mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-01-19 05:45:07 +01:00
Code Issues Projects Releases Wiki Activity

More on key generation

Browse Source
This commit is contained in:
Pieter Wuille 2019-10-15 17:54:04 -07:00
parent 7a7ab111c9
commit 23c1c3ed8b
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bip-schnorr.mediawiki
View File

@ -125,10 +125,9 @@ The algorithm ''PubKey(sk)'' is defined as:
* Fail if ''d = 0'' or ''d ≥ n''. * Fail if ''d = 0'' or ''d ≥ n''.
* Return ''bytes(d⋅G)''. * Return ''bytes(d⋅G)''.
Note that ''PubKey(sk) = PubKey(bytes(n - int(sk))'', so every public key has two corresponding private keys. Note that we use a very different public key format (32 bytes) than the ones used by existing systems (which typically use elliptic curve points as public keys, or 33-byte or 65-byte encodings of them). A side effect is that ''PubKey(sk) = PubKey(bytes(n - int(sk))'', so every public key has two corresponding private keys.
Alternatively, the public key can be created according to [https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki BIP32] which describes the derivation of 33-byte compressed public keys. As an alternative to generating keys randomly, it is also possible and safe to repurpose existing key generation algorithms for ECDSA in a compatible way. The private keys constructed by such an algorithm can be used as ''sk'' directly. The public keys constructed by such an algorithm (assuming they use the 33-byte compressed encoding) need to be converted by dropping the first byte. Specifically, [https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki BIP32] and schemes built on top of it remain usable.
In order to translate such public keys into bip-schnorr compatible keys, the first byte must be dropped.
==== Signing ==== ==== Signing ====