On Tue, 14 Jan 2014 13:51:06 -0800, Adam Back <a...@cypherspace.org> wrote:
> I saw in the math version you had said Q'=Q+H(S) and I presumed it was a
> typo, but your code says the same thing.  I presume you meant Q'=Q+H(S)*G
> and therefore that Util.SingleSHA256() multiplies by G internally?
> Adam

Thanks for reviewing this. The relevant line:

    byte[] q1New = EC.PointAdd(Q1, Util.SingleSHA256(S1));

SingleSHA256 is a single application of SHA256 -- named so since 'SHA256'  
functions in many Bitcoin libraries too often actually run DoubleSHA256.  
32 bytes are returned.

The multiplication by 'G' that you mention is part of my EC.PointAdd...

I should probably just publish all my code as MIT and be done with it ;-)


public static byte[] PointAdd(byte[] point, byte[] scalar, bool compressed  
= true)
     var point1 = new OpenSSL.Crypto.EC.Point(EcGroup, point);

     var num = OpenSSL.Core.BigNumber.FromArray(scalar);
     var point2 = OpenSSL.Crypto.EC.Point.Multiply(EcGroup, num,  

     var result = point1.Add(point2, EcBnContext);

     if (compressed)
         return result.GetBytes(ConversionForm.Compressed);
         return result.GetBytes(ConversionForm.Uncompressed);

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
Bitcoin-development mailing list

Reply via email to