I am trying to derive a private key using the formula below:
The inputs are:
- r & s are from the signature.
- H(m) is a hash of the message being signed.
- k is the nonce used to sign the message.
Below is my code implementation using the npm elliptic module, that uses BN.js. When I try and compute the key though, I am getting a very different result than the expected private key.
sec256k1.test.ts
import {
createKeyPair,
generateNonce,
derivePrivateKeyFromNonce,
toHexString,
} from '../services/keys';
import { KeyTypes } from '../types';
import { BN } from 'bn.js';
let keyPair: any;
it('can create a new key and sign with it', async () => {
const type = KeyTypes.SECP256K1;
keyPair = await createKeyPair(type);
const msgHash = toHexString([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]);
const signature = keyPair.sign(msgHash);
expect(keyPair.verify(msgHash, signature)).toBe(true);
});
it('can sign using a provided nonce', async () => {
const msgHash = toHexString([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]);
const signature = keyPair.sign(msgHash, {
k: generateNonce,
});
expect(keyPair.verify(msgHash, signature.toDER())).toBe(true);
});
it('can sign using a provided nonce and then derive private key from nonce', async () => {
const msgHash = new BN(toHexString([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]));
const signature = keyPair.sign(msgHash, {
k: generateNonce,
});
expect(keyPair.verify(msgHash, signature)).toBe(true);
const privateKey = keyPair.priv;
const k = generateNonce();
const r = signature.r;
const s = signature.s;
const Hm = msgHash;
const orderOfCurve = new BN(
'115792089237316195423570985008687907852837564279074904382605163141518161494337'
);
const derivedPrivateKey = derivePrivateKeyFromNonce(
k,
Hm,
s,
r,
orderOfCurve
);
expect(derivedPrivateKey).toStrictEqual(privateKey);
});
keys.ts
import { ec } from 'elliptic';
import { KeyTypes } from 'src/types';
import { BN } from 'bn.js';
export const createKeyPair = async (keyType: KeyTypes) => {
const suite = new ec(keyType);
const key = suite.genKeyPair();
return key;
};
export const toHexString = (byteArray: number[]) => {
return Array.from(byteArray, (byte: number) => {
return ('0' + (byte & 0xff).toString(16)).slice(-2);
}).join('');
};
export const derivePrivateKeyFromNonce = (
k: any,
Hm: any,
s: any,
r: any,
n: any
) => {
const step1 = k.mul(s);
const step2 = step1.sub(Hm);
const step3 = r.invm(n);
const privateKey = step3.mul(step2);
return privateKey;
};
export const generateNonce = () => {
return new BN('12345');
};
output
- Expected - 1
+ Received + 1
- "d56da70b351cf3e485dc6065655915d51caf9e6272dc000536da06fc394199b0"
+ "607f218f9dd1a21aec11e0c877a9e54ed5912dcf06b6a66540e0cf19214236ba5ed288f7bdf81a6523775fa954b0e127ab819a76fc394eca5cdb94bf2ef7f4bab3"
I believe the issue is my value for H(m) being passed to derivePrivateKeyFromNonce but I am not exactly sure how to get it to work. Does anyone know where the breakdown is in my derivePrivateKeyFromNonce formula causing the derived key to be drastically different than the private key?