# R-Puzzle¶

In R-puzzle, an ephemeral key k is never revealed. Instead r, the x coordinate of its corresponding public key, is revealed and from r along with the signature, the knowledge of k can be proved using existing checkSig.

One crucial step in R-Puzzle is to extract r from DER encoded signature. The following is much easier than what is presented in the R-Puzzle talk.

contract RPuzzle {
Sig s;  // s = b'3045022100948c67a95f856ae875a48a2d104df9d232189897a811178a715617d4b090a7e90220616f6ced5ab219fe1bfcf9802994b3ce72afbb2db0c4b653a74c9f03fb99323f01'

function getSigR(Sig sig): bytes {
bytes lenBytes = sig[3:4];
int len = unpack(lenBytes);
bytes r = sig[4:4+len];
return r;
}

// r = b'00948c67a95f856ae875a48a2d104df9d232189897a811178a715617d4b090a7e9'
public function unlock(bytes r) {
require(r == this.getSigR(this.s));
}
}