Method for calculating an ECDSA signature (r, s) is:

s = okay^-1(z + qr)

okay – non-public key for a random level R
z – hash of a message
q – unique non-public key
r – x(R)

I’m occupied with why do we’d like two secret values (okay and q) in a system for calculating ECDSA signature? In different phrases, why we’d like one further secret worth okay (and its public key – level on a curve) in further to already current one secret worth q (and its public key)? Could not it’s realized with just one unknown worth (q)?

I discovered some reply right here.

The explanation nonce is used is as a result of you’ll want to create two unknowns so that folks can’t reverse engineer the non-public key from the general public key.

It appears to me that that is in order that we have now one equation with two unknowns (which is unsolvable). If solely the unique non-public key q is current within the equation, i.e. if it’s the solely unknown (with out the extra secret okay), we’d have one equation with one unknown, which is solvable. Nonetheless, I am unsure. Is that the rationale or one thing else/further?

Additionally, why is it used as okay^-1 in equation and never simply okay? Some particular safety motive or only a “design element” of the algorithm creators?