ECDSA
- ECDSA can be likened to a commitment scheme which can only be “broken” by owner of secret `e`.
- R point:
- Random point (blinding).
- R point x-coordinate represented on left & right of equation.
- Equation can only be balanced with secret e.
- Signed message z:
- For a given random point R, z is committed to on left side of equation.
- ECDSA Validation:
- z, r_x, s and public key P required to validate signature.
DER Encoding
- libsecp256k1 replaced OpenSSL
- OpenSSL suffers from encoding ambiguity across systems.
- libsecp256k1 removes this dependency from project.
- Strict encoding (BIP66)
- Removes encoding malleability: Consensus enforced encoding standard.
- Removes ECDSA malleability: low s values enforced.
- DER signature is 70-72 Bytes long.
- r_x length: 32/33 Bytes
- 256bit signed value, no leading nulls
- s length: 31/32 Bytes
- Low s values enforced, no leading nulls