I assume this is the Schnorr Signature. Im not too familiar with it but I think the equation for generating s is:
s = k+m*x
m = message hash (i think this is SHA256)
x = private key
k = a random generated private key
P = public key
K = public key to the random private key listed above k
to check if s is signed with the correct private key you would have to multiply s by G. G is the starting point of the elliptic curve, bitcoin uses secp256k1.
s*G = (k+m*x)*G = k*G + m*(x*G) = K + m*P
ECDSA is distributive and associative so its possible to rearrange it like this. Now you can compute K + m*P to determine if it matches the output of s*G. If it does then it is a good signature.
This video goes through all of this in better detail than i can: https://www.youtube.com/watch?v=wjACBRJDfxc&ab_channel=Bitcoinology
Edit:
actually this seems to be more of what your looking for: https://learnmeabitcoin.com/technical/cryptography/elliptic-curve/ecdsa/
Topic: S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z)) (Read 123 times)
April 29, 2024, 05:41:36 PM
April 28, 2024, 10:31:40 PM
S calculate From (priv_publickey _XY ,nonce_publickey_XY ,and Message(z))
hi,
example data:
priv_publickey _XY = px: 0xbb6c1de01f36618ae05f7c183c22dfa8797e779f39537752c27e2dc045b0e694 py: 0x2f8af53270bf045f2258834b6dad7481ad6fca009d80f5b54697b08d104fc7b3
nonce_publickey_XY = px: 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 py: 0xafa7746c07a124cb59e190f00955952a7329591b805c4d9d04d34abe8a803a74
Message(z)) = 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a
#S output need using S calculate From priv_publickey _XY ,nonce_publickey_XY ,and Message(z)
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e
My question is how to calculate the S value using only d publickey _XY, k publickey _XY, and z.
I understand the S calculation formula: s = (z+x*r)/k
but I need another method to get S, s = (z+priv_publickey _XY*r)/nonce_publickey_XY # my idea this is right
My English is a little bit
Edit:
share a possible idea.
hi,
example data:
priv_publickey _XY = px: 0xbb6c1de01f36618ae05f7c183c22dfa8797e779f39537752c27e2dc045b0e694 py: 0x2f8af53270bf045f2258834b6dad7481ad6fca009d80f5b54697b08d104fc7b3
nonce_publickey_XY = px: 0xcabc3692f1f7ba75a8572dc5d270b35bcc00650534f6e5ecd6338e55355454d5 py: 0xafa7746c07a124cb59e190f00955952a7329591b805c4d9d04d34abe8a803a74
Message(z)) = 0x9b076ad2fe6b2ce63acf4edf7fc82d5152d3c8bffb36b944da7a1cce038f544a
#S output need using S calculate From priv_publickey _XY ,nonce_publickey_XY ,and Message(z)
S = 0xf65bfc44435a91814c142a3b8ee288a9183e6a3f012b84545d1fe334ccfac25e
My question is how to calculate the S value using only d publickey _XY, k publickey _XY, and z.
I understand the S calculation formula: s = (z+x*r)/k
but I need another method to get S, s = (z+priv_publickey _XY*r)/nonce_publickey_XY # my idea this is right
My English is a little bit
Edit:
share a possible idea.
Jump to: