ECDSA signature generation and verification implementation using JavascriptCreate GUID / UUID in JavaScript?How do JavaScript closures work?What is the most efficient way to deep clone an object in JavaScript?How do I remove a property from a JavaScript object?Which equals operator (== vs ===) should be used in JavaScript comparisons?How do I include a JavaScript file in another JavaScript file?What does “use strict” do in JavaScript, and what is the reasoning behind it?How to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?For-each over an array in JavaScript?
If the interviewer says "We have other interviews to conduct and then back to you in few days", is it a bad sign to not get the job?
Why am I not getting stuck in the loop
Do any languages mention the top limit of a range first?
Did Apollo leave poop on the moon?
Generate a random point outside a given rectangle within a map
What could prevent players from leaving an island?
Should I take out a personal loan to pay off credit card debt?
Why can I log in to my facebook account with misspelled email/password
Which genus do I use for neutral expressions in German?
Repeated! Factorials!
I was contacted by a private bank overseas to get my inheritance
split large formula in align
Is DC heating faster than AC heating?
Can I enter Switzerland with only my London Driver's License?
Whats the difference between <processors> and <pipelines> in Sitecore configuration?
Why does capacitance not depend on the material of the plates?
How to make attic easier to traverse?
Make a living as a math programming freelancer?
How to check a file was encrypted (really & correctly)
Did Captain America make out with his niece?
Does a humanoid possessed by a ghost register as undead to a paladin's Divine Sense?
Why is the Vasa Museum in Stockholm so Popular?
Is there a way to improve my grade after graduation?
Ubuntu show wrong disk sizes, how to solve it?
ECDSA signature generation and verification implementation using Javascript
Create GUID / UUID in JavaScript?How do JavaScript closures work?What is the most efficient way to deep clone an object in JavaScript?How do I remove a property from a JavaScript object?Which equals operator (== vs ===) should be used in JavaScript comparisons?How do I include a JavaScript file in another JavaScript file?What does “use strict” do in JavaScript, and what is the reasoning behind it?How to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?For-each over an array in JavaScript?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:
https://pastebin.com/k1WT6apV
/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
while(s.equals("0"))
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
while(bigInt(k).isPrime() == false)
k = bigInt.randBetween("1", n.subtract(1));
var xCoord = bigInt(k.multiply(g)).mod(p);
r = xCoord.mod(n);
var kInverse = k.modInv(n);
var hashedMessage = bigInt(sha1('hello'),16);
s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n)
var signatureParams =
"publicKey": publicKey.toString(),
"r": r.toString(),
"sign": s.toString()
/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r
It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:
https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767
http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf
https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf
What is wrong with my implementation? Am I missing something? Did I do something wrong?
EDIT:
After doing some revision I came up with the following:
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
var generateSignature = function(hashedMessage)
hashedMessage = bigInt(hashedMessage,16);
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
while(s.equals("0"))
r = bigInt("0");
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
var kInverse = k.modInv(n);
var pr = privateKey.multiply(r);
hashedMessage = hashedMessage.add(pr);
kInverse = kInverse.multiply(hashedMessage);
s = kInverse.mod(n);
return [r.toString(),s.toString()];
var validateSignature = function(hashedMessage, signature)
hashedMessage = bigInt(hashedMessage,16);
var r = bigInt(signature[0]);
var s = bigInt(signature[1]);
var w = s.modInv(n);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(r.multiply(w)).mod(n);
var u1g = u1.multiply(g);
var u2pu = u2.multiply(publicKey);
var xCoord =u1g.add(u2pu);
var v = xCoord.mod(n);
if(v.equals(r))
return true;
return false;
However it still fails to validate the signature. Hope it makes it a bit clearer.
javascript digital-signature verification elliptic-curve ecdsa
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
add a comment |
I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:
https://pastebin.com/k1WT6apV
/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
while(s.equals("0"))
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
while(bigInt(k).isPrime() == false)
k = bigInt.randBetween("1", n.subtract(1));
var xCoord = bigInt(k.multiply(g)).mod(p);
r = xCoord.mod(n);
var kInverse = k.modInv(n);
var hashedMessage = bigInt(sha1('hello'),16);
s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n)
var signatureParams =
"publicKey": publicKey.toString(),
"r": r.toString(),
"sign": s.toString()
/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r
It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:
https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767
http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf
https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf
What is wrong with my implementation? Am I missing something? Did I do something wrong?
