Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Overview

Fast Elliptic Curve Cryptography in PHP

Information

This library is a PHP port of elliptic, a great JavaScript ECC library.

  • Supported curve types: Short Weierstrass, Montgomery, Edwards, Twisted Edwards.
  • Curve 'presets': secp256k1, p192, p224, p256, p384, p521, curve25519, ed25519.

This software is licensed under the MIT License.

Projects which use Fast ECC PHP library: PrivMX WebMail, ...

Benchmarks

+------------------------+----------------+--------+-----+------+
| subject                | mode           | rstdev | its | revs |
+------------------------+----------------+--------+-----+------+
| elliptic#genKeyPair    | 323.682ops/s   | 2.72%  | 5   | 50   |
| mdanter#genKeyPair     | 13.794ops/s    | 3.18%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+
| elliptic#sign          | 307.228ops/s   | 3.82%  | 5   | 50   |
| mdanter#sign           | 14.118ops/s    | 2.12%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+
| elliptic#verify        | 93.913ops/s    | 5.93%  | 5   | 50   |
| mdanter#verify         | 6.859ops/s     | 2.95%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+
| elliptic#dh            | 135.166ops/s   | 1.67%  | 5   | 50   |
| mdanter#dh             | 14.302ops/s    | 0.89%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+
| elliptic#EdDSASign     | 296.756ops/s   | 1.09%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+
| elliptic#EdDSAVerify   | 67.481ops/s    | 2.76%  | 5   | 50   |
+------------------------+----------------+--------+-----+------+

Installation

You can install this library via Composer:

composer require simplito/elliptic-php

Implementation details

ECDSA is using deterministic k value generation as per RFC6979. Most of the curve operations are performed on non-affine coordinates (either projective or extended), various windowing techniques are used for different cases.

NOTE: curve25519 could not be used for ECDSA, use ed25519 instead.

All operations are performed in reduction context using bn-php.

API

ECDSA

<?php
use Elliptic\EC;

// Create and initialize EC context
// (better do it once and reuse it)
$ec = new EC('secp256k1');

// Generate keys
$key = $ec->genKeyPair();

// Sign message (can be hex sequence or array)
$msg = 'ab4c3451';
$signature = $key->sign($msg);

// Export DER encoded signature to hex string
$derSign = $signature->toDER('hex');

// Verify signature
echo "Verified: " . (($key->verify($msg, $derSign) == TRUE) ? "true" : "false") . "\n";

// CHECK WITH NO PRIVATE KEY

// Public key as '04 + x + y'
$pub = "049a1eedae838f2f8ad94597dc4368899ecc751342b464862da80c280d841875ab4607fb6ce14100e71dd7648dd6b417c7872a6ff1ff29195dabd99f15eff023e5";

// Signature MUST be either:
// 1) hex-string of DER-encoded signature; or
// 2) DER-encoded signature as byte array; or
// 3) object with two hex-string properties (r and s)

// case 1
$sig = '30450220233f8bab3f5df09e3d02f45914b0b519d2c04d13ac6964495623806a015df1cd022100c0c279c989b79885b3cc0f117643317bc59414bfb581f38e03557b8532f06603';

// case 2
$sig = [48,69,2,32,35,63,139,171,63,93,240,158,61,2,244,89,20,176,181,25,210,192,77,19,172,105,100,73,86,35,128,106,1,93,241,205,2,33,0,192,194,121,201,137,183,152,133,179,204,15,17,118,67,49,123,197,148,20,191,181,129,243,142,3,85,123,133,50,240,102,3];

// case 3
$sig = ['r' => '233f8bab3f5df09e3d02f45914b0b519d2c04d13ac6964495623806a015df1cd', 's' => 'c0c279c989b79885b3cc0f117643317bc59414bfb581f38e03557b8532f06603'];


// Import public key
$key = $ec->keyFromPublic($pub, 'hex');

// Verify signature
echo "Verified: " . (($key->verify($msg, $sig) == TRUE) ? "true" : "false") . "\n";

EdDSA

<?php
use Elliptic\EdDSA;

// Create and initialize EdDSA context
// (better do it once and reuse it)
$ec = new EdDSA('ed25519');

// Create key pair from secret
$key = $ec->keyFromSecret('61233ca4590acd'); // hex string or array of bytes

