-
@ waxwing
2025-05-10 12:58:37
Looking at this reminds me of the time I "proved" I was Satoshi (disclaimer, this trick is not mine, it was discussed widely several years ago): https://gist.github.com/AdamISZ/8dacbbab7525af07c0ca3f12e2262c72
It's not the most convincing "proof" given the weirdness of r == s (though you can actually get round that perhaps); but it came to mind as another "trick" to shove data into an ECDSA signature; notice you surprisingly don't need to know the nonce value k! So you could make R.x any old data (with the trivial limitation that only 50% of the integers in range are valid x-coordinates). However, again, this doesn't work if you actually "do" ECDSA properly: if you require the hash preimage, the message m in Hash(m) to be fixed, or even published, it fails.
#bitcoin #cryptography
nostr:nevent1qqstrlx8wmsc0kkwwxxh6cndfzpkzhwre5apr8j5qsl0he6dvvtr0mspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygr8twz0ua0zz64eglr58rh9r898wafhdh0stkklhf3830gp9cwh9qpsgqqqqqqshzhh74