椭圆曲线点乘法有时会产生错误的结果

时间:2019-04-28 14:17:14

标签: python math cryptography elliptic-curve ecdsa

我正在尝试在Python中使用标量乘法实现椭圆曲线点,并且遇到的问题是,在某些情况下,我得到的结果不正确,并且正在努力找出可能出问题的地方。

这是执行计算的函数:

def __mul__(self, other):
    """
    Scalar multiplication of a point with a integer
    The point gets added to itself other times
    This can be efficiently computed using binary
    representation of the scalar

    :param other: int number to multiply the point with
    :return: Point point after applying the multiplication
    """
    if other < 1 or other > self.order():
        raise Exception("Scalar for point mult is out of range")

    # Convert into binary representation
    scalar_bin = str(bin(other))[2:]

    new_point = self.curve().g()
    # Iterate through every bit of the scalar
    # double the current point and if it is a 1 bit
    # we add the generator point
    for i in range(1, len(scalar_bin)):
        new_point = new_point + new_point
        if scalar_bin[i] == "1":
            new_point = new_point + self.curve().g()
    return new_point

我已经对此进行了多重值测试,有时会收到正确的结果,有时会收到不正确的结果。以下是secp256k1曲线上的一些示例:

Correct case:

Point: 
x: 55066263022277343669578718895168534326250603453777594175500187360389116729240
y: 32670510020758816978083085130507043184471273380659243275938904335757337482424

Scalar:
24917563387128992525586541072555299775466638713533702470001729610242625242518

Result:
x: 30761640594611050927920473896980176618852175787129035469672454552631110981601
y: 71589730992642335000963807008595655528549796860255114743222783656832671116115

Incorrect case:

Point:
x: 55763821349469695143251444157857527262741225298806100934200365505846997750729
y: 108311437762381308673474438597429390041179265557837286648496266777408263200496

Scalar:
14153923515125836933174734651094672686604752309351060890449588899992278900437

Result:
x: 33276244942913720410563273329803338573012270278748134958920446992664092974057
y: 38066195899997010281080208319525128360573241938488491930954474962286948555539

1 个答案:

答案 0 :(得分:0)

所以我想出了这个问题,因为数学似乎是正确的,所以每个人都很难看到,但是我犯了一个编程错误,如果您从上下文之外看该函数,就不容易看到。

所提供的代码将始终对曲线的生成器点进行标量乘法,但不会对self实际引用的点进行标量乘法。 Self是一个点的实例,但在概述的代码中从未直接引用过,而是将曲线生成器的点相乘。

new_point = self.curve().g()

应替换为

new_point = self


new_point = new_point + self.curve().g()

通过

new_point = new_point + self

我仍然不清楚在某些情况下该代码如何产生正确的示例。

相关问题
最新问题