I am reading about ECDSA and EdDSA. I was wondering what the Monero void crypto_ops::generate_signature signature is based upon. From the code, I see that the math to generate one is
k = rand()
t3 = kB
buf = H(data) || pk || t3
c = Hs(buf)
r = k - c.sk
and the signature then is the tuple (c,r). This seems to take some ideas from standard ECDSA, but I would like to know what scheme exactly is used here.
