On Mon, May 22, 2017 at 4:29 AM, Lee Clagett <fo...@leeclagett.com> wrote: > On Fri, 19 May 2017 01:31:49 +0000 Trevor Perrin <tr...@trevp.net> >> >> (A) Since the signature is intended to bind a unique tag value, the >> tag should have been hashed as a signature input. > > I'm not sure how this would be done without altering the construction > significantly:
Yeah, I was wrong (I was thinking about 3rd-party tampering, instead of double-spending, for some reason). Trevor _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves