ECDSA signature generation and verification implementation using JavascriptCreate GUID / UUID in JavaScript?How do JavaScript closures work?What is the most efficient way to deep clone an object in JavaScript?How do I remove a property from a JavaScript object?Which equals operator (== vs ===) should be used in JavaScript comparisons?How do I include a JavaScript file in another JavaScript file?What does “use strict” do in JavaScript, and what is the reasoning behind it?How to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?For-each over an array in JavaScript?

If the interviewer says "We have other interviews to conduct and then back to you in few days", is it a bad sign to not get the job?

Why am I not getting stuck in the loop

Do any languages mention the top limit of a range first?

Did Apollo leave poop on the moon?

Generate a random point outside a given rectangle within a map

What could prevent players from leaving an island?

Should I take out a personal loan to pay off credit card debt?

Why can I log in to my facebook account with misspelled email/password

Which genus do I use for neutral expressions in German?

Repeated! Factorials!

I was contacted by a private bank overseas to get my inheritance

split large formula in align

Is DC heating faster than AC heating?

Can I enter Switzerland with only my London Driver's License?

Whats the difference between <processors> and <pipelines> in Sitecore configuration?

Why does capacitance not depend on the material of the plates?

How to make attic easier to traverse?

Make a living as a math programming freelancer?

How to check a file was encrypted (really & correctly)

Did Captain America make out with his niece?

Does a humanoid possessed by a ghost register as undead to a paladin's Divine Sense?

Why is the Vasa Museum in Stockholm so Popular?

Is there a way to improve my grade after graduation?

Ubuntu show wrong disk sizes, how to solve it?



ECDSA signature generation and verification implementation using Javascript


Create GUID / UUID in JavaScript?How do JavaScript closures work?What is the most efficient way to deep clone an object in JavaScript?How do I remove a property from a JavaScript object?Which equals operator (== vs ===) should be used in JavaScript comparisons?How do I include a JavaScript file in another JavaScript file?What does “use strict” do in JavaScript, and what is the reasoning behind it?How to check whether a string contains a substring in JavaScript?How do I remove a particular element from an array in JavaScript?For-each over an array in JavaScript?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:



https://pastebin.com/k1WT6apV



/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p); 


while(s.equals("0"))
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 while(bigInt(k).isPrime() == false)
 k = bigInt.randBetween("1", n.subtract(1));
 
 var xCoord = bigInt(k.multiply(g)).mod(p);
 r = xCoord.mod(n);
 
 var kInverse = k.modInv(n);
 var hashedMessage = bigInt(sha1('hello'),16); 
 s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n) 

var signatureParams = 
 "publicKey": publicKey.toString(),
 "r": r.toString(),
 "sign": s.toString()


/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r


It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:



https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767



http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf



https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf



What is wrong with my implementation? Am I missing something? Did I do something wrong?



EDIT:



After doing some revision I came up with the following:



var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);

var generateSignature = function(hashedMessage)
 hashedMessage = bigInt(hashedMessage,16);
 var k = bigInt.randBetween("1", n.subtract(1));
 var r = bigInt("0");
 var s = bigInt("0");
 while(s.equals("0"))
 r = bigInt("0");
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
 
 var kInverse = k.modInv(n); 
 var pr = privateKey.multiply(r);
 hashedMessage = hashedMessage.add(pr);
 kInverse = kInverse.multiply(hashedMessage);
 s = kInverse.mod(n);
 
 return [r.toString(),s.toString()];


var validateSignature = function(hashedMessage, signature)
 hashedMessage = bigInt(hashedMessage,16);
 var r = bigInt(signature[0]);
 var s = bigInt(signature[1]);
 var w = s.modInv(n);
 var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
 var u2 = bigInt(r.multiply(w)).mod(n);
 var u1g = u1.multiply(g);
 var u2pu = u2.multiply(publicKey);
 var xCoord =u1g.add(u2pu);
 var v = xCoord.mod(n); 
 if(v.equals(r))
 return true;
 return false;



However it still fails to validate the signature. Hope it makes it a bit clearer.






javascript digital-signature verification elliptic-curve ecdsa







share|improve this question


























  • Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

    – pedrofb
    Mar 27 at 6:47











  • Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

    – Questionare232
    Mar 27 at 7:07

















2















I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:



https://pastebin.com/k1WT6apV



/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p); 


while(s.equals("0"))
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 while(bigInt(k).isPrime() == false)
 k = bigInt.randBetween("1", n.subtract(1));
 
 var xCoord = bigInt(k.multiply(g)).mod(p);
 r = xCoord.mod(n);
 
 var kInverse = k.modInv(n);
 var hashedMessage = bigInt(sha1('hello'),16); 
 s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n) 

var signatureParams = 
 "publicKey": publicKey.toString(),
 "r": r.toString(),
 "sign": s.toString()


/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r


It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:



https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767



http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf



https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf



What is wrong with my implementation? Am I missing something? Did I do something wrong?



