recoverPublicKeys method
Recovers public keys from the ECDSA signature and a hash of the message.
This method attempts to recover the public keys associated with the private key used to create this signature. It returns a list of possible public keys.
Parameters:
- hash: A hash of the message to be verified.
- generator: The generator point for the elliptic curve.
Returns: A list of recovered ECDSAPublicKey objects.
Implementation
List<ECDSAPublicKey> recoverPublicKeys(
List<int> hash, ProjectiveECCPoint generator) {
final curve = generator.curve;
final order = generator.order!;
final e = BigintUtils.fromBytes(hash);
final alpha =
(r.modPow(BigInt.from(3), curve.p) + curve.a * r + curve.b) % curve.p;
final beta = ECDSAUtils.modularSquareRootPrime(alpha, curve.p);
final y = (beta % BigInt.two == BigInt.zero) ? beta : (curve.p - beta);
final ProjectiveECCPoint r1 = ProjectiveECCPoint(
curve: curve, x: r, y: y, z: BigInt.one, order: order);
final inverseR = BigintUtils.inverseMod(r, order);
final ProjectiveECCPoint q1 = ((r1 * s) + (generator * (-e % order))) *
inverseR as ProjectiveECCPoint;
final pk1 = ECDSAPublicKey(generator, q1);
final r2 = ProjectiveECCPoint(
curve: curve, x: r, y: -y, z: BigInt.one, order: order);
final ProjectiveECCPoint q2 = ((r2 * s) + (generator * (-e % order))) *
inverseR as ProjectiveECCPoint;
final pk2 = ECDSAPublicKey(generator, q2);
return [pk1, pk2];
}