// Sign message (can be hex sequence or array)
$msg = 'ab4c3451';
$signature = $key->sign($msg)->toHex();

// Verify signature
echo "Verified: " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";

// CHECK WITH NO PRIVATE KEY

// Import public key
$pub = '2763d01c334250d3e2dda459e5e3f949f667c6bbf0a35012c77ad40b00f0374d';
$key = $ec->keyFromPublic($pub, 'hex');

// Verify signature
$signature = '93899915C2919181A3D244AAAC032CE78EF76D2FFC0355D4BE2C70F48202EBC5F2BB0541D236182F55B11AC6346B524150695E5DE1FEA570786E1CC1F7999404';
echo "Verified: " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";

ECDH

<?php
use Elliptic\EC;

$ec = new EC('curve25519');

// Generate keys
$key1 = $ec->genKeyPair();
$key2 = $ec->genKeyPair();

$shared1 = $key1->derive($key2->getPublic());
$shared2 = $key2->derive($key1->getPublic());

echo "Both shared secrets are BN instances\n";
echo $shared1->toString(16) . "\n";
echo $shared2->toString(16) . "\n";

NOTE: .derive() returns a BN instance.

Using EC directly

Use case examples:

Computing public key from private

use Elliptic\EC;

$ec = new EC('secp256k1');

$priv_hex = "751ce088f64404e5889bf7e9e5c280b200b2dc158461e96b921df39a1dbc6635";
$pub_hex  = "03a319a1d10a91ada9a01ab121b81ae5f14580083a976e74945cdb014a4a52bae6";

$priv = $ec->keyFromPrivate($priv_hex);
if ($pub_hex == $priv->getPublic(true, "hex")) {
    echo "Success\n";
} else {
    echo "Fail\n";
}

Verifying Bitcoin Message Signature

use Elliptic\EC;
use StephenHill\Base58;

// see: https://en.bitcoin.it/wiki/List_of_address_prefixes
const MainNetId = "\x00";
const TestNetId = "\x6F";
const PrefixNetIdMap = [ "1" => MainNetId, "m" => TestNetId ];

function pubKeyAddress($pubkey, $netid = MainNetId) {
    $b58 = new Base58();

    $pubenc   = hex2bin($pubkey->encode("hex", true));
    $pubhash  = $netid . hash('ripemd160', hash('sha256', $pubenc, true), true);
    $checksum = substr( hash('sha256', hash('sha256', $pubhash, true), true), 0, 4); 

    return $b58->encode($pubhash . $checksum);
}

function verifySignature($message, $signature, $address) {
    $signbin = base64_decode($signature);

    $signarr  = [ "r" => bin2hex(substr($signbin, 1, 32)), 
                  "s" => bin2hex(substr($signbin, 33, 32)) ];

    $nv = ord(substr($signbin, 0, 1)) - 27; 
    if ($nv != ($nv & 7)) 
        return false;

    $recid = ($nv & 3); 
    $compressed = ($nv & 4) != 0;

    $msglen = strlen($message);
    $hash = hash('sha256', hash('sha256', "\x18Bitcoin Signed Message:\n" . chr($msglen) . $message, true));

    $ec = new EC('secp256k1');
    $pub = $ec->recoverPubKey($hash, $signarr, $recid);

    $result = pubKeyAddress($pub, PrefixNetIdMap[$address[0]]);
    return $result == $address;
}

$message   = "I like signatures";
$signature = "H/zugYITIQTk8ZFWeXkbGCV2MzvMtbh+CnKBctbM9tP2UCb1B4LdyWFQuTZKxLdIDgP8Vsvl+0AEkBlY1HoyVw8=";
$address   = "mxQadqtYQXYeUsSqdMdJxZwkzxbd2tuMdc";

if (verifySignature($message, $signature, $address)) {
    echo "Success\n";
} else {
    echo "Fail\n";
}

Verifying Ethereum Signature

use Elliptic\EC;
use kornrunner\Keccak;

function pubKeyToAddress($pubkey) {
    return "0x" . substr(Keccak::hash(substr(hex2bin($pubkey->encode("hex")), 1), 256), 24);
}

function verifySignature($message, $signature, $address) {
    $msglen = strlen($message);
    $hash   = Keccak::hash("\x19Ethereum Signed Message:\n{$msglen}{$message}", 256);
    $sign   = ["r" => substr($signature, 2, 64), 
               "s" => substr($signature, 66, 64)];
    $recid  = ord(hex2bin(substr($signature, 130, 2))) - 27; 
    if ($recid != ($recid & 1)) 
        return false;

