Ximenyan
commented
2 years ago 我想并不是效率问题吧,CGO效率远比原生的go差
Open fanhai opened 2 years ago
Ximenyan
commented
2 years ago 我想并不是效率问题吧,CGO效率远比原生的go差
fanhai
commented
2 years ago go 标准库这两个函数有什么问题吗,可以使用吗 func Sign(rand io.Reader, priv PrivateKey, hash []byte) (r, s big.Int, err error) func Verify(pub PublicKey, hash []byte, r, s big.Int) bool
Ximenyan
commented
2 years ago 基于椭圆曲线secp256k1算法的实现上,secp256k1 与 ecdsa有一些不一致,如果使用ecdsa对交易签名,可能未出现一些未知的情况
fanhai
commented
2 years ago --BIP62-- "Low S values in signatures
The value S in signatures must be between 0x1 and 0x7FFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 5D576E73 57A4501D DFE92F46 681B20A0 (inclusive). If S is too high, simply replace it by S' = 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 - S."
关于"Low S values in signatures"的必要性,有一段解释如下:
"Absent this rule, any person is able to take a Bitcoin transaction, flip s in any of its signatures, and push the transaction out again with a different TXID. Being able to do this only changes the hash of the transaction, and does not alter its validity in any way. Being able to mutate transactions breaks a number of potentially interesting transaction types in Bitcoin like payment channels, where chains of transactions will suddenly be invalidated by a parent being mutated and an alternate form included in a block.
By forcing valid transactions to always have low s this ability is removed, though a person with the private key for a transaction is still able to mutate their own transactions by resigning them with a new nonce."
了解了,感谢!
可以看到以太坊和filecoin 都有这一段调用C的实现,为什么不使用 go标准函数呢? // around 20 ms on a modern CPU. context = C.secp256k1_context_create_sign_verify() C.secp256k1_context_set_illegal_callback(context, C.callbackFunc(C.secp256k1GoPanicIllegal), nil) C.secp256k1_context_set_error_callback(context, C.callbackFunc(C.secp256k1GoPanicError), nil)