How do I verify compact signatures? #45

issue dpc opened this issue on July 23, 2014
  1. dpc commented at 11:38 PM on July 23, 2014: none

    Hi,

    I'm working on Rust language bindings for bitcoin-secp256k1 and I can't get tests verifing the compact signatures to work:

    The code is here: https://github.com/dpc/bitcoin-secp256k1-rs/blob/master/src/secp256k1.rs#L354

    The results are here:

    running 8 tests
test sign_and_verify ... ok
test sign_compact ... FAILED
test valid_pubkey_compressed ... ok
test sign ... ok
test invalid_pubkey ... ok
test valid_pubkey_uncompressed ... ok
test sign_and_verify_fail ... ok
test sign_compact_with_recovery ... FAILED

failures:

---- sign_compact stdout ----
        task 'sign_compact' failed at 'assertion failed: `(left == right) && (right == left)` (left: `Err(InvalidSignature)`, right: `Ok(true)`)', src/secp256k1.rs:370


---- sign_compact_with_recovery stdout ----
        task 'sign_compact_with_recovery' failed at 'assertion failed: `(left == right) && (right == left)` (left: `Err(InvalidSignature)`, right: `Ok(true)`)', src/secp256k1.rs:392



failures:
    sign_compact
    sign_compact_with_recovery

test result: FAILED. 6 passed; 2 failed; 0 ignored; 0 measured

task '<main>' failed at 'Some tests failed', /home/dpc/opt/src/rust/src/libtest/lib.rs:242
An unknown error occurred

make: *** [test] Error 1

    Am I missing something obvious?

  2. sipa commented at 6:01 PM on August 3, 2014: contributor

    Compact signatures use a different format, which _verify does not accept. All you can do is call recover on it, and check that the recovered public key is what you expect it to be.

  3. sipa closed this on Aug 4, 2014
  4. dpc commented at 5:26 PM on August 4, 2014: none

    So basically I should recover the public key from the recovery signature, sign the message again with it, and if the generated normal signature passes verify, I can be sure that the recovery one was valid too?

    I see. Thank you.

  5. sipa commented at 5:27 PM on August 4, 2014: contributor

    No, just recover the pubkey and compare the pubkey with what you expect it to be.

    And you can't sign with a public key.

  6. dpc commented at 5:34 PM on August 4, 2014: none

    Well, that should work too, but wouldn't what I described work too? Or is it just not secure for some reason?

  7. sipa commented at 5:35 PM on August 4, 2014: contributor

    It would be impossible (you don't get the private key) and even if it was, very inefficient. The key recovery guarantees that the signature is a valid signature for that message with the private key corresponding to the recovered public key.

  8. dpc commented at 5:41 PM on August 4, 2014: none

    In real life I wouldn't have the private key, right.

    And the header file states that recovery: (which guarantees a correct signature).

    I think I know everything now. Thank you!

  9. real-or-random referenced this in commit 1bbad3a04b on Mar 5, 2019
Contributors
dpcsipa
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 21:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me