public static void Test() { string msg = "StackOverflow test 123"; string sig = "IB7XjSi9TdBbB3dVUK4+Uzqf2Pqk71XkZ5PUsVUN+2gnb3TaZWJwWW2jt0OjhHc4B++yYYRy1Lg2kl+WaiF+Xsc="; string pubkey = "045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5"; SHA256Managed sha256 = new SHA256Managed(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(msg), 0, Encoding.UTF8.GetByteCount(msg)); Console.WriteLine("Hash: " + ToHex(hash)); byte[] tmpBytes = Convert.FromBase64String(sig); byte[] sigBytes = new byte[tmpBytes.Length - 1]; Buffer.BlockCopy(tmpBytes, 1, sigBytes, 0, sigBytes.Length); int rec = (tmpBytes[0] - 27) & ~4; Console.WriteLine("Rec {0}", rec); ECPoint Q = Recover(hash, sigBytes, rec); string qstr = ToHex(Q.GetEncoded()); Console.WriteLine("Q is same as supplied: " + qstr.Equals(pubkey)); Console.WriteLine("Signature verified correctly: " + VerifySignature(Q.GetEncoded(), hash, sigBytes)); }
/** * Test encoding with and without point compression. * * @param p * The point to be encoded and decoded. */ private void ImplTestEncoding(ECPoint p) { // Not Point Compression byte[] unCompBarr = p.GetEncoded(false); ECPoint decUnComp = p.Curve.DecodePoint(unCompBarr); AssertPointsEqual("Error decoding uncompressed point", p, decUnComp); // Point compression byte[] compBarr = p.GetEncoded(true); ECPoint decComp = p.Curve.DecodePoint(compBarr); AssertPointsEqual("Error decoding compressed point", p, decComp); }
/// <summary> /// Creates a round 2 (zero-knowledge proof) DTO to send to the partner participant. /// </summary> /// <exception cref="InvalidOperationException"> /// Prior round (1) has not been completed yet, or method may have been called more than once. /// </exception> public ECJpakeRound2 CreateRound2ToSend() { if (ProtocolState >= State.Round2Created) { throw new InvalidOperationException("Round 2 payload already created."); } if (ProtocolState < State.Round1Validated) { throw new InvalidOperationException("Round 1 payload must be validated prior to creating Round 2 payload."); } var s1 = new BigInteger(_passwordBytes); ECPoint GA = _gx1.Add(_gx3).Add(_gx4); BigInteger x2s1 = _x2.Multiply(s1).Mod(_domain.N); ECPoint A = BasePointMultiplier.Multiply(GA, x2s1); ECPoint X2sV; BigInteger X2sR; CreateZeroKnowledgeProof(GA, x2s1, A, ParticipantId, out X2sV, out X2sR); var dto = new ECJpakeRound2 { ParticipantId = ParticipantId, A = A.GetEncoded(), X2sV = X2sV.GetEncoded(), X2sR = X2sR.ToByteArray() }; ProtocolState = State.Round2Created; return(dto); }
/// <summary> /// Creates a round 1 (zero-knowledge proof) DTO to send to the partner participant. /// </summary> public ECJpakeRound1 CreateRound1ToSend() { Contract.Requires(ProtocolState < State.Round1Created, "Round 1 payload already created."); BigInteger x1 = BigInteger.CreateRandomInRange(BigInteger.One, _domain.N.Subtract(BigInteger.One), EntropySupply); _x2 = BigInteger.CreateRandomInRange(BigInteger.One, _domain.N.Subtract(BigInteger.One), EntropySupply); _gx1 = BasePointMultiplier.Multiply(_domain.G, x1); _gx2 = BasePointMultiplier.Multiply(_domain.G, _x2); ECPoint V1, V2; BigInteger r1, r2; CreateZeroKnowledgeProof(_domain.G, x1, _gx1, ParticipantId, out V1, out r1); CreateZeroKnowledgeProof(_domain.G, _x2, _gx2, ParticipantId, out V2, out r2); var dto = new ECJpakeRound1 { ParticipantId = ParticipantId, GX1 = _gx1.GetEncoded(), X1V = V1.GetEncoded(), X1R = r1.ToByteArray(), GX2 = _gx2.GetEncoded(), X2V = V2.GetEncoded(), X2R = r2.ToByteArray() }; ProtocolState = State.Round1Created; return(dto); }
