# Gavin Andresen
# 2011-03-17 20:11:34
# https://bitcointalk.org/index.php?topic=4459.msg67003#msg67003

@s{quotedtext}
@s{quotedtext}
 @p{brk}
... I think that's right, you don't need the OP_OVER OP_ADD.  You have to know the random number to generate a valid signature, given only its hash. @p{par}

You'd have to be very careful NEVER to use the same random number anybody else has ever used or will ever use; if your 'random' number is an order number (or even common-hash-of-an-order-number) then you're sunk, anybody can generate a valid @p{lt}signature@s{gt} @p{lt}public_key@s{gt} @p{lt}r@s{gt} triple. @p{par}

For two extra bytes per transaction it might be better to hash in the public key, just so people don't shoot themselves in the foot. @p{brk}