EDIT:



After doing some revision I came up with the following:



var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);

var generateSignature = function(hashedMessage)
 hashedMessage = bigInt(hashedMessage,16);
 var k = bigInt.randBetween("1", n.subtract(1));
 var r = bigInt("0");
 var s = bigInt("0");
 while(s.equals("0"))
 r = bigInt("0");
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
 
 var kInverse = k.modInv(n); 
 var pr = privateKey.multiply(r);
 hashedMessage = hashedMessage.add(pr);
 kInverse = kInverse.multiply(hashedMessage);
 s = kInverse.mod(n);
 
 return [r.toString(),s.toString()];


var validateSignature = function(hashedMessage, signature)
 hashedMessage = bigInt(hashedMessage,16);
 var r = bigInt(signature[0]);
 var s = bigInt(signature[1]);
 var w = s.modInv(n);
 var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
 var u2 = bigInt(r.multiply(w)).mod(n);
 var u1g = u1.multiply(g);
 var u2pu = u2.multiply(publicKey);
 var xCoord =u1g.add(u2pu);
 var v = xCoord.mod(n); 
 if(v.equals(r))
 return true;
 return false;



However it still fails to validate the signature. Hope it makes it a bit clearer.






javascript digital-signature verification elliptic-curve ecdsa







share|improve this question


























  • Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

    – pedrofb
    Mar 27 at 6:47











  • Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

    – Questionare232
    Mar 27 at 7:07













2












2








2


1






I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:



https://pastebin.com/k1WT6apV



/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p); 


while(s.equals("0"))
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 while(bigInt(k).isPrime() == false)
 k = bigInt.randBetween("1", n.subtract(1));
 
 var xCoord = bigInt(k.multiply(g)).mod(p);
 r = xCoord.mod(n);
 
 var kInverse = k.modInv(n);
 var hashedMessage = bigInt(sha1('hello'),16); 
 s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n) 

var signatureParams = 
 "publicKey": publicKey.toString(),
 "r": r.toString(),
 "sign": s.toString()


/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r


It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:



https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767



http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf



https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf



What is wrong with my implementation? Am I missing something? Did I do something wrong?



EDIT:



After doing some revision I came up with the following:



var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);

var generateSignature = function(hashedMessage)
 hashedMessage = bigInt(hashedMessage,16);
 var k = bigInt.randBetween("1", n.subtract(1));
 var r = bigInt("0");
 var s = bigInt("0");
 while(s.equals("0"))
 r = bigInt("0");
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
 
 var kInverse = k.modInv(n); 
 var pr = privateKey.multiply(r);
 hashedMessage = hashedMessage.add(pr);
 kInverse = kInverse.multiply(hashedMessage);
 s = kInverse.mod(n);
 
 return [r.toString(),s.toString()];


var validateSignature = function(hashedMessage, signature)
 hashedMessage = bigInt(hashedMessage,16);
 var r = bigInt(signature[0]);
 var s = bigInt(signature[1]);
 var w = s.modInv(n);
 var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
 var u2 = bigInt(r.multiply(w)).mod(n);
 var u1g = u1.multiply(g);
 var u2pu = u2.multiply(publicKey);
 var xCoord =u1g.add(u2pu);
 var v = xCoord.mod(n); 
 if(v.equals(r))
 return true;
 return false;



However it still fails to validate the signature. Hope it makes it a bit clearer.






