1
I noticed in bitcoin when using the tiny-secp256k1 library to sign the signature for a signature hash of an input, the signature is always the same. However in other ECDSA secp256k1 libraries (im using one by nordic semi conductors) the signature is always different.
Am I misunderstanding something? is there a difference in the signature algorithms? I read something about randomly and deterministically calculating the k value, should it matter if it is random or not? or is there possibly extra encoding done after the signature hash is signed in bitcoin secp256k1?
Thanks! Chris
@MandelDuck Please mark Andrew's answer as a valid answer so this will get marked as answered. – elichai2 – 2019-09-24T20:18:22.620
Thanks So basically other libraries that do not deterministically generate k but use a random k should still be able to produce a valid signature that would be accepted by the network? – MandelDuck – 2019-01-18T17:33:18.977
1@MandelDuck Correct. It's not possible to enforce that signatures are deterministic (if you could figure out whether they were, you could also learn the private key), so ECDSA (and all EC based signatures schemes like Schnorr and Ed25519) does not have deterministic signatures. Individual implementations can choose to be deterministic, but that's a purely local unobservable implementation detail. – Pieter Wuille – 2019-01-18T17:51:04.573
thanks guys thats good to know, makes perfect sense – MandelDuck – 2019-01-18T17:57:07.663