diff options
| author | Anthony Towns <aj@erisian.com.au> | 2019-08-22 10:20:12 +1000 |
|---|---|---|
| committer | Pieter Wuille <pieter.wuille@gmail.com> | 2020-01-19 14:47:33 -0800 |
| commit | a3f74a204e55d708e40f35761b1ea9b302cb195b (patch) | |
| tree | 44ce511f19e16d24db4c366c5328ce495005d72a /bip-schnorr.mediawiki | |
| parent | efa556aa063c9222a9185cb8a9110ff191614f08 (diff) | |
| download | bips-a3f74a204e55d708e40f35761b1ea9b302cb195b.tar.xz | |
pk not p
Diffstat (limited to 'bip-schnorr.mediawiki')
| -rw-r--r-- | bip-schnorr.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-schnorr.mediawiki b/bip-schnorr.mediawiki index b921b18..4de2596 100644 --- a/bip-schnorr.mediawiki +++ b/bip-schnorr.mediawiki @@ -87,7 +87,7 @@ For example, without tagged hashing a bip-schnorr signature could also be valid This proposal suggests to include the tag by prefixing the hashed data with ''SHA256(tag) || SHA256(tag)''. Because this is a 64-byte long context-specific constant, optimized implementations are possible (identical to SHA256 itself, but with a modified initial state). Using SHA256 of the tag name itself is reasonably simple and efficient for implementations that don't choose to use the optimization. -'''Final scheme''' As a result, our final scheme ends up using public key ''pk'' which is the X coordinate of a point ''P'' on the curve whose Y coordinate is a quadratic residue and signatures ''(r,s)'' where ''r'' is the X coordinate of a point ''R'' whose Y coordinate is a quadratic residue. The signature satisfies ''sG = R + tagged_hash(r || p || m)P''. +'''Final scheme''' As a result, our final scheme ends up using public key ''pk'' which is the X coordinate of a point ''P'' on the curve whose Y coordinate is a quadratic residue and signatures ''(r,s)'' where ''r'' is the X coordinate of a point ''R'' whose Y coordinate is a quadratic residue. The signature satisfies ''sG = R + tagged_hash(r || pk || m)P''. === Specification === |