Generating Valid Signatures Using Only the Public Key

2 replies 275 views
benseedFull Member
Posts: 60 · Reputation: 461
#1Sep 22, 2025, 11:44 PM
So, here’s the deal, the beginning of the script shows the usual way to create valid signatures using a private key with ecdsa secp256k1. There are tons of libraries out there that handle this too. What struck me is that if we use the same verifying values for u1, u2 and the public key, we can actually generate signatures just from the public key and still get the same r, s, z signatures. This means that with random values for u1 and u2, it’s possible to produce multiple valid signatures using only the public key. You can grab and try out the code here. https://github.com/KrashKrash/public-key-signature-generator Now, can this be used to forge signatures? Can you replicate the same r values? Are there any mathematical vulnerabilities you could introduce? The short answer to the first two questions is No. The signatures are generated deterministically. With specific u1 and u2 values, you'll only end up with a particular set of r, s, z values. But it's definitely some cool info for those interested in the math behind it.
3 Reply Quote Share
paul2017Senior Member
Posts: 218 · Reputation: 1426
#2Sep 23, 2025, 01:08 AM
I'm not an expert in this area, but if z isn't derived from the message, then the same signature can be applied to any message (assuming that you don't verify the hash). Read this: If someone wanted to pretend to be Satoshi by posting a fake signature to defraud people how could they?
4 Reply Quote Share
benseedFull Member
Posts: 60 · Reputation: 461
#3Sep 23, 2025, 05:32 AM
i have read it. hmm.. some ideas are running in my head now. the formula he had used is essentially what had been done above. its the same. 2 random scalar values for r sig but the things said in there are really giving me a few theories. thank you very much.
4 Reply Quote Share

Related topics