π
Original date posted:2023-07-27
ποΈ Summary of this message: Proof of knowledge of the r values used in Wagner's attack does not prevent the attack. The attacker chooses the r values.
π Original message:
No, proof of knowledge of the r values used to generate each R does not prevent
Wagner's attack. I wrote
> Using Wagner's algorithm, choose R2[0], ..., R2[K-1] such that
> c[0] + ... + c[K-1] = c[K].
You can think of this as actually choosing scalars r2[0], ..., r2[K-1] and
define R2[i] = r2[i]*G. The attacker chooses r2[i]. The attack wouldn't make
sense if he didn't.
Jonas Nick [ARCHIVE] /
npub1atβ¦y3z5a
2023-07-28 15:08:07
in reply to nevent1qβ¦zdty
Author Public Key
npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5aPublished at
2023-07-28 15:08:07Event JSON
{
"id": "92c9486f6648338eb1be25779b56676fe33a02de1d9e63816300ba768158a647",
"pubkey": "eae21eb28545b20116d940817b2995954758d0d5511695442681f035faabe60f",
"created_at": 1690556887,
"kind": 1,
"tags": [
[
"e",
"86a87258a295f0e8a6ce06957ce368a6146cf45a73137d0af6fcc0729ce599a0",
"",
"root"
],
[
"e",
"ebe67b64812d05b04d2e396fa33581c50bdf8b5584d209139e6be3ecea25d1df",
"",
"reply"
],
[
"p",
"b5ff7c704f90e4eebfa414c0a017a84544c32586a1bd2fc86c74c2914d03c25e"
]
],
"content": "π
Original date posted:2023-07-27\nποΈ Summary of this message: Proof of knowledge of the r values used in Wagner's attack does not prevent the attack. The attacker chooses the r values.\nπ Original message:\nNo, proof of knowledge of the r values used to generate each R does not prevent\nWagner's attack. I wrote\n\n \u003e Using Wagner's algorithm, choose R2[0], ..., R2[K-1] such that\n \u003e c[0] + ... + c[K-1] = c[K].\n\nYou can think of this as actually choosing scalars r2[0], ..., r2[K-1] and\ndefine R2[i] = r2[i]*G. The attacker chooses r2[i]. The attack wouldn't make\nsense if he didn't.",
"sig": "6b49a87a45e54a52cc71ae997b14d1ddc0b132cbd142d226361e395f4801cef3c7ab4d267af3cc80702ad6e8aeba7564a57768333d334747910623c9b4ff1ad5"
}