Update app.py

app.py

@@ -28,6 +28,11 @@ SERVER_KEY = Keypair.from_seed(seed)
 
 
 
+
+
+
+
+'''
 CHAIN_LENGTH = 256
 N = 32  # SHA256 output bytes
 
@@ -71,6 +76,67 @@ def verify_wots(signature, message, public_key):
 
 
 
+'''
+
+
+
+
+CHAIN_LENGTH = 256
+N_MESSAGE = 32  # Standard hash length
+N_TOTAL = 34    # 32 (Message) + 2 (Checksum)
+
+def verify_wots(signature, message, public_key):
+    """
+    signature: list[str] (base58 encoded, length 34)
+    public_key: list[str] (base58 encoded, length 34)
+    """
+    if len(signature) != N_TOTAL or len(public_key) != N_TOTAL:
+        print(f"Invalid lengths: expected {N_TOTAL}")
+        return False
+
+    # 1. Re-calculate the message hash
+    msg_hash = hashlib.sha256(message).digest()
+
+    # 2. Re-calculate the SAME Checksum as the client
+    checksum = 0
+    for byte in msg_hash:
+        checksum += (255 - byte)
+    
+    # Convert checksum to 2 bytes
+    cks_bytes = bytes([(checksum >> 8) & 0xff, checksum & 0xff])
+    
+    # 3. Combine them exactly like the client did
+    combined = msg_hash + cks_bytes
+
+    # 4. Verify all 34 chains
+    for i in range(N_TOTAL):
+        try:
+            sig_i = base58.b58decode(signature[i])
+            pk_i = base58.b58decode(public_key[i])
+        except Exception as e:
+            return False
+
+        # Current revealed link
+        check = sig_i
+
+        # WALK FORWARD to the anchor (Public Key)
+        # The client walked 'combined[i]' steps.
+        # We walk the remaining steps to reach 256.
+        steps = CHAIN_LENGTH - combined[i]
+
+        for _ in range(steps):
+            check = hashlib.sha256(check).digest()
+
+        if check != pk_i:
+            print(f"Mismatch at index {i}")
+            return False
+
+    return True
+
+
+
+
+
 
 @app.get("/challenge")
 def get_challenge():