In Rust, We Trust: The Mighty Schnorr Signature

I have been learning Rust, and it is rock solid when it comes to producing cryptography-related code. So, let’s cut our teeth on the mighty Schnorr signature. This method has the great advantage that we can have multiple signers to a message or a transaction, and end up with a single signature for all the signers. It is now being used in Bitcoin transactions so that we have an efficient signature for a transaction that involves multiple entities.

The patent

In Feb 1989, Claus Schnorr submitted a patent which was assigned to no one. It has 11 claims, and allowed digital signatures to be merged for multiple signers [here]:

The signature

With the Schnorr signature, we create a signature (R,s) for a hash of the message (m). Initially, Peggy (the prover) has a private key r, and her public key will then be:

U=r×G

and where G is the base point on the curve. She then generates random nonce (rt) for the signing of a message and defines a commitment to this value:

Ut=rt×G