maxgillett · February 4, 2022 18:10
diff --git a/ecrecover.py b/ecrecover.py
 from typing import (Tuple)  # noqa: F401

 import numpy as np

 from web3 import Web3
 from web3.auto import w3
 from eth_account.messages import encode_defunct, _hash_eip191_message

 from eth_keys import keys
 from eth_keys.backends.native.ecdsa import (
    ecdsa_raw_recover,
    deterministic_generate_k,
 )
 from eth_keys.backends.native.jacobian import (
    fast_multiply,
    inv,
 )

 from eth_utils import (
    big_endian_to_int,
 	int_to_big_endian,
 )

 from eth._utils.padding import (
    pad32,
    pad32r,
 )

 import sympy
 from sympy.core.numbers import igcdex

 from fastecdsa.point import Point
 from fastecdsa.curve import secp256k1
 from fastecdsa import keys as ecdsa_keys

 P = 2**256 - 4294968273
 N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
 G = Point(
    0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
    0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8,
 	curve=secp256k1,
 )

 def encode_raw_public_key(raw_public_key: Tuple[int, int]) -> bytes:
    left, right = raw_public_key
    return b''.join((
        pad32(int_to_big_endian(left)),
        pad32(int_to_big_endian(right)),
    ))

 def sqrt(n, p):
    """
    Finds the minimum positive integer m such that (m*m) % p == n.
    """
    return min(sympy.ntheory.residue_ntheory.sqrt_mod(n, p, all_roots=True))


 hex_message = '0x49e299a55346'
 message = encode_defunct(hexstr=hex_message)
 message_hash = _hash_eip191_message(message)
 hex_message_hash = Web3.toHex(message_hash)

 # Sign message using web3py API
 private_key_bytes = b"\xb2\\}\xb3\x1f\xee\xd9\x12''\xbf\t9\xdcv\x9a\x96VK-\xe4\xc4rm\x03[6\xec\xf1\xe5\xb3d"
 private_key = big_endian_to_int(private_key_bytes)
 signed_message = w3.eth.account.sign_message(message, private_key=private_key)
 sig = Web3.toBytes(signed_message.signature)

 # Sign message using eth_keys backend
 z = big_endian_to_int(message_hash)
 k = deterministic_generate_k(message_hash, private_key_bytes)
 r, y = fast_multiply((G.x, G.y), k)
 s_raw = inv(k, N) * (z + r * big_endian_to_int(private_key_bytes)) % N
 v = 27 + ((y % 2) ^ (0 if s_raw * 2 < N else 1))
 s = s_raw if s_raw * 2 < N else N - s_raw
 #print("(r, y)", Web3.toHex(r), Web3.toHex(y))
 #print(v, Web3.toHex(r), Web3.toHex(s))

 # Extract ecrecover arguments
 v, hex_r, hex_s = Web3.toInt(sig[-1]), Web3.toHex(sig[:32]), Web3.toHex(sig[32:64])
 ec_recover_args = (hex_message_hash, v, hex_r, hex_s)
 canonical_v = v - 27
 r = big_endian_to_int(Web3.toBytes(hexstr=hex_r))
 s = big_endian_to_int(Web3.toBytes(hexstr=hex_s))
 vrs = (canonical_v, r, s)
 print(ec_recover_args)

 # Recover public key using fastecdsa library
 pub_key = ecdsa_keys.get_public_key(private_key, secp256k1)
 print(pub_key)

 # Recover public key using eth_keys API
 signature = keys.Signature(vrs=vrs)
 public_key = signature.recover_public_key_from_msg_hash(message_hash)
 print(public_key.to_hex())

 # Recover public key using Jacobian projection
 raw_public_key_bytes = ecdsa_raw_recover(Web3.toBytes(message_hash), vrs)
 print(Web3.toHex(raw_public_key_bytes))

 # Recover public key by deriving R from r
 R_y = sqrt(r**3 + 7, P)
 R = Point(r, R_y if v == 27 else -R_y, curve=secp256k1)
 h_m = big_endian_to_int(message_hash)
 x = s*R - h_m*G
 r_inv = pow(r, N-2, N)
 Q = r_inv * x
 print(Web3.toHex(encode_raw_public_key((Q.x, Q.y))))

