Good Morning Matt, > ### ZmnSCPxj, > > I'm intrigued by this mechanism of using fixed R values to prevent multiple > signatures, but how do we derive the R values in a way where they are unique for each blockheight but still can be used to create signatures or verify?
One possibility is to derive `R` using standard hierarchical derivation. Then require that the staking pubkey be revealed to the sidechain network as actually being `staking_pubkey = P + hash(P || parent_R) * G` (possibly with some trivial protection against Taproot). To sign for a blockheight `h`, you must use your public key `P` and the specific `R` we get from hierarchical derivation from `parent_R` and the blockheight as index. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev