Collisions occur because "rand" is used instead of "random_int" in lib/Utils.php

The code section should be replaced with

  public static function randBytes ($ count)
     {
         $ res = "";
         for ($ i = 0; $ i <$ count; $ i ++)
             $ res. = chr (rand (0, 255));
         return $ res;
     }

to the following code or similar

  public static function randBytes ($ count)
     {
         $ res = "";
         for ($ i = 0; $ i <$ count; $ i ++)
             $ res. = chr (random_int(0, 255));
         return $ res;
     }

How to get compact sing for spec256k1 ?

it is the same to secp256k1_ecdsa_recoverable_signature_serialize_compact from
https://github.com/bitcoin-core/secp256k1/blob/1e6f1f5ad5e7f1e3ef79313ec02023902bf8175c/include/secp256k1_recovery.h#L63

i got the same sign for 2 differrent msg

782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de12909ce62ec5dc1c862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de128b9cf23c3bef13862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

I have problems in sending raw ethereum transactions.

when I want to send most of the times show me 'Invalid sender' error.
but sometimes tx is sent successfully.

I'm using your library for signing transactions.
I think that maybe the problem is from your library.
maybe your library don't sign transaction correctly or maybe I use it incorrectly.

please see my question in:
https://ethereum.stackexchange.com/questions/59881/sending-ethereum-raw-transactions-by-infura-io-gives-me-invalid-sender-error
and if you can help me for finding out the problem.

Is it possible to verifcate admob server-side-verification? They use ECDSA with SHA256.

Given is a public key from https://www.gstatic.com/admob/reward/verifier-keys.json But how to use this key for verification?

AdMob Documentation: https://developers.google.com/admob/android/rewarded-video-ssv#manual_verification_of_rewarded_video_ssv

Can you help me?

I send text to my friend. How can i encrypt a text from my private key and him public key. And then, how can he decrypt by him private key and my public key ?

I have been using your library for a long time ( simplito/elliptic-php v1.0)

in order to generate private keys for ethereum.

the size of ethereum private keys is 64 hex characters and the library always gave me private keys with 64 hex characters.

but recently it has given me a private key with 62 hex characters

is it possible?

this is my code:

$ec = new Elliptic\EC('secp256k1');
$key = $ec->genKeyPair();

$eth_privatekey = $key->getPrivate('hex');
$eth_publickey = $key->getPublic('hex');


var_dump($eth_privatekey );
var_dump($eth_publickey );

New PHP has #[\SensitiveParameter].
I think it would be great to have it added, for example to ec->keyFromPrivate($key) since handling keys is handling sensitive information.

What this does, is hides key from stack traces and such.

hi good man
I was reading this article about how making bitcoin raw transactions.

in the article step3 is result after signing step1 with this privatekey:
0ecd20654c2e2be708495853e8da35c664247040c00bd10b9b13e5e86e6a808d

step1 (raw transaction before signing):

01000000
01
be66e10da854e7aea9338c1f91cd489768d1d6d7189f586d7a3613f2a24d5396
00000000
19 76 a9 14 dd6cce9f255a8cc17bda8ba0373df8e861cb866e 88 ac
ffffffff
01
23ce010000000000
19 76 a9 14 2bc89c2702e0e618db7d59eb5ce2f0f147b40754 88 ac
00000000
01000000

step3 (result after signing double sha256 of step1 raw trx):
3045022100da43201760bda697222002f56266bf65023fef2094519e13077f777baed553b102205ce35d05eabda58cd50a67977a65706347cc25ef43153e309ff210a134722e9e

I signed step1 by your library and got me this result:
30450220587ce0cf0252e2db3a7c3c91b355aa8f3385e128227cd8727c5f7777877ad772022100edc508b7c14891ed15ab38c687019d7ebaf5c12908cf21a83e8ae57e8c47e95c

As you see result of signing message is different from result of signing message in step3.

this is full my code:

use Elliptic\EC;
use StephenHill\Base58;
use BN\BN;


