4

I'm using the following html app:

https://xmr.llcoins.net/sign.html

I put in all my details of

monero address: 4B4mTT1kPokAQAE72kG6qgDt2HU8K18hz7V3HQQ1Z4rACdW5QXakN3q2PfEAnzSdfTZGqAtWjHwaQJ9xCuw5vGA9aLzcCQCreated

private spend key: 18e8dc054972b0247a76cc8ee102f68766dcfef5ccc1249f98de0a461717b003

message to sign: 'ABCDEFG'

Everytime I click on sign, I get a different signature. Shouldn't it be the same all the time? None of the variables I gave are static, but why is my signature dynamic?

user36303
  • 34,858
  • 2
  • 57
  • 123
Patoshi パトシ
  • 4,540
  • 3
  • 26
  • 66
  • GnuPG signatures exhibit that property too. PGP-sign the same content repeatedly and you'll get a different signature each time. –  Mar 29 '18 at 17:47

1 Answers1

6

Monero does not use the EdDSA signing algorithm you might have been expecting. Instead, it uses the Schnorr algorithm, which uses a random k value as part of the signature. Therefore each signature will be different because k will be different each time.

See https://en.wikipedia.org/wiki/Schnorr_signature

Here is pseudocode for the signing and verification:

base point = G
private spend key = b
public spend key = B = b*G
msgHash = keccak256(message)
Hs() means hash with keccak256 then convert to scalar number
|| means concatenation

generate the signature:
k = randomScalar()
signature.c = Hs(msgHash || B || k*G)
signature.r = k - b*signature.c

signature is valid if signature.c == Hs(msgHash || B || (signature.r*G + signature.c*B))
knaccc
  • 8,468
  • 16
  • 22