protected ECPublicBcpgKey( DerObjectIdentifier oid, ECPoint point) { this.point = new BigInteger(1, point.GetEncoded(false)); this.oid = oid; }
public void TestDecode() { var curve = new FPCurve( new BigInteger("6277101735386680763835789423207666416083908700390324961279"), // q new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), // a new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16)); // b ECPoint p = curve.DecodePoint(Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012")); if (!p.X.ToBigInteger().Equals(new BigInteger("188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", 16))) { Fail("x uncompressed incorrectly"); } if (!p.Y.ToBigInteger().Equals(new BigInteger("7192b95ffc8da78631011ed6b24cdd573f977a11e794811", 16))) { Fail("y uncompressed incorrectly"); } byte[] encoding = p.GetEncoded(); if (!AreEqual(encoding, Hex.Decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012"))) { Fail("point compressed incorrectly"); } }
public AnonymousTokenResponse(string kid, ECPoint signedPoint, BigInteger proofChallenge, BigInteger proofResponse) { Kid = kid; SignedPoint = Convert.ToBase64String(signedPoint.GetEncoded()); ProofChallenge = Convert.ToBase64String(proofChallenge.ToByteArray()); ProofResponse = Convert.ToBase64String(proofResponse.ToByteArray()); }
/// <summary> /// Calculate the aggregated commitment /// </summary> /// <param name="commitments">An array listToTable of commitments from each signer</param> /// <param name="bitmapCommitments">Commitments the bitmap of considered commitments from the whole listToTable</param> /// <returns>the aggregated commitment</returns> public virtual byte[] AggregateCommitments(List <byte[]> commitments, long bitmapCommitments) { Guard.NotNull(commitments, nameof(commitments)); Guard.NotLessThanOrEqualTo(commitments.Count, 0, nameof(commitments)); var idx = 0; ECPoint aggregatedCommitment = null; var result = new byte[0]; foreach (var commitment in commitments) { if (0 != ((1 << idx) & bitmapCommitments)) { // aggregate the commits var decodedCommitment = _secp256k1.Parameters.Curve.DecodePoint((byte[])commitment.Clone()); aggregatedCommitment = null == aggregatedCommitment ? decodedCommitment : aggregatedCommitment.Add(decodedCommitment); } idx++; } if (null != aggregatedCommitment) { result = aggregatedCommitment.GetEncoded(true); } return(result); }
public static BigInteger PublicKeyFromPrivate(BigInteger privKey) { ECPoint point = PublicPointFromPrivate(privKey); byte[] encoded = point.GetEncoded(false); return(new BigInteger(1, Arrays.CopyOfRange(encoded, 1, encoded.Length))); // remove prefix }
private byte[] Encrypt(byte[] input, int inOff, int inLen) { byte[] c2 = new byte[inLen]; Array.Copy(input, inOff, c2, 0, c2.Length); ECMultiplier multiplier = CreateBasePointMultiplier(); byte[] c1; ECPoint kPB; do { BigInteger k = NextK(); ECPoint c1P = multiplier.Multiply(mECParams.G, k).Normalize(); c1 = c1P.GetEncoded(false); kPB = ((ECPublicKeyParameters)mECKey).Q.Multiply(k).Normalize(); Kdf(mDigest, kPB, c2); }while (NotEncrypted(c2, input, inOff)); AddFieldElement(mDigest, kPB.AffineXCoord); mDigest.BlockUpdate(input, inOff, inLen); AddFieldElement(mDigest, kPB.AffineYCoord); byte[] c3 = DigestUtilities.DoFinal(mDigest); return(Arrays.ConcatenateAll(c1, c2, c3)); }
