我嘗試實作 JavaScript 代碼以從https://stackoverflow.com/a/30431547/1332416處的壓縮 P-256 X 點恢復 y 坐標。
在我看來,以下代碼在 .NET/C# 中看起來是等效的,但這似乎不起作用,因為結果不正確。因此可以得出結論,代碼有問題,但我似乎無法發現問題。也許其他人可以看到它?
/*
Curves and their primes
NIST P-256 (secp256r1) 2^256 - 2^224 2^192 2^96 - 1
NIST P-384 (secp384r1) 2^384 - 2^128 - 2^96 2^32 - 1
NIST P-521 (secp521r1) 2^521 - 1
const two = new bigInt(2),
// 115792089210356248762697446949407573530086143415290314195533631308867097853951
prime = two.pow(256).sub( two.pow(224) ).add( two.pow(192) ).add( two.pow(96) ).sub(1),
b = new bigInt( '41058363725152142129326129780047268409114441015993725554835256314039467401291' ),
// Pre-computed value, or literal
pIdent = prime.add(1).divide(4); // 28948022302589062190674361737351893382521535853822578548883407827216774463488
*/
var key = ECDsa.Create(ECCurve.NamedCurves.nistP256);
var keyParams = key.ExportParameters(includePrivateParameters: false);
var prime = BigInteger.Parse("115792089210356248762697446949407573530086143415290314195533631308867097853951");
var b = BigInteger.Parse("41058363725152142129326129780047268409114441015993725554835256314039467401291");
var pIdent = BigInteger.Parse("28948022302589062190674361737351893382521535853822578548883407827216774463488");
// Other combinations of isUnsighed and isBigEndian do not seem to work.
var xBig = new BigInteger(keyParams.Q.X, isUnsigned: false, isBigEndian: false);
var y = BigInteger.ModPow(BigInteger.Pow(xBig, 3) - (xBig * 3) b, pIdent, prime);
// Either yarr0 or yarr1 should match with yParams. This is not the case here now. Calculation going wrong?
var yParams = keyParams.Q.Y;
var yarr0 = y.ToByteArray();
var yarr1 = (prime - y).ToByteArray();
(添加和檢查的代碼0x02,0x03或0x04故意省略,因為.NET默認情況下不會這樣做,并且在這種最小情況下不需要。這也缺乏其他檢查來查看點是否在曲線上等)
uj5u.com熱心網友回復:
keyParams.Q.X并且keyParams.Q.Y將被解釋為大端位元組順序的無符號位元組陣列。因此,將位元組陣列轉換為 a 時要設定引數BigInteger:
var xBig = new BigInteger(keyParams.Q.X, isUnsigned: true, isBigEndian: true);
反方向類似:
var yarr0 = y.ToByteArray(true, true);
var yarr1 = (prime - y).ToByteArray(true, true);
通過這些更改,代碼回傳預期結果,即要么yarr0或yarr1等于yParams。
轉載請註明出處,本文鏈接:https://www.uj5u.com/net/465789.html