$trx = '0100000001be66e10da854e7aea9338c1f91cd489768d1d6d7189f586d7a3613f2a24d5396000000001976a914dd6cce9f255a8cc17bda8ba0373df8e861cb866e88acffffffff0123ce0100000000001976a9142bc89c2702e0e618db7d59eb5ce2f0f147b4075488ac0000000001000000';

$a = hex2bin($trx);

$privatekey = '0ecd20654c2e2be708495853e8da35c664247040c00bd10b9b13e5e86e6a808d';

$ec = new EC('secp256k1');
$key = $ec->keyFromPrivate($privatekey);
$doubleSha256Trx = hash('sha256', hash('sha256', $a, true));

$mustSign = $doubleSha256Trx;
$signature = $key->sign($mustSign);
$derSign = $signature->toDER('hex');
echo $derSign;

please help me to find out whats my wrong.

thanks

Can you customize the key to generate seeds?
Similar bitcoin

I am trying to verify the signature, but I got the error: Cannot initialize.
Here is my code:

public static  function verifySignature($hash, $signature, $address) {
    try {
        $sign = [
            "r" => substr($signature, 0, 64),
            "s" => substr($signature, 64, 64),
        ];
        $reCid = ord(hex2bin(substr($signature, 128, 2)));
        if ($reCid != ($reCid & 1)) {
            return false;
        }
        $ec = new EC('secp256k1');
        $publicKey = $ec->recoverPubKey($hash, $sign, $reCid);
         return $address == self::pubKeyToAddress($publicKey);
    }catch (\Exception $exception) {
        throw new HashException($exception->getCode(),$exception->getMessage());
    }
}

verifySignature("c230e229e1e7edd299b4c142ac105a84df7c114ef1d6c538ee9e8461f70b2ad3",""W6AdiMNBTRb/a9oa43CFnL+UjpdhJ4QuxfnVQuTY8EB0RQQ2pvWEeIF9c5oMrokVrCmtBiXe4vW3Fvu+mIZ2bwA=","0x38737be4bb9bdB44Fa4367935E087Dad925CE172");

I traced the error and found it threw out when executed to $ec->recoverPubKey($hash, $sign, $reCid);

Hi there, I'm not a crypto expert so I have a question; Can I use this lib to generate a pub/priv keypair based on a seed or secret (so reproducable) to use with, in my case, BigChainDB? (https://docs.bigchaindb.com/projects/js-driver/en/latest/usage.html#cryptographic-identities-generation)

I can manage to get a private key using the $key->priv() method but the pub() method returns an array I do not know how to use? I''m expecting something like: DGNE3CjqfGoeJYYMzZZVWAw22eqxEZb46xg5zupC63a6

Can this be documented?

Hello, I'm not sure if this repository is still maintained, but I want to know, to use this package, if it's necessary to also install your "BN" package with Composer, or if just installing this package is fine.

Edit: I am very new with PHP, sorry if this is a dumb question :)

is it woking, did you check? blockchain tells it is not canonical

Hi, when I create private key from secret, EC is modifying it

$secret = random_bytes(32);

$ec = new EC('curve25519');

$keyPair = $ec->keyFromPrivate(bin2hex($secret), 16);

$keyPair->getPrivate('hex') !== bin2hex($secret);

and I think this secret should be same

I'm trying to use your example "Verifying Ethereum Signature"

In the client, using ethers.js I used this code:

    const Signer = await provider.getSigner();
    const userAddress = await Signer.getAddress();
    const numTokens = await ContractUser.balanceOf(userAddress);
    let currentTime = new Date();
    let month = currentTime.getMonth() + 1;
    let day = currentTime.getDate();
    let year = currentTime.getFullYear();
    let msgToSign = 'Connect: ' + userAddress + ' on ' + year + month + day;
    let messageHash = ethers.utils.solidityKeccak256(['string'],[msgToSign]);
    let signature = await Signer.signMessage(ethers.utils.arrayify(messageHash));

And then to verify it

    let recovered = ethers.utils.verifyMessage(ethers.utils.arrayify(messageHash), signature);

which works, it correctly returns the userAddress.

But then, using your example to verify the signature in php, I get a different address.
I noticed the messageHash is different than the hash calculated in the php. When I removed the $message prefix (string and length) and just hash the message as is, I get the same hash as in javascript. However, in both cases, the address returned is different.