/// <summary> /// calculates the signature multipled by the generator /// point, for an arbitrary message based on pubkey R and pubkey A. /// Calculates P = pubR - h(msg, pubR)pubA. /// This is used when building settlement transactions and determining the pubkey /// to the oracle's possible signatures beforehand. Can be calculated with just /// public keys, so by anyone. /// </summary> /// <param name="oraclePubA">The oracle's public key</param> /// <param name="oraclePubR">The oracle's R-point (public key to the one-time signing key)</param> /// <param name="message">The message to compute the signature pubkey for</param> public static byte[] ComputeSignaturePubKey(byte[] oraclePubA, byte[] oraclePubR, byte[] message) { ECPoint A = curve.Curve.DecodePoint(oraclePubA).Normalize(); ECPoint R = curve.Curve.DecodePoint(oraclePubR).Normalize(); byte[] rX = R.XCoord.ToBigInteger().ToByteArray(); while (rX[0] == (byte)0) { rX = rX.Skip(1).ToArray(); } Sha256Digest myHash = new Sha256Digest(); myHash.BlockUpdate(message, 0, message.Length); myHash.BlockUpdate(rX, 0, rX.Length); byte[] e = new byte[myHash.GetDigestSize()]; myHash.DoFinal(e, 0); BigInteger bigE = BigIntegerFromBytes(e); A = A.Multiply(bigE).Normalize(); var y = A.YCoord.ToBigInteger().Negate(); y = y.Mod(p); A = curve.Curve.CreatePoint(A.XCoord.ToBigInteger(), y).Normalize(); A = A.Add(R).Normalize(); return(A.GetEncoded(true)); }
private static BigInteger _recoverFromSignature(int recId, ECSignature sig, byte[] msg, ECDomainParameters parameters) { BigInteger n = parameters.N; BigInteger i = new BigInteger((recId / 2).ToString()); BigInteger x = sig.r.Add(i.Multiply(n)); if (x.CompareTo(_prime) >= 0) { return(null); } ECPoint R = _decompressKey(x, (recId & 1) == 1, parameters.Curve); if (!(R.Multiply(n)).IsInfinity) { return(null); } BigInteger e = _bytesToInt(msg); BigInteger eInv = (BigInteger.Zero.Subtract(e)); eInv = n.DivideAndRemainder(eInv)[1]; BigInteger rInv = sig.r.ModInverse(n); BigInteger srInv = rInv.Multiply(sig.s).DivideAndRemainder(n)[1]; BigInteger eInvrInv = (rInv.Multiply(eInv)).DivideAndRemainder(n)[1]; ECPoint q = ((parameters.G).Multiply(eInvrInv)).Add(R.Multiply(srInv)); byte[] bytes = q.GetEncoded(false); byte[] retBytes = new byte[bytes.Length - 1]; Array.Copy(bytes, 1, retBytes, 0, bytes.Length - 1); return(_bytesToInt(retBytes)); }
/// <summary> /// Calculates the hash for a zero-knowledge proof. /// </summary> private BigInteger Hash(ECPoint generator, ECPoint V, ECPoint X, string participantId) { _digest.Reset(); // Each item is prefixed with its length as a little-endian 4-byte unsigned integer var lengthPrefix = new byte[4]; byte[] generatorBytes = generator.GetEncoded(); Pack.UInt32_To_LE((uint)generatorBytes.Length, lengthPrefix); _digest.BlockUpdate(lengthPrefix, 0, 4); _digest.BlockUpdate(generatorBytes, 0, generatorBytes.Length); byte[] vBytes = V.GetEncoded(); Pack.UInt32_To_LE((uint)vBytes.Length, lengthPrefix); _digest.BlockUpdate(lengthPrefix, 0, 4); _digest.BlockUpdate(vBytes, 0, vBytes.Length); byte[] xBytes = X.GetEncoded(); Pack.UInt32_To_LE((uint)xBytes.Length, lengthPrefix); _digest.BlockUpdate(lengthPrefix, 0, 4); _digest.BlockUpdate(xBytes, 0, xBytes.Length); byte[] idBytes = Encoding.UTF8.GetBytes(participantId); Pack.UInt32_To_LE((uint)idBytes.Length, lengthPrefix); _digest.BlockUpdate(lengthPrefix, 0, 4); _digest.BlockUpdate(idBytes, 0, idBytes.Length); var hash = new byte[_digest.OutputSize]; _digest.DoFinal(hash, 0); return(new BigInteger(hash)); }
