Update `Unblind` inputs removing unnecessary `m`

- Update Unblind inputs removing unnecessary `m` - Add mod at Blind & BlindSign
3 years ago · 876755a714
7 changed files with 21 additions and 23 deletions
--- a/blindsecp256k1.go
+++ b/blindsecp256k1.go
@ -108,6 +108,7 @@ func (sk *PrivateKey) BlindSign(mBlinded *big.Int, k *big.Int) *big.Int {
 	sBlind := new(big.Int).Add(
 		new(big.Int).Mul(sk.BigInt(), mBlinded),
 		k)
 	sBlind = new(big.Int).Mod(sBlind, N)
 	return sBlind
 }

@ -141,6 +142,7 @@ func Blind(m *big.Int, signerR *Point) (*big.Int, *UserSecretData) {
 	hBytes := crypto.Keccak256(m.Bytes())
 	h := new(big.Int).SetBytes(hBytes)
 	mBlinded := new(big.Int).Mul(ainvrx, h)
 	mBlinded = new(big.Int).Mod(mBlinded, N)

 	return mBlinded, u
 }
@ -152,8 +154,8 @@ type Signature struct {
 }

 // Unblind performs the unblinding operation of the blinded signature for the
 // given message m and the UserSecretData
 func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature {
 // given the UserSecretData
 func Unblind(sBlind *big.Int, u *UserSecretData) *Signature {
 	// s = a s' + b
 	as := new(big.Int).Mul(u.A, sBlind)
 	s := new(big.Int).Add(as, u.B)
@ -181,7 +183,7 @@ func Verify(m *big.Int, s *Signature, q *PublicKey) bool {

 	right := s.F.Add(rxhG)

 	// check sG == R + rx h(m) G (where R in this code is F)
 	// check sG == R + rx h(m) Q (where R in this code is F)
 	if bytes.Equal(sG.X.Bytes(), right.X.Bytes()) &&
 		bytes.Equal(sG.Y.Bytes(), right.Y.Bytes()) {
 		return true
--- a/blindsecp256k1_test.go
+++ b/blindsecp256k1_test.go
@ -24,7 +24,7 @@ func TestFlow(t *testing.T) {
 	sBlind := sk.BlindSign(msgBlinded, k)

 	// user: unblinds the blinded signature
 	sig := Unblind(sBlind, msg, userSecretData)
 	sig := Unblind(sBlind, userSecretData)
 	sigB := sig.Bytes()
 	sig2, err := NewSignatureFromBytes(sigB)
 	assert.Nil(t, err)
--- a/v0/blindsecp256k1v0.go
+++ b/v0/blindsecp256k1v0.go
@ -112,8 +112,8 @@ type Signature struct {
 }

 // Unblind performs the unblinding operation of the blinded signature for the
 // given message m and the UserSecretData
 func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature {
 // given and the UserSecretData
 func Unblind(sBlind *big.Int, u *UserSecretData) *Signature {
 	// s = b^-1 s' + c
 	binv := new(big.Int).ModInverse(u.B, blindsecp256k1.N)
 	bs := new(big.Int).Mul(binv, sBlind)
--- a/v0/blindsecp256k1v0_test.go
+++ b/v0/blindsecp256k1v0_test.go
@ -24,7 +24,7 @@ func TestFlow(t *testing.T) {
 	sBlind := sk.BlindSign(msgBlinded, k)

 	// user: unblinds the blinded signature
 	sig := Unblind(sBlind, msg, userSecretData)
 	sig := Unblind(sBlind, userSecretData)

 	// signature can be verified with signer PublicKey (Q)
 	verified := Verify(msg, sig, signerPubK)
--- a/wasm/blindsecp256k1-wasm.go
+++ b/wasm/blindsecp256k1-wasm.go
@ -81,14 +81,12 @@ func blindv0(this js.Value, values []js.Value) interface{} {

 func unblindv0(this js.Value, values []js.Value) interface{} {
 	sBlindStr := values[0].String()
 	mStr := values[1].String()
 	uBStr := values[2].String()
 	uCStr := values[3].String()
 	uFxStr := values[4].String()
 	uFyStr := values[5].String()
 	uBStr := values[1].String()
 	uCStr := values[2].String()
 	uFxStr := values[3].String()
 	uFyStr := values[4].String()

 	sBlind := stringToBigInt(sBlindStr)
 	m := stringToBigInt(mStr)
 	uB := stringToBigInt(uBStr)
 	uC := stringToBigInt(uCStr)
 	uFx := stringToBigInt(uFxStr)
@ -106,7 +104,7 @@ func unblindv0(this js.Value, values []js.Value) interface{} {
 		F: uF,
 	}

 	sig := blindsecp256k1v0.Unblind(sBlind, m, u)
 	sig := blindsecp256k1v0.Unblind(sBlind, u)

 	r := make(map[string]interface{})
 	r["s"] = sig.S.String()
@ -174,14 +172,12 @@ func blind(this js.Value, values []js.Value) interface{} {

 func unblind(this js.Value, values []js.Value) interface{} {
 	sBlindStr := values[0].String()
 	mStr := values[1].String()
 	uAStr := values[2].String()
 	uBStr := values[3].String()
 	uFxStr := values[4].String()
 	uFyStr := values[5].String()
 	uAStr := values[1].String()
 	uBStr := values[2].String()
 	uFxStr := values[3].String()
 	uFyStr := values[4].String()

 	sBlind := stringToBigInt(sBlindStr)
 	m := stringToBigInt(mStr)
 	uA := stringToBigInt(uAStr)
 	uB := stringToBigInt(uBStr)
 	uFx := stringToBigInt(uFxStr)
@ -198,7 +194,7 @@ func unblind(this js.Value, values []js.Value) interface{} {
 		F: uF,
 	}

 	sig := blindsecp256k1.Unblind(sBlind, m, u)
 	sig := blindsecp256k1.Unblind(sBlind, u)

 	r := make(map[string]interface{})
 	r["s"] = sig.S.String()
--- a/wasm/webtest/blindsecp256k1.wasm
+++ b/wasm/webtest/blindsecp256k1.wasm
--- a/wasm/webtest/index.js
+++ b/wasm/webtest/index.js
@ -12,7 +12,7 @@ function test() {
 	let signerQx = "91217724741799691300838336208439702708830781279546234509900618215893368170964";
 	let signerQy = "10647409378909561143830454293907272341812664755625953321604115356883317910171";
 	let sBlind = "1559989683738317700055715706344460781046571016142996697444777749433194958666958401306508176561868963591508234625762518936896506645022493420447764027537091595268073646775253821735958788229615883133396107736168033688269069669796190509031136746898237132145138091815479880246793211708356184248484212425679897377";
 	let unblindRes = wasmUnblind(sBlind, m, blindRes.uA, blindRes.uB, blindRes.uFx, blindRes.uFy);
 	let unblindRes = wasmUnblind(sBlind, blindRes.uA, blindRes.uB, blindRes.uFx, blindRes.uFy);
 	console.log("unblind", unblindRes);


@ -28,7 +28,7 @@ function test() {
 	blindRes = wasmBlindv0(m, signerQx, signerQy, signerRx, signerRy);
 	console.log("blindv0", blindRes);
 	// sBlind would be received from the Signer
 	unblindRes = wasmUnblindv0(sBlind, m, blindRes.uB, blindRes.uC, blindRes.uFx, blindRes.uFy);
 	unblindRes = wasmUnblindv0(sBlind, blindRes.uB, blindRes.uC, blindRes.uFx, blindRes.uFy);
 	console.log("unblindv0", unblindRes);

 	// wasmVerifyv0 method not used here because the hardcoded values would