Bitcoin Forum
May 17, 2024, 02:49:16 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z))
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z))  (Read 95 times)
cassondracoffee (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
April 29, 2024, 03:31:40 AM
 #1
S calculate From (priv_publickey _XY ,nonce_publickey_XY  ,and Message(z))
hi,
example  data:

priv_publickey _XY    = px: 0xbb6c1de01f36618ae05f7c183c22dfa8797e779f39537752c27e2dc045b0e694  py: 0x2f8af53270bf045f2258834b6dad7481ad6fca009d80f5b54697b08d104fc7b3
nonce_publickey_XY  = px: 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 py: 0xafa7746c07a124cb59e190f00955952a7329591b805c4d9d04d34abe8a803a74
Message(z))                = 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a


#S output need using S calculate From priv_publickey _XY ,nonce_publickey_XY  ,and Message(z)
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e

My question is how to calculate the S value using only d publickey _XY, k publickey _XY, and z.

I understand the S calculation formula: s = (z+x*r)/k
but I need another method to get S,  s = (z+priv_publickey _XY*r)/nonce_publickey_XY   # my idea this is right  Huh


My English is a little bit

Edit:
share a possible idea.
graphite
Jr. Member
*
Offline Offline

Activity: 30
Merit: 4


View Profile
April 29, 2024, 10:41:36 PM
Last edit: April 30, 2024, 02:57:03 AM by graphite
 #2
I assume this is the Schnorr Signature. Im not too familiar with it but I think the equation for generating s is:

  s = k+m*x

  m = message hash (i think this is SHA256)
  x  = private key
  k  = a random generated private key

  P = public key
  K = public key to the random private key listed above k

to check if s is signed with the correct private key you would have to multiply s by G. G is the starting point of the elliptic curve, bitcoin uses secp256k1.

  s*G = (k+m*x)*G = k*G + m*(x*G) = K + m*P

ECDSA is distributive and associative so its possible to rearrange it like this. Now you can compute K + m*P to determine if it matches the output of s*G. If it does then it is a good signature.

This video goes through all of this in better detail than i can: https://www.youtube.com/watch?v=wjACBRJDfxc&ab_channel=Bitcoinology

Edit:
actually this seems to be more of what your looking for: https://learnmeabitcoin.com/technical/cryptography/elliptic-curve/ecdsa/
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z))
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!