recoverPublicKeys method
Recovers public keys from the ECDSA signature and a hash of the message.
Parameters:
hash: A hash of the message to be verified.generator: The generator point for the elliptic curve.
Implementation
List<ECDSAPublicKey> recoverPublicKeys(
List<int> hash,
ProjectiveECCPoint generator,
) {
final curve = generator.curve;
final order = generator.order!;
final e = BigintUtils.fromBytes(hash);
final alpha =
(r.modPow(BigInt.from(3), curve.p) + curve.a * r + curve.b) % curve.p;
final beta = ECDSAUtils.modularSquareRootPrime(alpha, curve.p);
final y = (beta % BigInt.two == BigInt.zero) ? beta : (curve.p - beta);
final ProjectiveECCPoint r1 = ProjectiveECCPoint(
curve: curve,
x: r,
y: y,
z: BigInt.one,
order: order,
);
final inverseR = BigintUtils.inverseMod(r, order);
final ProjectiveECCPoint q1 =
((r1 * s) + (generator * (-e % order))) * inverseR
as ProjectiveECCPoint;
final pk1 = ECDSAPublicKey(generator, q1);
final r2 = ProjectiveECCPoint(
curve: curve,
x: r,
y: -y,
z: BigInt.one,
order: order,
);
final ProjectiveECCPoint q2 =
((r2 * s) + (generator * (-e % order))) * inverseR
as ProjectiveECCPoint;
final pk2 = ECDSAPublicKey(generator, q2);
return [pk1, pk2];
}