view release on metacpan or  search on metacpan

libsecp256k1/include/secp256k1.h  view on Meta::CPAN

580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
*                normalized).
*  In:   sigin:  pointer to a signature to check/normalize (can be identical to sigout)
*
*  With ECDSA a third-party can forge a second distinct signature of the same
*  message, given a single initial signature, but without knowing the key. This
*  is done by negating the S value modulo the order of the curve, 'flipping'
*  the sign of the random point R which is not included in the signature.
*
*  Forgery of the same message isn't universally problematic, but in systems
*  where message malleability or uniqueness of signatures is important this can
*  cause issues. This forgery can be blocked by all verifiers forcing signers
*  to use a normalized form.
*
*  The lower-S form reduces the size of signatures slightly on average when
*  variable length encodings (such as DER) are used and is cheap to verify,
*  making it a good choice. Security of always using lower-S is assured because
*  anyone can trivially modify a signature after the fact to enforce this
*  property anyway.
*
*  The lower S value is always between 0x1 and
*  0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0,