how difficult is it to generating an ECDSA (or Schnorr) signature with a certain number of leading zeros?

by Philbert Wallace   Last Updated October 18, 2019 18:27 PM

If both the public key and the private key are known ahead of time (public knowledge), and the goal is to choose a message/nonce that generates a signature with, for example, a certain number of leading zeroes, is this a similarly computationally challenging task to traditional proof of work in that it is "hard to find" but "(relatively) easy to verify?"

It seems like the answer should be "yes," because if the answer is "no" then (I think?) it would imply that signatures are not pseudorandomly uniform for different messages.

Put perhaps more succinctly, can a signature also itself serve to represent a targeted proof-of-work?

Lastly, do answers to any of the above change when the signature scheme used is Schnorr rather than ECSDA?



Related Questions


Updated July 13, 2018 23:27 PM

Updated February 14, 2019 16:27 PM

Updated October 04, 2019 14:27 PM

Updated January 06, 2018 08:27 AM