azuchi · April 5, 2018 04:53
diff --git a/dlc.rb b/dlc.rb
 # using bitcoinrb
 require 'bitcoin'

 # oracle

 # oracle's key. V = vG
 o_key = Bitcoin::Key.new(priv_key: '860f6a0296aae3901e374be83d962351366386fb5f65ffef75c9f389c256e724')
 V = o_key.to_point
 v = o_key.priv_key.to_i(16)

 # onetime signature nonce. R = kG
 tmp_key = Bitcoin::Key.new(priv_key: '8f9e7a509b0c33aecff16c0707c2ffc5ba051ca70b4d031de98a13f88cb51380')
 R = tmp_key.to_point
 k = tmp_key.priv_key.to_i(16)

 # Alice generate s100 pubkey.
 alice_key = Bitcoin::Key.new(priv_key: 'eabeba881f9a975b16b96e40df3c9412d052a85a655255629dc9906e4a6de6ac')

 R_str = ECDSA::Format::PointOctetString.encode(R, compression: true)
 R_hash_value = Bitcoin.sha256((100.to_s(16) + R_str).htb).to_i(16)

 # create many pubkey for i. following i == 100.
 s100_G = R + V.multiply_by_scalar(R_hash_value).negate # s100G = R - h(100, R)V
 alice_100_pubkey = alice_key.to_point + s100_G # Alice's pubkey + s100G
 puts "alice_100_pubkey = #{ECDSA::Format::PointOctetString.encode(alice_100_pubkey, compression: true).bth}"

 # Bob create contract like Alice's
 #...

 # oracle create signature.
 hash_value = R_hash_value * v % ECDSA::Group::Secp256k1.order # h(100, R)v
 s100 = (k - hash_value) % ECDSA::Group::Secp256k1.order # s100 = k - h(100, R)v

 # oracle publish s100

 # alice create unlock key using s100 and her private key.
 alice_unlock_key = Bitcoin::Key.new(priv_key: ((alice_key.priv_key.to_i(16) + s100) % ECDSA::Group::Secp256k1.order).to_s(16))

 # alice_100_pubkey == alice_unlock_key's pub
 puts "alice_unlock_key = #{alice_unlock_key.pubkey}"
 puts ECDSA::Format::PointOctetString.encode(alice_100_pubkey, compression: true).bth == alice_unlock_key.pubkey
	# using bitcoinrb
	require 'bitcoin'

	# oracle

	# oracle's key. V = vG
	o_key = Bitcoin::Key.new(priv_key: '860f6a0296aae3901e374be83d962351366386fb5f65ffef75c9f389c256e724')
	V = o_key.to_point
	v = o_key.priv_key.to_i(16)

	# onetime signature nonce. R = kG
	tmp_key = Bitcoin::Key.new(priv_key: '8f9e7a509b0c33aecff16c0707c2ffc5ba051ca70b4d031de98a13f88cb51380')
	R = tmp_key.to_point
	k = tmp_key.priv_key.to_i(16)

	# Alice generate s100 pubkey.
	alice_key = Bitcoin::Key.new(priv_key: 'eabeba881f9a975b16b96e40df3c9412d052a85a655255629dc9906e4a6de6ac')

	R_str = ECDSA::Format::PointOctetString.encode(R, compression: true)
	R_hash_value = Bitcoin.sha256((100.to_s(16) + R_str).htb).to_i(16)

	# create many pubkey for i. following i == 100.
	s100_G = R + V.multiply_by_scalar(R_hash_value).negate # s100G = R - h(100, R)V
	alice_100_pubkey = alice_key.to_point + s100_G # Alice's pubkey + s100G
	puts "alice_100_pubkey = #{ECDSA::Format::PointOctetString.encode(alice_100_pubkey, compression: true).bth}"

	# Bob create contract like Alice's
	#...

	# oracle create signature.
	hash_value = R_hash_value * v % ECDSA::Group::Secp256k1.order # h(100, R)v
	s100 = (k - hash_value) % ECDSA::Group::Secp256k1.order # s100 = k - h(100, R)v

	# oracle publish s100

	# alice create unlock key using s100 and her private key.
	alice_unlock_key = Bitcoin::Key.new(priv_key: ((alice_key.priv_key.to_i(16) + s100) % ECDSA::Group::Secp256k1.order).to_s(16))

	# alice_100_pubkey == alice_unlock_key's pub
	puts "alice_unlock_key = #{alice_unlock_key.pubkey}"
	puts ECDSA::Format::PointOctetString.encode(alice_100_pubkey, compression: true).bth == alice_unlock_key.pubkey