1 files changed, 8 insertions, 3 deletions

diff --git a/pyecsca/ec/signature.py b/pyecsca/ec/signature.py
index 4d1e43b..8318c45 100644
--- a/pyecsca/ec/signature.py
+++ b/pyecsca/ec/signature.py
@@ -91,11 +91,13 @@ class Signature(object):
             return Mod(nonce, self.mult.group.order)
 
     def _do_sign(self, nonce: Mod, digest: bytes) -> SignatureResult:
+        z = int.from_bytes(digest, byteorder="big")
+        if z.bit_length() > self.mult.group.order.bit_length():
+            z >>= z.bit_length() - self.mult.group.order.bit_length()
         point = self.mult.multiply(int(nonce), self.mult.group.generator)
         affine_point = point.to_affine()  #  TODO: add to context
         r = Mod(int(affine_point.x), self.mult.group.order)
-        s = nonce.inverse() * (Mod(int.from_bytes(digest, byteorder="big"),
-                                   self.mult.group.order) + r * self.privkey)
+        s = nonce.inverse() * (Mod(z, self.mult.group.order) + r * self.privkey)
         return SignatureResult(int(r), int(s), digest=digest, nonce=int(nonce),
                                privkey=self.privkey)
 
@@ -118,8 +120,11 @@ class Signature(object):
         return self._do_sign(k, digest)
 
     def _do_verify(self, signature: SignatureResult, digest: bytes) -> bool:
+        z = int.from_bytes(digest, byteorder="big")
+        if z.bit_length() > self.mult.group.order.bit_length():
+            z >>= z.bit_length() - self.mult.group.order.bit_length()
         c = Mod(signature.s, self.mult.group.order).inverse()
-        u1 = Mod(int.from_bytes(digest, byteorder="big"), self.mult.group.order) * c
+        u1 = Mod(z, self.mult.group.order) * c
         u2 = Mod(signature.r, self.mult.group.order) * c
         p1 = self.mult.multiply(int(u1), self.mult.group.generator)
         p2 = self.mult.multiply(int(u2), self.pubkey)