Title: S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z)) Post by: cassondracoffee on April 29, 2024, 03:31:40 AM S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z))
hi, example data: priv_publickey _XY = px: 0xbb6c1de01f36618ae05f7c183c22dfa8797e779f39537752c27e2dc045b0e694 py: 0x2f8af53270bf045f2258834b6dad7481ad6fca009d80f5b54697b08d104fc7b3 nonce_publickey_XY = px: 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 py: 0xafa7746c07a124cb59e190f00955952a7329591b805c4d9d04d34abe8a803a74 Message(z)) = 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a #S output need using S calculate From priv_publickey _XY ,nonce_publickey_XY ,and Message(z) S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e My question is how to calculate the S value using only d publickey _XY, k publickey _XY, and z. I understand the S calculation formula: s = (z+x*r)/k but I need another method to get S, s = (z+priv_publickey _XY*r)/nonce_publickey_XY # my idea this is right ??? My English is a little bit Edit: share a possible idea. Title: Re: S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z)) Post by: graphite on April 29, 2024, 10:41:36 PM I assume this is the Schnorr Signature. Im not too familiar with it but I think the equation for generating s is:
s = k+m*x m = message hash (i think this is SHA256) x = private key k = a random generated private key P = public key K = public key to the random private key listed above k to check if s is signed with the correct private key you would have to multiply s by G. G is the starting point of the elliptic curve, bitcoin uses secp256k1. s*G = (k+m*x)*G = k*G + m*(x*G) = K + m*P ECDSA is distributive and associative so its possible to rearrange it like this. Now you can compute K + m*P to determine if it matches the output of s*G. If it does then it is a good signature. This video goes through all of this in better detail than i can: https://www.youtube.com/watch?v=wjACBRJDfxc&ab_channel=Bitcoinology Edit: actually this seems to be more of what your looking for: https://learnmeabitcoin.com/technical/cryptography/elliptic-curve/ecdsa/ |