main.rs

extern crate libsecp256k1_rs as secp256k1;

use secp256k1::{SecretKey, PublicKey, thread_rng, Message};
use secp256k1::schnorr::{ Challenge};

// This one tests that adding r/R makes key extraction impossible
#[allow(non_snake_case)]
fn main() {
    // Create a random private key
    let mut rng = thread_rng();
    let r = SecretKey::random(&mut rng);
    println!("r: {}", r);

    let R = PublicKey::from_secret_key(&r);

    let k = SecretKey::random(&mut rng);
    println!("k: {}", k);

    let P = PublicKey::from_secret_key(&k);

    // Challenge, e = H(P || m)
    let m = Message::hash(b"Meet me at 12").unwrap();
    let e = Challenge::new(&[&P, &m]).as_scalar().unwrap();

    // Signature (with nonce)
    let s = r + (e * k);

    // Verify the signature
    assert_eq!(PublicKey::from_secret_key(&s), R + (e*P));
    println!("Signature is valid.");

    // create a fake signature
    let mut rng2 = thread_rng();
    let fake_sig = SecretKey::random(&mut rng2);

    // calculate fake R
    let fake_R = (e * P) - PublicKey::from_secret_key(&fake_sig);

    // the fake signature does not pass
    assert_eq!(PublicKey::from_secret_key(&fake_sig), fake_R + (e*P));
}