Also, could you look, at this message, not sure if you've seen it:
https://bitcointalk.org/index.php?topic=345619.msg5002245#msg5002245
I don't understand this code so I cannot change it. It is up to CfB and BCNext to decide if and when this should be fixed.https://bitcointalk.org/index.php?topic=345619.msg5002245#msg5002245
Only crypto audit will tell if it's a bug or not. Right now there is another way to fix unverifable signatures in Crypto.sign(). We can't use BloodyRookie's fix without a formal proof that this won't break Curve25519 security. Actually, if the fix gets rid of unverifable signatures completely then we shouldn't use it. It's a normal situation that sometimes we have to recompute signatures generated with EC-KCDSA.
It is a bug. Did you even read my post completely? You need only basic knowledge in algebra to understand it.
The EC-KCDSA signature algorith can fail sometimes that's why sign() returns a boolean value. But that happens very rarely and simply means v=(x-h)s = 0 mod q.
Maybe you should ask Doctor Evil
I've made repo with test:
https://github.com/gimer/curve25519-sign-test
Code:
nxtcurve\bin> java nxtcurve.TestCurve
original failed: 132 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 121 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 137 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 133 / 1000
BloodyRookie's failed: 0 / 1000
...
original failed: 132 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 121 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 137 / 1000
BloodyRookie's failed: 0 / 1000
original failed: 133 / 1000
BloodyRookie's failed: 0 / 1000
...
I've also added class files to the repo, so it's enough to replace "nxt-0.7.2\webapps\root\WEB-INF\classes\nxt\crypto\Curve25519.class" with file from the repo and it should work.
Ah, now, we need a code audit on your code.