Perhaps I acquired the formulation improper however I heard that x = (z*s^-1)*G+(r*s^-1)*Okay is the equation for verifying an ECDSA signature however my code says signature is invalid however the values are from a sound bitcoin transaction.
def gensig(d,okay,h):
x = bitcoin.fast_multiply(bitcoin.G, okay)
r = x[0] % n
k_inv = mod_inverse(okay, n)
s = (k_inv * (h+(r*d))) % n
return r,s
def verfy(r,s,pk,h):
# Confirm the signature
w = mod_inverse(s, n) # Calculate the modular multiplicative inverse of s
u = (h * w) % n
v = (r * w) % n
y = bitcoin.fast_multiply(bitcoin.G, u)
b= bitcoin.fast_multiply(pk, v)
a = y+b
x =a[0] % n
# Test if the calculated level matches the R element of the signature
if x == r:
print("Signature is legitimate")
else:
print("Signature is invalid")
def solve_k(h, r, x, s, n):
# Calculate the modular multiplicative inverse of s modulo n
s_inverse = mod_inverse(s, n)
if s_inverse is None:
return None # No modular inverse exists
# Calculate okay utilizing the formulation
okay = (h + r *x ) * s_inverse % n
return okay
def solve_d(s, okay, h, r, n):
rinv = mod_inverse(r, n)
d = (((s * okay) - h) * rinv) % n
return d
Given these:
R=0x0089848a1c90ee587b1d8b71c9bafccbc072613e41b3fd38cc2b1cf3041e3792bc
S=0x45305be296870b32cca5dac0f0972cac820090214158652581f406fc70ef30f3
Z= 0x3d4a58fa8e5f94e9b8ed1d79a2d584ce45803153b75d43d7bcdbf49171d90992
priv1 = 1
Once I do that:
pk = bitcoin.fast_multiply(bitcoin.G, priv1)
verfy(R,S,pk,Z)
I get signature is invalid however why?
What am I doing improper?