btc: grind for low-r value signatures to match core

2025-11-05 10:28:10 +01:00 · 2025-10-03 10:36:29 +02:00
parent 071675d359
commit a6c2251146
2 changed files with 16 additions and 1 deletions
--- a/basicswap/interface/btc.py
+++ b/basicswap/interface/btc.py
@@ -53,6 +53,7 @@ from coincurve.keys import (
    PrivateKey,
    PublicKey,
 )
+from coincurve.types import ffi
 from coincurve.ecdsaotves import (
    ecdsaotves_enc_sign,
    ecdsaotves_enc_verify,
@@ -1357,7 +1358,17 @@ class BTCInterface(Secp256k1Interface):
        )

        eck = PrivateKey(key_bytes)
-        return eck.sign(sig_hash, hasher=None) + bytes((SIGHASH_ALL,))
+        for i in range(10000):
+            # Grind for low-R value
+            if i == 0:
+                nonce = (ffi.NULL, ffi.NULL)
+            else:
+                extra_entropy = i.to_bytes(4, "little") + (b"\0" * 28)
+                nonce = (ffi.NULL, ffi.new("unsigned char [32]", extra_entropy))
+            sig = eck.sign(sig_hash, hasher=None, custom_nonce=nonce)
+            if len(sig) < 71:
+                return sig + bytes((SIGHASH_ALL,))
+        raise RuntimeError("sign failed.")

    def signTxOtVES(
        self,
--- a/tests/basicswap/test_xmr.py
+++ b/tests/basicswap/test_xmr.py
@@ -1249,6 +1249,10 @@ class Test(BaseTest):
            ci.signTx(b, lock_spend_tx, 0, lock_tx_script, amount),
            lock_tx_script,
        ]
+        assert (
+            len(witness_stack[1]) <= 71
+        )  # Test for low-r, sig size is <= 70 + sighash_type
+        assert len(witness_stack[2]) <= 71
        lock_spend_tx = ci.setTxSignature(lock_spend_tx, witness_stack)
        tx_decoded = ci.rpc("decoderawtransaction", [lock_spend_tx.hex()])
        vsize_actual: int = tx_decoded["vsize"]