|
|
|
|
|
|
by cronokirby
1578 days ago
|
|
|
Reading this post, this is actually an explanation of Schnorr signatures, not ECDSA signatures. Bitcoin uses the latter, except for new transactions after the Taproot update, which the author doesn't reference here. In fact, the author isn't even describing a signature scheme, but rather an identification scheme, since the only step that involves the message is the vague: "5. Alice customizes a hash function with a message that she is signing". I believe what the author is referencing is to turn the Schnorr identification scheme into a signature scheme, you include the message along with the nonce commitment, hashing H(R, m) instead of H(R). In fact, you should also include the public key, hashing H(X, R, m). I remain somewhat confused as to how this article was written. |
|
|