Just published: Schnorr Basics.

* How Schnorr signatures work
* Why use a nonce?
* Why is the nonce private?
* Why is nonce reuse bad?

Thoroughly unreviewed by experts, please comment with corrections.



@kalle looking good here.

Some thoughts: (commitment, challenge, response) is the "Sigma protocol" paradigm.

I wouldn't suggest adding that, but it *might* be possible to mention why the challenge hash must include the commitment R (this is about 'Fiat shamir transform' to change the schnorr identity protocol into a signature scheme, but you could explain it from security POV). Also explaining the use of 'key-prefixing' (including P) is a bit too far for sure.

· · Web · 1 · 0 · 1

Thank you! I should definitely add something about why the challenge is crested as it is, not just "why R", but even "why R||P||m". Good point.

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!