    $ec = new EC('secp256k1');
    $pubkey = $ec->recoverPubKey($hash, $sign, $recid);

    return $address == pubKeyToAddress($pubkey);
}

$address   = "0x5a214a45585b336a776b62a3a61dbafd39f9fa2a";
$message   = "I like signatures";
// signature returned by eth.sign(address, message)
$signature = "0xacb175089543ac060ed48c3e25ada5ffeed6f008da9eaca3806e4acb707b9481401409ae1f5f9f290f54f29684e7bac1d79b2964e0edcb7f083bacd5fc48882e1b";

if (verifySignature($message, $signature, $address)) {
    echo "Success\n";
} else {
    echo "Fail\n";
}

ECDH (secret based, base58 format)

For usage in ed25519 oriented platforms like e.g. BigChainDB who use base58 encoded public / private keys.

use Elliptic\EdDSA;
use StephenHill\Base58;

$mnemonic = "scheme spot photo card baby mountain device kick cradle pact join borrow";
$secret = hash_pbkdf2('sha512', $mnemonic, 'mnemonic', 2048);

$ec =  new EdDSA('ed25519');
$kp = $ec->keyFromSecret($secret);

assert($secret == $kp->getSecret('hex'));
echo "Secret:  " . $kp->getSecret('hex') . PHP_EOL;

echo "Private: " . $kp->priv()->toString('hex') . PHP_EOL;
echo "Public:  " . $kp->getPublic('hex') .  PHP_EOL;

$b58 = new Base58();
echo PHP_EOL;
echo "B58 Private: " . $b58->encode(hex2bin($kp->priv()->toString('hex'))) . PHP_EOL;
echo "B58 Public:  " . $b58->encode(hex2bin($kp->getPublic('hex'))) .  PHP_EOL;

BIP32 Public Parent Key -> Public Child Key derivation example

<?php
use Elliptic\EC;
use BN\BN;

$ec = new EC('secp256k1');

// See: http://bip32.org using Derive From BIP32 Key
// xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8
$c_par = "873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508";
$K_par = "0339a36013301597daef41fbe593a02cc513d0b55527ec2df1050e2e8ff49c85c2";

// Derived public child key 
// Derivation path Simple: m/i
// Keypair index i: 2018
// xpub68Gmy5EVb2Begkah8BxugKchT5SExW5p9gEHBLnEvYSuwVppt2TzD3WTjxNk14R8pmHbz3MHB9n75M2zNYgkJUCwV9pYwU9Z21Awj7Cr5U9
$expected_c_child = "a7470737ffde1458292e19e838534f400ad3c0f72e12f08eff79dee4fce11bed";
$expected_K_child = "0376499d06f9e9df71d7ee08d13a91337fa2b92182d4afcddf917b8d9983eb4615";

$i = 2018;
$I_key  = hex2bin($c_par);
$I_data = hex2bin($K_par) . pack("N", $i);
$I = hash_hmac("sha512", $I_data, $I_key);
$I_L = substr($I, 0, 64);
$I_R = substr($I, 64, 64);
$c_i = $I_R;

$K_par_point = $ec->curve->decodePoint($K_par, "hex");
$I_L_point = $ec->g->mul(new BN($I_L, 16));
$K_i = $K_par_point->add($I_L_point);
$K_i = $K_i->encodeCompressed("hex");

if ($expected_c_child == $c_i && $expected_K_child == $K_i) {
    echo "Success!\n";
} else {
    echo "Failure!\n";
}
Comments
  • How to get pulickey from a given privatekey?

    How to get pulickey from a given privatekey?

    Hi , based on my current understanding, this elliptic-php can only generates private-public key pairs, and cannot generate public key from a given private key. It that right?

    Then how could I get pulickey from a given privatekey?

    Many thanks if any information could be provided!

    opened by yupnano 7
  • Generate signature from PKCS#8 file (itunes)

    Generate signature from PKCS#8 file (itunes)

    Hi !

