📅 Original date posted:2023-07-26
🗒️ Summary of this message: Proving knowledge of the r values used in generating each R can prevent the Wagner attack, not signing or secret keys.
📝 Original message:
Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of
knowledge of the r values used to generate each R used prevents the Wagner
attack, no?
On Wed, Jul 26, 2023 at 8:59 PM Jonas Nick <jonasdnick at gmail.com> wrote:
> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an
> attack on the nonces, I mentioned an attack on the challenge c) can be
> prevented
> by proving knowledge of the signing key (usually known as proof of
> possession,
> PoP).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/05286983/attachment-0001.html>;
Tom Trevethan [ARCHIVE] /
npub1ax…wyw7n
2023-07-27 00:26:33
in reply to nevent1q…kka0
Author Public Key
npub1axshsyxsl3vasj4z9549rvwdvhjmh52fw0ayj3ghtmdezx8cnuxqlwyw7nPublished at
2023-07-27 00:26:33Event JSON
{
"id": "3a536c0a8cd6419735dab6c7c060feb821d8c397f9b2f57dd0eea97fc83be1c5",
"pubkey": "e9a17810d0fc59d84aa22d2a51b1cd65e5bbd14973fa4945175edb9118f89f0c",
"created_at": 1690417593,
"kind": 1,
"tags": [
[
"e",
"86a87258a295f0e8a6ce06957ce368a6146cf45a73137d0af6fcc0729ce599a0",
"",
"root"
],
[
"e",
"a9d922ef7ee54b3266c12d8ecdafe3eeac78a7599c27f0827c4db96f235e5cb2",
"",
"reply"
],
[
"p",
"eae21eb28545b20116d940817b2995954758d0d5511695442681f035faabe60f"
]
],
"content": "📅 Original date posted:2023-07-26\n🗒️ Summary of this message: Proving knowledge of the r values used in generating each R can prevent the Wagner attack, not signing or secret keys.\n📝 Original message:\nNot 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of\nknowledge of the r values used to generate each R used prevents the Wagner\nattack, no?\n\nOn Wed, Jul 26, 2023 at 8:59 PM Jonas Nick \u003cjonasdnick at gmail.com\u003e wrote:\n\n\u003e None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an\n\u003e attack on the nonces, I mentioned an attack on the challenge c) can be\n\u003e prevented\n\u003e by proving knowledge of the signing key (usually known as proof of\n\u003e possession,\n\u003e PoP).\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/05286983/attachment-0001.html\u003e",
"sig": "2a5e36cd9404487348550286815c498d6b91ff8b2d7ad42b4afffc751b6944547e804ec1e0172292a05029ced3809e841818cb9b60bd935ec4ff7f124a173866"
}