 ## Print canonical Ethereum address
 #address = public_key.to_canonical_address()
 #print(Web3.toHex(address))
	from typing import (Tuple) # noqa: F401

	import numpy as np

	from web3 import Web3
	from web3.auto import w3
	from eth_account.messages import encode_defunct, _hash_eip191_message

	from eth_keys import keys
	from eth_keys.backends.native.ecdsa import (
	ecdsa_raw_recover,
	deterministic_generate_k,
	)
	from eth_keys.backends.native.jacobian import (
	fast_multiply,
	inv,
	)

	from eth_utils import (
	big_endian_to_int,
	int_to_big_endian,
	)

	from eth._utils.padding import (
	pad32,
	pad32r,
	)

	import sympy
	from sympy.core.numbers import igcdex

	from fastecdsa.point import Point
	from fastecdsa.curve import secp256k1
	from fastecdsa import keys as ecdsa_keys

	P = 2**256 - 4294968273
	N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
	G = Point(
	0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798,
	0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8,
	curve=secp256k1,
	)

	def encode_raw_public_key(raw_public_key: Tuple[int, int]) -> bytes:
	left, right = raw_public_key
	return b''.join((
	pad32(int_to_big_endian(left)),
	pad32(int_to_big_endian(right)),
	))

	def sqrt(n, p):
	"""
	Finds the minimum positive integer m such that (m*m) % p == n.
	"""
	return min(sympy.ntheory.residue_ntheory.sqrt_mod(n, p, all_roots=True))


	hex_message = '0x49e299a55346'
	message = encode_defunct(hexstr=hex_message)
	message_hash = _hash_eip191_message(message)
	hex_message_hash = Web3.toHex(message_hash)

	# Sign message using web3py API
	private_key_bytes = b"\xb2\\}\xb3\x1f\xee\xd9\x12''\xbf\t9\xdcv\x9a\x96VK-\xe4\xc4rm\x03[6\xec\xf1\xe5\xb3d"
	private_key = big_endian_to_int(private_key_bytes)
	signed_message = w3.eth.account.sign_message(message, private_key=private_key)
	sig = Web3.toBytes(signed_message.signature)

	# Sign message using eth_keys backend
	z = big_endian_to_int(message_hash)
	k = deterministic_generate_k(message_hash, private_key_bytes)
	r, y = fast_multiply((G.x, G.y), k)
	s_raw = inv(k, N) * (z + r * big_endian_to_int(private_key_bytes)) % N
	v = 27 + ((y % 2) ^ (0 if s_raw * 2 < N else 1))
	s = s_raw if s_raw * 2 < N else N - s_raw
	#print("(r, y)", Web3.toHex(r), Web3.toHex(y))
	#print(v, Web3.toHex(r), Web3.toHex(s))

	# Extract ecrecover arguments
	v, hex_r, hex_s = Web3.toInt(sig[-1]), Web3.toHex(sig[:32]), Web3.toHex(sig[32:64])
	ec_recover_args = (hex_message_hash, v, hex_r, hex_s)
	canonical_v = v - 27
	r = big_endian_to_int(Web3.toBytes(hexstr=hex_r))
	s = big_endian_to_int(Web3.toBytes(hexstr=hex_s))
	vrs = (canonical_v, r, s)
	print(ec_recover_args)

	# Recover public key using fastecdsa library
	pub_key = ecdsa_keys.get_public_key(private_key, secp256k1)
	print(pub_key)

	# Recover public key using eth_keys API
	signature = keys.Signature(vrs=vrs)
	public_key = signature.recover_public_key_from_msg_hash(message_hash)
	print(public_key.to_hex())

	# Recover public key using Jacobian projection
	raw_public_key_bytes = ecdsa_raw_recover(Web3.toBytes(message_hash), vrs)
	print(Web3.toHex(raw_public_key_bytes))

	# Recover public key by deriving R from r
	R_y = sqrt(r**3 + 7, P)
	R = Point(r, R_y if v == 27 else -R_y, curve=secp256k1)
	h_m = big_endian_to_int(message_hash)
	x = sR - h_mG
	r_inv = pow(r, N-2, N)
	Q = r_inv * x
	print(Web3.toHex(encode_raw_public_key((Q.x, Q.y))))

	## Print canonical Ethereum address
	#address = public_key.to_canonical_address()
	#print(Web3.toHex(address))