plutus-core-1.38.0.0: Language library for Plutus Core
Safe HaskellSafe-Inferred
LanguageHaskell2010

PlutusCore.Crypto.Secp256k1

Synopsis

Documentation

verifyEcdsaSecp256k1Signature Source #

Arguments

ByteString

Public key (33 bytes)

ByteString

Message hash (32 bytes)

ByteString

Signature (64 bytes)

BuiltinResult Bool 

Verify an ECDSA signature made using the SECP256k1 curve.

Note

There are additional well-formation requirements for the arguments beyond their length:

  • The first byte of the public key must correspond to the sign of the y coordinate: this is 0x02 if y is even, and 0x03 otherwise.
  • The remaining bytes of the public key must correspond to the x coordinate, as a big-endian integer.
  • The first 32 bytes of the signature must correspond to the big-endian integer representation of _r_.
  • The last 32 bytes of the signature must correspond to the big-endian integer representation of _s_.

While this primitive accepts a hash, any caller should only pass it hashes that they computed themselves: specifically, they should receive the message from a sender and hash it, rather than receiving the hash from said sender. Failure to do so can be dangerous. Other than length, we make no requirements of what hash gets used.

verifySchnorrSecp256k1Signature Source #

Arguments

ByteString

Public key (32 bytes)

ByteString

Message (arbitrary length)

ByteString

Signature (64 bytes)

BuiltinResult Bool 

Verify a Schnorr signature made using the SECP256k1 curve.

Note

There are additional well-formation requirements for the arguments beyond their length. Throughout, we refer to co-ordinates of the point R.

  • The bytes of the public key must correspond to the x coordinate, as a big-endian integer, as specified in BIP-340.
  • The first 32 bytes of the signature must correspond to the x coordinate, as a big-endian integer, as specified in BIP-340.
  • The last 32 bytes of the signature must correspond to the bytes of s, as a big-endian integer, as specified in BIP-340.

See also