How to use smaller s value in signature and recalculate recoveryParam

[FenShenx]

    If you talking about [this](https://eklitzke.org/bitcoin-transaction-malleability) and forcing to use smaller s value in signature, we do not have it, because our lib is strict elliptic math, without implementation focused on bitcoin/blockchain or something. But if you need that, you can check this

<?php

require_once("vendor/autoload.php");

use Elliptic\EC;
use Elliptic\EC\Signature;

function getNegativeSignature($ec, $sig) {
    $res = new Signature($sig);
    $res->s = $res->s->neg()->add($ec->n);
    return $res;
}

$ec = new EC('secp256k1');
$key = $ec->genKeyPair();
$msg = 'ab4c3451';
$signature = $key->sign($msg);
$negativeSignature = getNegativeSignature($ec, $signature);

echo "Normal signature:   " . $signature->toDER('hex') . "\n";
echo "Negative signature: " . $negativeSignature->toDER('hex') . "\n";

echo "Verify normal:   " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";
echo "Verify negative: " . (($key->verify($msg, $negativeSignature) == TRUE) ? "true" : "false") . "\n";

if ($signature->s->cmp($negativeSignature->s) < 0) {
    echo "Normal is canonical\n";
}
else {
    echo "Negative is canonical\n";
}

Originally posted by @ldudzsim in #22 (comment)

I use this code to get a smaller s value. But how to recalculate "recoveryParam"?

[ldudzsim]

I think you don't have to recalculate recoveryParam, just use $signature->recoveryParam or $negativeSignature->recoveryParam

[FenShenx]

msg: 8507ca4ea93468ae8e0c9e97b6f510e92f3a9dd4fb4eedfe22ed105144326991
privateKey: 634094445fad8532ab6742f9896c6e6de4e43d03145ea573e1d3c8c425aaa549

r: adaa362e65a002acfd9a3f4fc4e74f1b10ac6ee21c058eb2a868a605969f408c
s: 549c0a07036bf1a98d069089668907a1188fdb61fb0149f4ff8cc54e2c791769
$signature->recoveryParam : 0
$negativeSignature->recoveryParam: 0

But i use other 'secp256k1' library , 'recoveryParam' return 1.