From d16fd2783cd6c6a537ca3ac44b7b87d8d4ddc7eb Mon Sep 17 00:00:00 2001 From: junderw Date: Thu, 23 Aug 2018 09:27:08 +0200 Subject: [PATCH] Add signature Low R grinding to match with Bitcoin Core Ref: https://github.com/bitcoin/bitcoin/pull/13666 Depends on python-ecdsa pull request to allow for extra_entropy Ref: https://github.com/warner/python-ecdsa/pull/92 --- electrum/ecc.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/electrum/ecc.py b/electrum/ecc.py index f4f08e80e..39e10628e 100644 --- a/electrum/ecc.py +++ b/electrum/ecc.py @@ -414,7 +414,15 @@ class ECPrivkey(ECPubkey): if sigdecode is None: sigdecode = get_r_and_s_from_sig_string private_key = _MySigningKey.from_secret_exponent(self.secret_scalar, curve=SECP256k1) - sig = private_key.sign_digest_deterministic(data, hashfunc=hashlib.sha256, sigencode=sigencode) + def sig_encode_r_s(r, s, order): + return r, s + r, s = private_key.sign_digest_deterministic(data, hashfunc=hashlib.sha256, sigencode=sig_encode_r_s) + counter = 0 + while r >= 2**255: # grind for low R value https://github.com/bitcoin/bitcoin/pull/13666 + counter += 1 + extra_entropy = int.to_bytes(counter, 32, 'little') + r, s = private_key.sign_digest_deterministic(data, hashfunc=hashlib.sha256, sigencode=sig_encode_r_s, extra_entropy=extra_entropy) + sig = sigencode(r, s, CURVE_ORDER) public_key = private_key.get_verifying_key() if not public_key.verify_digest(sig, data, sigdecode=sigdecode): raise Exception('Sanity check verifying our own signature failed.')