On (in)ability to embed data into Schnorr

In an insightful discussion with Ethan Heilman, a notable point was made regarding the embedding rate in PQ signatures, specifically that a 12% embedding rate effectively offers an eightfold discount for genuine signatures as opposed to embedded data. This pricing strategy might serve as a balanced incentive, potentially mitigating risks associated with embedding malicious data such as virus signatures within 32-byte blocks. The process of "grinding" or computational effort required to achieve certain portions of these blocks is highlighted as a deterrent against misuse.

Further exploration into waxwing's query about the feasibility of embedding data in Schnorr signatures reveals complexities. The inherent structure of Schnorr signatures makes it challenging, if not impossible, to manipulate signature components for data embedding purposes without significant compromise. For instance, the R component of a Schnorr signature, which is an elliptic curve (EC) point, cannot be arbitrarily chosen but must be generated in a manner that doesn't facilitate its use in signing if manipulated. Moreover, the signature parameter s, defined as k + ex (where e is derived from a hash function and x represents the private key), resists attempts at forced value assignment. These technical barriers underscore the robustness of Schnorr signatures against unauthorized data embedding attempts, whether through brute force grinding or key revelation strategies.

Andrew Poelstra, Director of Blockstream Research, provides these insights, contributing to the broader dialogue on cryptographic security and signature integrity within digital communication frameworks. His commentary not only addresses specific technical inquiries but also reinforces the ongoing commitment to enhancing the security measures underpinning modern cryptographic practices. For more detailed exploration of related topics, Andrew Poelstra's work can be found at https://www.wpsoftware.net/andrew.