Ethereum: Why Sign Schnorra Using Nonce from Sha-256
The scheme of signatures Schorr is one from the naiblya -used and efficient signature signatures in the ethereum. However, when it comes to the creation of these signatures, everyone is able to work on the tom, where did the simple variant rfc6979 not be selected for the second popular variant.
On the first look, it is possible to indicate an anti-anientation that the Schnorr’s signature is used by the unreceivement of the SHA-256 of the frequent technique, so as HMAC or aes. But let’s subtract into the stupid in the form of this resolution.
Small Problem
One of the main tasks in the program of the cifle signature is the creation of a unique non -regime for each signature operation. In the second words, we should be killed that there are no two signatures and can be easily verified with one and the key. One of the sake of this problem is the use of non -entertaining parameters of signatures.
However, when it comes to the signature of Shorra, it is necessary to several problems with the use of the benchless, spoiled SHA-256:
- SHA-256 does not sucker for cryptographic foles : Hyta SHA-256 GV Many Accepts, his keying and three-to-do. Cyphroe signatures.
- may not be spoiled by postponate : in the blockchain ethereum networking is constantly dispensed with new blocks, which indicates that the proceedings of the lean is a dynamic process. This is unpredited in the signature scheme that it is detached by an attack.
** Why was the RFC6979 Variant selected
It is not possible on these problems, the Signorr signature program was chosen in the quality of the defalt in the afternoon:
- Effective and fast : Simple Variant RFC6979 uses optimized algorithm that generates the Nonce’s values in the phrase O (Log N), which more than its impatience.
- Small Small Price
: With help SHA-256 We can diminish the size of the key signs that make them more efficient and approximate.
Enjoyment
Such an image, the selection of the non -generation generation method for Schnnr signatures in ethereum basics on the combination of proceedings, immobility and practical consequences. It is not necessary to the first view of this can be indicated by the anti-anuty, using the SHA-256 for the generation of nonces causes a unique set of pre-emptions. RFC6979 is a siege -sighted RFC6979.