sign method

ECDSASignature sign(
  1. BigInt hash,
  2. BigInt randomK
)

Signs a hash value using the private key.

Parameters:

  • hash: A hash value of the message to be signed.
  • randomK: A random value for signature generation.

Returns: An ECDSA signature.

Implementation

ECDSASignature sign(BigInt hash, BigInt randomK) {
  BigInt n = publicKey.generator.order!;
  BigInt k = randomK % n;
  BigInt ks = k + n;
  BigInt kt = ks + n;

  BigInt r;
  if (ks.bitLength == n.bitLength) {
    r = (publicKey.generator * kt).x % n;
  } else {
    r = (publicKey.generator * ks).x % n;
  }

  if (r == BigInt.zero) {
    throw const MessageException("unlucky random number r");
  }

  BigInt s =
      (BigintUtils.inverseMod(k, n) * (hash + (secretMultiplier * r) % n)) %
          n;

  if (s == BigInt.zero) {
    throw const MessageException("unlucky random number s");
  }

  return ECDSASignature(r, s);
}