public bool Verify(uint256 m, PubKey pubkey, SchnorrSignature sig)
{
if (sig.R.CompareTo(PP) >= 0 || sig.S.CompareTo(Secp256k1.N) >= 0)
{
return(false);
}
var e = new BigInteger(1, Hashes.SHA256(Utils.BigIntegerToBytes(sig.R, 32).Concat(pubkey.ToBytes(), m.ToBytes(false)))).Mod(Secp256k1.N);
var q = pubkey.ECKey.GetPublicKeyParameters().Q.Normalize();
var P = Secp256k1.Curve.CreatePoint(q.XCoord.ToBigInteger(), q.YCoord.ToBigInteger());
var R = Secp256k1.G.Multiply(sig.S).Add(P.Multiply(Secp256k1.N.Subtract(e))).Normalize();
if (R.IsInfinity ||
R.XCoord.ToBigInteger().CompareTo(sig.R) != 0 ||
BigInteger.Jacobi(R.YCoord.ToBigInteger(), PP) != 1)
{
return(false);
}
return(true);
}
public uint256 BlindMessage(uint256 message, PubKey rpubkey, PubKey signerPubKey)
{
var P = signerPubKey.ECKey.GetPublicKeyParameters().Q;
var R = rpubkey.ECKey.GetPublicKeyParameters().Q;
var t = BigInteger.Zero;
while (t.SignValue == 0)
{
_v = _k.NextK();
_w = _k.NextK();
var A1 = Secp256k1.G.Multiply(_v);
var A2 = P.Multiply(_w);
var A = R.Add(A1.Add(A2)).Normalize();
t = A.AffineXCoord.ToBigInteger().Mod(Secp256k1.N);
}
_c = new BigInteger(1, Hashes.SHA256(message.ToBytes(false).Concat(Utils.BigIntegerToBytes(t, 32))));
var cp = _c.Subtract(_w).Mod(Secp256k1.N); // this is sent to the signer (blinded message)
return(new uint256(Utils.BigIntegerToBytes(cp, 32)));
}
public uint256 BlindMessage(byte[] message, PubKey rpubKey, PubKey signerPubKey)
{
var msg = new uint256(Hashes.SHA256(message));
return(BlindMessage(msg, rpubKey, signerPubKey));
}
public bool VerifyUnblindedSignature(UnblindedSignature signature, byte[] data)
{
var hash = new uint256(Hashes.SHA256(data));
return(SchnorrBlinding.VerifySignature(hash, signature, Key.PubKey));
}
