Comments (5)
I see the same problem...
I can't verify the signature below using uECC_secp256r1
With these input rx also becomes = 0 during the uECC_verify process.
apply_z(tx, ty, z, curve); // Here tx becomes same value as rx so on the next line Z becomes 0 because rx and tx are equal
uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */
I can verify the signature below with python using https://pypi.org/project/ecdsa/
HASH (SHA256): 797601B76D29603D167FA1062CC27B00BB0E39493BF3B7BBAFA610C2B24F4A20
Public Key:
7CF27B188D034F7E8A52380304B51AC3C08969E277F21B35A60B48FC4766997807775510DB8ED040293D9AC69F7430DBBA7DADE63CE982299E04B79D227873D1
Signature:
56CD9CF152BCCC3A64E41E2B2BF91ED0661E0821B14B50ABE93C05EA889AFED3F93452957106BAB410617E306D876BB58FA7D7B5A515AC6B6181D8D638651FC7
from micro-ecc.
@jojotds
I think the root cause is this line: uECC_vli_modMult_fast(z, z, tz, curve);
As soon as tz gets 0 once, it stays at 0 forever.
On a higher level, the issue is that this implementation is handling the identity element incorrectly. Let O be the identity element and P a point on curve. Usually O + P = P, but in this implementation O + P = O, which leads to the rejection of the signature.
In line 1579 to 1585, the point t is added to the point r. This point addition shows the above described behavior.
Probably this point addition algorithm has to be substituted with another algorithm, e.g. https://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates
Please note this issue does not only exist for the inputs described above, but also for other inputs from test libraries (e.g. Wycheproof).
from micro-ecc.
There seem to be an issue with the optimized uECC_vli_modMult_fast function. If you replace it with "slow" version then everything works fine.
from micro-ecc.
OMG, thanks for figuring this out. The slow version should be definitely the standard in the mainline and we should warn the user about this when using the faster version.
from micro-ecc.
OMG, thanks for figuring this out. The slow version should be definitely the standard in the mainline and we should warn the user about this when using the faster version.
It wouldn't do any good since the generic version of MMod function is impractically slow to use. Like ten times slower or so. Anyway, this glitch is only relevant if you need to verify the signatures that have been made by different implementations. If you have a closed ecosystem then you can just ignore it. Because there is no problem with signatures made by uECC and the other implementations can verify the signatures generated by the uECC.
from micro-ecc.
Related Issues (20)
- Questions about ECDSA HOT 2
- Contact for responsible disclosure HOT 2
- Check for identity element is missing during verification
- Question about the public private key generation using secp160r1
- how to set the RNG function? HOT 2
- HASH out value differnet on same file? HOT 6
- Hard fault on cortex M0+
- With latest IAR ARM Embedded workbench version 9.32 not able to compile this code HOT 2
- Earlyclobber inline asm input registers
- easy-ecc compatability?
- secp160r1 incorrect signatures on ARM Cortex M0 HOT 2
- Expression cannot be used as a function
- Point addition of same point
- Different results on different platforms
- mbedtls_ecdh_gen_public speed dosen't improve HOT 1
- not fast enought HOT 1
- GCC + `-Wpedantic` throws warning about `__int128`
- 16-bit Implementation (MSP430)
- Will micro-ecc support for openharmony in thre future?
- Public key uncompression issue for secp384r1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from micro-ecc.