EDIT:
After doing some revision I came up with the following:
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
var generateSignature = function(hashedMessage)
hashedMessage = bigInt(hashedMessage,16);
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
while(s.equals("0"))
r = bigInt("0");
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
var kInverse = k.modInv(n);
var pr = privateKey.multiply(r);
hashedMessage = hashedMessage.add(pr);
kInverse = kInverse.multiply(hashedMessage);
s = kInverse.mod(n);
return [r.toString(),s.toString()];
var validateSignature = function(hashedMessage, signature)
hashedMessage = bigInt(hashedMessage,16);
var r = bigInt(signature[0]);
var s = bigInt(signature[1]);
var w = s.modInv(n);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(r.multiply(w)).mod(n);
var u1g = u1.multiply(g);
var u2pu = u2.multiply(publicKey);
var xCoord =u1g.add(u2pu);
var v = xCoord.mod(n);
if(v.equals(r))
return true;
return false;
However it still fails to validate the signature. Hope it makes it a bit clearer.
javascript digital-signature verification elliptic-curve ecdsa
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07
add a comment |
I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:
https://pastebin.com/k1WT6apV
/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
while(s.equals("0"))
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
while(bigInt(k).isPrime() == false)
k = bigInt.randBetween("1", n.subtract(1));
var xCoord = bigInt(k.multiply(g)).mod(p);
r = xCoord.mod(n);
var kInverse = k.modInv(n);
var hashedMessage = bigInt(sha1('hello'),16);
s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n)
var signatureParams =
"publicKey": publicKey.toString(),
"r": r.toString(),
"sign": s.toString()
/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r
It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:
https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767
http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf
https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf
What is wrong with my implementation? Am I missing something? Did I do something wrong?
EDIT:
After doing some revision I came up with the following:
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
var generateSignature = function(hashedMessage)
hashedMessage = bigInt(hashedMessage,16);
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
while(s.equals("0"))
r = bigInt("0");
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
var kInverse = k.modInv(n);
var pr = privateKey.multiply(r);
hashedMessage = hashedMessage.add(pr);
kInverse = kInverse.multiply(hashedMessage);
s = kInverse.mod(n);
return [r.toString(),s.toString()];
var validateSignature = function(hashedMessage, signature)
hashedMessage = bigInt(hashedMessage,16);
var r = bigInt(signature[0]);
var s = bigInt(signature[1]);
var w = s.modInv(n);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(r.multiply(w)).mod(n);
var u1g = u1.multiply(g);
var u2pu = u2.multiply(publicKey);
var xCoord =u1g.add(u2pu);
var v = xCoord.mod(n);
if(v.equals(r))
return true;
return false;
However it still fails to validate the signature. Hope it makes it a bit clearer.
javascript digital-signature verification elliptic-curve ecdsa
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:
https://pastebin.com/k1WT6apV
/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
while(s.equals("0"))
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
while(bigInt(k).isPrime() == false)
k = bigInt.randBetween("1", n.subtract(1));
var xCoord = bigInt(k.multiply(g)).mod(p);
r = xCoord.mod(n);
var kInverse = k.modInv(n);
var hashedMessage = bigInt(sha1('hello'),16);
s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n)
var signatureParams =
"publicKey": publicKey.toString(),
"r": r.toString(),
"sign": s.toString()
/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r
It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:
https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767
http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf
https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf
What is wrong with my implementation? Am I missing something? Did I do something wrong?
