73 lines
2.3 KiB
JavaScript
73 lines
2.3 KiB
JavaScript
'use strict';
|
|
|
|
// original: https://gist.github.com/indutny/8d0f5376ee643962a9f0
|
|
|
|
// npm install --save bn.js
|
|
// npm install elliptic
|
|
// npm install bcoin
|
|
// npm install secp256k1
|
|
|
|
const BN = require('bn.js');
|
|
const elliptic = require('elliptic');
|
|
const bcoin = require('bcoin');
|
|
|
|
const ecdsa = new elliptic.ec('secp256k1');
|
|
|
|
let message = new BN(
|
|
'7a05c6145f10101e9d6325494245adf1297d80f8f38d4d576d57cdba220bcb19', 'hex');
|
|
|
|
var key = new Buffer('0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3', 'hex');
|
|
var sig = '304402204e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd410220181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09';
|
|
// const signature = new bcoin.ecdsa.signature(new Buffer(sig, 'hex'));
|
|
// console.log(signature);
|
|
|
|
var signature = {
|
|
r: new BN('4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41', 'hex'),
|
|
s: new BN('181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09', 'hex')
|
|
};
|
|
|
|
const point = ecdsa.curve.pointFromX(signature.r);
|
|
point.precompute(256);
|
|
|
|
function trick(message, signature, i) {
|
|
const n = new BN(
|
|
'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16);
|
|
const p = new BN(
|
|
'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16);
|
|
|
|
const nRed = BN.red(n);
|
|
const pRed = BN.red(p);
|
|
|
|
// NOTE: Could be using GLV values for speed
|
|
let lambda = new BN(i);
|
|
|
|
const point2 = point.mul(lambda);
|
|
let beta = point2.x.redMul(point.x.redInvm()).fromRed();
|
|
|
|
lambda = lambda.toRed(nRed);
|
|
beta = beta.toRed(pRed);
|
|
// NOTE end
|
|
|
|
const originalR = signature.r;
|
|
const r = originalR.toRed(pRed).redMul(beta).fromRed();
|
|
|
|
const nBeta = r.toRed(nRed).redMul(originalR.toRed(nRed).redInvm());
|
|
const common = lambda.redInvm().redMul(nBeta);
|
|
|
|
const s = signature.s.toRed(nRed).redMul(common).fromRed();
|
|
|
|
return {
|
|
signature: { r: r, s: s },
|
|
message: message.toRed(nRed).redMul(nBeta).fromRed()
|
|
};
|
|
}
|
|
|
|
for (let i = 2; i < 100; i++) {
|
|
const item = trick(message, signature, i);
|
|
console.log(JSON.stringify([
|
|
new Buffer(item.message.toArray()).toString('hex'),
|
|
new Buffer(new bcoin.ecdsa.signature(item.signature).toDER()).toString('hex')
|
|
]) + ',');
|
|
// ecdsa.verify(item.message, item.signature, key)
|
|
}
|