1. In ECDSA we can recover public key from signature + message but we may end up with more than one possible pubkey (up to 4 for secp256k1 with h=1).
Can you explain this further? Why can you end up with up to 4 public keys for secp256k1 with h=1?
(I guess with h you mean hash of the message)No h is an elliptic curve domain parameter known as cofactor and for different curves it has a different value. For NIST curves including secp256k1 it is equal to 1.
The reason why more than one public key can be recovered is because of how the equation works. You should refer to 4.1.6 Public Key Recovery Operation from Standards for Efficient Cryptography (SEC 1: Elliptic Curve Cryptography). The formula is something like this:
for j from 0 to h
x = r + jn
for k from 1 to 2
Q = r^−1(sR − eG)
With h=1 we get 4 values for Q, most of the times the same value but it can be different too. So
up to 4 valid pubkeys.