How to use the ecdsa.numbertheory.square_root_mod_prime function in ecdsa

To help you get started, we’ve selected a few ecdsa examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github planetbeing / bitcoin-encrypt / bitcoin-encrypt.py View on Github external
recid = meta - 27

    j = recid // 2
    yp = 0 if (recid % 2) == 0 else 1

    ecdsa_signature = signature_bytes[1:]

    r, s = ecdsa.util.sigdecode_string(ecdsa_signature, order)
    
    # 1.1
    x = r + j * order

    # 1.3. This actually calculates for either effectively 02||X or 03||X depending on 'k' instead of always for 02||X as specified.
    # This substitutes for the lack of reversing R later on. -R actually is defined to be just flipping the y-coordinate in the elliptic curve.
    alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
    beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
    if (beta - yp) % 2 == 0:
        y = beta
    else:
        y = curve.p() - beta

    # 1.4 Constructor of Point is supposed to check if nR is at infinity. 
    R = ecdsa.ellipticcurve.Point(curve, x, y, order)
    
    # 1.5 Compute e
    h = double_sha256(format_message_for_signing(message))
    e = ecdsa.util.string_to_number(h)

    # 1.6 Compute Q = r^-1(sR - eG)
    Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R + (-e % order) * G)

    # Not strictly necessary, but let's verify the message for paranoia's sake.
github litepresence / extinction-event / EV / manualSIGNING.py View on Github external
def _derive_y_from_x(self, x, is_even):
        print(it('purple',"           y^2 = x^3 + ax + b          "))
        print(self, x)
        """ Derive y point from x point """
        curve = ecdsa_SECP256k1.curve
        a, b, p = curve.a(), curve.b(), curve.p()
        alpha = (pow(x, 3, p) + a * x + b) % p
        beta = ecdsa_numbertheory.square_root_mod_prime(alpha, p)
        if (beta % 2) == is_even:
            beta = p - beta
        print(beta)
        return beta
github trezor-graveyard / trezor-emu / trezor / bip32.py View on Github external
def public_pair_for_x(generator, x, is_even):
        curve = generator.curve()
        p = curve.p()
        alpha = (pow(x, 3, p) + curve.a() * x + curve.b()) % p
        beta = ecdsa.numbertheory.square_root_mod_prime(alpha, p)
        if is_even == bool(beta & 1):
            return (x, p - beta)
        return (x, beta)
github FelixWeis / python-hdwallet / hdwallet / hdwallet.py View on Github external
def point_decompress(curve, data):
	prefix = data[0]
	assert(prefix in ['\x02', '\x03'])
	parity = 1 if prefix == '\x02' else -1

	x = util.string_to_number(data[1:])

	y = numbertheory.square_root_mod_prime( 
	  ( x * x * x + curve.a() * x + curve.b() ) % curve.p(),  curve.p()
	)

	y = parity * y % curve.p()
	return ellipticcurve.Point(curve, x, y)
github lbryio / lbry-sdk / lbrynet / wallet / bip32.py View on Github external
if not isinstance(pubkey, (bytes, bytearray)):
            raise TypeError('pubkey must be raw bytes')
        if len(pubkey) != 33:
            raise ValueError('pubkey must be 33 bytes')
        if byte2int(pubkey[0]) not in (2, 3):
            raise ValueError('invalid pubkey prefix byte')
        curve = cls.CURVE.curve

        is_odd = byte2int(pubkey[0]) == 3
        x = bytes_to_int(pubkey[1:])

        # p is the finite field order
        a, b, p = curve.a(), curve.b(), curve.p()
        y2 = pow(x, 3, p) + b
        assert a == 0  # Otherwise y2 += a * pow(x, 2, p)
        y = NT.square_root_mod_prime(y2 % p, p)
        if bool(y & 1) != is_odd:
            y = p - y
        point = EC.Point(curve, x, y)

        return ecdsa.VerifyingKey.from_public_point(point, curve=cls.CURVE)
github ontio / ontology-python-sdk / ontology / crypto / ecies.py View on Github external
def __uncompress_public_key(public_key: bytes) -> bytes:
        """
        Uncompress the compressed public key.
        :param public_key: compressed public key
        :return: uncompressed public key
        """
        is_even = public_key.startswith(b'\x02')
        x = string_to_number(public_key[1:])

        curve = NIST256p.curve
        order = NIST256p.order
        p = curve.p()
        alpha = (pow(x, 3, p) + (curve.a() * x) + curve.b()) % p
        beta = square_root_mod_prime(alpha, p)
        if is_even == bool(beta & 1):
            y = p - beta
        else:
            y = beta
        point = Point(curve, x, y, order)
        return b''.join([number_to_string(point.x(), order), number_to_string(point.y(), order)])
github JoinMarket-Org / joinmarket-clientserver / jmclient / jmclient / btc.py View on Github external
def get_ecdsa_verifying_key(pub):
        #some shenanigans required to validate a transaction sig; see
        #python.ecdsa PR #54. This will be a lot simpler when that's merged.
        #https://github.com/warner/python-ecdsa/pull/54/files
        if not pub[0] in ["\x02", "\x03"]:
            log.debug("Invalid pubkey")
            return None    
        is_even = pub.startswith('\x02')
        x = string_to_number(pub[1:])
        order = SECP256k1.order
        p = SECP256k1.curve.p()
        alpha = (pow(x, 3, p) + (SECP256k1.curve.a() * x) + SECP256k1.curve.b()) % p
        beta = square_root_mod_prime(alpha, p)
        if is_even == bool(beta & 1):
            y = p - beta
        else:
            y = beta
        if not point_is_valid(SECP256k1.generator, x, y):
            return None
        
        point = Point(SECP256k1.curve, x, y, order)
        return VerifyingKey.from_public_point(point, SECP256k1,
                                                   hashfunc=hashlib.sha256)
github planetbeing / bitcoin-encrypt / bitcoin-encrypt.py View on Github external
y_str = point[baselen + 1:]
        return ecdsa.ellipticcurve.Point(curve, ecdsa.util.string_to_number(x_str), ecdsa.util.string_to_number(y_str), order)
    else:
        # 2.3
        if ord(point[0]) == 2:
            yp = 0
        elif ord(point[0]) == 3:
            yp = 1
        else:
            return None
        # 2.2
        x_str = point[1:baselen + 1]
        x = ecdsa.util.string_to_number(x_str)
        # 2.4.1
        alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
        beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
        if (beta - yp) % 2 == 0:
            y = beta
        else:
            y = curve.p() - beta
        return ecdsa.ellipticcurve.Point(curve, x, y, order)