Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Documentation
verifyEcdsaSecp256k1Signature Source #
∷ ByteString | Public key (33 bytes) |
→ ByteString | Message hash (32 bytes) |
→ ByteString | Signature (64 bytes) |
→ BuiltinResult Bool |
Verify an ECDSA signature made using the SECP256k1 curve.
Note
There are additional well-formation requirements for the arguments beyond their length:
- The first byte of the public key must correspond to the sign of the y
coordinate: this is
0x02
if y is even, and0x03
otherwise. - The remaining bytes of the public key must correspond to the x coordinate, as a big-endian integer.
- The first 32 bytes of the signature must correspond to the big-endian integer representation of _r_.
- The last 32 bytes of the signature must correspond to the big-endian integer representation of _s_.
While this primitive accepts a hash, any caller should only pass it hashes that they computed themselves: specifically, they should receive the message from a sender and hash it, rather than receiving the hash from said sender. Failure to do so can be dangerous. Other than length, we make no requirements of what hash gets used.
verifySchnorrSecp256k1Signature Source #
∷ ByteString | Public key (32 bytes) |
→ ByteString | Message (arbitrary length) |
→ ByteString | Signature (64 bytes) |
→ BuiltinResult Bool |
Verify a Schnorr signature made using the SECP256k1 curve.
Note
There are additional well-formation requirements for the arguments beyond
their length. Throughout, we refer to co-ordinates of the point R
.
- The bytes of the public key must correspond to the x coordinate, as a big-endian integer, as specified in BIP-340.
- The first 32 bytes of the signature must correspond to the x coordinate, as a big-endian integer, as specified in BIP-340.
- The last 32 bytes of the signature must correspond to the bytes of s, as a big-endian integer, as specified in BIP-340.