/// <summary> /// Computes the public key from the private key. /// </summary> protected override byte[] ComputePublicKey() { var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); ECPoint point = ps.G; Org.BouncyCastle.Math.BigInteger Db = new Org.BouncyCastle.Math.BigInteger(1, _privKey); ECPoint dd = point.Multiply(Db); if (IsCompressedPoint) { dd = ps.Curve.CreatePoint(dd.X.ToBigInteger(), dd.Y.ToBigInteger(), true); return(dd.GetEncoded()); } else { byte[] pubaddr = new byte[65]; byte[] Y = dd.Y.ToBigInteger().ToByteArray(); Array.Copy(Y, 0, pubaddr, 64 - Y.Length + 1, Y.Length); byte[] X = dd.X.ToBigInteger().ToByteArray(); Array.Copy(X, 0, pubaddr, 32 - X.Length + 1, X.Length); pubaddr[0] = 4; return(pubaddr); } }
public static String Encrypt(byte[] publicKey, byte[] data) { if (null == publicKey || publicKey.Length == 0) { return(null); } if (data == null || data.Length == 0) { return(null); } byte[] source = new byte[data.Length]; Array.Copy(data, 0, source, 0, data.Length); Cipher cipher = new Cipher(); SM2 sm2 = SM2.Instance; ECPoint userKey = sm2.ecc_curve.DecodePoint(publicKey); ECPoint c1 = cipher.Init_enc(sm2, userKey); cipher.Encrypt(source); byte[] c3 = new byte[32]; cipher.Dofinal(c3); String sc1 = Encoding.Default.GetString(Hex.Encode(c1.GetEncoded())); String sc2 = Encoding.Default.GetString(Hex.Encode(source)); String sc3 = Encoding.Default.GetString(Hex.Encode(c3)); return((sc1 + sc2 + sc3).ToUpper()); }
/// <summary> /// 公钥加密算法,利用下一个用户的公钥进行加密 /// </summary> /// <param name="sm2">sm2对象</param> /// <param name="msg">要加密的消息</param> /// <param name="ppk">目的签名者的公钥文件夹路径</param> /// <param name="id">加密后消息存入的文件夹(最好不存起来)</param> public string[] Test_sm2_cipher(SM2 sm2, string msg, string ppk) { byte[] data = Encoding.Default.GetBytes(msg);//将信息转化为比特 // 加密过程 ECPoint userKey = null; byte[] key = null; ReadpublicKey(out key, ppk); //读取解密者的公钥 userKey = sm2.ecc_curve.DecodePoint(key); //把字节形的转化为Ecpoint System.String sdata = new UTF8Encoding().GetString(Hex.Encode(data)); SM2.Cipher cipher = new SM2.Cipher(); ECPoint c1 = cipher.Init_enc(sm2, userKey); //调用Init_enc方法 byte[] bc1 = c1.GetEncoded(); //将c1的数据类型转换成比特串 System.String sbc1 = new UTF8Encoding().GetString(Hex.Encode(bc1)); cipher.Encrypt(data); System.String sc2 = new UTF8Encoding().GetString(Hex.Encode(data)); byte[] c3 = new byte[32]; cipher.Dofinal(c3); System.String sc3 = new UTF8Encoding().GetString(Hex.Encode(c3)); string[] cc = { sbc1, sc2, sc3 }; return(cc); }
public static string EncodeECPointHexCompressed(ECPoint point) { var compressedPoint = point.GetEncoded(true); BigInteger biInt = new BigInteger(compressedPoint); return(biInt.ToString(16)); }
private void calcPubKey(bool comp) { ECPoint point = ecParams.G.Multiply(new BigInteger(1, privKey)); this.pubKey = point.GetEncoded(); compress(comp); }
/** * @param privateKey hex string without 0x * @return */ public static string GetPublicKeyFromPrivateKey(string privateKey, bool compressed) { BigInteger bigInteger = new BigInteger(privateKey, 16); ECPoint point = GetPublicPointFromPrivate(bigInteger); return(ByteUtil.ByteArrayToHexString(point.GetEncoded(compressed))); }
public static BigInteger PublicKeyFromPrivate(BigInteger privKey) { ECPoint point = publicPointFromPrivate(privKey); byte[] encoded = point.GetEncoded(false); return(new BigInteger(1, encoded.Skip(1).ToArray())); // remove prefix }
public virtual ECPoint Init_enc(SM2CryptoServiceProvider sm2, ECPoint userKey) { //BigInteger k = null; //ECPoint c1 = null; //AsymmetricCipherKeyPair key = sm2.ecc_key_pair_generator.GenerateKeyPair(); //ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters)key.Private; //ECPublicKeyParameters ecpub = (ECPublicKeyParameters)key.Public; //k = ecpriv.D; //c1 = ecpub.Q; //p2 = userKey.Multiply(k); //Reset(); //return c1; var keySTR = userKey.GetEncoded().byteToHex(); if (keySTR.Length > 64) { keySTR = keySTR.Substring(0, 64); } BigInteger k = new BigInteger(keySTR, 16); //ecpriv.getD(); ECPoint c1 = sm2.ecc_point_g.Multiply(k); //ecpub.getQ(); this.p2 = userKey.Multiply(k); Reset(); return(c1); }
/// <summary> /// Derives the public key to a private key /// </summary> /// <param name="privateKey">The private key to derive the public key for</param> public static byte[] PublicKeyFromPrivateKey(byte[] privateKey) { BigInteger d = BigIntegerFromBytes(privateKey); ECPoint q = domain.G.Multiply(d).Normalize(); return(q.GetEncoded(true)); }
public static byte[] ComputePublicKey(byte[] publicGenBytes, uint accountNumber) { ECPoint rootPubPoint = Secp256K1.Curve().DecodePoint(publicGenBytes); BigInteger scalar = ComputeScalar(publicGenBytes, accountNumber); ECPoint point = Secp256K1.BasePoint().Multiply(scalar); ECPoint offset = rootPubPoint.Add(point); return offset.GetEncoded(true); }
public static BigInteger ComputeSecretKey( BigInteger privateGen, uint accountNumber) { ECPoint publicGen = ComputePublicGenerator(privateGen); return ComputeScalar(publicGen.GetEncoded(true), accountNumber) .Add(privateGen).Mod(Secp256K1.Order()); }
public static ECPoint ECDSA_SIG_recover_key_GFp(BigInteger[] sig, byte[] hash, int recid, bool check) { X9ECParameters ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); int i = recid / 2; Console.WriteLine("r: " + ToHex(sig[0].ToByteArrayUnsigned())); Console.WriteLine("s: " + ToHex(sig[1].ToByteArrayUnsigned())); BigInteger order = ecParams.N; BigInteger field = (ecParams.Curve as FpCurve).Q; BigInteger x = order.Multiply(new BigInteger(i.ToString())).Add(sig[0]); if (x.CompareTo(field) >= 0) { throw new Exception("X too large"); } Console.WriteLine("Order: " + ToHex(order.ToByteArrayUnsigned())); Console.WriteLine("Field: " + ToHex(field.ToByteArrayUnsigned())); byte[] compressedPoint = new Byte[x.ToByteArrayUnsigned().Length + 1]; compressedPoint[0] = (byte)(0x02 + (recid % 2)); Buffer.BlockCopy(x.ToByteArrayUnsigned(), 0, compressedPoint, 1, compressedPoint.Length - 1); ECPoint R = ecParams.Curve.DecodePoint(compressedPoint); Console.WriteLine("R: " + ToHex(R.GetEncoded())); if (check) { ECPoint O = R.Multiply(order); if (!O.IsInfinity) { throw new Exception("Check failed"); } } int n = (ecParams.Curve as FpCurve).Q.ToByteArrayUnsigned().Length *8; BigInteger e = new BigInteger(1, hash); if (8 * hash.Length > n) { e = e.ShiftRight(8 - (n & 7)); } e = BigInteger.Zero.Subtract(e).Mod(order); BigInteger rr = sig[0].ModInverse(order); BigInteger sor = sig[1].Multiply(rr).Mod(order); BigInteger eor = e.Multiply(rr).Mod(order); ECPoint Q = ecParams.G.Multiply(eor).Add(R.Multiply(sor)); Console.WriteLine("n: " + n); Console.WriteLine("e: " + ToHex(e.ToByteArrayUnsigned())); Console.WriteLine("rr: " + ToHex(rr.ToByteArrayUnsigned())); Console.WriteLine("sor: " + ToHex(sor.ToByteArrayUnsigned())); Console.WriteLine("eor: " + ToHex(eor.ToByteArrayUnsigned())); Console.WriteLine("Q: " + ToHex(Q.GetEncoded())); return(Q); }
