As we saw in <<schnorr_signatures>> and <<ecdsa_signatures>>,
As we((("digital signatures", "randomness, importance of", id="digital-signature-random")))((("randomness", "importance in digital signatures", id="random-digital-signature"))) saw in <<schnorr_signatures>> and <<ecdsa_signatures>>,
the signature generation algorithm uses a random number _k_, as the basis
for a private/public nonce pair. The value of _k_ is not
important, _as long as it is random_. If signatures from the same
@ -968,7 +968,7 @@ fault-injection attacks.
If you are implementing an algorithm to sign transactions in Bitcoin,
you _must_ use BIP340, RFC6979, or a similar algorithm to
ensure you generate a different _k_ for each transaction.
ensure you generate a different _k_ for each ((("digital signatures", "randomness, importance of", startref="digital-signature-random")))((("randomness", "importance in digital signatures", startref="random-digital-signature")))transaction.
clenser
7 months ago