verify function

bool verify(
  1. PublicKey pub,
  2. List<int> hash,
  3. Signature sig
)

verify a signature of a 32 byte message against the public key. Returns an error if verification fails. https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#verification

Implementation

bool verify(PublicKey pub, List<int> hash, Signature sig) {
  var curve = pub.curve;

  if (!curve.isOnCurve(pub)) {
    throw SchnorrException('public key is not on curve ' + curve.name);
  }

  var r = sig.R;
  if (r >= curve.p) {
    throw SchnorrException('r is larger than or equal to field size');
  }

  var s = sig.S;
  if (s >= curve.n) {
    throw SchnorrException('s is larger than or equal to curve order');
  }

  var e = getE(curve, pub, intToByte(curve, r), hash);
  var sG = curve.scalarBaseMul(intToByte(curve, s));
  var eP = curve.scalarMul(pub, intToByte(curve, e));
  eP.Y = curve.p - eP.Y;
  var R = curve.add(sG, eP);

  if ((R.X.sign == 0 && R.Y.sign == 0) ||
      jacobi(R.Y, curve.p) != 1 ||
      R.X != r) {
    return false;
  }

  return true;
}