Skip to content

Commit

Permalink
casey feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
jimmysong committed Oct 30, 2018
1 parent 1f87e36 commit 1a8d805
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 27 deletions.
10 changes: 5 additions & 5 deletions ch03.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -679,7 +679,7 @@ One subtle thing that we haven't talked about is that we have to incorporate the
In signature/verification parlance, this is called the _signature hash_. This generally is the hash of the message that both parties agree to that reveal the intent of the shooter. We denote this with the letter `z`. This is incorporated into our uG+vP calculation this way:
u = r/s, v = z/s
u = z/s, v = r/s
Since r is used in the calculation of u, we now have the tip of the arrow forged. We also have the intent of the shooter incorporated into v, so both the reason for shooting and the target that is being aimed at are now a part of the equation.
Expand All @@ -691,19 +691,19 @@ uG+veG=kG
u+ve=k
r/s+ze/s=k
z/s+re/s=k
(r+ze)/s=k
(z+re)/s=k
s=(r+ze)/k
s=(z+re)/k
This is indeed the basis of the signature algorithm and the two numbers actually communicated as part of the signature are r and s.
Verification is simple:
uG+vP where u,v≠0
uG+vP=(r/s)G+(ze/s)G=((r+ze)/s)G=((r+ze)/((r+ze)/k))G=kG=(r,y)
uG+vP=(z/s)G+(re/s)G=((z+re)/s)G=((z+re)/((z+re)/k))G=kG=(r,y)
.Why We Don't Reveal `k`
****
Expand Down
31 changes: 15 additions & 16 deletions code-ch03/ecc.py
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,6 @@ def test_div(self):


class Point:
zero = 0

def __init__(self, x, y, a, b):
self.a = a
Expand Down Expand Up @@ -166,7 +165,7 @@ def __repr__(self):
if self.x is None:
return 'Point(infinity)'
else:
return 'Point({},{})_{}'.format(self.x.num, self.y.num, self.x.prime)
return 'Point({},{})_{}_{}'.format(self.x, self.y, self.a, self.b)

def __add__(self, other):
if self.a != other.a or self.b != other.b:
Expand Down Expand Up @@ -195,19 +194,20 @@ def __add__(self, other):
return self.__class__(x, y, self.a, self.b)

# Case 3: self.x == other.x, self.y == other.y
else:
# Formula (x3,y3)=(x1,y1)+(x1,y1)
# s=(3*x1**2+a)/(2*y1)
s = (3 * self.x**2 + self.a) / (2 * self.y)
# x3=s**2-2*x1
x = s**2 - 2 * self.x
# y3=s*(x1-x3)-y1
y = s * (self.x - x) - self.y
return self.__class__(x, y, self.a, self.b)

# Case 4: if we are tangent to the vertical line
if self == other and self.y == self.zero:
return self.__class__(None, None, self.a, self.b)
if self == other:
# Case 4: if we are tangent to the vertical line
# note instead of figuring out what 0 is for each type, we just use 0 * self.x
if self.y == 0 * self.x:
return self.__class__(None, None, self.a, self.b)
else:
# Formula (x3,y3)=(x1,y1)+(x1,y1)
# s=(3*x1**2+a)/(2*y1)
s = (3 * self.x**2 + self.a) / (2 * self.y)
# x3=s**2-2*x1
x = s**2 - 2 * self.x
# y3=s*(x1-x3)-y1
y = s * (self.x - x) - self.y
return self.__class__(x, y, self.a, self.b)

def __rmul__(self, coefficient):
coef = coefficient
Expand Down Expand Up @@ -354,7 +354,6 @@ def __repr__(self):


class S256Point(Point):

zero = S256Field(0)

def __init__(self, x, y, a=None, b=None):
Expand Down
3 changes: 2 additions & 1 deletion code-ch03/helper.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
from unittest import TestSuite, TextTestRunner
from unittest import SkipTest, TestSuite, TextTestRunner

import hashlib


@SkipTest
def run_test(test):
suite = TestSuite()
suite.addTest(test)
Expand Down
10 changes: 5 additions & 5 deletions code-ch05/ecc.py
Original file line number Diff line number Diff line change
Expand Up @@ -570,22 +570,22 @@ def parse(cls, signature_bin):
s = BytesIO(signature_bin)
compound = s.read(1)[0]
if compound != 0x30:
raise RuntimeError("Bad Signature")
raise IOError("Bad Signature")
length = s.read(1)[0]
if length + 2 != len(signature_bin):
raise RuntimeError("Bad Signature Length")
raise IOError("Bad Signature Length")
marker = s.read(1)[0]
if marker != 0x02:
raise RuntimeError("Bad Signature")
raise IOError("Bad Signature")
rlength = s.read(1)[0]
r = int(s.read(rlength).hex(), 16)
marker = s.read(1)[0]
if marker != 0x02:
raise RuntimeError("Bad Signature")
raise IOError("Bad Signature")
slength = s.read(1)[0]
s = int(s.read(slength).hex(), 16)
if len(signature_bin) != 6 + rlength + slength:
raise RuntimeError("Signature too long")
raise IOError("Signature too long")
return cls(r, s)


Expand Down

0 comments on commit 1a8d805

Please sign in to comment.