R-PuzzleΒΆ
In R-puzzle, an ephemeral key k
is never revealed. Instead r
, the x coordinate of its corresponding public key,
is revealed and from r
along with the signature, the knowledge of k
can be proved using existing checkSig
.
More information can be found in the R-Puzzle talk.
contract RPuzzle {
Ripemd160 rhash;
// extract r from DER-encoded signature
static function extractRFromSig(Sig sig) : bytes {
int rlen = unpack(sig[3 : 4]);
return sig[4 : 4 + rlen];
}
public function unlock(Sig sig, PubKey pubKey, Sig sigr) {
require(this.rhash == hash160(extractRFromSig(sigr)));
require(checkSig(sigr, pubKey));
require(checkSig(sig, pubKey));
}
}