EDIT:
After doing some revision I came up with the following:
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663');
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);
var generateSignature = function(hashedMessage)
hashedMessage = bigInt(hashedMessage,16);
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
while(s.equals("0"))
r = bigInt("0");
while(r.equals("0"))
k = bigInt.randBetween("1", n.subtract(1));
r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
var kInverse = k.modInv(n);
var pr = privateKey.multiply(r);
hashedMessage = hashedMessage.add(pr);
kInverse = kInverse.multiply(hashedMessage);
s = kInverse.mod(n);
return [r.toString(),s.toString()];
var validateSignature = function(hashedMessage, signature)
hashedMessage = bigInt(hashedMessage,16);
var r = bigInt(signature[0]);
var s = bigInt(signature[1]);
var w = s.modInv(n);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(r.multiply(w)).mod(n);
var u1g = u1.multiply(g);
var u2pu = u2.multiply(publicKey);
var xCoord =u1g.add(u2pu);
var v = xCoord.mod(n);
if(v.equals(r))
return true;
return false;
However it still fails to validate the signature. Hope it makes it a bit clearer.
javascript digital-signature verification elliptic-curve ecdsa
javascript digital-signature verification elliptic-curve ecdsa
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
edited Mar 27 at 20:40
Questionare232
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
asked Mar 27 at 4:08
Questionare232Questionare232
1212 silver badges12 bronze badges
1212 silver badges12 bronze badges
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07
add a comment |
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07
add a comment |
1 Answer
1
active
oldest
votes
part of your problem is that g is actually not a number but a point
this is a rough translation of what you wrote:
g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)
ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n
i wrote an implmentation of this however over the last few weeks something like this:
g =
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424
k = <random number>
r = <random number>
e = sha(m)
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x
it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math
https://www.npmjs.com/package/simple-js-ec-math
https://eng.paxos.com/blockchain-101-foundational-math
also perhaps take a look at my simple-js-ecdsa implementation as well
just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3
answered Mar 29 at 19:44
Azero123Azero123
1
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55369670%2fecdsa-signature-generation-and-verification-implementation-using-javascript%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
part of your problem is that g is actually not a number but a point
this is a rough translation of what you wrote:
g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)
ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n
i wrote an implmentation of this however over the last few weeks something like this:
g =
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424
k = <random number>
r = <random number>
e = sha(m)
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x
it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math
https://www.npmjs.com/package/simple-js-ec-math
https://eng.paxos.com/blockchain-101-foundational-math
also perhaps take a look at my simple-js-ecdsa implementation as well
just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3
answered Mar 29 at 19:44
Azero123Azero123
1
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
add a comment |
part of your problem is that g is actually not a number but a point
this is a rough translation of what you wrote:
g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)
ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n
i wrote an implmentation of this however over the last few weeks something like this:
g =
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424
k = <random number>
r = <random number>
e = sha(m)
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x
it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math
https://www.npmjs.com/package/simple-js-ec-math
https://eng.paxos.com/blockchain-101-foundational-math
also perhaps take a look at my simple-js-ecdsa implementation as well
just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3
answered Mar 29 at 19:44
Azero123Azero123
1
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
add a comment |
part of your problem is that g is actually not a number but a point
this is a rough translation of what you wrote:
g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)
ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n
i wrote an implmentation of this however over the last few weeks something like this:
g =
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424
k = <random number>
r = <random number>
e = sha(m)
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x
it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math
https://www.npmjs.com/package/simple-js-ec-math
https://eng.paxos.com/blockchain-101-foundational-math
also perhaps take a look at my simple-js-ecdsa implementation as well
just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3
answered Mar 29 at 19:44
Azero123Azero123
1
part of your problem is that g is actually not a number but a point
this is a rough translation of what you wrote:
g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)
ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n
i wrote an implmentation of this however over the last few weeks something like this:
g =
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424
k = <random number>
r = <random number>
e = sha(m)
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x
it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math
https://www.npmjs.com/package/simple-js-ec-math
https://eng.paxos.com/blockchain-101-foundational-math
also perhaps take a look at my simple-js-ecdsa implementation as well
just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3
answered Mar 29 at 19:44
Azero123Azero123
1
answered Mar 29 at 19:44
Azero123Azero123
1
answered Mar 29 at 19:44
Azero123Azero123
1
answered Mar 29 at 19:44
Azero123Azero123
1
1
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
add a comment |
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…
– Questionare232
Mar 31 at 2:06
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…
– Azero123
Apr 6 at 5:56
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55369670%2fecdsa-signature-generation-and-verification-implementation-using-javascript%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found
– pedrofb
Mar 27 at 6:47
Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.
– Questionare232
Mar 27 at 7:07