HD Wallet - slight differences between ECDSA and Schnorr

Question

HD Wallet - slight differences between ECDSA and Schnorr

briancrypto opened this issue 4 years ago · 2 comments

briancrypto commented 4 years ago

Hi,

I noticed the formula used to generate public key in HD Wallet for ECDSA and Schnorr is slightly different.

In ECDSA, it is link to code
let pub_key = pubkey * &f_l_fe;

In Schnorr, it is link to code
let pub_key = pubkey.clone() + &g * &f_l_fe;

Is there some security issue hence the need to multiply the Schnorr public key with generator?

Thanks!

Answer 1 · 2020-07-31T06:12:24.000Z

Hi @briancrypto ,
There is no security issue here, In ECDSA we used multiplicative update because the 2 party protocol in the paper we implemented dictated multiplicative sharing of the private key. In fact, The paper could have been written using additive secret sharing and work fine.

For the same reason - we use additive updates in Schnorr, since the protocol is based on additive secret sharing.

Answer 2 · 2020-07-31T08:43:19.000Z

Understood. It is nice to use the same additive/multiplicative across ECDSA or Schnorr, then it will be the same codebase for both.

Thanks for the info!