Nonce usage in ECDSA signing algorithm

Nonce usage in ECDSA signing algorithm

I'm trying to understand the signing function secp256k1_ecdsa_sig_sign(), and I'm curious about the nonce usage here.

static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) {
  unsigned char b[32];
  secp256k1_gej rp;
  secp256k1_ge r;
  secp256k1_scalar n;
  int overflow = 0;

  secp256k1_ecmult_gen(ctx, &rp, nonce);
  secp256k1_ge_set_gej(&r, &rp);
  secp256k1_fe_normalize(&r.x);
  secp256k1_fe_normalize(&r.y);
  secp256k1_fe_get_b32(b, &r.x);
  secp256k1_scalar_set_b32(sigr, b, &overflow);
  /* These two conditions should be checked before calling */
  VERIFY_CHECK(!secp256k1_scalar_is_zero(sigr));
  VERIFY_CHECK(overflow == 0);

  if (recid) {
    /* The overflow condition is cryptographically unreachable as hitting   it requires finding the discrete log
     * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria.
     */
     *recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
  }
  secp256k1_scalar_mul(&n, sigr, seckey);
  secp256k1_scalar_add(&n, &n, message);
  secp256k1_scalar_inverse(sigs, nonce);
  secp256k1_scalar_mul(sigs, sigs, &n);
  secp256k1_scalar_clear(&n);
  secp256k1_gej_clear(&rp);
  secp256k1_ge_clear(&r);

  if (secp256k1_scalar_is_zero(sigs)) {
    return 0;
  }

  if (secp256k1_scalar_is_high(sigs)) {
    secp256k1_scalar_negate(sigs, sigs);

    if (recid) {
      *recid ^= 1;
    }

  }

  return 1;
}

I'm familiar with the standard ECDSA, but what exactly is being done with the nonce here and why?

Thanks!

http://bit.ly/2RVYzX4

Comments

Post a Comment

Popular posts from this blog

Bitcoin Core errors with database block

Bitcoin Core errors with database block I've had the follow issue: on one machine I've launced Bitcoin Core v0.16.0 and Litecoin Core v0.16.0. Each application work in separate datadir also each application have setted callback call for event walletnotify . For now I use both application with testnets. Recently, there have been frequent cases when these applications stop sending transactions, when restarting, an error occurs: "Corrupted block database detected. Do you whant to rebuild the block database now ?". It happens on both apps Bitcoin Core and Litecoin Core, after rebuild applications continue to work, but after a while it happens again Please help me, what I doing wrong? Thank you for any advice https://ift.tt/2z6j9rL
Read more

Bitfinex & Market Synergy To Offer Institutional Calibre Cryptocurrency Connectivity

Bitfinex & Market Synergy To Offer Institutional Calibre Cryptocurrency Connectivity Market Synergy GmbH , a Swiss-based organisation which offers institutional cryptocurrency connectivity and security for banks, brokers and hedge funds has been selected by  Bitfinex  to provide robust, high performance connectivity for institutional clients. Market Synergy has designed and built a bespoke network for Bitfinex, hosted in a Swiss data centre in the heart of Crypto Valley. In addition to providing outsourced connectivity and hosting services to Bitfinex, Market Synergy can also manage co-location services for Bitfinex’s institutional clients and offer a FIX feed and ISP link to the digital asset gateway which Bitfinex recently launched in collaboration with Connamara . Market Synergy is a separate company within the FXecosystem Group , which also comprises of FXecosystem and Bondecosystem, both of which are institutional market leaders in outsourced connectivity in their r
Read more