On (in)ability to embed data into Schnorr

In a detailed exploration of Bitcoin's underlying technologies, particularly focusing on signature schemes, AdamISZ addresses several critical points regarding the potential for embedding data within Bitcoin signatures. He highlights an essential distinction between Bitcoin and mere signature mechanisms, emphasizing the technical and economic implications of integrating additional data into these signatures. The discussion initially revolves around the feasibility and costs associated with embedding data directly into Bitcoin signatures, noting that while it is technically possible to independently grind the nonce and signature or nonce and pubkey, doing so would substantially increase the output's cost, potentially by threefold. AdamISZ argues against the practicality of this approach, citing significant drawbacks such as the complete negation of public derivation in address formation and the adverse effects on multisignature setups with cold keys due to the required signing processes.

Further complicating the issue are concerns related to spam, where the increased resource demands for embedding data could exacerbate problems caused by spammers. Despite acknowledging these challenges, AdamISZ clarifies that his investigation into data embedding within signatures was primarily academic, aiming to delineate the boundaries of what might be technically feasible, even if not practically advisable.

AdamISZ then delves into the specifics of embedding data in Schnorr signatures, contrasting it with ECDSA signatures. He notes the inherent limitations of Schnorr signatures for data embedding, as they do not allow the s component of the signature to be manipulated in a manner that would enable direct data insertion without key revelation. This constraint starkly contrasts with ECDSA, where the s component can be more freely controlled. The conversation shifts towards a more nuanced understanding of data embedding, considering not just straightforward identity functions but also the possibility of embedding data through publicly inferable nonces. AdamISZ references previous discussions and detailed analyses (here and here) that underline the broader implications and technical possibilities of nonce reuse or predictability for data embedding within Bitcoin signatures.

By examining these aspects, AdamISZ contributes to a deeper technical discourse on the complexities and potential unintended consequences of integrating additional data into Bitcoin's cryptographic elements. His analysis not only underscores the technical hurdles but also the broader economic and security considerations inherent in such endeavors.