mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-23 12:09:37 +00:00
c589743e2b
* basic schnorr verify working * add schnorr-verify as submodule * remove previous code * Misc Ethereum work which will probably be disregarded * add ecrecover hack test, worksgit add src/ * merge w develop * starting w/ rust-web3 * trying to use ethers * deploy_schnorr_verifier_contract finally working * modify EthereumHram to use 27/28 for point parity * updated address calc, solidity schnorr verify now working * add verify failure to test * update readme * move ethereum/ to coins/ * un fmt coins/monero * update .gitmodules * fix cargo paths * fix coins/monero * add #[allow(non_snake_case)] * un-fmt stuff * move crypto to coins/ethereum * move unit tests to ethereum/tests * remove js, build w ethers * update .gitignore * address comments * add q != 0 check * update contract param order * update contract license to AGPL * update ethereum-serai license to GPL and fmt * GPLv3 for ethereum-serai * AGPLv3 for ethereum-serai * actually fix license Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
36 lines
1.2 KiB
Solidity
36 lines
1.2 KiB
Solidity
//SPDX-License-Identifier: AGPLv3
|
|
pragma solidity ^0.8.0;
|
|
|
|
// see https://github.com/noot/schnorr-verify for implementation details
|
|
contract Schnorr {
|
|
// secp256k1 group order
|
|
uint256 constant public Q =
|
|
0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141;
|
|
|
|
// parity := public key y-coord parity (27 or 28)
|
|
// px := public key x-coord
|
|
// message := 32-byte message
|
|
// s := schnorr signature
|
|
// e := schnorr signature challenge
|
|
function verify(
|
|
uint8 parity,
|
|
bytes32 px,
|
|
bytes32 message,
|
|
bytes32 s,
|
|
bytes32 e
|
|
) public view returns (bool) {
|
|
// ecrecover = (m, v, r, s);
|
|
bytes32 sp = bytes32(Q - mulmod(uint256(s), uint256(px), Q));
|
|
bytes32 ep = bytes32(Q - mulmod(uint256(e), uint256(px), Q));
|
|
|
|
require(sp != 0);
|
|
// the ecrecover precompile implementation checks that the `r` and `s`
|
|
// inputs are non-zero (in this case, `px` and `ep`), thus we don't need to
|
|
// check if they're zero.will make me
|
|
address R = ecrecover(sp, parity, px, ep);
|
|
require(R != address(0), "ecrecover failed");
|
|
return e == keccak256(
|
|
abi.encodePacked(R, uint8(parity), px, block.chainid, message)
|
|
);
|
|
}
|
|
}
|