] << 24) + (Z [1] << 16) + (Z [2] << 8) + Z [3];
Signature-> X = R.X;
// Read G^e ≡ g^x MOD
S g;
for (int I = 0; I <4; I ++) {) {
G.R [i] = Pow (G, R.R [i], P);
Nour
Return the signature;
Nour
// Function for Red
Bool ECDSA_VERIFY (CONST S* Signature, Const Uint64_T E, Const Uint8_T Z, CONT32_T P) {
// Sevele the component of the open key closed key
Const uint32_t d = (z [0] << 24) + (z [1] << 16) + (z [2] << 8) + z [3];
// Read G^e ≡ g^x MOD
S g;
for (int I = 0; I <4; I ++) {) {
G.R [I] = Pow (G, D >> (I * 8), P);
Nour
// Repeat the signs with the signs
NINT64_T R, X;
for (int I = 0; I <4; I ++) {) {
R += G.R [i];
X + = (Z [1] << 16) + (Z [2] << 8) + Z [3];
Nour
Return Pow (R, E, P) == X;
Nour
`
This realization provides the basin structure for the confusion of the ECD signature with the use of the resilia n into the nucleus. Immet in the view that this is all over the priemer, and you can change the code in the correspondence with your conquest trees.
Wipes
- «Bitcoin -Programing» Jimmi Song (2019)
- SPECIFICATION BITCOIN PROCTOL (section 5.1.8)
Комплекты освещения ДНаТ
Освещение для растений