You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ifoverflow:=e.SetBytes((*[32]byte)(commitment)); overflow!=0 {
str:="hash of (r || P || m) too big"returnsignatureError(ecdsa_schnorr.ErrSchnorrHashValue, str)
}
This will fail to verify a signature whose challenge hash is interpreted as a scalar above the secp256k1 curve order.
It seems that in the (perhaps extremely unlikely) event of getting a block containing a signature whose challenge hash is above the curve order, this might cause a fork?
The text was updated successfully, but these errors were encountered:
The relevant block of code begins here:
btcd/btcec/schnorr/signature.go
Line 180 in 0aaa7c5
The complete code:
This will fail to verify a signature whose challenge hash is interpreted as a scalar above the secp256k1 curve order.
The verification algorithm specified in BIP340 allows for such signatures. See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#verification
The relevant math is
Let e = int(hashBIP0340/challenge(bytes(r) || bytes(P) || m)) mod n
. It doesn't fail on overflow.Here is the challenge calculation used in Bitcoin Core, which also does modular arithmetic, rather than failing on overflow:
https://github.com/bitcoin/bitcoin/blob/3654d84c6f53e5137f9208851ff904c248b4741f/src/secp256k1/src/modules/schnorrsig/main_impl.h#L116
It seems that in the (perhaps extremely unlikely) event of getting a block containing a signature whose challenge hash is above the curve order, this might cause a fork?
The text was updated successfully, but these errors were encountered: