There could also be one other methodology to find out the Restoration ID(rec_id). Because the Restoration ID can solely have 4 doable values(0/1/2/3), if you have already got the message to signal, public key, and signature, you possibly can attempt every Restoration ID worth and decide which one yields the proper public key worth.
There may be already an implementation of this perform known as “ecRecover”. For instance, in Python, you need to use ecdsa_raw_recover from py_ecc library(supply code). This perform means that you can derive doable public key from the given Restoration ID:
def ecdsa_raw_recover(msghash: bytes, vrs: Tuple[int, int, int]) -> "PlainPoint2D":
v, r, s = vrs
if not (27 <= v <= 34):
increase ValueError("%d should in vary 27-31" % v)
x = r
xcubedaxb = (x * x * x + A * x + B) % P
beta = pow(xcubedaxb, (P + 1) // 4, P)
y = beta if v % 2 ^ beta % 2 else (P - beta)
# If xcubedaxb isn't a quadratic residue, then r can't be the x coord
# for a degree on the curve, and so the sig is invalid
if (xcubedaxb - y * y) % P != 0 or not (r % N) or not (s % N):
increase ValueError("sig is invalid, %d can't be the x coord for level on curve" % r)
z = bytes_to_int(msghash)
Gz = jacobian_multiply(forged("PlainPoint3D", (Gx, Gy, 1)), (N - z) % N)
XY = jacobian_multiply(forged("PlainPoint3D", (x, y, 1)), s)
Qr = jacobian_add(Gz, XY)
Q = jacobian_multiply(Qr, inv(r, N))
Q_jacobian = from_jacobian(Q)
return Q_jacobian