4
1
So if I were to create the same transaction using bitcoinjs and bitcoinj, the end result of the signed transaction would be the same with both libraries, is that correct?
Do all implementation of Deterministic RFC6979-compliant ECDSA signatures generate the same signed transaction given the same data?
Answers
4
So if I were to create the same transaction using bitcoinjs and bitcoinj, the end result of the signed transaction would be the same with both libraries, is that correct?
They certainly should. That's why they're called deterministic. Any particular library could have a bug in it, however. I would check against examples given in the spec to make sure a library is compliant with the spec, or run the unit tests if the library you're using has them.
It's not like it matters if they are the same or not though. Only the signer would know. – Anonymous – 2015-05-27T15:59:36.550
1Forgive the naivety, but how does deterministic ECDSA signing differ from normal/standard (?) ECDSA signing? I actually wondered this recently when I saw the pybitcointools library has a
deterministic_ecdsa_signfunction which uses hmac. Even an ELI5 and a link would be great – Wizard Of Ozzie – 2015-05-28T10:12:16.5572
An ECDSA signature requires for one of its inputs an unpredictable integer (named "k"). One way to generate k is to use a CSPRNG. Another way is to use H(x), where H is a cryptographic hash function, and x differs for each signature. If x is based only on the key and the message, H(x) is deterministic. Because it's easier to code (without mistakes) H(x) than a CSPRNG, H(x) is safer. See also this blog post (scroll to the end) by DJB for a discussion of what to use for x.
– Christopher Gurnee – 2015-05-28T13:39:47.297@WizardOfOzzie (forgot to respond to you by name in the reply above; doing so now instead....) – Christopher Gurnee – 2015-05-28T13:42:32.370