correct. you cannot select R if it is shipped with a POP On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <t...@commerceblock.com> wrote:
> Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of > knowledge of the r values used to generate each R used prevents the Wagner > attack, no? > > On Wed, Jul 26, 2023 at 8:59 PM Jonas Nick <jonasdn...@gmail.com> wrote: > >> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an >> attack on the nonces, I mentioned an attack on the challenge c) can be >> prevented >> by proving knowledge of the signing key (usually known as proof of >> possession, >> PoP). >> >
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
