Safe Haskell | Safe-Inferred |
---|---|

Language | Haskell2010 |

## Synopsis

- verifyEcdsaSecp256k1Signature ∷ ByteString → ByteString → ByteString → BuiltinResult Bool
- verifySchnorrSecp256k1Signature ∷ ByteString → ByteString → ByteString → BuiltinResult Bool

# Documentation

verifyEcdsaSecp256k1Signature Source #

∷ ByteString | Public key (33 bytes) |

→ ByteString | Message hash (32 bytes) |

→ ByteString | Signature (64 bytes) |

→ BuiltinResult Bool |

Verify an ECDSA signature made using the SECP256k1 curve.

# Note

There are additional well-formation requirements for the arguments beyond their length:

- The first byte of the public key must correspond to the sign of the
*y*coordinate: this is`0x02`

if*y*is even, and`0x03`

otherwise. - The remaining bytes of the public key must correspond to the
*x*coordinate, as a big-endian integer. - The first 32 bytes of the signature must correspond to the big-endian integer representation of _r_.
- The last 32 bytes of the signature must correspond to the big-endian integer representation of _s_.

While this primitive *accepts* a hash, any caller should only pass it hashes
that they computed themselves: specifically, they should receive the
*message* from a sender and hash it, rather than receiving the *hash* from
said sender. Failure to do so can be
dangerous. Other than
length, we make no requirements of what hash gets used.

verifySchnorrSecp256k1Signature Source #

∷ ByteString | Public key (32 bytes) |

→ ByteString | Message (arbitrary length) |

→ ByteString | Signature (64 bytes) |

→ BuiltinResult Bool |

Verify a Schnorr signature made using the SECP256k1 curve.

# Note

There are additional well-formation requirements for the arguments beyond
their length. Throughout, we refer to co-ordinates of the point `R`

.

- The bytes of the public key must correspond to the
*x*coordinate, as a big-endian integer, as specified in BIP-340. - The first 32 bytes of the signature must correspond to the
*x*coordinate, as a big-endian integer, as specified in BIP-340. - The last 32 bytes of the signature must correspond to the bytes of
*s*, as a big-endian integer, as specified in BIP-340.