Create valid signatures using genesis block.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import math | |
import ecdsa | |
import ecdsa.ellipticcurve as EC | |
# | |
# Compute the inverse mod p using the extend | |
# euclidian algorithm. | |
# See O. Forster, Algorithmische Zahlentheorie | |
# | |
def inv_mod_p(x, p): | |
if 1 != math.gcd(x, p): | |
raise ValueError("Arguments not prime") | |
q11 = 1 | |
q22 = 1 | |
q12 = 0 | |
q21 = 0 | |
while p != 0: | |
temp = p | |
q = x // p | |
p = x % p | |
x = temp | |
t21 = q21 | |
t22 = q22 | |
q21 = q11 - q*q21 | |
q22 = q12 - q*q22 | |
q11 = t21 | |
q12 = t22 | |
return q11 | |
# secp256k1 Curve | |
curve = ecdsa.SECP256k1 | |
G = curve.generator | |
n = G.order() | |
# Genesis Block Key | |
x = int('678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6', 16) | |
y = int('49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f', 16) | |
Q = EC.Point(curve.curve, x, y) | |
pubkey = ecdsa.VerifyingKey.from_public_point(Q, curve) | |
# Generate Random Values | |
a = ecdsa.util.randrange(n-1) | |
b = ecdsa.util.randrange(n-1) | |
b_inv = inv_mod_p(b, n) | |
# Calculate 'r' | |
K = (a*G) + (b*Q) | |
r = K.x() % n | |
# Calculate 's' | |
s = r * b_inv % n | |
# Calculate "message" | |
m = (((a * r) % n) * b_inv) % n | |
print("message: " + str(m)) | |
print("r: " + str(r)) | |
print("s: " + str(s)) | |
sig = ecdsa.ecdsa.Signature(r, s) | |
if pubkey.pubkey.verifies(m, sig): | |
print("SIGNATURE VERIFIED") | |
else: | |
print("FAILED TO VERIFY") |
@abhamai this was created in response to Faketoshi sharing a "valid" signature for Satoshi's key, where he only included the message hash, not the message. This code proves that what he shared was meaningless.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the purpose to sign a random message? I mean this is absolutely useless from practical prospective. Yes, signature is valid, but you do not control the message content as it's calculated.