    I am trying to do this using your library:

    https://developer.apple.com/documentation/storekit/in-app_purchase/generating_a_signature_for_subscription_offers

    Can you provide any help ?

    opened by mpoiriert 5
  • Calling assert() with a string argument is deprecated in php 7.2

    Calling assert() with a string argument is deprecated in php 7.2

    Hello,

    Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\Elliptic\EdDSA.php on line 16
    
    Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 551
    
    Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 477
    

    Thx

    opened by cyberpunkbln 5
  • Always the same sign

    Always the same sign

    i got the same sign for 2 differrent msg

    782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de12909ce62ec5dc1c862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

    782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de128b9cf23c3bef13862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

    opened by t3ran13 4
  • Ethereum Signature failing

    Ethereum Signature failing

    I'm trying to use your example "Verifying Ethereum Signature"

    In the client, using ethers.js I used this code:

        const Signer = await provider.getSigner();
        const userAddress = await Signer.getAddress();
        const numTokens = await ContractUser.balanceOf(userAddress);
        let currentTime = new Date();
        let month = currentTime.getMonth() + 1;
        let day = currentTime.getDate();
        let year = currentTime.getFullYear();
        let msgToSign = 'Connect: ' + userAddress + ' on ' + year + month + day;
        let messageHash = ethers.utils.solidityKeccak256(['string'],[msgToSign]);
        let signature = await Signer.signMessage(ethers.utils.arrayify(messageHash));
    

    And then to verify it

        let recovered = ethers.utils.verifyMessage(ethers.utils.arrayify(messageHash), signature);
    

    which works, it correctly returns the userAddress.

    But then, using your example to verify the signature in php, I get a different address. I noticed the messageHash is different than the hash calculated in the php. When I removed the $message prefix (string and length) and just hash the message as is, I get the same hash as in javascript. However, in both cases, the address returned is different.

    Can you help me?

    opened by kakashigr 3
  • Request: Generate keypair for usage in e.g. BigChainDB (doc pub key gen)

    Request: Generate keypair for usage in e.g. BigChainDB (doc pub key gen)

    Hi there, I'm not a crypto expert so I have a question; Can I use this lib to generate a pub/priv keypair based on a seed or secret (so reproducable) to use with, in my case, BigChainDB? (https://docs.bigchaindb.com/projects/js-driver/en/latest/usage.html#cryptographic-identities-generation)

    I can manage to get a private key using the $key->priv() method but the pub() method returns an array I do not know how to use? I''m expecting something like: DGNE3CjqfGoeJYYMzZZVWAw22eqxEZb46xg5zupC63a6

    Can this be documented?

    opened by stefanvangastel 3
  • EC recovery without Public key

    EC recovery without Public key

    I'm trying to recover a Message, but I don't understand your params. Can you document them?

    https://github.com/simplito/elliptic-php/blob/be6b14c6999a5c328457d571f643ef8b3f3f82d0/lib/EC.php#L212-L214

    Especially I don't understand what $j is (type and values). In my case I have a recovery param of 27, which wont work.

    In your test it seems that you requiring the PubKey in order to recover it.

    https://github.com/simplito/elliptic-php/blob/d6c5ecaaf434a52449f5e8faa350311c9fd1dd7a/tests/ECDSATest.php#L300-L308

    As you might know in the Ethereum world we don't really have a publicKey, but a derivate of it.

    Can you provide a example of PubKey recovery which just requires Message+Signature?

    opened by digitaldonkey 3
  • with bip44,do mnemonic to address,Unable to get: uncompressed public key / address / Y coordinate

    with bip44,do mnemonic to address,Unable to get: uncompressed public key / address / Y coordinate

    PublicKey = ellipse X coordinate

    uncompressedPublicKey = prefix 04 + ellipse X coordinate + ellipse y coordinate

    $address = "0x" .substr(Keccak::hash(substr(hex2bin($uncompressedPublicKey), 1), 256), 24); How to get the Y coordinate / uncompressed public key, and then get the address?

    opened by k6xiao 2
  • Update README.md

    Update README.md

    It's easy to miss and you spot it when one decryption in few hundred gives garbage results for no apparent reason. This is notably a different behavior from other libraries.

    opened by qqux 2
  • AdMob SSV Verification

    AdMob SSV Verification

    Is it possible to verifcate admob server-side-verification? They use ECDSA with SHA256.

    Given is a public key from https://www.gstatic.com/admob/reward/verifier-keys.json But how to use this key for verification?

