Question

我在椭圆曲线上编写Schnorr签名算法。我收到here (page 128)

的说明

这是我的代码

Security.addProvider(new BouncyCastleProvider());

    //key generation
    ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");
    ECPoint G = ecSpec.getG();
    BigInteger order = ecSpec.getN();

    BigInteger x = BigIntegers.createRandomInRange(BigInteger.ONE, order.subtract(BigInteger.ONE), new SecureRandom());
    ECPoint Y = G.multiply(x);

    //sign
    BigInteger r = BigIntegers.createRandomInRange(BigInteger.ONE, order.subtract(BigInteger.ONE), new SecureRandom());
    ECPoint R = G.multiply(r);

    byte[] xArray = R.getXCoord().getEncoded();
    byte[] yArray = R.getYCoord().getEncoded();

    String xBinary;
    StringBuilder sb = new StringBuilder();
    for(int i = 0; i < xArray.length; i++){
        sb.append(String.format("%8s", Integer.toBinaryString(xArray[i] & 0xFF)).replace(' ', '0'));
    }
    xBinary = sb.toString();

    sb = new StringBuilder();
    String yBinary;
    for(int i = 0; i < yArray.length; i++){
        sb.append(String.format("%8s", Integer.toBinaryString(yArray[i] & 0xFF)).replace(' ', '0'));
    }
    yBinary = sb.toString();

    int hash = (xBinary + yBinary + "msg").hashCode();
    BigInteger h = BigInteger.valueOf(hash);

    BigInteger s = r.add(h.multiply(x)).mod(order);

    //verify    
    ECPoint tmp1 = G.multiply(s);
    ECPoint tmp2 = Y.multiply(h);
    ECPoint R2 = tmp1.subtract(tmp2);

    xArray = R2.getXCoord().getEncoded();
    yArray = R2.getYCoord().getEncoded();

    sb = new StringBuilder();
    for(int i = 0; i < xArray.length; i++){
        sb.append(String.format("%8s", Integer.toBinaryString(xArray[i] & 0xFF)).replace(' ', '0'));
    }
    xBinary = sb.toString();

    sb = new StringBuilder();
    for(int i = 0; i < yArray.length; i++){
        sb.append(String.format("%8s", Integer.toBinaryString(yArray[i] & 0xFF)).replace(' ', '0'));
    }
    yBinary = sb.toString();

    int hash2 = (xBinary + yBinary + "msg").hashCode();
    BigInteger h2 = BigInteger.valueOf(hash2);

但我仍然得到错误的结果（哈希不匹配），我不明白为什么。我是在beginnig上使用错误的参数还是使用错误的方法对点进行计算任何帮助将不胜感激

修改

我改变后开始工作

ECPoint Y = G.multiply(x);
(...)
ECPoint R = G.multiply(r);
(...)
ECPoint R2 = tmp1.subtract(tmp2);

到

ECPoint Y = G.multiply(x).normalize();
(...)
ECPoint R = G.multiply(r).normalize();
(...)
ECPoint R2 = tmp1.subtract(tmp2).normalize();

ECSchnorr仍然出错（哈希？）结果

0 个答案: