Signature Secp256k1PP::sign(Secret const& _key, h256 const& _hash) { // assumption made by signing alogrithm assert(m_q == m_qs); Signature sig; Integer k(kdf(_key, _hash).data(), 32); if (k == 0) BOOST_THROW_EXCEPTION(InvalidState()); k = 1 + (k % (m_qs - 1)); ECP::Point rp; Integer r; { Guard l(x_params); rp = m_params.ExponentiateBase(k); r = m_params.ConvertElementToInteger(rp); } sig[64] = 0; // sig[64] = (r >= m_q) ? 2 : 0; Integer kInv = k.InverseMod(m_q); Integer z(_hash.asBytes().data(), 32); Integer s = (kInv * (Integer(_key.data(), 32) * r + z)) % m_q; if (r == 0 || s == 0) BOOST_THROW_EXCEPTION(InvalidState()); // if (s > m_qs) // { // s = m_q - s; // if (sig[64]) // sig[64] ^= 1; // } sig[64] |= rp.y.IsOdd() ? 1 : 0; r.Encode(sig.data(), 32); s.Encode(sig.data() + 32, 32); return sig; }