Артём Литвинович [ARCHIVE] on Nostr: 📅 Original date posted:2018-07-06 📝 Original message:Neat. Some minor notes as ...
📅 Original date posted:2018-07-06
📝 Original message:Neat.
Some minor notes as an outsider who just spent an hour implementing and
playing with this:
-In several places you have things like "Let k = int(hash(bytes(d) || m))
mod n", but reference code says things like "e = sha256(R[0].to_bytes(32,
byteorder="big") + bytes_point(point_mul(G, seckey)) + msg)", no modulo.
Confusing.
-x is not defined in "The signature is *bytes(x(R)) || bytes(k + ex mod n)*",
apparently it's the private key.
-jacobi function is great at exposing bugs in divmod implementations, due
to the full 256 bit exponent. Add a line about it being something to watch
for?
-"bytes" notation is defined as "turn to bytes" for an integer, but the
same for a point is "take X with prefix and turn to bytes". Confusing,
might be a good idea to name it differently?
-Finally, it would have been nice to have a larger set of test vectors in a
JSON or CSV file, covering all the edge cases.
Artem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180707/caba391c/attachment.html>;
📝 Original message:Neat.
Some minor notes as an outsider who just spent an hour implementing and
playing with this:
-In several places you have things like "Let k = int(hash(bytes(d) || m))
mod n", but reference code says things like "e = sha256(R[0].to_bytes(32,
byteorder="big") + bytes_point(point_mul(G, seckey)) + msg)", no modulo.
Confusing.
-x is not defined in "The signature is *bytes(x(R)) || bytes(k + ex mod n)*",
apparently it's the private key.
-jacobi function is great at exposing bugs in divmod implementations, due
to the full 256 bit exponent. Add a line about it being something to watch
for?
-"bytes" notation is defined as "turn to bytes" for an integer, but the
same for a point is "take X with prefix and turn to bytes". Confusing,
might be a good idea to name it differently?
-Finally, it would have been nice to have a larger set of test vectors in a
JSON or CSV file, covering all the edge cases.
Artem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180707/caba391c/attachment.html>;