From: Murch <murch@murch.one>
To: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] [BIP Proposal] Informational BIP on Low-R Signature Grinding
Date: Tue, 9 Jun 2026 13:48:04 -0700 [thread overview]
Message-ID: <40918d93-092c-451a-96e1-03f363ac3720@murch.one> (raw)
In-Reply-To: <44b6bccc-c34f-491c-9f8f-fac5045290de@msgilligan.com>
Hi Sean,
Thanks for proposing this idea. It would be splendid if someone were to
write up the best practices for low-r signature grinding. You don’t need
to worry about test vectors too much in advance, they are only required
for advancing a BIP to the Complete status, so if people have more
suggestions, those could also added to the document after the PR is open
or even after it has been published in Draft.
Cheers,
Murch
On 2026-06-09 00:02, Sean Gilligan wrote:
> Hi Everyone,
>
> I would like to propose a new informational BIP to formally document
> the Low-R signature algorithm used by Bitcoin Core and many other
> wallets.
>
> It was implemented in 2018 in Bitcoin Core by PR 1366 [0]. The Low-r
> grinding page on Bitcoin Optech [1] references several other
> implementations.
>
> While working on secp256k1-jdk [2] (a new wrapper for secp256k1 for
> Java/JDK/JVM-languages) we ended up looking at the C++ implementation
> for reference and at rust-secp256k1 for a test vector. Since all
> wallets should implement the algorithm identically (for privacy
> reasons) it would be helpful to have the behavior clearly documented
> in an informational BIP.
>
> I have spoken with a handful of developers who think having a BIP
> would be a good idea and it was suggested on PR 13666.
>
> It should be short and relatively simple and also have a nice
> collection of test vectors.
>
> What do people think? Any suggestions on what should be included or
> pointers to test vectors?
>
> Thanks,
>
> Sean
>
> [0] https://github.com/bitcoin/bitcoin/pull/13666
> [1] https://bitcoinops.org/en/topics/low-r-grinding/
> [2] https://github.com/bitcoinj/secp256k1-jdk
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/40918d93-092c-451a-96e1-03f363ac3720%40murch.one.
next prev parent reply other threads:[~2026-06-09 20:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 7:02 [bitcoindev] [BIP Proposal] Informational BIP on Low-R Signature Grinding Sean Gilligan
2026-06-09 20:48 ` Murch [this message]
2026-06-09 23:12 ` Sean Gilligan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40918d93-092c-451a-96e1-03f363ac3720@murch.one \
--to=murch@murch.one \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox