Method for calculating an ECDSA signature (r, s) is:

s = ok^-1(z + qr)

ok – non-public key for a random level R
z – hash of a message
q – authentic non-public key
r – x(R)

I’m concerned about why do we’d like two secret values (ok and q) in a formulation for calculating ECDSA signature? In different phrases, why we’d like one further secret worth ok (and its public key – level on a curve) in further to already present one secret worth q (and its public key)? Could not or not it’s realized with just one unknown worth (q)?

I discovered some reply right here.

The rationale nonce is used is as a result of it is advisable to create two unknowns so that folks can’t reverse engineer the non-public key from the general public key.

It appears to me that that is in order that we now have one equation with two unknowns (which is unsolvable). If solely the unique non-public key q is current within the equation, i.e. if it’s the solely unknown (with out the extra secret ok), we might have one equation with one unknown, which is solvable. Nonetheless, I am undecided. Is that the explanation or one thing else/further?

Additionally, why is it used as ok^-1 in equation and never simply ok? Some particular safety cause or only a “design element” of the algorithm creators?