We are discussing how many additional bits should one fetch in order to safely mod-div them by elliptic curve order, to get a private key. Like, 384 bits for 256-bit group.
Unfortunately, the info on the topic is limited. For example, all eddsa nonces are biased (2^-259) without explanation of security level.
Join our discussion: https://github.com/paulmillr/noble-curves/issues/71
Paul Miller /
npub1y4…r899g
2023-08-10 11:59:15
Author Public Key
npub1y4e4ed3yseely6c588quv5pc835un4nrry0c5tjq4r3xkttmeausar899gPublished at
2023-08-10 11:59:15Event JSON
{
"id": "389a26bff4a927043e9356798f58fcb902e2e9db18fda13d3582e63131a10c96",
"pubkey": "25735cb6248673f26b1439c1c650383c69c9d663191f8a2e40a8e26b2d7bcf79",
"created_at": 1691668755,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/paulmillr/statuses/110865203575078298",
"activitypub"
]
],
"content": "We are discussing how many additional bits should one fetch in order to safely mod-div them by elliptic curve order, to get a private key. Like, 384 bits for 256-bit group.\n\nUnfortunately, the info on the topic is limited. For example, all eddsa nonces are biased (2^-259) without explanation of security level.\n\nJoin our discussion: https://github.com/paulmillr/noble-curves/issues/71",
"sig": "195946f3bcccd2edbf4b51b841c441f57f134e2e6672a6bf9a8104c4febdfb30264c79090b2ff10b35e2ecadaaf152ce5940195dcf84fa33423d4b895b511ede"
}