Implement low R signing #248
Comments
|
I've implemented for bitcointx: Simplexum#54 For bitcoinlib that might be more involved because it still uses openssl by default |
|
@dgpv Awesome. Is your codebase close enough issue a PR, or are you soliciting others to do a little copypasta to bring the changes upstream?
Well the OpenSSL libs already have malleable signatures, so you don't even need a sign call that supports But yes... I always call |
|
My codebase in this area is very different now. secp256k1 is used exclusively and not optionally.
Note that I do not consider bitcoinlib 'upstream' to bitcointx - it diverged significantly both in code and in overall approach ("swiss army knife" vs "specialized and strict"). But watching PRs and issues in bitcoinlib gives ideas for how to improve bitcointx, and of course anyone is free to get the code from bitcointx and port to bitcoinlib when it makes sense. |
The code in Bitcoin Core and electrum is not grinding for smaller size. It specifically grinding for 'low R' value, and the smaller size is the consequence. AFAIU, you could have a signature that is 70 bytes long, but still has high R. If you just grind for size, it is likely that the lib will sometimes produce signatures that are distinguishable from signatures made with Core or electrum. This might have privacy implications. |
@dgpv Thanks... If no one else picks up the change, I'll be happy to draft the PR. Low level object marshaling in Python is a rather new realm for me, so it might be slow going.
Yep... I meant to imply "grind till you get a good enough R". At least that is what I would suggest and will try to fold into the PR. |
ghost
mentioned this issue
Bitcoin Core v0.17.0 introduced R-value grinding to ensure that all DER signatures are 71 bytes. In involves looping through nonce values till you produce a smaller sig and deterministically stopping at the first one.
Electrum recently rolled it out so the code could be lifted from there.
The text was updated successfully, but these errors were encountered: