A newer version of libsecp256k1 has fixed an issue with signing hashes when messages > curve_order. The signatures generated in this scenario were still valid, but they did not follow the spec and caused a mismatch with other secp256k1 implementations.
Two of the tests in test/fixtures/ecdsa.json are also affected.
To see this issue in action, I have prepared a small example that compares the results from tiny-secp256k1 and noble-secp256k1 (whose author is @paulmillr and it's also the same person that reported the issue in bitcoin-core). You can view the example at the following link:
https://runkit.com/landabaso/63bcfda6ab68f20008d424e6
A newer version of libsecp256k1 has fixed an issue with signing hashes when messages > curve_order. The signatures generated in this scenario were still valid, but they did not follow the spec and caused a mismatch with other secp256k1 implementations.
For more information on this issue, please see the following link: https://github.com/bitcoin-core/secp256k1/issues/1063
Two of the tests in test/fixtures/ecdsa.json are also affected.
To see this issue in action, I have prepared a small example that compares the results from tiny-secp256k1 and noble-secp256k1 (whose author is @paulmillr and it's also the same person that reported the issue in bitcoin-core). You can view the example at the following link: https://runkit.com/landabaso/63bcfda6ab68f20008d424e6