Can't verify signed message about nano-bip32-ed25519 HOT 5 CLOSED

Hi @swdee,

The implementation is not working. I shouldn't have included it and I'm going to remove it. As I said in the README.md:

To verify message signatures created using the code found here, utilize the python-pure25519-blake library or any other library that can verify BLAKE2b hash function based Ed25519 signatures.

For the python-pure25519-blake library, install using the commands "python setup.py build" and "python setup.py install". To verify messages, create a verifying key object using "ed25519_oop.VerifyingKey" and then check for if the verify function returns None. If it returns None, then the signature is valid.

Upon reflection, I should really just incorporate that VerifyingKey method inside of this library itself and not expect anyone to do this extra task, so this is mea culpa.

Sorry for the late response and hope I didn't waste any time you could have spent testing this library out.

Btw, using ed25519_oop.VerifyingKey with your code and inputs, the signature is verified.

from nano-bip32-ed25519.

Thanks for the direction I can get it to verify using the pure25519 library. For reference a complete solution here;

from bip32_ed25519 import *
from pure25519 import ed25519_oop

# get HD node using secret
secret = str.encode("8f434346648f6b96df89dda901c5176b")
node = derive_chain(secret, "44'/165'" )

# generate private key
chKeys, chA, chC = private_child_key(node, 0)
print("chKeys=", chKeys[0].hex(), " ", chKeys[1].hex() )
print("chA=", chA.hex() )
print("chC=", chC.hex() )

# sign
msg = str.encode("hello")
sig = special_signing(chKeys[0], chKeys[1], chA, msg )
print("sig=", sig.hex() )

# verify
vk = ed25519_oop.VerifyingKey(chA)
res = vk.verify(sig, msg)

print("res=", res)

Another thing is the code jumps between using Affine points with Big Math and Extended points using Scalar Math. I realised you have used a number of sources to get this working solution, but do you have any plans to refactor the solution to use Extended/Scalar Math exclusively as it is more performant?

from nano-bip32-ed25519.

So I guess you mean like turning this:

(r + (x * int.from_bytes(kL, 'little'))) % ed25519.l)

into something wherer, x, and the other components are first transformed into their extended point forms and the expression is evaluated using extended/scalar math.

This (http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html) seems to be where algorithms for different extended math operators were obtained for the existing ed25519.py library I used. Do you know where to get code for performing the modulus operator in extended math though? Unless that's a foolish/ridiculous question.

from nano-bip32-ed25519.

Yeah its a bit out of my Math ability, but the Scalar Math implementations are referred to as "Supercop ref10", with some python and JS bindings to the C implementation here;

https://github.com/1p6/supercop.js
https://github.com/warner/python-ed25519

It would depend on ones use case as to if implementing it is worth while though, its probably a premature optimisation, there is also the Radix 51 Asm implementation which is faster again.

from nano-bip32-ed25519.

Maybe if more calls for performance optimization I'll study this more and branch (if no one themselves forks it to make optimizations before then).

I'll also say I like the readability of the code currently in the sense that you can map it to the steps in the algorithms from the "BIP32-Ed25519 Hierarchical Deterministic Keys over a Non-linear Keyspace" paper easily IMO, and making the optimizations may break such readability.

I'll close this for now as I don't want to keep off topic of the original issue.

from nano-bip32-ed25519.