Pedersen Commitment

- Only one possible value results in commitment:

It is “binding” - Once u is revealed, commitment C can be verfied.
- Binding: C can’t be changed for a given secret u.
- Information leak: Two equal values equal identical commitments.
- Random factor makes commitment “hiding”.
- Different commitment regardless of value u.
- Assumes generator of point H is unknown.
- Broken commitment scheme:
- Generator e of point H is known.
- Value u can be modified, commitment remains identical.

ECDSA

- ECDSA can be likened to a commitment scheme which can only be “broken” by owner of secret `e`.
- R point:
- Random point (blinding).
- R point x-coordinate represented on left & right of equation.
- Equation can only be balanced with secret e.
- Signed message z:
- For a given random point R, z is committed to on left side of equation.
- ECDSA Validation:
- z, r_x, s and public key P required to validate signature.

DER Encoding

- libsecp256k1 replaced OpenSSL
- OpenSSL suffers from encoding ambiguity across systems.
- libsecp256k1 removes this dependency from project.
- Strict encoding (BIP66)
- Removes encoding malleability: Consensus enforced encoding standard.
- Removes ECDSA malleability: low s values enforced.
- DER signature is 70-72 Bytes long.
- r_x length: 32/33 Bytes
- 256bit signed value, no leading nulls
- s length: 31/32 Bytes
- Low s values enforced, no leading nulls