ECDSA

Pedersen Commitment

Only one possible value results in commitment:
It is “binding”

Once u is revealed, commitment C can be verfied.
Binding: C can’t be changed for a given secret u.
Information leak: Two equal values equal identical commitments.

Random factor makes commitment “hiding”.

Different commitment regardless of value u.
Assumes generator of point H is unknown.

Broken commitment scheme:

Generator e of point H is known.
Value u can be modified, commitment remains identical.

ECDSA

ECDSA can be likened to a commitment scheme which can only be “broken” by owner of secret `e`.

R point:

Random point (blinding).
R point x-coordinate represented on left & right of equation.
Equation can only be balanced with secret e.

Signed message z:

For a given random point R, z is committed to on left side of equation.

ECDSA Validation:

z, r_x, s and public key P required to validate signature.

DER Encoding

libsecp256k1 replaced OpenSSL

OpenSSL suffers from encoding ambiguity across systems.
libsecp256k1 removes this dependency from project.

Strict encoding (BIP66)

Removes encoding malleability: Consensus enforced encoding standard.
Removes ECDSA malleability: low s values enforced.

DER signature is 70-72 Bytes long.

r_x length: 32/33 Bytes

256bit signed value, no leading nulls

s length: 31/32 Bytes

Low s values enforced, no leading nulls