# Nadav Kohen - Introduction to Schnorr Signatures (Highlights)  ## Metadata **Review**:: [readwise.io](https://readwise.io/bookreview/38450230) **Source**:: #from/readwise #from/reader **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[Nadav Kohen]] **Full Title**:: Introduction to Schnorr Signatures **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **URL**:: [suredbits.com](https://suredbits.com/introduction-to-schnorr-signatures/) **Host**:: [[suredbits.com]] **Highlighted**:: [[2024-03-07]] **Created**:: [[2024-03-08]] ## Highlights - These combination numbers certainly satisfy the first thing we want from our signatures, but it fails our second property because both addition and multiplication (mod *p*) are reversible and leak our private key! ([View Highlight](https://read.readwise.io/read/01hrbyysf4ww3yyc7zfvkwa4zf)) ^689269855 - After we do a bunch of playing around with various choices of addition and multiplication (mod *p*) of our three numbers, we come across *s* = *k* + *m***x* which commits to our message and key, using *m***x*, but then hides this information with the addition of our random key, *k*. ([View Highlight](https://read.readwise.io/read/01hrbz2eep6hh3fkzpnmhjns0f)) ^689270352 - Thus, we can generate any *s* value and compute an *R* value (using only public information) that will create a valid digital signature … not good. ([View Highlight](https://read.readwise.io/read/01hrbzbj5sj0d23p82axv2yet1)) ^689270940 The reason that we cannot use the public key of the random private key in the signature.