Notice: ECDSA signatures where the message isn't a hash and chosen by the "signer" are insecure.
Given public key P, pick random nonzero values a and b. Compute R=aG+bP. Now (R.x, R.x/b) is a valid signature for "message" (R.x*a/b).
15
115
372
Conversation
Replying to
While this is true, it also leaves me wondering who is trying to compute ECDSA signatures of non-hashes?
1
2
They posted it via twitter.com/satoshi and probably bought that account from someone. It was used to falsely confirm the account leading up to claiming Segwit is insecure. Seems Twitter quickly identified it as a scam for once and banned the account.