From 722e2efeaea5cb50268468dcc3cb1b276a7b5f35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cthoatbk=E2=80=9D?= <“thomas@butterkiss.com”>
Date: Thu, 11 Dec 2014 00:37:46 +0100
Subject: [PATCH 1/3] enforce low S values on key signing, read BIP62 for
 details

---
 lib/browser/Key.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/browser/Key.js b/lib/browser/Key.js
index 088c64b..fe7ca0e 100644
--- a/lib/browser/Key.js
+++ b/lib/browser/Key.js
@@ -160,6 +160,11 @@ Key.sign = function(hash, priv, k) {
     var Q = Point.multiply(G, k);
     var r = Q.x.mod(n);
     var s = k.invm(n).mul(e.add(d.mul(r))).mod(n);
+    // use only low S values according to BIP62
+    var n_half = new bignum(n).div(2);
+    if (s.cmp(n_half) > 0) {
+      s = new bignum(n).sub(s);
+    }
   } while (r.cmp(new bignum(0)) <= 0 || s.cmp(new bignum(0)) <= 0);
 
   return {r: r, s: s};

From 684c30683302b990d6daa0989549706cf1f1bf34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cthoatbk=E2=80=9D?= <“thomas@butterkiss.com”>
Date: Thu, 11 Dec 2014 22:31:56 +0100
Subject: [PATCH 2/3] enforce low S values on key signing, read BIP62 for
 details (reverted from commit 722e2efeaea5cb50268468dcc3cb1b276a7b5f35)

---
 lib/browser/Key.js | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/lib/browser/Key.js b/lib/browser/Key.js
index fe7ca0e..088c64b 100644
--- a/lib/browser/Key.js
+++ b/lib/browser/Key.js
@@ -160,11 +160,6 @@ Key.sign = function(hash, priv, k) {
     var Q = Point.multiply(G, k);
     var r = Q.x.mod(n);
     var s = k.invm(n).mul(e.add(d.mul(r))).mod(n);
-    // use only low S values according to BIP62
-    var n_half = new bignum(n).div(2);
-    if (s.cmp(n_half) > 0) {
-      s = new bignum(n).sub(s);
-    }
   } while (r.cmp(new bignum(0)) <= 0 || s.cmp(new bignum(0)) <= 0);
 
   return {r: r, s: s};

From 28bb0f4cfc5fdede3511a0d29bb3fbb109750b21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cthoatbk=E2=80=9D?= <“thomas@butterkiss.com”>
Date: Thu, 11 Dec 2014 22:38:22 +0100
Subject: [PATCH 3/3] enforce low S values for key signing, check BIP62 for
 details

---
 lib/browser/Key.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/browser/Key.js b/lib/browser/Key.js
index 088c64b..c931f1b 100644
--- a/lib/browser/Key.js
+++ b/lib/browser/Key.js
@@ -160,6 +160,12 @@ Key.sign = function(hash, priv, k) {
     var Q = Point.multiply(G, k);
     var r = Q.x.mod(n);
     var s = k.invm(n).mul(e.add(d.mul(r))).mod(n);
+    //enforce low s
+    //see BIP 62, "low S values in signatures"
+    var n_half = bignum.fromBuffer(new Buffer("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0", 'hex'), {size: 32});
+    if (s.cmp(n_half) > 0) {
+      s = new bignum(n).sub(s);
+    }
   } while (r.cmp(new bignum(0)) <= 0 || s.cmp(new bignum(0)) <= 0);
 
   return {r: r, s: s};