Can you help me?

Hi there, thanks for this great library. I wonder whether it's possible to add feature to import private key from the pem format (SEC1/PEM or PKCS#8/PEM).

Hello,

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\Elliptic\EdDSA.php on line 16

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 551

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 477

Thx

Hi !

I am trying to do this using your library:

https://developer.apple.com/documentation/storekit/in-app_purchase/generating_a_signature_for_subscription_offers

Can you provide any help ?

Hi , based on my current understanding, this elliptic-php can only generates private-public key pairs, and cannot generate public key from a given private key. It that right?

Then how could I get pulickey from a given privatekey?

Many thanks if any information could be provided!

Just reporting deprecation when using this with php 8.1

Deprecated: Return type of Elliptic\Curve\ShortCurve\Point::jsonSerialize() should either be compatible with 
JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be 
used to temporarily suppress the notice in 
[project]/vendor/simplito/elliptic-php/lib/Curve/ShortCurve/Point.php on line 84

I'm trying to define and work with an ordinary Edwards curve, but it seems like there's an error in the implementation of the math for ordinary Edwards curves (in comparison, the math for twisted curves doesn't throw any errors).

Undefined property $this->c at
https://github.com/simplito/elliptic-php/blob/master/lib/Curve/EdwardsCurve/Point.php#L143

// H = (c * Z1)^2
$h = $this->curve->_mulC($this->c->redMul($this->z))->redSqr();

This is how the elliptic,js code does it:
https://github.com/indutny/elliptic/blob/475f066aebd14681591f0f0f18a2abc0ded8c390/lib/elliptic/curve/edwards.js#L252

// H = (c * Z1)^2
var h = this.curve._mulC(this.z).redSqr();

I'm not versed at all in the maths for working with Edwards curve, but this looks like a typo in the php version.

HI,

Is it possible to recover ethereum PubKey from raw transaction using this lib/scripts, like in
function elliptic.ec.prototype.recoverPubKey (msg, signature, j, enc) ?

I am trying to verify the signature, but I got the error: Cannot initialize.
Here is my code:

public static function verifySignature($hash, $signature, $address) {
try {
$sign = [
"r" => substr($signature, 0, 64),
"s" => substr($signature, 64, 64),
];
$reCid = ord(hex2bin(substr($signature, 128, 2)));
if ($reCid != ($reCid & 1)) {
return false;
}
$ec = new EC('secp256k1');
$publicKey = $ec->recoverPubKey($hash, $sign, $reCid);
return $address == self::pubKeyToAddress($publicKey);
}catch (\Exception $exception) {
throw new HashException($exception->getCode(),$exception->getMessage());
}
}
verifySignature("c230e229e1e7edd299b4c142ac105a84df7c114ef1d6c538ee9e8461f70b2ad3",""W6AdiMNBTRb/a9oa43CFnL+UjpdhJ4QuxfnVQuTY8EB0RQQ2pvWEeIF9c5oMrokVrCmtBiXe4vW3Fvu+mIZ2bwA=","0x38737be4bb9bdB44Fa4367935E087Dad925CE172");

I traced the error and found it threw out when executed to $ec->recoverPubKey($hash, $sign, $reCid);

I am trying to verify the signature of a hashed message, and the method used in the description doesn't return the right address :

function verifySignature($message, $signature, $address) {
        $msglen = strlen($message);
        $hash   = Keccak::hash("\x19Ethereum Signed Message:\n{$msglen}{$message}", 256);
        $sign   = ["r" => substr($signature, 2, 64),
            "s" => substr($signature, 66, 64)];
        $recid  = ord(hex2bin(substr($signature, 130, 2))) - 27;
        if ($recid != ($recid & 1))
            return false;

        $ec = new EC('secp256k1');
        $pubkey = $ec->recoverPubKey($hash, $sign, $recid);
        return $address == $this->pubKeyToAddress($pubkey);
    }


