Merge pull request #122 from binance-chain/eddsa_s

S in eddsa signature is not encoded correctly
bnb-chain · Dec 3, 2020 · 5de0327 · 5de0327
2 parents 8060d05 + e7030a5
commit 5de0327
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/eddsa/signing/finalize.go b/eddsa/signing/finalize.go
@@ -37,19 +37,19 @@ func (round *finalization) Start() *tss.Error {
 		edwards25519.ScMulAdd(&tmpSumS, sumS, bigIntToEncodedBytes(big.NewInt(1)), sjBytes)
 		sumS = &tmpSumS
 	}
+	s := encodedBytesToBigInt(sumS)
 
 	// save the signature for final output
 	round.data.Signature = append(bigIntToEncodedBytes(round.temp.r)[:], sumS[:]...)
 	round.data.R = round.temp.r.Bytes()
-	round.data.S = sumS[:]
+	round.data.S = s.Bytes()
 	round.data.M = round.temp.m.Bytes()
 
 	pk := edwards.PublicKey{
 		Curve: tss.EC(),
 		X:     round.key.EDDSAPub.X(),
 		Y:     round.key.EDDSAPub.Y(),
 	}
-	s := encodedBytesToBigInt(sumS)
 
 	ok := edwards.Verify(&pk, round.temp.m.Bytes(), round.temp.r, s)
 	if !ok {