javascript digital-signature verification elliptic-curve ecdsa







share|improve this question
















I have some code below that will be used to verify the authenticity of a message using javascript. The key pair generation using the elliptic curve secp256k1 is pretty straight forward however I am failing to understand why my signature implementation is not working (why the message is not being successfully verified). Here is my code:



https://pastebin.com/k1WT6apV



/**
* Signature Generation
*/
var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var k = bigInt.randBetween("1", n.subtract(1));
var r = bigInt("0");
var s = bigInt("0");
var privateKey = bigInt('5943918703142138746985297990399309008462887494775678462183405629775262082646');
var publicKey = bigInt(privateKey.multiply(g)).mod(p); 


while(s.equals("0"))
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 while(bigInt(k).isPrime() == false)
 k = bigInt.randBetween("1", n.subtract(1));
 
 var xCoord = bigInt(k.multiply(g)).mod(p);
 r = xCoord.mod(n);
 
 var kInverse = k.modInv(n);
 var hashedMessage = bigInt(sha1('hello'),16); 
 s = bigInt(kInverse*(hashedMessage.add(privateKey.multiply(r)))).mod(n) 

var signatureParams = 
 "publicKey": publicKey.toString(),
 "r": r.toString(),
 "sign": s.toString()


/**
* Signature Verification
*/
var sInverse = bigInt(signatureParams.sign).modInv(n);
var publicKey = bigInt(signatureParams.publicKey);
var w = sInverse.mod(n);
var hashedMessage = bigInt(sha1('hello'),16);
var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
var u2 = bigInt(bigInt(r).multiply(w)).mod(n);
var P = bigInt(u1.multiply(g)).add(u2.multiply(publicKey));
P == r


It can be tested easily using the browser console.
I have used an amalgamation of information from the following guides:



https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767



http://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf



https://pdfs.semanticscholar.org/c06a/d6512775be1076e4abd43e3f2928729da776.pdf



What is wrong with my implementation? Am I missing something? Did I do something wrong?



EDIT:



After doing some revision I came up with the following:



var g = bigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240');
var n = bigInt('115792089237316195423570985008687907852837564279074904382605163141518161494337');
var p = bigInt('115792089237316195423570985008687907853269984665640564039457584007908834671663'); 
var privateKey = bigInt('90436540941140970165633788406609967146985661161263948799654498545867952662296');
var publicKey = bigInt(privateKey.multiply(g)).mod(p);

var generateSignature = function(hashedMessage)
 hashedMessage = bigInt(hashedMessage,16);
 var k = bigInt.randBetween("1", n.subtract(1));
 var r = bigInt("0");
 var s = bigInt("0");
 while(s.equals("0"))
 r = bigInt("0");
 while(r.equals("0"))
 k = bigInt.randBetween("1", n.subtract(1));
 r = bigInt(bigInt(k.multiply(g)).mod(p)).mod(n);
 
 var kInverse = k.modInv(n); 
 var pr = privateKey.multiply(r);
 hashedMessage = hashedMessage.add(pr);
 kInverse = kInverse.multiply(hashedMessage);
 s = kInverse.mod(n);
 
 return [r.toString(),s.toString()];


var validateSignature = function(hashedMessage, signature)
 hashedMessage = bigInt(hashedMessage,16);
 var r = bigInt(signature[0]);
 var s = bigInt(signature[1]);
 var w = s.modInv(n);
 var u1 = bigInt(hashedMessage.multiply(w)).mod(n);
 var u2 = bigInt(r.multiply(w)).mod(n);
 var u1g = u1.multiply(g);
 var u2pu = u2.multiply(publicKey);
 var xCoord =u1g.add(u2pu);
 var v = xCoord.mod(n); 
 if(v.equals(r))
 return true;
 return false;



However it still fails to validate the signature. Hope it makes it a bit clearer.






javascript digital-signature verification elliptic-curve ecdsa




javascript digital-signature verification elliptic-curve ecdsa






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 27 at 20:40







Questionare232

















asked Mar 27 at 4:08









Questionare232Questionare232

1212 silver badges12 bronze badges




1212 silver badges12 bronze badges















  • Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

    – pedrofb
    Mar 27 at 6:47











  • Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

    – Questionare232
    Mar 27 at 7:07

















  • Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

    – pedrofb
    Mar 27 at 6:47











  • Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

    – Questionare232
    Mar 27 at 7:07
















Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

– pedrofb
Mar 27 at 6:47





Do you really expect someone to check the minified code? You should include in your question the relevant parts of your code and the errors you have found

– pedrofb
Mar 27 at 6:47













Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

– Questionare232
Mar 27 at 7:07





Thanks for the comment. Yes I did not expect anyone to read the minified code which is why I left the relevant code unminified at the bottom.

