Only one possible value results in commitment:
It is “binding”
is revealed, commitment
can be verfied.
can’t be changed for a given secret
Information leak: Two equal values equal identical commitments.
Random factor makes commitment “hiding”.
Different commitment regardless of value
Assumes generator of point
Broken commitment scheme:
can be modified, commitment remains identical.
ECDSA can be likened to a commitment scheme which can only be “broken” by owner of secret `e`.
Random point (blinding).
point x-coordinate represented on left & right of equation.
Equation can only be balanced with secret
Signed message z:
For a given random point
is committed to on left side of equation.
and public key
required to validate signature.
libsecp256k1 replaced OpenSSL
OpenSSL suffers from encoding ambiguity across systems.
libsecp256k1 removes this dependency from project.
Strict encoding (BIP66)
Removes encoding malleability: Consensus enforced encoding standard.
Removes ECDSA malleability: low s values enforced.
DER signature is 70-72 Bytes long.
r_x length: 32/33 Bytes
256bit signed value, no leading nulls
s length: 31/32 Bytes
Low s values enforced, no leading nulls