Discrepancy in secp256k1 signature generation

librehash

2/18/24, 4:01 AM

I'll get straight to the point here.

There are two different programs I'm looking at. They both use secp256k1 to deterministically sign data (RFC6979) & provide the results online in-browser. However, both programs produce different DER-encoded signatures and I'm honestly baffled at this point as to why.

Program #1: https://paulmillr.com/noble/

Program #2: https://asecuritysite.com/encryption/sigs2

Since program #2 generates the private key randomly, I'd suggest running that first. You can take the private key (which is displayed) and throw that into program #1 and also duplicate the message to see what I'm talking about.

I'll show you all in live time below as well.

Program #1

Here, the message to be hashed is "avalanche" and the private key to sign it was 0x9fdd656817fe425361d41fa46911012c2e419e3774377c54c9a427c373e10919.

If we scroll further down the page we'll see the DER encoded signature they provided for that was: 3045022100e0842095f8b764b2b5ce9ba1d4541cbd9048f7e9df6e2c3e075b2f34ee5ceaa9022002ebf7ece15fad53213ab0ffb60df71b4459a50f5365eb47785766859c94db24

With that in mind, let's visit the next program.

Program #2

We input the same values here and that yields us a DER encoded value of: 304402202b12266521e5129146cbccfc6e4a10d6b4cfea081c8cbf237a56997d2843c01f0220370e8d87b611605f7a90922e0083184d9990066dc83def2a5fd017a4aa8ed606

I diff'd the two outputs. I don't know if that's me just hyper reading into this, but who knows.

Addressing Some Potential Premature Responses

"One must be legit and the other one isn't": I've went through the code for both projects. They both use HMAC-SHA256 and pipe that input into the 'k' (random nonce) for generating the signature
They both use the same hash signature (sha256)
Both are open source
Program 2 uses javascript, program 1 uses Python. The first uses pure python. The second was audited by cure53 for its cryptographic soundness.
To my understanding, both programs are encoding the data the same way.

I'm really stumped at this point and any help would be immensely appreciated. Thank you.

0 + 1

fgrieu

2/18/24, 5:58 AM

The question numbers the programs inconsistently. A brief attempt to replicate tends to confirm there is a discrepancy in the signatures for the same message and same private key; that it's not in how the private key is turned to public key; nor in the hash (or encoding) of the message. The most likely seems to be some divergence in the deterministic computation of the ephemeral secret $k$ from private key and hash of message.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Discrepancy in secp256k1 signature generation

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.