I view the secp256k1 module.the ECDSA signature verification as follows
compute w= s^(-1) mod n.
u1=H(m)w mod n and u2 = rw mod n.
X=u1P + u2Q.
Covert the x-coordinate x1 of X to an integer /x1;compute v = /x1 mod n.
When the code compute X=u1P +u2Q.Using the Jacobian coordinate point add.Then I noticed you provide two ways (one is CALC_X_AFFINE,another is CHECK_IN_JB) to check the result.In the CALC_X_AFFINE state,Firstly mult the z^2 ,Secondly ,do the binary inverse . and inv_p is secp256k1_pkg::p_eq; I'm confused about the binary inverse.Thirdly, mult the z^2 with X to covert AFFINE .
I'm confused about CALC_X_AFFINE state operation.Could you explain to me? Thanks a lot.
Jiahua-Gong
commented
4 years ago
I view the secp256k1 module.the ECDSA signature verification as follows
When the code compute X=u1P +u2Q.Using the Jacobian coordinate point add.Then I noticed you provide two ways (one is CALC_X_AFFINE,another is CHECK_IN_JB) to check the result.In the CALC_X_AFFINE state,Firstly mult the z^2 ,Secondly ,do the binary inverse . and inv_p is secp256k1_pkg::p_eq; I'm confused about the binary inverse.Thirdly, mult the z^2 with X to covert AFFINE .
I'm confused about CALC_X_AFFINE state operation.Could you explain to me? Thanks a lot.