π
Original date posted:2023-07-24
ποΈ Summary of this message: Party 1 is unable to determine the final value of (R, s1+s2) or m, but a blinding step may be missing, allowing the server to scan the blockchain for signatures and compute corresponding hashes to check for a match.
π Original message:
> Party 1 never learns the final value of (R,s1+s2) or m.
Actually, it seems like a blinding step is missing. Assume the server (party 1)
received some c during the signature protocol. Can't the server scan the
blockchain for signatures, compute corresponding hashes c' = H(R||X||m) as in
signature verification and then check c == c'? If true, then the server has the
preimage for the c received from the client, including m.
Jonas Nick [ARCHIVE] /
npub1atβ¦y3z5a
2023-07-24 15:55:41
in reply to nevent1qβ¦rcjp
Author Public Key
npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5aPublished at
2023-07-24 15:55:41Event JSON
{
"id": "404797f6880c092e3bf48fe0f8abf971b09dc1f4f93e5942312026d0ce8ca0d5",
"pubkey": "eae21eb28545b20116d940817b2995954758d0d5511695442681f035faabe60f",
"created_at": 1690214141,
"kind": 1,
"tags": [
[
"e",
"86a87258a295f0e8a6ce06957ce368a6146cf45a73137d0af6fcc0729ce599a0",
"",
"root"
],
[
"e",
"c7cb0ce15de1f8a8bd982913b040108ab8d88a0afaeadf27ddbbde510c2aaa06",
"",
"reply"
],
[
"p",
"eae21eb28545b20116d940817b2995954758d0d5511695442681f035faabe60f"
]
],
"content": "π
Original date posted:2023-07-24\nποΈ Summary of this message: Party 1 is unable to determine the final value of (R, s1+s2) or m, but a blinding step may be missing, allowing the server to scan the blockchain for signatures and compute corresponding hashes to check for a match.\nπ Original message:\n\u003e Party 1 never learns the final value of (R,s1+s2) or m.\n\nActually, it seems like a blinding step is missing. Assume the server (party 1)\nreceived some c during the signature protocol. Can't the server scan the\nblockchain for signatures, compute corresponding hashes c' = H(R||X||m) as in\nsignature verification and then check c == c'? If true, then the server has the\npreimage for the c received from the client, including m.",
"sig": "5542415ba679552310aa1a0e091b77a9c83b425c8e6df69e306694796a136441f414f71a7205385d160bcd31de55181700f6d5cbd3ec52116505a3fa8f15983f"
}