// Verify determines whether or not the signature is on the given hash and // belongs to the public key. func Verify(sig *Signature, pk *eckey.PublicKey, hash []byte) error { // Deserialize public key pkx, pky := pk.Coords() // Compute sG + ePK = (k-er)G + erG = kG sGx, sGy := eckey.S256.ScalarBaseMult(sig[SignatureSize/2:]) ePKx, ePKy := eckey.S256.ScalarMult(pkx, pky, sig[:SignatureSize/2]) kGx, kGy := eckey.S256.Add(sGx, sGy, ePKx, ePKy) // Serialize point kG, err := eckey.NewPublicKeyCoords(kGx, kGy) if err != nil { return err } // Compute non-interactive challenge e := util.Hash256d(append([]byte(hash), kG[:]...)) // Compare digest with first half of signature for i, b := range e { if sig[i] != b { return ErrECSchnorrVerify } } return nil }
func keyPairFromTestCase(test ecTestCase) (*eckey.SecretKey, *eckey.PublicKey) { d, _ := new(big.Int).SetString(test.D, 10) x, _ := new(big.Int).SetString(test.X, 16) y, _ := new(big.Int).SetString(test.Y, 16) // Serialize secret key sk, _ := eckey.NewSecretKeyInt(d) // Serialize public key pk, _ := eckey.NewPublicKeyCoords(x, y) return sk, pk }