R-PuzzleΒΆ
In R-puzzle, an ephemeral key k
is never revealed. Instead r
, the x coordinate of its corresponding public key,
is revealed and from r
along with the signature, the knowledge of k
can be proved using existing checkSig
.
One crucial step in R-Puzzle is to extract r
from DER encoded signature. The following is much easier than what is presented in the R-Puzzle talk.
contract RPuzzle {
Sig s; // s = b'3045022100948c67a95f856ae875a48a2d104df9d232189897a811178a715617d4b090a7e90220616f6ced5ab219fe1bfcf9802994b3ce72afbb2db0c4b653a74c9f03fb99323f01'
function getSigR(Sig sig): bytes {
bytes lenBytes = sig[3:4];
int len = unpack(lenBytes);
bytes r = sig[4:4+len];
return r;
}
// r = b'00948c67a95f856ae875a48a2d104df9d232189897a811178a715617d4b090a7e9'
public function unlock(bytes r) {
require(r == this.getSigR(this.s));
}
}