[BIP Proposal] Informational BIP on Low-R Signature Grinding
26 views
Skip to first unread message
Sean Gilligan
3:47 AM (13 hours ago) 3:47 AM
to bitco...@googlegroups.com
Hi Everyone,
I would like to propose a new informational BIP to formally document the
Low-R signature algorithm used by Bitcoin Core and many other wallets.
It was implemented in 2018 in Bitcoin Core by PR 1366 [0]. The Low-r
grinding page on Bitcoin Optech [1] references several other
implementations.
While working on secp256k1-jdk [2] (a new wrapper for secp256k1 for
Java/JDK/JVM-languages) we ended up looking at the C++ implementation
for reference and at rust-secp256k1 for a test vector. Since all wallets
should implement the algorithm identically (for privacy reasons) it
would be helpful to have the behavior clearly documented in an
informational BIP.
I have spoken with a handful of developers who think having a BIP would
be a good idea and it was suggested on PR 13666.
It should be short and relatively simple and also have a nice collection
of test vectors.
What do people think? Any suggestions on what should be included or
pointers to test vectors?
Thanks,
Sean
[0] https://github.com/bitcoin/bitcoin/pull/13666
[1] https://bitcoinops.org/en/topics/low-r-grinding/
[2] https://github.com/bitcoinj/secp256k1-jdk
I would like to propose a new informational BIP to formally document the
Low-R signature algorithm used by Bitcoin Core and many other wallets.
It was implemented in 2018 in Bitcoin Core by PR 1366 [0]. The Low-r
grinding page on Bitcoin Optech [1] references several other
implementations.
While working on secp256k1-jdk [2] (a new wrapper for secp256k1 for
Java/JDK/JVM-languages) we ended up looking at the C++ implementation
for reference and at rust-secp256k1 for a test vector. Since all wallets
should implement the algorithm identically (for privacy reasons) it
would be helpful to have the behavior clearly documented in an
informational BIP.
I have spoken with a handful of developers who think having a BIP would
be a good idea and it was suggested on PR 13666.
It should be short and relatively simple and also have a nice collection
of test vectors.
What do people think? Any suggestions on what should be included or
pointers to test vectors?
Thanks,
Sean
[0] https://github.com/bitcoin/bitcoin/pull/13666
[1] https://bitcoinops.org/en/topics/low-r-grinding/
[2] https://github.com/bitcoinj/secp256k1-jdk
Reply all
Reply to author
Forward
0 new messages