    AdMob Documentation: https://developers.google.com/admob/android/rewarded-video-ssv#manual_verification_of_rewarded_video_ssv

    Can you help me?

    opened by KuLi 2
  • Compact Sign

    Compact Sign

    How to get compact sing for spec256k1 ?

    it is the same to secp256k1_ecdsa_recoverable_signature_serialize_compact from https://github.com/bitcoin-core/secp256k1/blob/1e6f1f5ad5e7f1e3ef79313ec02023902bf8175c/include/secp256k1_recovery.h#L63

    opened by t3ran13 2
  • How to use smaller s value in signature and recalculate recoveryParam

    How to use smaller s value in signature and recalculate recoveryParam

        If you talking about [this](https://eklitzke.org/bitcoin-transaction-malleability) and forcing to use smaller s value in signature, we do not have it, because our lib is strict elliptic math, without implementation focused on bitcoin/blockchain or something. But if you need that, you can check this
    
    <?php
    
    require_once("vendor/autoload.php");
    
    use Elliptic\EC;
    use Elliptic\EC\Signature;
    
    function getNegativeSignature($ec, $sig) {
        $res = new Signature($sig);
        $res->s = $res->s->neg()->add($ec->n);
        return $res;
    }
    
    $ec = new EC('secp256k1');
    $key = $ec->genKeyPair();
    $msg = 'ab4c3451';
    $signature = $key->sign($msg);
    $negativeSignature = getNegativeSignature($ec, $signature);
    
    echo "Normal signature:   " . $signature->toDER('hex') . "\n";
    echo "Negative signature: " . $negativeSignature->toDER('hex') . "\n";
    
    echo "Verify normal:   " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";
    echo "Verify negative: " . (($key->verify($msg, $negativeSignature) == TRUE) ? "true" : "false") . "\n";
    
    if ($signature->s->cmp($negativeSignature->s) < 0) {
        echo "Normal is canonical\n";
    }
    else {
        echo "Negative is canonical\n";
    }
    

    Originally posted by @ldudzsim in https://github.com/simplito/elliptic-php/issues/22#issuecomment-578507220

    I use this code to get a smaller s value. But how to recalculate "recoveryParam"?

    opened by FenShenx 2
  • Big Issue when recovering a signature of a hashed message

    Big Issue when recovering a signature of a hashed message

    I am trying to verify the signature of a hashed message, and the method used in the description doesn't return the right address :

    
    function verifySignature($message, $signature, $address) {
            $msglen = strlen($message);
            $hash   = Keccak::hash("\x19Ethereum Signed Message:\n{$msglen}{$message}", 256);
            $sign   = ["r" => substr($signature, 2, 64),
                "s" => substr($signature, 66, 64)];
            $recid  = ord(hex2bin(substr($signature, 130, 2))) - 27;
            if ($recid != ($recid & 1))
                return false;
    
            $ec = new EC('secp256k1');
            $pubkey = $ec->recoverPubKey($hash, $sign, $recid);
            return $address == $this->pubKeyToAddress($pubkey);
        }
    
    
    $address   = "0xd927a97442c8bce9f18e84de11cac6e54a890ff8";
                $message   = "0xa880c297e04a9a4e1b8856dd4b48c1f6c0b0b82b1da2907b3d16f6ab1357c8b9";
    // signature returned by eth.sign(address, message)
                $signature = "0xcd33577b169a3f2a5c835b3ca7dab1d41fa32db4b791c6856319756e7fecc3cb13676706408b019b6dcc3fe28a72f8435390bb0a1572ba241cfd09ae917784511c";
    
                if ($this->verifySignature($message, $signature, $address)) {
                    Log::error("SUCCSS");
                } else {
                    Log::error("FAIL");
                }
    
    

    the address returned by verifySignature (that we try to compare to the original address) is 0xad21644cb255d77dbf4b1ab716cca9797ce3e5bb which is different than the original address.

