indutny/index.js Secret

## index.js
'use strict';

const BN = require('bn.js');
const elliptic = require('elliptic');

const ecdsa = new elliptic.ec('secp256k1');

let message = new BN(
    'f75c6b18a72fabc0f0b888c3da58e004f0af1fe14f7ca5d8c897fe164925d5e9');

const key = ecdsa.genKeyPair();

const signature = key.sign(message);

const point = ecdsa.curve.pointFromX(signature.r);
point.precompute(256);

function trick(message, signature, i) {
  const n = new BN(
      'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16);
  const p = new BN(
      'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16);

  const nRed = BN.red(n);
  const pRed = BN.red(p);

  // NOTE: Could be using GLV values for speed
  let lambda = new BN(i);

  const point2 = point.mul(lambda);
  let beta = point2.x.redMul(point.x.redInvm()).fromRed();

  lambda = lambda.toRed(nRed);
  beta = beta.toRed(pRed);
  // NOTE end

  const originalR = signature.r;
  const r = originalR.toRed(pRed).redMul(beta).fromRed();

  const nBeta = r.toRed(nRed).redMul(originalR.toRed(nRed).redInvm());
  const common = lambda.redInvm().redMul(nBeta);

  const s = signature.s.toRed(nRed).redMul(common).fromRed();

  return {
    signature: { r: r, s: s },
    message: message.toRed(nRed).redMul(nBeta).fromRed()
  };
}

for (let i = 2; i < 100; i++) {
  const item = trick(message, signature, i);
  console.log(item.message,
              item.signature,
              key.verify(item.message, item.signature));
}

## package.json
{
  "name": "ecdsa-poc",
  "version": "1.0.0",
  "description": "ECDSA secp256k1 PoC",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "Fedor Indutny <fedor@indutny.com>",
  "license": "MIT",
  "dependencies": {
    "bn.js": "^4.10.4",
    "elliptic": "^6.2.3"
  }
}
	'use strict';

	const BN = require('bn.js');
	const elliptic = require('elliptic');

	const ecdsa = new elliptic.ec('secp256k1');

	let message = new BN(
	'f75c6b18a72fabc0f0b888c3da58e004f0af1fe14f7ca5d8c897fe164925d5e9');

	const key = ecdsa.genKeyPair();

	const signature = key.sign(message);

	const point = ecdsa.curve.pointFromX(signature.r);
	point.precompute(256);

	function trick(message, signature, i) {
	const n = new BN(
	'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16);
	const p = new BN(
	'fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16);

	const nRed = BN.red(n);
	const pRed = BN.red(p);

	// NOTE: Could be using GLV values for speed
	let lambda = new BN(i);

	const point2 = point.mul(lambda);
	let beta = point2.x.redMul(point.x.redInvm()).fromRed();

	lambda = lambda.toRed(nRed);
	beta = beta.toRed(pRed);
	// NOTE end

	const originalR = signature.r;
	const r = originalR.toRed(pRed).redMul(beta).fromRed();

	const nBeta = r.toRed(nRed).redMul(originalR.toRed(nRed).redInvm());
	const common = lambda.redInvm().redMul(nBeta);

	const s = signature.s.toRed(nRed).redMul(common).fromRed();

	return {
	signature: { r: r, s: s },
	message: message.toRed(nRed).redMul(nBeta).fromRed()
	};
	}

	for (let i = 2; i < 100; i++) {
	const item = trick(message, signature, i);
	console.log(item.message,
	item.signature,
	key.verify(item.message, item.signature));
	}
	{
	"name": "ecdsa-poc",
	"version": "1.0.0",
	"description": "ECDSA secp256k1 PoC",
	"main": "index.js",
	"scripts": {
	"test": "echo \"Error: no test specified\" && exit 1"
	},
	"author": "Fedor Indutny <fedor@indutny.com>",
	"license": "MIT",
	"dependencies": {
	"bn.js": "^4.10.4",
	"elliptic": "^6.2.3"
	}
	}