$address   = "0xd927a97442c8bce9f18e84de11cac6e54a890ff8";
            $message   = "0xa880c297e04a9a4e1b8856dd4b48c1f6c0b0b82b1da2907b3d16f6ab1357c8b9";
// signature returned by eth.sign(address, message)
            $signature = "0xcd33577b169a3f2a5c835b3ca7dab1d41fa32db4b791c6856319756e7fecc3cb13676706408b019b6dcc3fe28a72f8435390bb0a1572ba241cfd09ae917784511c";

            if ($this->verifySignature($message, $signature, $address)) {
                Log::error("SUCCSS");
            } else {
                Log::error("FAIL");
            }

the address returned by verifySignature (that we try to compare to the original address) is 0xad21644cb255d77dbf4b1ab716cca9797ce3e5bb which is different than the original address.

The problem here is that when not signing the hashed message but the original message it works correctly.

the original message is : "It'sMe MArio". (without the quotes) and the hashing is done by sha3 : web3.utils.sha3(message)

hi
I'm using your library to generate private key and then public key and then generate ethereum wallet address from it.
this is my code:

use Elliptic\EC;
use kornrunner\Keccak;

$ec = new EC('secp256k1');
$key = $ec->genKeyPair();

$priv = $key->getPrivate('hex');
$pub = substr($key->getPublic('hex'),2);

$hash = Keccak::hash($pub, 256);
$wallet = substr($hash,-40);


var_dump($priv);    // ex:  77a1d1930a78c7ff16a849b519729b67e738ea49c4db19ee8a6f1dea816c7577
var_dump($pub);   // ex:   db93fb7c12b067e2e7794bb49c704159d78a0c4efa5f7e65c5bbb8e343ec602d5ee39169e3a06d4cb0db764445f2772ed5fdb1d3fd18a2f5cdc15b2581b74216
var_dump($hash);  // ex: 5335602cd85aff99e78fdb15cee40b78e358cfb8c4f1a8f1110424401e3febc6
var_dump($wallet);// ex: cee40b78e358cfb8c4f1a8f1110424401e3febc6

but when I use this private key in https://www.myetherwallet.com/ it shows below address as wallet:
B1b71CEc4a07F4EDAc54A620f4Cf4EbC6e7405DD

would you help me to find solution please?

    If you talking about [this](https://eklitzke.org/bitcoin-transaction-malleability) and forcing to use smaller s value in signature, we do not have it, because our lib is strict elliptic math, without implementation focused on bitcoin/blockchain or something. But if you need that, you can check this

<?php

require_once("vendor/autoload.php");

use Elliptic\EC;
use Elliptic\EC\Signature;

function getNegativeSignature($ec, $sig) {
    $res = new Signature($sig);
    $res->s = $res->s->neg()->add($ec->n);
    return $res;
}

$ec = new EC('secp256k1');
$key = $ec->genKeyPair();
$msg = 'ab4c3451';
$signature = $key->sign($msg);
$negativeSignature = getNegativeSignature($ec, $signature);

echo "Normal signature:   " . $signature->toDER('hex') . "\n";
echo "Negative signature: " . $negativeSignature->toDER('hex') . "\n";

echo "Verify normal:   " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";
echo "Verify negative: " . (($key->verify($msg, $negativeSignature) == TRUE) ? "true" : "false") . "\n";

if ($signature->s->cmp($negativeSignature->s) < 0) {
    echo "Normal is canonical\n";
}
else {
    echo "Negative is canonical\n";
}

Originally posted by @ldudzsim in #22 (comment)

I use this code to get a smaller s value. But how to recalculate "recoveryParam"?

PublicKey = ellipse X coordinate

uncompressedPublicKey = prefix 04 + ellipse X coordinate + ellipse y coordinate

$address = "0x" .substr(Keccak::hash(substr(hex2bin($uncompressedPublicKey), 1), 256), 24);
How to get the Y coordinate / uncompressed public key, and then get the address?

I found bug from library. Look at this, how do I found it.
I want sign 2 msg, there are:

1. 44ab4c3451
2. 0444ab4c3451 (I put 04 on first string).

and then I compare with the other lib using this lib https://github.com/blockcypher/btcutils/tree/master/signer , the result of signing is different.

