📅 Original date posted:2023-07-26
🗒️ Summary of this message: The email discusses attacks on nonces and challenges in cryptography and the need for proof of knowledge of signing keys to prevent them.
📝 Original message:
correct. you cannot select R if it is shipped with a POP
On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <tom at commerceblock.com> wrote:
> Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of
> knowledge of the r values used to generate each R used prevents the Wagner
> attack, no?
>
> On Wed, Jul 26, 2023 at 8:59 PM Jonas Nick <jonasdnick at gmail.com> wrote:
>
>> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an
>> attack on the nonces, I mentioned an attack on the challenge c) can be
>> prevented
>> by proving knowledge of the signing key (usually known as proof of
>> possession,
>> PoP).
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/0f8f6bc3/attachment-0001.html>;
Erik Aronesty [ARCHIVE] /
npub1y2…5taj0
2023-07-27 00:26:33
in reply to nevent1q…xp3g
Author Public Key
npub1y22yec0znyzw8qndy5qn5c2wgejkj0k9zsqra7kvrd6cd6896z4qm5taj0Published at
2023-07-27 00:26:33Event JSON
{
"id": "ba2308e53db608be8b6874f6d4b8e9097266342c34e963c3897378a1f7314856",
"pubkey": "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa",
"created_at": 1690417593,
"kind": 1,
"tags": [
[
"e",
"86a87258a295f0e8a6ce06957ce368a6146cf45a73137d0af6fcc0729ce599a0",
"",
"root"
],
[
"e",
"3a536c0a8cd6419735dab6c7c060feb821d8c397f9b2f57dd0eea97fc83be1c5",
"",
"reply"
],
[
"p",
"e9a17810d0fc59d84aa22d2a51b1cd65e5bbd14973fa4945175edb9118f89f0c"
]
],
"content": "📅 Original date posted:2023-07-26\n🗒️ Summary of this message: The email discusses attacks on nonces and challenges in cryptography and the need for proof of knowledge of signing keys to prevent them.\n📝 Original message:\ncorrect. you cannot select R if it is shipped with a POP\n\nOn Wed, Jul 26, 2023, 4:35 PM Tom Trevethan \u003ctom at commerceblock.com\u003e wrote:\n\n\u003e Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of\n\u003e knowledge of the r values used to generate each R used prevents the Wagner\n\u003e attack, no?\n\u003e\n\u003e On Wed, Jul 26, 2023 at 8:59 PM Jonas Nick \u003cjonasdnick at gmail.com\u003e wrote:\n\u003e\n\u003e\u003e None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an\n\u003e\u003e attack on the nonces, I mentioned an attack on the challenge c) can be\n\u003e\u003e prevented\n\u003e\u003e by proving knowledge of the signing key (usually known as proof of\n\u003e\u003e possession,\n\u003e\u003e PoP).\n\u003e\u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/0f8f6bc3/attachment-0001.html\u003e",
"sig": "ee285973c091c05887ccfd156b7db040d26657101c7e6b231078d7712d5b5d00c05192ef7db1ff2fa0da25a282fbeb7806831219c47affca7b4f5ffebd785df0"
}