Skip to content

Instantly share code, notes, and snippets.

@chjj
Last active December 27, 2023 16:41
Show Gist options
  • Save chjj/4fe8f5b2b489e89e6ed4 to your computer and use it in GitHub Desktop.
Save chjj/4fe8f5b2b489e89e6ed4 to your computer and use it in GitHub Desktop.
'use strict';
// original: https://gist.github.com/indutny/8d0f5376ee643962a9f0
const BN = require('bn.js');
const elliptic = require('elliptic');
const bcoin = require('bcoin');
const ecdsa = new elliptic.ec('secp256k1');
let message = new BN(
'7a05c6145f10101e9d6325494245adf1297d80f8f38d4d576d57cdba220bcb19', 'hex');
var key = new Buffer('0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3', 'hex');
var sig = '304402204e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd410220181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09';
// const signature = new bcoin.ecdsa.signature(new Buffer(sig, 'hex'));
// console.log(signature);
var signature = {
r: new BN('4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41', 'hex'),
s: new BN('181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09', 'hex')
};
const point = ecdsa.curve.pointFromX(signature.r);
point.precompute(256);
function trick(message, signature, i) {
const n = new BN(
'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16);
const p = new BN(
'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16);
const nRed = BN.red(n);
const pRed = BN.red(p);
// NOTE: Could be using GLV values for speed
let lambda = new BN(i);
const point2 = point.mul(lambda);
let beta = point2.x.redMul(point.x.redInvm()).fromRed();
lambda = lambda.toRed(nRed);
beta = beta.toRed(pRed);
// NOTE end
const originalR = signature.r;
const r = originalR.toRed(pRed).redMul(beta).fromRed();
const nBeta = r.toRed(nRed).redMul(originalR.toRed(nRed).redInvm());
const common = lambda.redInvm().redMul(nBeta);
const s = signature.s.toRed(nRed).redMul(common).fromRed();
return {
signature: { r: r, s: s },
message: message.toRed(nRed).redMul(nBeta).fromRed()
};
}
for (let i = 2; i < 100; i++) {
const item = trick(message, signature, i);
console.log(JSON.stringify([
new Buffer(item.message.toArray()).toString('hex'),
new Buffer(new bcoin.ecdsa.signature(item.signature).toDER()).toString('hex')
]) + ',');
// ecdsa.verify(item.message, item.signature, key)
}
@arti210
Copy link

arti210 commented Sep 9, 2023

Ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment