Update Unblind inputs removing unnecessary m

- Update Unblind inputs removing unnecessary `m`
- Add mod at Blind & BlindSign

blindsecp256k1.go

@@ -108,6 +108,7 @@ func (sk *PrivateKey) BlindSign(mBlinded *big.Int, k *big.Int) *big.Int {
 	sBlind := new(big.Int).Add(
 		new(big.Int).Mul(sk.BigInt(), mBlinded),
 		k)
+	sBlind = new(big.Int).Mod(sBlind, N)
 	return sBlind
 }
 
@@ -141,6 +142,7 @@ func Blind(m *big.Int, signerR *Point) (*big.Int, *UserSecretData) {
 	hBytes := crypto.Keccak256(m.Bytes())
 	h := new(big.Int).SetBytes(hBytes)
 	mBlinded := new(big.Int).Mul(ainvrx, h)
+	mBlinded = new(big.Int).Mod(mBlinded, N)
 
 	return mBlinded, u
 }
@@ -152,8 +154,8 @@ type Signature struct {
 }
 
 // Unblind performs the unblinding operation of the blinded signature for the
-// given message m and the UserSecretData
-func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature {
+// given the UserSecretData
+func Unblind(sBlind *big.Int, u *UserSecretData) *Signature {
 	// s = a s' + b
 	as := new(big.Int).Mul(u.A, sBlind)
 	s := new(big.Int).Add(as, u.B)
@@ -181,7 +183,7 @@ func Verify(m *big.Int, s *Signature, q *PublicKey) bool {
 
 	right := s.F.Add(rxhG)
 
-	// check sG == R + rx h(m) G (where R in this code is F)
+	// check sG == R + rx h(m) Q (where R in this code is F)
 	if bytes.Equal(sG.X.Bytes(), right.X.Bytes()) &&
 		bytes.Equal(sG.Y.Bytes(), right.Y.Bytes()) {
 		return true

blindsecp256k1_test.go

@@ -24,7 +24,7 @@ func TestFlow(t *testing.T) {
 	sBlind := sk.BlindSign(msgBlinded, k)
 
 	// user: unblinds the blinded signature
-	sig := Unblind(sBlind, msg, userSecretData)
+	sig := Unblind(sBlind, userSecretData)
 	sigB := sig.Bytes()
 	sig2, err := NewSignatureFromBytes(sigB)
 	assert.Nil(t, err)

v0/blindsecp256k1v0.go

@@ -112,8 +112,8 @@ type Signature struct {
 }
 
 // Unblind performs the unblinding operation of the blinded signature for the
-// given message m and the UserSecretData
-func Unblind(sBlind, m *big.Int, u *UserSecretData) *Signature {
+// given and the UserSecretData
+func Unblind(sBlind *big.Int, u *UserSecretData) *Signature {
 	// s = b^-1 s' + c
 	binv := new(big.Int).ModInverse(u.B, blindsecp256k1.N)
 	bs := new(big.Int).Mul(binv, sBlind)

v0/blindsecp256k1v0_test.go

@@ -24,7 +24,7 @@ func TestFlow(t *testing.T) {
 	sBlind := sk.BlindSign(msgBlinded, k)
 
 	// user: unblinds the blinded signature
-	sig := Unblind(sBlind, msg, userSecretData)
+	sig := Unblind(sBlind, userSecretData)
 
 	// signature can be verified with signer PublicKey (Q)
 	verified := Verify(msg, sig, signerPubK)

wasm/blindsecp256k1-wasm.go

@@ -81,14 +81,12 @@ func blindv0(this js.Value, values []js.Value) interface{} {
 
 func unblindv0(this js.Value, values []js.Value) interface{} {
 	sBlindStr := values[0].String()
-	mStr := values[1].String()
-	uBStr := values[2].String()
-	uCStr := values[3].String()
-	uFxStr := values[4].String()
-	uFyStr := values[5].String()
+	uBStr := values[1].String()
+	uCStr := values[2].String()
+	uFxStr := values[3].String()
+	uFyStr := values[4].String()
 
 	sBlind := stringToBigInt(sBlindStr)
-	m := stringToBigInt(mStr)
 	uB := stringToBigInt(uBStr)
 	uC := stringToBigInt(uCStr)
 	uFx := stringToBigInt(uFxStr)
@@ -106,7 +104,7 @@ func unblindv0(this js.Value, values []js.Value) interface{} {
 		F: uF,
 	}
 
-	sig := blindsecp256k1v0.Unblind(sBlind, m, u)
+	sig := blindsecp256k1v0.Unblind(sBlind, u)
 
 	r := make(map[string]interface{})
 	r["s"] = sig.S.String()
@@ -174,14 +172,12 @@ func blind(this js.Value, values []js.Value) interface{} {
 
 func unblind(this js.Value, values []js.Value) interface{} {
 	sBlindStr := values[0].String()
-	mStr := values[1].String()
-	uAStr := values[2].String()
-	uBStr := values[3].String()
-	uFxStr := values[4].String()
-	uFyStr := values[5].String()
+	uAStr := values[1].String()
+	uBStr := values[2].String()
+	uFxStr := values[3].String()
+	uFyStr := values[4].String()
 
 	sBlind := stringToBigInt(sBlindStr)
-	m := stringToBigInt(mStr)
 	uA := stringToBigInt(uAStr)
 	uB := stringToBigInt(uBStr)
 	uFx := stringToBigInt(uFxStr)
@@ -198,7 +194,7 @@ func unblind(this js.Value, values []js.Value) interface{} {
 		F: uF,
 	}
 
-	sig := blindsecp256k1.Unblind(sBlind, m, u)
+	sig := blindsecp256k1.Unblind(sBlind, u)
 
 	r := make(map[string]interface{})
 	r["s"] = sig.S.String()

wasm/webtest/index.js

@@ -12,7 +12,7 @@ function test() {
 	let signerQx = "91217724741799691300838336208439702708830781279546234509900618215893368170964";
 	let signerQy = "10647409378909561143830454293907272341812664755625953321604115356883317910171";
 	let sBlind = "1559989683738317700055715706344460781046571016142996697444777749433194958666958401306508176561868963591508234625762518936896506645022493420447764027537091595268073646775253821735958788229615883133396107736168033688269069669796190509031136746898237132145138091815479880246793211708356184248484212425679897377";
-	let unblindRes = wasmUnblind(sBlind, m, blindRes.uA, blindRes.uB, blindRes.uFx, blindRes.uFy);
+	let unblindRes = wasmUnblind(sBlind, blindRes.uA, blindRes.uB, blindRes.uFx, blindRes.uFy);
 	console.log("unblind", unblindRes);
 
 
@@ -28,7 +28,7 @@ function test() {
 	blindRes = wasmBlindv0(m, signerQx, signerQy, signerRx, signerRy);
 	console.log("blindv0", blindRes);
 	// sBlind would be received from the Signer
-	unblindRes = wasmUnblindv0(sBlind, m, blindRes.uB, blindRes.uC, blindRes.uFx, blindRes.uFy);
+	unblindRes = wasmUnblindv0(sBlind, blindRes.uB, blindRes.uC, blindRes.uFx, blindRes.uFy);
 	console.log("unblindv0", unblindRes);
 
 	// wasmVerifyv0 method not used here because the hardcoded values would