@@ -50,22 +50,73 @@ pub fn sign<
5050) -> ( Fq , Fq , u8 ) {
5151 let randomness_inv = Option :: < Fq > :: from ( randomness. invert ( ) ) . expect ( "cannot invert randomness" ) ;
5252 let generator = Affine :: generator ( ) ;
53+ // generator is indeed for r1 if call with r1 type.
54+
5355 let sig_point = generator * randomness;
5456 let sig_v: bool = sig_point. to_affine ( ) . into_coordinates ( ) . 1 . is_odd ( ) . into ( ) ;
5557
5658 let x = * Option :: < Coordinates < _ > > :: from ( sig_point. to_affine ( ) . coordinates ( ) )
5759 . expect ( "point is the identity" )
5860 . x ( ) ;
5961
62+ println ! ( "x_Fp {:?}" , x) ;
63+ println ! ( "Fq modulus {:?}" , Fq :: MODULUS ) ;
64+ println ! ( "x.repr {:?}" , x. to_repr( ) ) ;
65+
6066 let mut x_bytes = [ 0u8 ; 64 ] ;
6167 x_bytes[ ..32 ] . copy_from_slice ( & x. to_repr ( ) ) ;
6268
6369 let sig_r = Fq :: from_uniform_bytes ( & x_bytes) ; // get x cordinate (E::Base) on E::Scalar
6470
6571 let sig_s = randomness_inv * ( msg_hash + sig_r * sk) ;
72+
73+ println ! ( "sig_point {:?}" , sig_point. to_affine( ) ) ;
74+ println ! ( "sig_r {:?}" , sig_r) ;
75+ println ! ( "sig_s {:?}" , sig_s) ;
76+
6677 ( sig_r, sig_s, u8:: from ( sig_v) )
6778}
6879
80+ /// Do a secp256k1 or secp256r1 signature verification with a given pub key.
81+ /// Refers to https://github.com/scroll-tech/halo2curves/blob/v0.1.0/src/secp256k1/curve.rs
82+ /// and https://github.com/scroll-tech/halo2curves/blob/v0.1.0/src/secp256r1/curve.rs
83+ pub fn verify <
84+ Fp : PrimeField < Repr = [ u8 ; 32 ] > ,
85+ Fq : PrimeField + FromUniformBytes < 64 > ,
86+ Affine : CurveAffine < ScalarExt = Fq , Base = Fp > + std:: ops:: Mul < Fq > + CurveAffineExt ,
87+ > (
88+ pub_key : Affine ,
89+ r : Fq ,
90+ s : Fq ,
91+ msg_hash : Fq ,
92+ // if pubkey is not recovered , v is not neccessary.
93+ v : Option < bool > ,
94+ ) -> bool {
95+ // Verify
96+ let s_inv = s. invert ( ) . unwrap ( ) ;
97+ let u_1 = msg_hash * s_inv;
98+ let u_2 = r * s_inv;
99+
100+ let g = Affine :: generator ( ) ;
101+ let v_1 = g * u_1;
102+ let v_2 = pub_key * u_2;
103+
104+ let r_point = ( v_1 + v_2) . to_affine ( ) . coordinates ( ) . unwrap ( ) ;
105+ let x_candidate = r_point. x ( ) ;
106+ let r_candidate = mod_n ( * x_candidate) ;
107+
108+ r == r_candidate
109+ }
110+
111+ // convert Fp to Fq
112+ fn mod_n < Fp : PrimeField < Repr = [ u8 ; 32 ] > , Fq : PrimeField + FromUniformBytes < 64 > > ( x : Fp ) -> Fq {
113+ let mut x_repr = [ 0u8 ; 32 ] ;
114+ x_repr. copy_from_slice ( x. to_repr ( ) . as_ref ( ) ) ;
115+ let mut x_bytes = [ 0u8 ; 64 ] ;
116+ x_bytes[ ..32 ] . copy_from_slice ( & x_repr[ ..] ) ;
117+ Fq :: from_uniform_bytes ( & x_bytes)
118+ }
119+
69120/// Signature data required by the SignVerify Chip as input to verify a
70121/// signature.
71122#[ derive( Clone , Debug ) ]
0 commit comments