Author

Topic: S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z)) (Read 123 times)

jr. member
Activity: 39
Merit: 27
I assume this is the Schnorr Signature. Im not too familiar with it but I think the equation for generating s is:

  s = k+m*x

  m = message hash (i think this is SHA256)
  x  = private key
  k  = a random generated private key

  P = public key
  K = public key to the random private key listed above k

to check if s is signed with the correct private key you would have to multiply s by G. G is the starting point of the elliptic curve, bitcoin uses secp256k1.

  s*G = (k+m*x)*G = k*G + m*(x*G) = K + m*P

ECDSA is distributive and associative so its possible to rearrange it like this. Now you can compute K + m*P to determine if it matches the output of s*G. If it does then it is a good signature.

This video goes through all of this in better detail than i can: https://www.youtube.com/watch?v=wjACBRJDfxc&ab_channel=Bitcoinology

Edit:
actually this seems to be more of what your looking for: https://learnmeabitcoin.com/technical/cryptography/elliptic-curve/ecdsa/



newbie
Activity: 14
Merit: 0
S calculate From (priv_publickey _XY ,nonce_publickey_XY  ,and Message(z))
hi,
example  data:

priv_publickey _XY    = px: 0xbb6c1de01f36618ae05f7c183c22dfa8797e779f39537752c27e2dc045b0e694  py: 0x2f8af53270bf045f2258834b6dad7481ad6fca009d80f5b54697b08d104fc7b3
nonce_publickey_XY  = px: 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 py: 0xafa7746c07a124cb59e190f00955952a7329591b805c4d9d04d34abe8a803a74
Message(z))                = 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a


#S output need using S calculate From priv_publickey _XY ,nonce_publickey_XY  ,and Message(z)
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e

My question is how to calculate the S value using only d publickey _XY, k publickey _XY, and z.

I understand the S calculation formula: s = (z+x*r)/k
but I need another method to get S,  s = (z+priv_publickey _XY*r)/nonce_publickey_XY   # my idea this is right  Huh


My English is a little bit

Edit:
share a possible idea.
Jump to: