-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathECDSA.dart
80 lines (66 loc) · 2.5 KB
/
ECDSA.dart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import 'dart:math';
import 'elliptic_curve.dart';
import 'package:crypto/crypto.dart';
import 'dart:convert';
// I'm lucky to have found an elliptic curve of prime order randomly
var ec = EllipticCurve(a: 5, b: 7, p: 29);
BigInt hashMessage(String message) {
var messageBytes = utf8.encode(message);
var messageDigest = sha256.convert(messageBytes);
return BigInt.parse(messageDigest.toString(), radix: 16);
}
// NOTE - k & s need to coprime order of the elliptic curve
// k needs to be coprime with order of the elliptic curve for the signing
// s needs to be coprime with order of the elliptic curve for the verification
(int, BigInt) signMessage(String message, int privateKey) {
var messageDigest = hashMessage(message);
var r, s, s1, s2;
var k;
do {
k = Random.secure().nextInt(ec.order - 1) + 1;
r = ec.scalarMultiplyGenerator(k).x;
if (r != 0) {
try {
s1 = BigInt.from(k.modInverse(ec.order));
s2 = messageDigest + BigInt.from(privateKey * r);
s = (s1 * s2) % BigInt.from(ec.order);
} catch (e) {
print(e);
s = null;
}
}
} while (r == 0 || s == null);
return (r, s);
}
bool verifySignature(String message, (int, BigInt) signature, Point publicKey) {
var r = signature.$1, s = signature.$2;
if (!(1 <= r && r < ec.order) ||
!(BigInt.one <= s && s < BigInt.from(ec.order))) return false;
var messageDigest = hashMessage(message);
// NOTE - what if s & order of ec aren't coprime???
var modularInverseOfS;
try {
modularInverseOfS = s.modInverse(BigInt.from(ec.order));
} catch (e) {
print('''Cannot verify signature because...
multiplicative modular inverse of s: $s modulus order: ${ec.order} doesn't exist!''');
}
var (u1, u2) =
(messageDigest * modularInverseOfS, BigInt.from(r) * modularInverseOfS);
var signaturePoint = ec.add(ec.scalarMultiply(u1, ec.generatorPoint),
ec.scalarMultiply(u2, publicKey));
if (signaturePoint.isPointAtInfinity) return false;
var signatureVerificationValue = signaturePoint.x! % ec.order;
return signatureVerificationValue == r;
}
void main(List<String> args) {
var message = "Selam Alem";
// Bob - signer
var privateKey = Random.secure().nextInt(ec.order - 1) + 1;
var publicKey = ec.scalarMultiplyGenerator(privateKey);
var signature = signMessage(message, privateKey);
// Alice - verifier
var bobSignedIt = verifySignature(message, signature, publicKey);
print(
bobSignedIt ? "It's Bob's Signature :)" : "It's not Bob's Signature :(");
}