Result of msg = 44ab4c3451:
your lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22

golang lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22

Result of msg = 0444ab4c3451:
your lib: 304502202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa022100e01dfac253641b2f03030c0c5b66c5f71d329bdc5898e8afd6d3d2f1b500d8fa

Golang lib : 304402202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa02201fe2053dac9be4d0fcfcf3f3a4993a079d7c410a56afb78be8fe8b9b1b356847

Maybe your lib cant read zero on first string, could you help me to fix this ?
Sorry my bad english.
Thanks.

hi

I use your library for many of the EC operations.
I was studying the bip32 standard when I reached this section:
Public parent key → public child key

I need to add up 2 point ( point(parse256(IL)) + Kpar ).

now I want to know how to add 2 points using your library ?

thanks in advance

Hi,

I would like to use AdMobs SSV in Php, I've already found a lib for Go and Python, however I need it for Php and there is none unfortunetly https://developers.google.com/admob/android/rewarded-video-ssv

Thanks in advance!

Thank the author for his selfless dedication. I'm a rookie. I want to know how to use this library to generate EOS private key and EOS signature. Can you give me a simple demo

Problem 1
- simplito/elliptic-php[1.0.0, ..., 1.0.9] require ext-gmp * -> it is missing from your system. Install or enable PHP's gmp extension.
- Root composer.json requires simplito/elliptic-php ^1.0 -> satisfiable by simplito/elliptic-php[1.0.0, ..., 1.0.9].

To enable extensions, verify that they are enabled in your .ini files:
-
- /usr/local/etc/php/conf.d/docker-php-ext-bcmath.ini
- /usr/local/etc/php/conf.d/docker-php-ext-exif.ini
- /usr/local/etc/php/conf.d/docker-php-ext-gd.ini
- /usr/local/etc/php/conf.d/docker-php-ext-pcntl.ini
- /usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini
- /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini
You can also run php --ini inside terminal to see which files are used by PHP in CLI mode.

any javascript library suggestion work with this elliptic-php?

Thank

It shows me this error when i run this code:

<?php
require 'vendor/autoload.php';
use Elliptic\EC;

// Create and initialize EC context
// (better do it once and reuse it)
$ec = new EC('secp256k1');

// Generate keys
$key = $ec->genKeyPair();

$publicKey = $key->getPublic('hex');
$privateKey = $key->getPrivate('hex');

// Print the keys to the console

echo "The address1 is {$publicKey}. \r\n";
echo "The address1 is {$privateKey}. \r\n";

error:

PHP Fatal error: Uncaught Error: Class 'Elliptic\EC' not found in /home/istabraq/bctest/test2/test2.php:6
Stack trace:
#0 {main}
thrown in /home/istabraq/bctest/test2/test2.php on line 6

any help please?

I`ve decided to compare basic calculation of public key based on private key against Curve25519:

$secureRandom = openssl_random_pseudo_bytes ( 32);
// native curve25519.so
$trusty_private = curve25519_private($secureRandom);
$trusty_public = curve25519_public($trusty_private);

// this library
$ec = new EC('curve25519');
$untrusty_keypair = $ec->keyFromPrivate(bin2hex($trusty_private));
$untrusty_public = $untrusty_keypair->getPublic(true, 'hex');

echo $untrusty_public . PHP_EOL;
echo bin2hex($trusty_public) . PHP_EOL;

and this check has failed:

6aa466621807d91ec5a6777544a6796fde5adf8b72a842b23c25f0c479f3aa71
d323bc8387b836dca1cc42fb8f53cb533ff5eaaf2461adc8ef698640bd614a4b

Hi!

Project Wycheproof provides thousands of test vectors that have uncovered a lot of bugs in popular crypto libraries. Have you considered running it against this library?

Thanks!

I'm trying to recover a Message, but I don't understand your params.
Can you document them?

Especially I don't understand what $j is (type and values). In my case I have a recovery param of 27, which wont work.

In your test it seems that you requiring the PubKey in order to recover it.

As you might know in the Ethereum world we don't really have a publicKey, but a derivate of it.

Can you provide a example of PubKey recovery which just requires Message+Signature?