| Secp256k1 | EdDSA | |
|---|---|---|
| message | m = hash(M) | M, given |
| privkey | . | given |
| private-key | x, given | x = low32(sha512(privkey)) |
| signing-secret | k, given | k = sha512(high32(sha512(privkey)) // M) |
| privkey-to-pubkey | Y = G * x | Y = G * x |
| calc-R | R = G * k | R = G * k |
| r-value | r = R.x | r = SHA512(R // Y // M) |
| s-value | s = (m + x * r) / k | s = k + x * r |
| signature | (r, s) | (R, s) |
| verify | R*s = G*m + Y*r | G*s == R + Y*r |
with // I mean concatatation.
EdDSA from rfc8032