    The problem here is that when not signing the hashed message but the original message it works correctly.

    the original message is : "It'sMe MArio". (without the quotes) and the hashing is done by sha3 : web3.utils.sha3(message)

    opened by moda20 3
  • about EOS

    about EOS

    Thank the author for his selfless dedication. I'm a rookie. I want to know how to use this library to generate EOS private key and EOS signature. Can you give me a simple demo

    opened by Lianyoudashi 0
  • PubKey from RAW TX

    PubKey from RAW TX

    HI,

    Is it possible to recover ethereum PubKey from raw transaction using this lib/scripts, like in function elliptic.ec.prototype.recoverPubKey (msg, signature, j, enc) ?

    opened by Alf71 0
  • Error in verify signature: Cannot initialize

    Error in verify signature: Cannot initialize

    I am trying to verify the signature, but I got the error: Cannot initialize. Here is my code:

    public static function verifySignature($hash, $signature, $address) { try { $sign = [ "r" => substr($signature, 0, 64), "s" => substr($signature, 64, 64), ]; $reCid = ord(hex2bin(substr($signature, 128, 2))); if ($reCid != ($reCid & 1)) { return false; } $ec = new EC('secp256k1'); $publicKey = $ec->recoverPubKey($hash, $sign, $reCid); return $address == self::pubKeyToAddress($publicKey); }catch (\Exception $exception) { throw new HashException($exception->getCode(),$exception->getMessage()); } } verifySignature("c230e229e1e7edd299b4c142ac105a84df7c114ef1d6c538ee9e8461f70b2ad3",""W6AdiMNBTRb/a9oa43CFnL+UjpdhJ4QuxfnVQuTY8EB0RQQ2pvWEeIF9c5oMrokVrCmtBiXe4vW3Fvu+mIZ2bwA=","0x38737be4bb9bdB44Fa4367935E087Dad925CE172");

    I traced the error and found it threw out when executed to $ec->recoverPubKey($hash, $sign, $reCid);

    opened by VingoYang 0
  • Error in _projDbl for ordinary Edwards curves

    Error in _projDbl for ordinary Edwards curves

    I'm trying to define and work with an ordinary Edwards curve, but it seems like there's an error in the implementation of the math for ordinary Edwards curves (in comparison, the math for twisted curves doesn't throw any errors).

    Undefined property $this->c at https://github.com/simplito/elliptic-php/blob/master/lib/Curve/EdwardsCurve/Point.php#L143

    // H = (c * Z1)^2
    $h = $this->curve->_mulC($this->c->redMul($this->z))->redSqr();
    

    This is how the elliptic,js code does it: https://github.com/indutny/elliptic/blob/475f066aebd14681591f0f0f18a2abc0ded8c390/lib/elliptic/curve/edwards.js#L252

    // H = (c * Z1)^2
    var h = this.curve._mulC(this.z).redSqr();
    

    I'm not versed at all in the maths for working with Edwards curve, but this looks like a typo in the php version.

    opened by TiberiumFusion 0
Owner
Simplito
Software R&D
Simplito
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Paragon Initiative Enterprises 817 Dec 26, 2022
Strong cryptography tools and password hashing

laminas-crypt ???? Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

Laminas Project 29 Dec 15, 2022
High-level cryptography interface powered by libsodium

Halite Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by

Paragon Initiative Enterprises 1.1k Dec 22, 2022
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
Fast common interface for php_gmp and php_bcmath modules

BigInteger wrapper library for PHP Information This library is a common interface for php_gmp and php_bcmath modules. It automatically detects support

Simplito 12 Jul 24, 2022
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Sam Sanoop 416 Dec 17, 2022
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

timoh 57 Dec 2, 2022
JSON Object Signing and Encryption library for PHP.

NAMSHI | JOSE Deprecation notice Hi there, as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library

Namshi 1.7k Dec 22, 2022
PHP Secure Communications Library

phpseclib - PHP Secure Communications Library Supporting phpseclib Become a backer or sponsor on Patreon One-time donation via PayPal or crypto-curren

null 4.9k Jan 7, 2023
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.7k Jan 1, 2023
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security 2.5k Jan 4, 2023
A petite library of encryption functions for PHP

?? dcrypt A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here. If you need a dcrypt inspired en

null 96 Oct 6, 2022
A PHP library for counting short DNA sequences for use in Bioinformatics

Helix A PHP library for counting short DNA sequences for use in Bioinformatics. Helix consists of tools for data extraction as well as an ultra-low me

Andrew DalPino 2 Jan 25, 2022
php-chmod is a PHP library for easily changing permissions recursively.

PHP chmod php-chmod is a PHP library for easily changing the permissions recursively. Versions & Dependencies Version PHP Documentation ^1.1 ^7.4 curr

Mathias Reker ⚡️ 5 Oct 7, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022