– Questionare232
Mar 27 at 7:07












1 Answer
1






active

oldest

votes


















0














part of your problem is that g is actually not a number but a point



this is a rough translation of what you wrote:



g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)

ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n


i wrote an implmentation of this however over the last few weeks something like this:



g = 
 x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
 y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

k = <random number>
r = <random number>
e = sha(m)

privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x


it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math



https://www.npmjs.com/package/simple-js-ec-math



https://eng.paxos.com/blockchain-101-foundational-math



also perhaps take a look at my simple-js-ecdsa implementation as well



just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3






share|improve this answer

























  • I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

    – Questionare232
    Mar 31 at 2:06












  • the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

    – Azero123
    Apr 6 at 5:56










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55369670%2fecdsa-signature-generation-and-verification-implementation-using-javascript%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














part of your problem is that g is actually not a number but a point



this is a rough translation of what you wrote:



g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)

ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n


i wrote an implmentation of this however over the last few weeks something like this:



g = 
 x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
 y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

k = <random number>
r = <random number>
e = sha(m)

privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x


it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math



https://www.npmjs.com/package/simple-js-ec-math



https://eng.paxos.com/blockchain-101-foundational-math



also perhaps take a look at my simple-js-ecdsa implementation as well



just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3






share|improve this answer

























  • I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

    – Questionare232
    Mar 31 at 2:06












  • the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

    – Azero123
    Apr 6 at 5:56















0














part of your problem is that g is actually not a number but a point



this is a rough translation of what you wrote:



g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)

ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n


i wrote an implmentation of this however over the last few weeks something like this:



g = 
 x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
 y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

k = <random number>
r = <random number>
e = sha(m)

privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x


it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math



https://www.npmjs.com/package/simple-js-ec-math



https://eng.paxos.com/blockchain-101-foundational-math



also perhaps take a look at my simple-js-ecdsa implementation as well



just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3






share|improve this answer

























  • I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

    – Questionare232
    Mar 31 at 2:06












  • the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

    – Azero123
    Apr 6 at 5:56













0












0








0







part of your problem is that g is actually not a number but a point



this is a rough translation of what you wrote:



g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)

ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n


i wrote an implmentation of this however over the last few weeks something like this:



g = 
 x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
 y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

k = <random number>
r = <random number>
e = sha(m)

privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x


it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math



https://www.npmjs.com/package/simple-js-ec-math



https://eng.paxos.com/blockchain-101-foundational-math



also perhaps take a look at my simple-js-ecdsa implementation as well



just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3






share|improve this answer













part of your problem is that g is actually not a number but a point



this is a rough translation of what you wrote:



g = 55066263022277343669578718895168534326250603453777594175500187360389116729240
privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
k = <random number>
r = k*g%p%n
e = sha(m)

ki = k^-1%n
pr = privateKey*r
ki*e
s = ki%n


i wrote an implmentation of this however over the last few weeks something like this:



g = 
 x: 55066263022277343669578718895168534326250603453777594175500187360389116729240,
 y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

k = <random number>
r = <random number>
e = sha(m)

privateKey = 90436540941140970165633788406609967146985661161263948799654498545867952662296
r = g * k
s = ((privateKey * r.x + e) * (k^-1%n)) % n
r = r.x


it might help you to understand how the point multiplication works check out these links:
https://github.com/Azero123/simple-js-ec-math



https://www.npmjs.com/package/simple-js-ec-math



https://eng.paxos.com/blockchain-101-foundational-math



also perhaps take a look at my simple-js-ecdsa implementation as well



just another note, you likely should not use sha1 as it is consider "officially insecure" and there are formulas for collisions using it. perhaps try sha2 or sha3







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 29 at 19:44









Azero123Azero123

1




1















  • I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

    – Questionare232
    Mar 31 at 2:06












  • the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

    – Azero123
    Apr 6 at 5:56

















  • I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

    – Questionare232
    Mar 31 at 2:06












  • the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

    – Azero123
    Apr 6 at 5:56
















I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

– Questionare232
Mar 31 at 2:06






I know that G is a point on a graph however only the x coordinate is usually used because it is usually unnecessary to use both coordinates. This is why the G point is offered in compressed and uncompressed forms. Also operations of G by number is the same as vector scaling is it not? (because points on a graph are vectors). dummies.com/education/math/calculus/…

– Questionare232
Mar 31 at 2:06














the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

– Azero123
Apr 6 at 5:56





the y coordinate is used but all you need is to know if y is positive or negative to verify it since there are only 2 points for every x coordinate. it's not vector scaling it's abstract math on top of the elliptic curve. let's say we have curve y^2≡x^3−2x+2 mod 23, g is [5,5] and we multiply by 2. we are not going to get [10,10]. because what we are doing is taking the curve and moving on that curve in a scalar of 2 we would actually get [15,14]. see this trustica example: trustica.cz/en/2018/04/19/…

– Azero123
Apr 6 at 5:56








Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.







Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.



















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55369670%2fecdsa-signature-generation-and-verification-implementation-using-javascript%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

Image
Pages using ISBN magic linksMbegu za lughaKamusiIsimu nenoKiarabukitabulughaKiswahilialfabetimaanaufafanuzimanenomuhtasarisarufividahizoalfabeti Kamusi Kutoka Wikipedia, kamusi elezo huru Jump to navigation Jump to search Kamusi za Kiswahili Kamusi ya Kiswahili-Kiswahili (kamusi wahidiya) Kamusi ya Kiswahili - Kiingereza (kamusi thania) Kamusi (kutoka neno la Kiarabu قاموس qamus ) ni kitabu ambacho kinaorodhesha maneno ya lugha yaliyokusanywa kutoka kwa watumiaji wa lugha fulani, kwa mfano lugha ya Kiswahili. Maneno hupangwa kwa mtindo wa alfabeti, hutoa maana, asili na ufafanuzi wa utumizi wa maneno na jinsi yanavyotumika au yanavyotamkwa. [1] Yaliyomo 1 Aina za kamusi 2 Muundo wa kamusi 2.1 1. Utangulizi wa kamusi 2.2 2. Matini ya kamusi 2.3 3. Sherehe ya kamusi 3 Faida za kamusi 4 Dhima ya picha katika kamusi 5 Marejeo 6 Tazama pia 7 Viungo vya nje Aina za kamusi | Kuna aina mbalimbali za kamusi ambazo ni: Kamusi wahidiya yaani ya l
Read more

Swift 4 - func physicsWorld not invoked on collision? The Next CEO of Stack OverflowHow to call Objective-C code from Swift#ifdef replacement in the Swift language@selector() in Swift?#pragma mark in Swift?Swift for loop: for index, element in array?dispatch_after - GCD in Swift?Swift Beta performance: sorting arraysSplit a String into an array in Swift?The use of Swift 3 @objc inference in Swift 4 mode is deprecated?How to optimize UITableViewCell, because my UITableView lags

Image
Strange use of "whether ... than ..." in official text Could a dragon use its wings to swim? Car headlights in a world without electricity How to avoid supervisors with prejudiced views? Is the offspring between a demon and a celestial possible? If so what is it called and is it in a book somewhere? Can I board the first leg of the flight without having final country's PR card? subequations: How to continue numbering within subequation? How do you define an element with an ID attribute using LWC? Relevant Part for a Badminton Serve What CSS properties can the br tag have? What are the unusually-enlarged wing sections on this P-38 Lightning? Why did early computer designers eschew integers? Is it a bad idea to plug the other end of ESD strap to wall ground? Magento 1.9 observer on only new product added ( no updated product ) Airplane gently rocking its wings during whole flight It is correct to match light sources with the same color temperat
Read more

Access current req object everywhere in Node.js ExpressWhy are global variables considered bad practice? (node.js)Using req & res across functionsHow do I get the path to the current script with Node.js?What is Node.js' Connect, Express and “middleware”?Node.js w/ express error handling in callbackHow to access the GET parameters after “?” in Express?Modify Node.js req object parametersAccess “app” variable inside of ExpressJS/ConnectJS middleware?Node.js Express app - request objectAngular Http Module considered middleware?Session variables in ExpressJSAdd properties to the req object in expressjs with Typescript

Image
What steps should I take to lawfully visit the United States as a tourist immediately after visiting on a B-1 visa? Would dual wielding daggers be a viable choice for a covert bodyguard? For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash? Using Newton's shell theorem to accelerate a spaceship Why doesn't sea level show seasonality? What prevents someone from claiming to be the murderer in order to get the real murderer off? Has anyone in space seen or photographed a simple laser pointer from Earth? What does (void *)1 mean Why does the U.S. tolerate foreign influence from Saudi Arabia and Israel on its domestic policies while not tolerating that from China or Russia? Modulus Operandi What's the point of having a RAID 1 configuration over incremental backups to a secondary drive? How to ask for a LinkedIn endorsement? Good resources for solving techniques (Metaheuristics, MILP, CP etc) How woul
Read more