ECDSA on secp256k1 ECDSA is the original Bitcoin signature scheme. Used for legacy P2PKH, P2SH, and SegWit v0 (P2WPKH/P2WSH). Replaced by Schnorr in Taproot. Sign (private key d, message hash h) The signature is ∈ Z n × Z n. Verify (public key Q, message hash h, signature (r, s)) Deterministic k (RFC6979) CRITICAL : never reuse k. If you sign two different messages with the same k, the private key leaks. RFC6979 derives deterministically from via HMAC-SHA256. Bitcoin libraries default to RFC6979 — never accept "user-provided" k unless you implement extra randomness mixing (RFC6979 + extra ent…