From 402fa0d85ddce59f86e39dc65c694938cfa7627e Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 14 Jun 2014 11:47:22 +1000 Subject: [PATCH] ecdsa: amend recoverPubKey SEC comments --- src/ecdsa.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/ecdsa.js b/src/ecdsa.js index e4f34f9..1e87e62 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -210,10 +210,10 @@ function recoverPubKey(curve, e, signature, i) { curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2) } - // 1.1 Compute x + // 1.1 Let x = r + jn var x = isSecondKey ? r.add(n) : r - // 1.3 Convert x to point + // 1.2, 1.3 Convert x to a point R using routine specified in Section 2.3.4 var alpha = x.pow(3).add(a.multiply(x)).add(b).mod(p) var beta = alpha.modPow(curve.P_OVER_FOUR, p) @@ -221,16 +221,16 @@ function recoverPubKey(curve, e, signature, i) { // otherwise we're done and y == beta. var y = (beta.isEven() ^ isYEven) ? p.subtract(beta) : beta - // 1.4 Check that nR isn't at infinity + // 1.4 Check that nR is at infinity var R = Point.fromAffine(curve, x, y) var nR = R.multiply(n) assert(curve.isInfinity(nR), 'nR is not a valid curve point') - // 1.5 Compute -e from e + // Compute -e from e var eNeg = e.negate().mod(n) - // 1.6 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) + // 1.6.1 Compute Q = r^-1 (sR - eG) + // Q = r^-1 (sR + -eG) var rInv = r.modInverse(n) var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv) @@ -258,6 +258,7 @@ function calcPubKeyRecoveryParam(curve, e, signature, Q) { for (var i = 0; i < 4; i++) { var Qprime = recoverPubKey(curve, e, signature, i) + // 1.6.2 Verify Q if (Qprime.equals(Q)) { return i }