public static Signature Sign(Hash32 hash, PrivateKey privateKey) { BigInteger pk = new BigInteger(1, privateKey.Binary.ToArray()); X9ECParameters ec = SecNamedCurves.GetByName("secp256k1"); ECDomainParameters domainParams = new ECDomainParameters(ec.Curve, ec.G, ec.N, ec.H); ECPrivateKeyParameters param = new ECPrivateKeyParameters(pk, domainParams); ECDsaSigner signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); signer.Init(true, param); var hashArray = hash.Binary.ToArray(); BigInteger[] sig = signer.GenerateSignature(hashArray); BigInteger r = sig[0]; BigInteger s = sig[1]; if (s.CompareTo(domainParams.N.ShiftRight(1)) > 0) { s = domainParams.N.Subtract(s); } ECPoint q = domainParams.G.Multiply(pk); var publicParams = new ECPublicKeyParameters(q, domainParams); byte[] publicBytes = publicParams.Q.GetEncoded(); int recid = -1; for (int rec = 0; rec < 4; rec++) { try { ECPoint Q = Recover(sig, hashArray, rec, true); if (Enumerable.SequenceEqual(publicBytes, Q.GetEncoded())) { recid = rec; break; } } catch (Exception) { continue; } } if (recid < 0) { throw new Exception("Did not find proper recid"); } byte[] fullSigBytes = new byte[65]; Buffer.BlockCopy(sig[0].ToByteArrayUnsigned(), 0, fullSigBytes, 0, 32); Buffer.BlockCopy(sig[1].ToByteArrayUnsigned(), 0, fullSigBytes, 32, 32); fullSigBytes[64] = (byte)recid; return(new Signature(fullSigBytes)); }
public string GetSign(byte[] msg) { //Org.BouncyCastle.Math.BigInteger d = new Org.BouncyCastle.Math.BigInteger(Convert.FromBase64String(privKey)); byte[] prvB = StringToByteArray(prv); byte[] pubB = StringToByteArray(pub); //byte[] prvB = StringToByteArray(prvTmp); //byte[] pubB = StringToByteArray(pubTmp); Org.BouncyCastle.Math.BigInteger sk = new Org.BouncyCastle.Math.BigInteger(+1, prvB); Org.BouncyCastle.Math.EC.ECPoint q = domain.G.Multiply(sk); byte[] pubKeyX = q.Normalize().AffineXCoord.GetEncoded(); byte[] pubKeyY = q.Normalize().AffineYCoord.GetEncoded(); BigInteger k = GenerateRandom(); //BigInteger k = new BigInteger(+1,StringToByteArray("015B931D9C7BF3A7A70E57868BF29712377E74355FC59032CD7547C80E179010")); //Debug.Log("kv:" + BitConverter.ToString(kv.ToByteArray()).Replace("-", "")); Debug.Log("K:" + BitConverter.ToString(k.ToByteArray()).Replace("-", "")); ECPoint Q = domain.G.Multiply(k); Org.BouncyCastle.Crypto.Digests.Sha256Digest digester = new Org.BouncyCastle.Crypto.Digests.Sha256Digest(); byte[] h = new byte[digester.GetDigestSize()]; digester.BlockUpdate(Q.GetEncoded(true), 0, Q.GetEncoded(true).Length); digester.BlockUpdate(pubB, 0, pubB.Length); digester.BlockUpdate(msg, 0, msg.Length); digester.DoFinal(h, 0); Org.BouncyCastle.Math.BigInteger r = new Org.BouncyCastle.Math.BigInteger(+1, h); BigInteger s = r.Multiply(sk); s = k.Subtract(s); s = s.Mod(domain.n); string rt = BitConverter.ToString(r.ToByteArray()).Replace("-", ""); if (rt.Length > 32) { rt = rt.Remove(0, 2); } string st = BitConverter.ToString(s.ToByteArray()).Replace("-", ""); return(rt + st); }
public PublicKey(ECPoint point) { this.IsCompressedPoint = point.IsCompressed; this.point = point; this.PublicKeyBytes = point.GetEncoded(); if (validatePoint() == false) { throw new ArgumentException("Not a valid public key"); } }
internal static byte[] GetStealthSharedSecret(Key priv, PubKey pub) { X9ECParameters curve = ECKey.Secp256k1; ECPoint pubec = curve.Curve.DecodePoint(pub.ToBytes()); ECPoint p = pubec.Multiply(new BigInteger(1, priv.ToBytes())); byte[] pBytes = new PubKey(p.GetEncoded()).Compress().ToBytes(); byte[] hash = Hashes.SHA256(pBytes); return(hash); }
public PubKey Uncover(Key priv, PubKey pub) { X9ECParameters curve = ECKey.Secp256k1; byte[] hash = GetStealthSharedSecret(priv, pub); //Q' = Q + cG ECPoint qprim = curve.G.Multiply(new BigInteger(1, hash)).Add(curve.Curve.DecodePoint(ToBytes())); return(new PubKey(qprim.GetEncoded()).Compress(this.IsCompressed)); }