Skip to content

Verify signature failed when (signature-k == private-Key) #161

New issue
New issue
Closed
Closed
Verify signature failed when (signature-k == private-Key)#161
@Litfal

Description

@Litfal
Litfal
opened on Nov 2, 2019

I signature a [hash] with [private-key] and [ramdom-k]. Get [r],[s]
The [ramdom-k] is just equals [private-key].
( or [ramdom-k] = [private-key] + small-value )

and I use
uECC_verify([public-key], [hash], 28, [r,s], curve)
return 0 (invalid)
Is is a bug?

I found the computing-point reached O={0,0} at latest few steps in (u1G + u2Q)
Least n bits of u1 is zero,
Least 1~n bits of u2 is zero, least 1 bit of u2 is 1.
Rn = (u1 >> n)*G + (u2 >> n)*Q = O {0,0} (reached O)
R = point_double^n( Rn ) + Q
point_double^n( Rn ) = point_double^n( O ) = O
R = O + Q = Q
but XYcZ_add(O,Q) is stuck at O = {0,0}

the test code is as below

int main()
{
	uECC_Curve curve = uECC_secp224r1();

	// privateKey = 
	// 6478445584896128565865022241987187393676203065724853389151713559607
	// random k for signature =
	// 6478445584896128565865022241987187393676203065724853389151713559607

	// publicKey = 
	// 17061818990515146033181180181647268932502676602253394570592180243932, 
	// 23802495863056426356972272754487540685330015937921535731093129183691
	uint8_t * publicKey = new uint8_t[56]{
		0xA2,0x02,0xFC,0x06,0x4C,0xB0,0xE4,0x76,0xD2,0x4F,0x35,0x9B,0x05,0x43,0x73,0xB8,0xCD,0x71,0x8B,0xBA,0x89,0xC4,0xAA,0xDB,0xF7,0xCC,0x0D,0xDC,
		0xE2,0x04,0xA9,0x8A,0x6B,0x7D,0x97,0x97,0x6B,0x51,0x4D,0xBE,0x77,0xA9,0xD1,0x49,0x5E,0x76,0x4A,0x74,0xF1,0x6F,0xB3,0xED,0x0A,0x7C,0xC1,0xCB
	};

	// hash = {10379077808108938958641072404928976658030972167682803400239092956849}
	uint8_t * hash = new uint8_t[28]{
		0x62,0x8E,0x23,0xFA,0x1C,0x7C,0x25,0xAB,0x47,0x9D,0x8B,0xAD,0x18,0xD1,0x38,0x47,0xB2,0x8B,0x32,0xF3,0x65,0x0A,0xEA,0x8D,0xEE,0x61,0x7E,0xB1
	};

	// r,s = 
	// {17061818990515146033181180181647268932502676602253394570592180243932}, 
	// {7814581815902928108437170233892873630154207598065720733985197713395}
	uint8_t * signature = new uint8_t[56]{
		0xA2,0x02,0xFC,0x06,0x4C,0xB0,0xE4,0x76,0xD2,0x4F,0x35,0x9B,0x05,0x43,0x73,0xB8,0xCD,0x71,0x8B,0xBA,0x89,0xC4,0xAA,0xDB,0xF7,0xCC,0x0D,0xDC,
		0x4A,0x34,0x32,0x33,0xFA,0xD2,0x3D,0x74,0x27,0xDB,0x8D,0x5C,0xFC,0x2A,0x6E,0x0F,0xEF,0xA6,0x4B,0xE6,0x6F,0x63,0x2A,0x2D,0x76,0x66,0xE7,0xF3,
	};

	// it's invalid
	int result = uECC_verify(publicKey, hash, 28, signature, curve);
	std::cout << "test1: " << result << "\n";

	// r,(curve.n-s) =
	// {17061818990515146033181180181647268932502676602253394570592180243932}, 
	// {19145364851247711686229844853126752310303600116358670987697524654666}
	uint8_t * signature2 = new uint8_t[56]{
		0xA2,0x02,0xFC,0x06,0x4C,0xB0,0xE4,0x76,0xD2,0x4F,0x35,0x9B,0x05,0x43,0x73,0xB8,0xCD,0x71,0x8B,0xBA,0x89,0xC4,0xAA,0xDB,0xF7,0xCC,0x0D,0xDC,
		0xB5,0xCB,0xCD,0xCC,0x05,0x2D,0xC2,0x8B,0xD8,0x24,0x72,0xA3,0x03,0xD4,0xA8,0x92,0xF1,0x12,0xA4,0x57,0xA4,0x79,0xFF,0x17,0xE5,0xF5,0x42,0x4A
	};

	// it's valid
	result = uECC_verify(publicKey, hash, 28, signature2, curve);
	std::cout << "test2: " << result << "\n";
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions