also grind ecdsa low R when using libsecp256k1, and fix tests

note: low R grinding would not have to be duplicated if we trusted the caller to have done it already (as is the case with the classes in ecc.py), and if we propagated the choice of "random_k" as part of the nonce_function passed to libsecp256k1 (which is not currently done)
2019-12-05 19:24:53 +01:00
parent d16fd2783c
commit 5b88b8667e
8 changed files with 82 additions and 67 deletions
--- a/electrum/ecc.py
+++ b/electrum/ecc.py
@@ -418,7 +418,7 @@ class ECPrivkey(ECPubkey):
            return r, s
        r, s = private_key.sign_digest_deterministic(data, hashfunc=hashlib.sha256, sigencode=sig_encode_r_s)
        counter = 0
-        while r >= 2**255: # grind for low R value https://github.com/bitcoin/bitcoin/pull/13666
+        while r >= 2**255:  # grind for low R value https://github.com/bitcoin/bitcoin/pull/13666
            counter += 1
            extra_entropy = int.to_bytes(counter, 32, 'little')
            r, s = private_key.sign_digest_deterministic(data, hashfunc=hashlib.sha256, sigencode=sig_encode_r_s, extra_entropy=extra_entropy)