Are there risks to using the same private key for both ECDSA and Schnorr signatures?


I think I’ve seen a comment by Greg Maxwell about this but am having trouble finding it. I think there was some risk when signing the same message with the same key with both algorithms?

In this related question, I see that ECDSA signature outputs (h, s) but Schnorr outputs (r, s). So in ECDSA, r is kept as a secret value but it is revealed in Schnorr — does that somehow make the private key recoverable?

Source link

Leave a reply