Draft reply (to be continued)
There are 15 take a look at instances in all however solely four distinct secret keys, 7 distinct public keys (Three of them haven’t got secret keys) however 15 distinct signatures.
The general public key
DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659 is reused 9 occasions for instance however the distinct signatures are generated utilizing completely different messages, auxiliary randomness and many others.
The primary 5 take a look at instances have legitimate signatures (a verification results of TRUE) though the fourth take a look at case (index = 3) has a remark of
take a look at fails if msg is lowered modulo p or n (I am unsure what this implies)
That leaves the remaining take a look at instances that fail the signature verification:
Index 5 has a public key that’s not on the secp256k1 curve
y^2 = x^3 + 7 (mod P) the place
P = 2^256 - 2^32 - 977 that Bitcoin makes use of. This elliptic curve is similar for Schnorr as it’s for ECDSA. The general public secret’s calculated by multiplying the non-public key by the generator level and so it have to be on the elliptic curve. If it is not it isn’t attainable to generate a sound signature. Certainly the key key is just not offered for this public key as there is no such thing as a secret key that may multiply with the generator level to get the general public key.
Index 6 is referring to the BIP 340 design option to implicitly select the Y coordinate that’s even (every legitimate X coordinate has two attainable Y coordinates, one that is odd and one that is even). If the Y coordinate is odd then it isn’t following the BIP 340 specification and the signature verification ought to fail.
Index 7 has a negated message (Schnorr signature algorithm cannot signal a negated message?)
Index eight has a negated s worth (adverse signature?)
Index 14 has a public key with a x coordinate that exceeds the sector dimension (
P = 2^256 - 2^32 - 977). This isn’t attainable below mod P so no legitimate signature is feasible right here.