secp256k1_sign.py

import random
import secp256k1

# https://www.cs.miami.edu/home/burt/learning/Csc609.142/ecdsa-cert.pdf
# Don Johnson, Alfred Menezes and Scott Vanstone, The Elliptic Curve Digital Signature Algorithm (ECDSA)
# 7 ECDSA Signature Generation and Verification

prikey = secp256k1.Fr(0x5f6717883bef25f45a129c11fcac1567d74bda5a9ad4cbffc8203c0da2a1473c)
pubkey = secp256k1.G * prikey

# Hash of messages. Generated by "sha256sum secp256k1.py"
m = secp256k1.Fr(0x72a963cdfb01bc37cd283106875ff1f07f02bc9ad6121b75c3d17629df128d4e)
print(f'hash={m}')

# Sign
while True:
    k = secp256k1.Fr(random.randint(0, secp256k1.N - 1))
    R = secp256k1.G * k
    r = secp256k1.Fr(R.x.x)
    if r.x == 0:
        continue
    s = (m + prikey * r) / k
    if s.x == 0:
        continue
    print(f'sigr={r}')
    print(f'sigs={s}')
    break


# Verify
u1 = m / s
u2 = r / s
x = secp256k1.G * u1 + pubkey * u2
assert x != secp256k1.I
v = secp256k1.Fr(x.x.x)
assert v == r
print('pass')