verifySchnorrSignature method

bool verifySchnorrSignature({
  1. required List<int> digest,
  2. required List<int> signature,
})

Verifies a Schnorr(old style) signature for a given digest.

  • digest: The hash or message digest that was signed.
  • signature: The Schnorr signature to verify.

Implementation

bool verifySchnorrSignature({
  required List<int> digest,
  required List<int> signature,
}) {
  final schnorrSignature = BitcoinSchnorrSignature.fromBytes(signature);
  if (digest.length != BitcoinSignerUtils.baselen) {
    throw ArgumentException.invalidOperationArguments(
      "verifySchnorrSignature",
      name: "digest",
      reason: "Invalid digest bytes length.",
    );
  }

  final P = _verifyKey.publicKey.point;
  final eHash = QuickCrypto.sha256Hash([
    ...schnorrSignature.rBytes(),
    ..._verifyKey.publicKey.toBytes(),
    ...digest,
  ]);
  final e = BigintUtils.fromBytes(eHash) % CryptoSignerConst.secp256k1Order;
  final sG = CryptoSignerConst.generatorSecp256k1 * schnorrSignature.s;
  final ProjectiveECCPoint eP = -(P * e);
  final R = sG + eP;
  if (R.isZero() ||
      ECDSAUtils.jacobi(R.y, CryptoSignerConst.curveSecp256k1.p) <= 0) {
    return false;
  }
  return R.x == schnorrSignature.r;
}