Login

Ethereum: the choice for Schnorr signatures

Ethereum: Why Schnorr Signatures Use Nonce Generation via SHA-256 The Schnorr signature scheme is one of the most widely used and efficient digital signatures in Ethereum. However, when it comes to generating one-time signatures for these signatures, there seems to be some debate among developers and researchers as to why the simple RFC6979 variant was […]

Ethereum: Why Schnorr Signatures Use Nonce Generation via SHA-256

The Schnorr signature scheme is one of the most widely used and efficient digital signatures in Ethereum. However, when it comes to generating one-time signatures for these signatures, there seems to be some debate among developers and researchers as to why the simple RFC6979 variant was not chosen over another popular option.

At first glance, it may seem counterintuitive that Schnorr signatures use nonce generation via SHA-256 instead of more commonly used methods such as HMAC or AES. But let’s dive deeper into the reasoning behind this decision.

Nonce Problem

One of the primary challenges in digital signature schemes is generating a unique nonce value for each signing operation. In other words, we must ensure that the two signatures are not identical and can be easily verified using the same key. One way to solve this problem is to use nonce parameters with signature parameters.

However, when it comes to Schnorr signatures, there are several problems with using nonces generated via SHA-256:

  • SHA-256 is not suitable for cryptographic purposes: Although SHA-256 is widely used in many applications, its key size and security requirements make it unsuitable for cryptographic purposes such as digital signatures.
  • Nonce cannot be generated consistently: In Ethereum, the network blockchain is constantly updated with new blocks, meaning that nonce generation is a dynamic process. This introduces unpredictability into signature scheme, making it vulnerable to attacks.

Why the RFC6979 variant was chosen

Despite these challenges, the Schnorr signature scheme was chosen as the default for several reasons:

  • Efficient and fast: The simple RFC6979 variant uses an optimized algorithm that generates a nonce value in O(log n) time complexity, making it much faster than other methods.
  • Small Key Sizes

    : By using SHA-256 to generate one-time numbers, we can reduce the size of keys used for digital signatures, making them more efficient and cost-effective.

Conclusion

In conclusion, choosing a one-time generation method for Schnorr signatures in Ethereum is based on a combination of efficiency, security, and practical considerations. Although it may seem counterintuitive at first, using SHA-256 to generate one-time numbers provides a unique set of advantages that outweigh the disadvantages. A simple variant of RFC6979 remains an effective solution for digital signature schemes in Ethereum.

Distribute your songs. © 2024 Music Distribution

“Introduce your music to the whole world!”

support@musicdist.net

Corporate

About Us
Prices
Blog
Support
Contact

Music Distribution

What is MD?
How to Make MD?
How MD Works?
MD Advantages
Register

Legal

Terms of Service
Privacy Policy
Cookie Policy
Distribution Agreement
Publishing Agreement

Stream your music for a one-time fee on over 150 platforms worldwide, including Spotify, Apple Music, TikTok, Amazon, Pandora, YouTube and Deezer. No matter where your fans prefer to listen to music, they will find you!